30 tests cover SQL injection, XSS, command injection, and path traversal detection.
Injection detection rules in policy.yaml:
# policy.yaml
injection_detection:
sql:
enabled: true
patterns:
- "UNION SELECT"
- "OR 1=1"
- "DROP TABLE"
- "'; --"
xss:
enabled: true
patterns:
- "curl -X GET "http://localhost:8080/search?q=' UNION SELECT * FROM users --"HTTP/1.1 400 Bad Request
Content-Type: application/json
{"error": "SQL injection pattern detected", "code": "SQL_INJECTION_BLOCKED"}Classic SQL injection patterns including UNION SELECT, OR 1=1, and comment sequences are detected and blocked in query parameters, form fields, and request bodies.
curl -X POST -d "username=admin' OR '1'='1" http://localhost:8080/loginBoolean-based SQL injection attempts are detected regardless of quote style or spacing variations.
curl -X POST -d "comment=<script>alert('xss')</script>" http://localhost:8080/commentHTTP/1.1 400 Bad Request
Content-Type: application/json
{"error": "XSS pattern detected", "code": "XSS_BLOCKED"}Cross-site scripting attempts including script tags, event handlers, and javascript: URIs are blocked.
curl -X POST -d "name=<img src=x onerror=alert(1)>" http://localhost:8080/profileHTML event handler attributes (onerror, onclick, onload) are detected and blocked.
curl -X POST -d "filename=test.txt; rm -rf / #" http://localhost:8080/uploadHTTP/1.1 400 Bad Request
Content-Type: application/json
{"error": "Command injection pattern detected", "code": "COMMAND_INJECTION_BLOCKED"}Shell command injection patterns including semicolons, pipes, and command chaining are detected and blocked.