diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5f398638..5c670dbb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -166,8 +166,8 @@ jobs: echo $AIKIDO_VERSION echo "AIKIDO_VERSION=$AIKIDO_VERSION" >> $GITHUB_ENV echo "AIKIDO_LIBZEN=libzen_internals_x86_64-unknown-linux-gnu.so" >> $GITHUB_ENV - echo "AIKIDO_LIBZEN_VERSION=0.1.31" >> $GITHUB_ENV - + echo "AIKIDO_LIBZEN_VERSION=0.1.33" >> $GITHUB_ENV + - name: Download artifacts uses: actions/download-artifact@v4 with: diff --git a/tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt b/tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt new file mode 100644 index 00000000..22792028 --- /dev/null +++ b/tests/cli/sql_injection/sql_injection_sqlite_dollar_placeholder.phpt @@ -0,0 +1,42 @@ +--TEST-- +Test SQLite database operations + +--ENV-- +AIKIDO_LOG_LEVEL=INFO +AIKIDO_BLOCK=1 + +--FILE-- +setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + $pdo->exec("CREATE TABLE IF NOT EXISTS users ( + id INTEGER PRIMARY KEY, + name TEXT, + email TEXT)"); + + $pdo->exec("INSERT INTO users (name, email) VALUES ('John Doe', 'john@example.com')"); + + // Simulate user input + $unsafeInput = "1' OR $$ IS NULL -- "; + $_SERVER['HTTP_USER'] = $unsafeInput; + + // Vulnerable query + $result = $pdo->query("SELECT * FROM users WHERE id = $unsafeInput"); + + foreach ($result as $row) { + echo "ID: " . $row['id'] . "\n"; + echo "Name: " . $row['name'] . "\n"; + echo "Email: " . $row['email'] . "\n\n"; + } +} catch (PDOException $e) { + echo "Connection failed: " . $e->getMessage(); +} + +// Close the database connection +$pdo = null; + +?> + +--EXPECTREGEX-- +.*Fatal error: Uncaught Exception: Aikido firewall has blocked an SQL injection.*