Question about AcraCensor: SQL query without "FROM"

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.

https://www.cossacklabs.com/acra/

Apache License 2.0

1.35k stars 127 forks source link

Question about AcraCensor: SQL query without "FROM" #666

Closed m8522s closed 1 year ago

m8522s commented 1 year ago

Hi team, I am working on a acra-censor.yaml file to whitelist all SQL queries from a webmail app. My question: How can I write a pattern or query to catch an SQL query that has no FROM part?

The logged SQL query is:

time="2023-08-14T18:19:20+02:00" level=error msg="Denied query: 'select vars, ip, changed, now() as ts, case when changed < now() - interval :replaced1 second then :'" code=560 service=acra-censor

Thanks for your answer and support.

Lagovas commented 1 year ago

Hi. For now, there are no rules/patterns that allow it. Only whitelist of hardcoded queries. If you have dynamic value in the query then no way to do it now, unfortunately.

m8522s commented 1 year ago

Too bad - the query contains a session ID, which is dynamic. Anyway, thanks for your answer.