duck.http.middlewares.security.modules.sql_injection¶
Improved SQLi detector for URLs.
Keeps a very fast “quick safe” path for common clean URLs.
Decodes URL components and inspects path segments + query values + fragment.
Uses a lightweight scoring system with pre-compiled regexes to reduce false positives.
Caps per-token scanning length to keep work bounded.
Returns True when a potential SQL injection is detected.
Module Contents¶
Functions¶
Parse URL and return a list of decoded tokens to analyze: |
|
Truncate token to MAX_TOKEN_LENGTH for safety and performance. |
|
Returns True if a potential SQL injection is detected in the URL. Strategy: |
|
Fast check: returns True if URL appears trivially safe (all components contain only very common safe characters). This is a cheap fast-path used to avoid deeper scanning for the majority of benign requests. |
Data¶
API¶
- duck.http.middlewares.security.modules.sql_injection.MAX_TOKEN_LENGTH¶
512
- duck.http.middlewares.security.modules.sql_injection.MAX_URL_LENGTH¶
4096
- duck.http.middlewares.security.modules.sql_injection.PER_TOKEN_FLAG¶
5
- duck.http.middlewares.security.modules.sql_injection.SCORE_THRESHOLD¶
6
- duck.http.middlewares.security.modules.sql_injection._ENCODED_PAYLOAD_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._KEYWORD_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._NUMERIC_EQ_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._PATTERNS_WEIGHTS¶
((), (), (), (), (), (), (), (), (), (), (), ())
- duck.http.middlewares.security.modules.sql_injection._QUICK_SAFE_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._QUOTE_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._SENSITIVE_WORDS_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._SIMPLE_SUSPICIOUS_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._SQL_COMMENT_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._SQL_FUNCTION_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._SQL_META_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._STACKED_QUERY_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._TAUTOLOGY_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._UNION_SELECT_RE¶
‘compile(…)’
- duck.http.middlewares.security.modules.sql_injection._gather_tokens(url: str) list[str]¶
Parse URL and return a list of decoded tokens to analyze:
path segments
query parameter values
fragment
the entire query string (small)
- duck.http.middlewares.security.modules.sql_injection._shorten(token: str) str¶
Truncate token to MAX_TOKEN_LENGTH for safety and performance.
- duck.http.middlewares.security.modules.sql_injection.check_sql_injection_in_url(url: str) bool¶
Returns True if a potential SQL injection is detected in the URL. Strategy:
Quick safe path (very fast). If safe, return False.
Tokenize (path segments, query values, fragment) and score each token based on presence of suspicious patterns. Flag when score crosses thresholds.
This function is written to be fast in the common case and conservative about false positives.
- duck.http.middlewares.security.modules.sql_injection.is_safe_url(url: str) bool¶
Fast check: returns True if URL appears trivially safe (all components contain only very common safe characters). This is a cheap fast-path used to avoid deeper scanning for the majority of benign requests.
Note: we intentionally allow common path/file characters (., -, digits).