Merge pull request #116 from AikidoSec/AIK-4112-zen-update

AIK-4112: Update Zen internals to v0.1.33

.github/workflows/build.yml

@@ -166,8 +166,8 @@ jobs:
           echo $AIKIDO_VERSION
           echo "AIKIDO_VERSION=$AIKIDO_VERSION" >> $GITHUB_ENV
           echo "AIKIDO_LIBZEN=libzen_internals_x86_64-unknown-linux-gnu.so" >> $GITHUB_ENV
-          echo "AIKIDO_LIBZEN_VERSION=0.1.31" >> $GITHUB_ENV
-      
+          echo "AIKIDO_LIBZEN_VERSION=0.1.33" >> $GITHUB_ENV
+
       - name: Download artifacts
         uses: actions/download-artifact@v4
         with:

tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt

@@ -0,0 +1,42 @@
+--TEST--
+Test SQLite database operations
+
+--ENV--
+AIKIDO_LOG_LEVEL=INFO
+AIKIDO_BLOCK=1
+
+--FILE--
+<?php
+try {
+    $pdo = new PDO('sqlite::memory:');
+    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+    $pdo->exec("CREATE TABLE IF NOT EXISTS users (
+                id INTEGER PRIMARY KEY,
+                name TEXT,
+                email TEXT)");
+
+    $pdo->exec("INSERT INTO users (name, email) VALUES ('John Doe', '[email protected]')");
+
+    // Simulate user input
+    $unsafeInput = "1' OR $$ IS NULL -- ";
+    $_SERVER['HTTP_USER'] = $unsafeInput;
+
+    // Vulnerable query
+    $result = $pdo->query("SELECT * FROM users WHERE id = $unsafeInput");
+
+    foreach ($result as $row) {
+        echo "ID: " . $row['id'] . "\n";
+        echo "Name: " . $row['name'] . "\n";
+        echo "Email: " . $row['email'] . "\n\n";
+    }
+} catch (PDOException $e) {
+    echo "Connection failed: " . $e->getMessage();
+}
+
+// Close the database connection
+$pdo = null;
+
+?>
+
+--EXPECTREGEX--
+.*Fatal error: Uncaught Exception: Aikido firewall has blocked an SQL injection.*