From 3bc02f69f98569241644e540820ca00a4aad92b7 Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Fri, 4 Jul 2025 10:15:47 -0400
Subject: [PATCH] ascanrules: SQLi MySQL rename scan rule (all time based)

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 addOns/ascanrules/CHANGELOG.md                |  1 +
 ...a => SqlInjectionMySqlTimingScanRule.java} | 31 +++++--------------
 .../resources/help/contents/ascanrules.html   |  2 +-
 .../ascanrules/resources/Messages.properties  |  2 +-
 ...InjectionMySqlTimingScanRuleUnitTest.java} |  9 +++---
 5 files changed, 16 insertions(+), 29 deletions(-)
 rename addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/{SqlInjectionMySqlScanRule.java => SqlInjectionMySqlTimingScanRule.java} (92%)
 rename addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/{SqlInjectionMySqlScanRuleUnitTest.java => SqlInjectionMySqlTimingScanRuleUnitTest.java} (95%)

diff --git a/addOns/ascanrules/CHANGELOG.md b/addOns/ascanrules/CHANGELOG.md
index 7ed91f12f27..256c00cbfd2 100644
--- a/addOns/ascanrules/CHANGELOG.md
+++ b/addOns/ascanrules/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Depends on an updated version of the Common Library add-on.
 - The following scan rules and their alerts have been renamed to clarify that they're time based (Issue 7341).
     - SQL Injection - MsSQL 
+    - SQL Injection - MySQL
     - SQL Injection - Hypersonic
 
 ### Added
diff --git a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRule.java b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRule.java
similarity index 92%
rename from addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRule.java
rename to addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRule.java
index 6685c24170b..dec5c1ce595 100644
--- a/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRule.java
+++ b/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRule.java
@@ -24,7 +24,6 @@
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Iterator;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
@@ -44,11 +43,11 @@
 import org.zaproxy.zap.model.TechSet;
 
 /**
- * The SqlInjectionMySqlScanRule identifies MySQL specific SQL Injection vulnerabilities using MySQL
- * specific syntax. If it doesn't use MySQL specific syntax, it belongs in the generic SQLInjection
- * class! Note the ordering of checks, for efficiency is : 1) Error based (N/A) 2) Boolean Based
- * (N/A - uses standard syntax) 3) UNION based (N/A - uses standard syntax) 4) Stacked (N/A - uses
- * standard syntax) 5) Blind/Time Based (Yes - uses specific syntax)
+ * This scan rule identifies MySQL specific SQL Injection vulnerabilities using MySQL specific
+ * syntax. If it doesn't use MySQL specific syntax, it belongs in the generic SQLInjection class!
+ * Note the ordering of checks, for efficiency is : 1) Error based (N/A) 2) Boolean Based (N/A -
+ * uses standard syntax) 3) UNION based (N/A - uses standard syntax) 4) Stacked (N/A - uses standard
+ * syntax) 5) Blind/Time Based (Yes - uses specific syntax)
  *
  * <p>See the following for some great MySQL specific tricks which could be integrated here
  * http://www.websec.ca/kb/sql_injection#MySQL_Stacked_Queries
@@ -56,7 +55,7 @@
  *
  * @author 70pointer
  */
-public class SqlInjectionMySqlScanRule extends AbstractAppParamPlugin
+public class SqlInjectionMySqlTimingScanRule extends AbstractAppParamPlugin
         implements CommonActiveScanRuleInfo {
 
     /** MySQL one-line comment */
@@ -65,21 +64,6 @@ public class SqlInjectionMySqlScanRule extends AbstractAppParamPlugin
     private static final String ORIG_VALUE_TOKEN = "<<<<ORIGINALVALUE>>>>";
     private static final String SLEEP_TOKEN = "<<<<SLEEP>>>>";
 
-    /**
-     * create a map of SQL related error message fragments, and map them back to the RDBMS that they
-     * are associated with keep the ordering the same as the order in which the values are inserted,
-     * to allow the more (subjectively judged) common cases to be tested first Note: these should
-     * represent actual (driver level) error messages for things like syntax error, otherwise we are
-     * simply guessing that the string should/might occur.
-     */
-    private static final Map<String, String> SQL_ERROR_TO_DBMS = new LinkedHashMap<>();
-
-    static {
-        SQL_ERROR_TO_DBMS.put("com.mysql.jdbc.exceptions", "MySQL");
-        SQL_ERROR_TO_DBMS.put("org.gjt.mm.mysql", "MySQL");
-        // Note: only MYSQL mappings here.
-    }
-
     /** MySQL specific time based injection strings. */
 
