Summary
Add a new scanner to detect SQL injection attempts (classic "UNION SELECT", "DROP TABLE", ";--" etc.).
Why
RAG pipelines sometimes surface database docs/configs. A malicious query might attempt injection via retrieved text.
Acceptance criteria
- New
SQLInjectionScanner in rag_firewall/scanners/sql_injection_scanner.py.
- Matches common SQLi patterns.
- Unit tests in
tests/test_scanners.py with positive + negative cases.
Difficulty: easy/medium (regex-based)
Summary
Add a new scanner to detect SQL injection attempts (classic
"UNION SELECT","DROP TABLE",";--"etc.).Why
RAG pipelines sometimes surface database docs/configs. A malicious query might attempt injection via retrieved text.
Acceptance criteria
SQLInjectionScannerinrag_firewall/scanners/sql_injection_scanner.py.tests/test_scanners.pywith positive + negative cases.Difficulty: easy/medium (regex-based)