cspj-application/server-ml

Test Cases

1. Basic test cases

[Good] SELECT _ FROM users WHERE id = 1
[Bad] SELECT _ FROM users WHERE id = 1 OR 1=1

2. Authentication bypass cases

[Bad] SELECT _ FROM users WHERE username = 'admin' --
[Bad] SELECT _ FROM users WHERE username = 'admin' #
[Bad] SELECT \* FROM users WHERE username = 'admin' OR '1'='1'

3. Union based injection cases

[Bad] SELECT id, username FROM users WHERE id = 1 UNION SELECT null, 'hacker'
[Bad] SELECT id, username FROM users WHERE id = 1 UNION SELECT 1, 'hacked' FROM dual
[Bad] SELECT database() UNION SELECT 1

4. Error based injection cases

[Bad] SELECT _ FROM users WHERE id = 1 AND (SELECT 1 FROM users WHERE id=2)=1
[Bad] SELECT _ FROM users WHERE id = (SELECT COUNT(\*) FROM users)

5. Blind SQL injection cases

[Bad] SELECT _ FROM users WHERE id = 1; WAITFOR DELAY '00:00:10' --
[Bad] SELECT _ FROM users WHERE username = 'admin' AND 1=1

6. Hex and Base64 encoded injection cases

[Bad] SELECT _ FROM users WHERE username = 0x61646D696E
[Bad] SELECT _ FROM users WHERE username = 'YWRtaW4='

7. False positives cases

[Good] SELECT _ FROM users WHERE id = 5
[Good] SELECT users.name, orders.amount FROM users JOIN orders ON users.id = orders.user_id
[Good] SELECT _ FROM users WHERE username = ? AND password = ?

8. Edge cases

[Good] ""
[Bad] '; --
[Good] 12345
[Good] asdkjhasdkjh