Documentation
¶
Overview ¶
Package sqli implements SQL Injection detection via three complementary techniques.
Source reference: sqlmap (GPL-2.0) detection logic — techniques are publicly documented algorithms, reimplemented from scratch without copying code.
Reference: sqlmap/lib/techniques/ — error-based, boolean-based, time-based detection.
Techniques implemented (mirrors sqlmap --technique flag):
- E Error-based: inject payloads that trigger DB-specific error messages
- B Boolean-based blind: compare responses for true/false conditions
- T Time-based blind: measure response delay for sleep/benchmark payloads
Architecture:
- Payload struct: technique + dbms family + inject string + detection func
- errgroup.SetLimit(Parallelism) fan-out (guia-go §9)
- io.LimitReader on every response body (dicas.md §5)
- log/slog observability (dicas.md §16)
- sync.Mutex protecting findings slice
- NewWithClient(*http.Client) + overridable timeouts for testability
- Soft failure per payload: log DEBUG, continue
What is ported faithfully:
- Error-based payloads: MySQL, PostgreSQL, MSSQL, Oracle, SQLite, IBM DB2 error string signatures from sqlmap/data/xml/errors.xml
- Boolean-based: true/false condition pairs, response body length comparison
- Time-based: sleep payloads, response time delta > threshold
- GET parameter injection (append payload) + POST body injection
Index ¶
Constants ¶
const ( // DefaultTimeout is the per-request timeout for regular probes. DefaultTimeout = 10 * time.Second // DefaultTimeBasedTimeout is per-request timeout for time-based probes // (must accommodate the sleep delay). DefaultTimeBasedTimeout = 30 * time.Second // DefaultTimeSleepSeconds is the sleep delay injected into time-based payloads. DefaultTimeSleepSeconds = 5 // DefaultParallelism is the maximum concurrent injection probes. DefaultParallelism = 10 )
const ( TechniqueError = "E" TechniqueBoolean = "B" TechniqueTime = "T" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Module ¶
type Module struct {
// contains filtered or unexported fields
}
Module implements SQL Injection detection.
func New ¶
func New() *Module
New returns a Module with all built-in payloads and default HTTP client.
func NewWithClient ¶
NewWithClient returns a Module using the supplied HTTP client (testability).
func (*Module) Run ¶
Run executes SQL injection probes against all target URLs and their parameters.
Options supported:
- "techniques" — comma-separated techniques to enable: E,B,T (default: all)
- "parallelism" — max concurrent probes (default: 10)
- "sleep_seconds" — sleep delay for time-based payloads (default: 5)
- "dbms" — comma-separated DBMS families to limit testing (e.g. "mysql,postgresql")
- "method" — HTTP method to inject: GET or POST (default: GET)
type Payload ¶
type Payload struct {
// Technique is one of E (error-based), B (boolean-based), T (time-based).
Technique string
// DBMS is the targeted database family (mysql, postgresql, mssql, oracle, sqlite, generic).
DBMS string
// Inject is the string appended to the parameter value.
Inject string
// TrueInject / FalseInject are used for boolean-based: two variants that should
// return different responses. TrueInject should return the real page; FalseInject
// a different/empty one.
TrueInject string
FalseInject string
// SleepSeconds is the sleep delay for time-based payloads (0 = use DefaultTimeSleepSeconds).
SleepSeconds int
// Detect is a function that inspects the response body/status and returns true
// if the payload triggered the expected indicator.
// For boolean/time techniques this is set automatically — only error-based uses custom.
Detect func(body string, status int) bool
// Severity is the finding severity when this payload matches.
Severity module.Severity
// Tags are metadata tags.
Tags []string
}
Payload defines a single SQL injection test payload. Mirrors sqlmap/lib/core/data.py PayloadData structure.