protect/sql-query-protection

A Laravel middleware for SQL and XSS protection

Maintainers

Details

github.com/aswinsasi/injection-protector

Source

Issues

Installs: 14

Dependents: 0

Suggesters: 0

Security: 0

Stars: 5

Watchers: 1

Forks: 0

Open Issues: 0

v6.0.0 2024-10-15 07:41 UTC

Requires

Requires (Dev)

MIT d48bdf0daf572ed59af14f4f0e7bb8a90851679d

  • Aswin Sasi <aswinfear01.woop@gmail.com>

This package is auto-updated.

Last update: 2024-11-12 05:53:50 UTC

README

SQL and LDAP Query Protection Middleware for Laravel

This package provides middleware for Laravel applications to prevent SQL injection and LDAP injection attacks. It ensures secure communication by blocking malicious queries, protecting both your database and directory services.

Features

  • SQL Injection Protection:
    Validates and sanitizes SQL queries to prevent unauthorized access.
  • LDAP Injection Protection:
    Prevents malicious LDAP queries by sanitizing input before querying directory services.
  • Custom Logging:
    Logs suspicious queries for monitoring and further analysis.
  • Easy to Configure:
    Configurable middleware with options for logging and handling injection attempts.

Installation

You can install the package via Composer.

1. Require the Package

composer require protect/sql-query-protection

Alternatively, you can install the latest development version:

composer require protect/sql-query-protection:@dev

2. Publish the Configuration File

php artisan vendor:publish --provider="SqlQueryProtection\SqlQueryProtectionServiceProvider"

3. Clear Config Cache

After publishing the configuration, clear the config cache:

php artisan config:clear

Route Middleware Registration If you prefer to apply the middleware to specific routes, add the following line to the $routeMiddleware array:

protected $routeMiddleware = [
    // Other route middleware...
    'sql.protection' => \SqlQueryProtection\Middleware\SqlQueryProtection::class,
];

You can then use the middleware in your routes like this:

Route::middleware(['sql.protection'])->group(function () {
    Route::get('/your-route', 'YourController@yourMethod');
});

Usage: SQL Protection Command

This package provides an Artisan command to scan your routes for SQL injection vulnerabilities.

Command Syntax

php artisan sqlprotection:scan

Sample Output:

Running SQL Protection Scan...
Checking route: api/users
Checking route: api/orders

No SQL injection vulnerabilities detected.

If vulnerabilities are detected, they will be listed as follows:

Potential SQL injection vulnerabilities found in the following routes:
- api/orders

Configuration Options

The configuration file is located at config/sqlqueryprotection.php. You can adjust the following settings:

return [
    'sql_protection_enabled' => true,
    'xss_protection_enabled' => true,
];
  • sql_protection_enabled: Enables/Disables SQL injection protection.
  • xss_protection_enabled: Enables/Disables XSS protection.

Troubleshooting

If the sqlprotection:scan command is not recognized or the package does not function as expected, follow these steps:

  1. Ensure the Service Provider is Registered:
    Confirm the service provider is registered in config/app.php:

    'providers' => [
    SqlQueryProtection\SqlQueryProtectionServiceProvider::class,
],

  2. Run composer dump-autoload:

    composer dump-autoload

  3. Clear Application Cache:

    php artisan cache:clear
php artisan config:clear

This README provides all the necessary steps to install, configure, and use the package effectively, including details about the Artisan command and configuration options.