Question: Is libinjection employed while detecting SQLi

[ghost]

Quick query:

How to enable libinjection based SQLi detection? Is there any config option one has to set? I am looking at

function _M.detectsqli(input) if (type(input) == 'table') then for , v in ipairs(input) do local match, value = _M.detect_sqli(v)

        if match then
            return match, value
        end
    end
else
    -- yes this is really just one line
    -- libinjection.sqli has the same return values that lookup.operators expects
    return libinject.sqli(input)
end

return false, nil

end

But can't figure out if libinjection is already being used for detecting SQLi attacks. I want to enable SQLi using only libinjection.

[p0pr0ck5]

Hi,

Sorry for the delayed response. We use libinjection when rules with the @issqli operator are translated. The existing included rulesets don't use this operator; however, the pending release of OWASP CRSv3 does include this op, so we'll be taking advantage of that by default in the next few weeks.

Let me know if I can clarify anything else!