SQLIDPS is a tool designed to detect and prevent SQL injection attacks in web applications. SQL injection is a common attack vector that allows attackers to execute arbitrary SQL code on a database, potentially leading to data breaches and other security issues. This project aims to provide a robust solution for identifying and mitigating such vulnerabilities.
The data flow in SQLIDPS illustrates how user inputs are processed to detect and prevent SQL injection attacks.
Below is a detailed visualization of the flow:
📚 For more detailed documentation, visit deepwiki docs.
🛡️ SQL Injection Check Time: 0.8ms per input
Checks if the provided data contains potential SQLi payloads. Raises PotentialSQLiPayload if a malicious input is detected.
-
Arguments:
data(str | list | dict): Input to be checked.
-
Example:
from sqlidps import SQLi
try:
SQLi.check("SELECT * FROM users WHERE '1'='1' --")
except PotentialSQLiPayload as e:
print("Blocked:", e)Parses a dictionary and replaces any malicious values with a safe error string instead of raising an exception.
-
Arguments:
data(dict): Dictionary to scan.error(str): Replacement string for detected payloads (default:"potential payload").
-
Returns:
- A cleaned dictionary with malicious values replaced.
-
Example:
data = {
"username": "admin",
"password": "' OR '1'='1"
}
cleaned = SQLi.parse(data)
print(cleaned)
# Output: {'username': 'admin', 'password': 'potential payload'}pip install sqlidpscd sqlidps
pip install -r requirements.txt
flex -o sqlidps/lex.yy.c sqlidps/lexer.l
make sqlidps && make sqlidps clean
python sqlidps/train.py
pip install .