Class: Aikido::Zen::Attacks::SQLInjectionAttack

Inherits:
Aikido::Zen::Attack show all
Defined in:
lib/aikido/zen/attack.rb

Instance Attribute Summary collapse

Attributes inherited from Aikido::Zen::Attack

#context, #operation, #sink

Instance Method Summary collapse

Methods inherited from Aikido::Zen::Attack

#blocked?, #will_be_blocked!

Constructor Details

#initialize(query:, input:, dialect:, **opts) ⇒ SQLInjectionAttack

Returns a new instance of SQLInjectionAttack.



47
48
49
50
51
52
 
# File 'lib/aikido/zen/attack.rb', line 47

def initialize(query:, input:, dialect:, **opts)
  super(**opts)
  @query = query
  @input = input
  @dialect = dialect
end

Instance Attribute Details

#dialectObject (readonly)

Returns the value of attribute dialect.



45
46
47
 
# File 'lib/aikido/zen/attack.rb', line 45

def dialect
  @dialect
end

#inputObject (readonly)

Returns the value of attribute input.



44
45
46
 
# File 'lib/aikido/zen/attack.rb', line 44

def input
  @input
end

#queryObject (readonly)

Returns the value of attribute query.



43
44
45
 
# File 'lib/aikido/zen/attack.rb', line 43

def query
  @query
end

Instance Method Details

#as_jsonObject 



61
62
63
64
65
66
67
68
 
# File 'lib/aikido/zen/attack.rb', line 61

def as_json
  {
    kind: "sql_injection",
    blocked: blocked?,
    metadata: {sql: @query},
    operation: @operation
  }.merge(@input.as_json)
end

#exceptionObject 



70
71
72
 
# File 'lib/aikido/zen/attack.rb', line 70

def exception(*)
  SQLInjectionError.new(self)
end

#log_messageObject 



54
55
56
57
58
59
 
# File 'lib/aikido/zen/attack.rb', line 54

def log_message
  format(
    "SQL Injection: Malicious user input «%s» detected in %s query «%s»",
    @input, @dialect, @query
  )
end