sentinel_modsec/libinjection/
mod.rs

1//! Pure Rust implementation of libinjection for SQLi and XSS detection.
2//!
3//! This module provides SQL injection and XSS detection using fingerprint-based
4//! analysis, similar to the original libinjection library.
5
6pub mod sqli;
7pub mod xss;
8
9pub use sqli::{is_sqli, sqli_fingerprint};
10pub use xss::is_xss;
11
12/// Result of injection detection.
13#[derive(Debug, Clone)]
14pub struct DetectionResult {
15    /// Whether injection was detected.
16    pub is_injection: bool,
17    /// Fingerprint that matched (if any).
18    pub fingerprint: Option<String>,
19}
20
21impl DetectionResult {
22    /// Create a positive detection result.
23    pub fn detected(fingerprint: String) -> Self {
24        Self {
25            is_injection: true,
26            fingerprint: Some(fingerprint),
27        }
28    }
29
30    /// Create a negative detection result.
31    pub fn safe() -> Self {
32        Self {
33            is_injection: false,
34            fingerprint: None,
35        }
36    }
37}
38
39#[cfg(test)]
40mod tests {
41    use super::*;
42
43    #[test]
44    fn test_sqli_detection() {
45        assert!(is_sqli("1' OR '1'='1"));
46        assert!(is_sqli("1; DROP TABLE users--"));
47        assert!(is_sqli("admin'--"));
48        assert!(is_sqli("1 UNION SELECT * FROM users"));
49        assert!(!is_sqli("hello world"));
50        assert!(!is_sqli("normal query string"));
51    }
52
53    #[test]
54    fn test_xss_detection() {
55        assert!(is_xss("<script>alert(1)</script>"));
56        assert!(is_xss("javascript:alert(1)"));
57        assert!(is_xss("<img src=x onerror=alert(1)>"));
58        assert!(is_xss("<svg onload=alert(1)>"));
59        assert!(!is_xss("hello world"));
60        assert!(!is_xss("<p>Normal paragraph</p>"));
61    }
62}