     // Note: <<<<ORIGINALVALUE>>>> is replaced with the original parameter value at runtime in these
@@ -231,7 +215,8 @@ public class SqlInjectionMySqlScanRule extends AbstractAppParamPlugin
     }
 
     /** for logging. */
-    private static final Logger LOGGER = LogManager.getLogger(SqlInjectionMySqlScanRule.class);
+    private static final Logger LOGGER =
+            LogManager.getLogger(SqlInjectionMySqlTimingScanRule.class);
 
     private int timeSleepSeconds = DEFAULT_SLEEP_TIME;
 
diff --git a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help/contents/ascanrules.html b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help/contents/ascanrules.html
index 4d849957b70..e5e83552da3 100644
--- a/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help/contents/ascanrules.html
+++ b/addOns/ascanrules/src/main/javahelp/org/zaproxy/zap/extension/ascanrules/resources/help/contents/ascanrules.html
@@ -386,7 +386,7 @@ <H2 id="id-40019">SQL Injection - MySQL (Time Based)</H2>
 <br>
 Post 2.5.0 you can change the length of time used for the attack by changing the <code>rules.common.sleep</code> parameter via the Options 'Rule configuration' panel.
 <p>
-Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRule.java">SqlInjectionMySqlScanRule.java</a>
+Latest code: <a href="https://github.com/zaproxy/zap-extensions/blob/main/addOns/ascanrules/src/main/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRule.java">SqlInjectionMySqlTimingScanRule.java</a>
 <br>
 Alert ID: <a href="https://www.zaproxy.org/docs/alerts/40019/">40019</a>.
 
diff --git a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages.properties b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages.properties
index 921c22b5ac6..8f1c36050aa 100644
--- a/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages.properties
+++ b/addOns/ascanrules/src/main/resources/org/zaproxy/zap/extension/ascanrules/resources/Messages.properties
@@ -183,7 +183,7 @@ ascanrules.sqlinjection.desc = SQL injection may be possible.
 ascanrules.sqlinjection.hypersonic.name = SQL Injection - Hypersonic SQL (Time Based)
 ascanrules.sqlinjection.mssql.alert.timebased.extrainfo = The query time is controllable using parameter value [{0}], which caused the request to take [{1}] milliseconds, when the original unmodified query with value [{2}] took [{3}] milliseconds.
 ascanrules.sqlinjection.mssql.name = SQL Injection - MsSQL (Time Based)
-ascanrules.sqlinjection.mysql.name = SQL Injection - MySQL
+ascanrules.sqlinjection.mysql.name = SQL Injection - MySQL (Time Based)
 ascanrules.sqlinjection.name = SQL Injection
 ascanrules.sqlinjection.oracle.name = SQL Injection - Oracle
 ascanrules.sqlinjection.postgres.name = SQL Injection - PostgreSQL
diff --git a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRuleUnitTest.java b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRuleUnitTest.java
similarity index 95%
rename from addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRuleUnitTest.java
rename to addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRuleUnitTest.java
index 609831b7237..994a2aaa429 100644
--- a/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlScanRuleUnitTest.java
+++ b/addOns/ascanrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionMySqlTimingScanRuleUnitTest.java
@@ -38,12 +38,13 @@
 import org.zaproxy.zap.model.TechSet;
 import org.zaproxy.zap.testutils.NanoServerHandler;
 
-/** Unit test for {@link SqlInjectionMySqlScanRule}. */
-class SqlInjectionMySqlScanRuleUnitTest extends ActiveScannerTest<SqlInjectionMySqlScanRule> {
+/** Unit test for {@link SqlInjectionMySqlTimingScanRule}. */
+class SqlInjectionMySqlTimingScanRuleUnitTest
+        extends ActiveScannerTest<SqlInjectionMySqlTimingScanRule> {
 
     @Override
-    protected SqlInjectionMySqlScanRule createScanner() {
-        return new SqlInjectionMySqlScanRule();
+    protected SqlInjectionMySqlTimingScanRule createScanner() {
+        return new SqlInjectionMySqlTimingScanRule();
     }
 
     @Test