SQL Threat Detector

Owned by John Brinckwirth
Last updated: Mar 07, 2023
2 min read

Use the SQL Threat Detector policy to protect APIs against SQL commands injected in the header, path, query, and payload of incoming HTTP requests. You can use this policy to detect embedded commands like CREATE TABLE and DROP TABLE that could be injected into an HTTP request, and as a result trigger the creation, deletion, or denial of service of backend databases. As the policy owner, you can thwart these SQL injection threats by specifying regular expressions (regex) to identify SQL commands, elements, strings, and non-database conformant characters from being passed in the payload.

If an SQL expression or command is provided in the request payload JSON, query string, header, or path, then the API consumer receives a Validation failed error. If the API request is safe, then the API can successfully be executed.

The default expression contains common SQL commands that could pose injection threats. You can modify it or use a custom regex. The default regex does not have to be modified for the policy to function. Since the regex can contain many values, you can add multiple entries to separate their expressions into manageable portions for readability and organization considerations. You can also append additional expressions to the default regex.

Policy Execution Order

This SQL Validator policy executes after the request has been authenticated.

Expression Enabled Fields in API Policies

All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.

Parameter Name

Description

Default Value

Example

Parameter Name

Description

Default Value

Example

Label

Required. The name for the API policy.

SQL Threat Detector

 

When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.

For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.

True

request.method == "POST"

Threat Detection Regex

The SQL string that detects threats. You can enter multiple strings.

.'.|.ALTER.|.ALTER TABLE.|.ALTER VIEW.|.CREATE DATABASE.|.CREATE PROCEDURE.|.CREATE SCHEMA.|.CREATE TABLE.|.CREATE VIEW.|.DELETE.|.DROP DATABASE.|.DROP PROCEDURE.|.DROP.|.SELECT.



.*'.*|.*ALTER.*|.*ALTER TABLE.*|.*ALTER VIEW.*|.*CREATE DATABASE.*|.*CREATE PROCEDURE 1 and 1 [^A-Za-z0-9\s]+

 

Status

Indicates whether the API policy is enabled or disabled. 

Enabled

Disabled

 

Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.