https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips

GatewayD plugin for SQL injection detection and prevention.
https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips

deep-learning gatewayd ids ips libinjection plugin postgresql sql-injection tensorflow waf

Last synced: 4 months ago
JSON representation

GatewayD plugin for SQL injection detection and prevention.

• Host: GitHub
• URL: https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips
• Owner: gatewayd-io
• License: agpl-3.0
• Created: 2023-05-13T20:19:18.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2025-08-07T15:43:15.000Z (11 months ago)
• Last Synced: 2026-01-23T18:23:32.692Z (5 months ago)
• Topics: deep-learning, gatewayd, ids, ips, libinjection, plugin, postgresql, sql-injection, tensorflow, waf
• Language: Go
• Homepage: https://docs.gatewayd.io/plugins/gatewayd-plugin-sql-ids-ips/
• Size: 163 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  

    

      

    

  

  
gatewayd-plugin-sql-ids-ips

  
GatewayD plugin for SQL injection detection and prevention.




    Download ·

    Documentation ·

    DeepSQLi



## Features

- Defense against dark arts:

  - [MITRE ATT&CK T1190](https://attack.mitre.org/techniques/T1190/)

  - [OWASP Top 10:2021 A3](https://owasp.org/Top10/A03_2021-Injection/)

  - [CAPEC-66](https://capec.mitre.org/data/definitions/66.html)

  - [CWE-89](https://cwe.mitre.org/data/definitions/89.html)

- Detects SQL injection attacks using two methods:

  - **Signature-based detection**: Detects SQL injection attacks by matching incoming queries against a list of known malicious queries using a trained deep learning model with Tensorflow and Keras

  - **Syntax-based detection**: Detects SQL injection attacks by parsing incoming queries and checking for suspicious syntax using `libinjection`

- Prevents SQL injection attacks by blocking malicious queries from reaching the database server, and returning an error or empty response to the client instead

- Logs an audit trail for detections containing the query and the prediction score

- Sigma rule for detection in SIEM systems

- Prometheus metrics for quantifying detections

- Logging

- Configurable via environment variables

## Build for testing

To build the plugin for development and testing, run the following command:

```bash

make build-dev

```

Running the above command causes the `go mod tidy` and `go build` to run for compiling and generating the plugin binary in the current directory, named `gatewayd-plugin-sql-ids-ips`.

## Contributing

We welcome contributions from everyone. Just open an [issue](https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips/issues) or send us a [pull request](https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips/pulls).

## License

This plugin is licensed under the [Affero General Public License v3.0](https://github.com/gatewayd-io/gatewayd-plugin-sql-ids-ips/blob/main/LICENSE).