Fix tests, add more keywords

Author: timokoessler

library/vulnerabilities/attack-wave-detection/containsSQLSyntax.test.ts

@@ -9,6 +9,10 @@ function getTestContext(path: string, query: string): Context {
     url: `http://localhost:4000${path}`,
     query: {
       test: query,
+      utmSource: "newsletter",
+      utmMedium: "electronicmail",
+      utmCampaign: "test",
+      utmTerm: "sql_injection",
     },
     headers: {
       "content-type": "application/json",
@@ -23,26 +27,18 @@ function getTestContext(path: string, query: string): Context {
 
 t.test("it detects SQL injection patterns", async (t) => {
   const testStrings = [
-    "2; DROP TABLE users",
-    "1 OR 1=1",
-    "' WHERE 1=1",
     "' or '1'='1",
-    "2; DELETE FROM users",
     "1: SELECT * FROM users WHERE '1'='1'",
     "', information_schema.tables",
-    "1 UNION SELECT username, password FROM users",
     "1' sleep(5)",
+    "WAITFOR DELAY 1",
   ];
 
   for (const str of testStrings) {
     t.ok(
       containsSQLSyntax(getTestContext(`/test`, str)),
       `Expected ${str} to match SQL injection patterns`
     );
-    t.ok(
-      containsSQLSyntax(getTestContext(`/api/user/${str}`, "")),
-      `Expected ${str} to match SQL injection patterns`
-    );
   }
 });
 

library/vulnerabilities/attack-wave-detection/containsSQLSyntax.ts

@@ -8,10 +8,15 @@ const keywords = [
   "WAITFOR DELAY",
   "SELECT LIKE(CHAR(",
   "INFORMATION_SCHEMA.COLUMNS",
+  "INFORMATION_SCHEMA.TABLES",
   ",MD5(",
   "DBMS_PIPE.RECEIVE_MESSAGE",
   "SYSIBM.SYSTABLES",
   "RANDOMBLOB(",
+  "SELECT * FROM",
+  "1'='1",
+  "PG_SLEEP(",
+  "UNION ALL SELECT",
 ];
 
 export function containsSQLSyntax(context: Context): boolean {

library/vulnerabilities/attack-wave-detection/paths/fileNames.ts

@@ -297,4 +297,7 @@ export const fileNames = [
   "iis.log",
   "pom.xml",
   "openapi.json",
+  "vim_settings.xml",
+  "winscp.ini",
+  "ws_ftp.ini",
 ];