sqli

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2026 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package sqli implements SQL Injection detection via three complementary techniques.

Source reference: sqlmap (GPL-2.0) detection logic — techniques are publicly documented algorithms, reimplemented from scratch without copying code.

Reference: sqlmap/lib/techniques/ — error-based, boolean-based, time-based detection.

Techniques implemented (mirrors sqlmap --technique flag):

  • E Error-based: inject payloads that trigger DB-specific error messages
  • B Boolean-based blind: compare responses for true/false conditions
  • T Time-based blind: measure response delay for sleep/benchmark payloads

Architecture:

  • Payload struct: technique + dbms family + inject string + detection func
  • errgroup.SetLimit(Parallelism) fan-out (guia-go §9)
  • io.LimitReader on every response body (dicas.md §5)
  • log/slog observability (dicas.md §16)
  • sync.Mutex protecting findings slice
  • NewWithClient(*http.Client) + overridable timeouts for testability
  • Soft failure per payload: log DEBUG, continue

What is ported faithfully:

  • Error-based payloads: MySQL, PostgreSQL, MSSQL, Oracle, SQLite, IBM DB2 error string signatures from sqlmap/data/xml/errors.xml
  • Boolean-based: true/false condition pairs, response body length comparison
  • Time-based: sleep payloads, response time delta > threshold
  • GET parameter injection (append payload) + POST body injection

Index

Constants

View Source
const (
	// DefaultTimeout is the per-request timeout for regular probes.
	DefaultTimeout = 10 * time.Second

	// DefaultTimeBasedTimeout is per-request timeout for time-based probes
	// (must accommodate the sleep delay).
	DefaultTimeBasedTimeout = 30 * time.Second

	// DefaultTimeSleepSeconds is the sleep delay injected into time-based payloads.
	DefaultTimeSleepSeconds = 5

	// DefaultParallelism is the maximum concurrent injection probes.
	DefaultParallelism = 10
)
View Source
const (
	TechniqueError   = "E"
	TechniqueBoolean = "B"
	TechniqueTime    = "T"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Module

type Module struct {
	// contains filtered or unexported fields
}

Module implements SQL Injection detection.

func New

func New() *Module

New returns a Module with all built-in payloads and default HTTP client.

func NewWithClient

func NewWithClient(c *http.Client) *Module

NewWithClient returns a Module using the supplied HTTP client (testability).

func (*Module) Name

func (m *Module) Name() string

Name returns the module name.

func (*Module) Run

func (m *Module) Run(ctx context.Context, input module.Input) ([]module.Finding, error)

Run executes SQL injection probes against all target URLs and their parameters.

Options supported:

  • "techniques" — comma-separated techniques to enable: E,B,T (default: all)
  • "parallelism" — max concurrent probes (default: 10)
  • "sleep_seconds" — sleep delay for time-based payloads (default: 5)
  • "dbms" — comma-separated DBMS families to limit testing (e.g. "mysql,postgresql")
  • "method" — HTTP method to inject: GET or POST (default: GET)

type Param

type Param struct {
	Name  string
	Value string
}

Param represents an injectable parameter.

type Payload

type Payload struct {
	// Technique is one of E (error-based), B (boolean-based), T (time-based).
	Technique string
	// DBMS is the targeted database family (mysql, postgresql, mssql, oracle, sqlite, generic).
	DBMS string
	// Inject is the string appended to the parameter value.
	Inject string
	// TrueInject / FalseInject are used for boolean-based: two variants that should
	// return different responses. TrueInject should return the real page; FalseInject
	// a different/empty one.
	TrueInject  string
	FalseInject string
	// SleepSeconds is the sleep delay for time-based payloads (0 = use DefaultTimeSleepSeconds).
	SleepSeconds int
	// Detect is a function that inspects the response body/status and returns true
	// if the payload triggered the expected indicator.
	// For boolean/time techniques this is set automatically — only error-based uses custom.
	Detect func(body string, status int) bool
	// Severity is the finding severity when this payload matches.
	Severity module.Severity
	// Tags are metadata tags.
	Tags []string
}

Payload defines a single SQL injection test payload. Mirrors sqlmap/lib/core/data.py PayloadData structure.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL