Can we add the rule to detect JSON-Based SQL to prevent AWS WAF bypass

aws-solutions / aws-waf-security-automations

This solution automatically deploys a single web access control list (web ACL) with a set of AWS WAF rules designed to filter common web-based attacks.

https://aws.amazon.com/solutions/aws-waf-security-automations

Apache License 2.0

835 stars 358 forks source link

Can we add the rule to detect JSON-Based SQL to prevent AWS WAF bypass #234

Closed sboonyakiatACR closed 1 year ago

sboonyakiatACR commented 1 year ago

In December 2022 there is an article regarding how to bypass AWS WAF by stuffing JSON in SQL as per https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Can we add the SQL injection rule that inspects JSON objects for SQL Injection attack or anything else that will prevent this bypass? I do see that AWS WAF has supported JSON Parsing and inspection since Feb 2021 https://aws.amazon.com/about-aws/whats-new/2021/02/aws-waf-support-json-body-inspection/

aijunpeng commented 1 year ago

Thanks for opening this issue. We will add support for the SQLi managed rule group in the upcoming solution release that should include JSON inspection for SQLi. Meanwhile you can customize the SQL injection custom rule to achieve the same protection.