Security Hub

Bring your software development workflows to security

PstGre

Postgres injection

Signals & Triggers

On Postgres database access
If user input alters SQL query structure

Actions

  • Block the HTTP request Block the HTTP request
  • Log request stack trace Log request stack trace
  • Log the malicious request Log the malicious request
  • Report an incident Report an incident

Notifications

  • Send an email to all team members Send an email to all team members
  • Send a Slack notification. Send a Slack notification.
  • POST to your Webhook. POST to your Webhook.
  • Send to New Relic Insights. Send to New Relic Insights.
  • Create an incident on PagerDuty (coming soon) Create an incident on PagerDuty (coming soon)

Details

A SQL injection happens when a SQL query relies on non-sanitized user inputs. An attacker can then alter the structure of the query in order to return more data than initially expected.

Let’s take a simple example: SELECT first_name, last_name, address, phone_number FROM users where id = '$user_id'. Assuming $user_id comes from the requesting user (HTTP request). Sending a value like ' OR 1 = 1 will result in: SELECT first_name, last_name, address, phone_number FROM users where id ='' OR 1=1. OR 1 = 1 being always true. The attacker just managed to dump the entire user database in a single request.

This plugin detects and blocks HTTP requests triggering SQL injections. This is done without false positives by acting inside the application.

Advanced details

When the application starts, Sqreen library hooks the main DB drivers methods in order to catch queries about to be executed.

Next, on every database request, Sqreen parses the SQL query, just before it is executed. It checks for non-sanitized operators - OR, AND, UNION, … - coming from the user inputs, altering the original query structure and enabling an attacker to derive its original purpose.

No traffic redirection is performed. The analysis of the query happens inside the application, relying on Sqreen’s dynamic instrumentation of the DB driver.

By being in-app and running just before the query is sent to the database server - the very last step in your app - we can guarantee a 100% non false positive detection and protection for Postgres injections.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

No sensitive data collected


On attack
  • SQL query
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)
  • Stack trace

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen.jar

 

// Add JVM startup options:

-javaagent:/path/to/sqreen.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 14 days · No credit card required Sign up Request demo