Updated on 2026-07-07 GMT+08:00

Adding an SQL Injection Rule

You can add SQL injection rules to audit all the databases connected to database audit.

Prerequisites

The database audit instance is in the Running state.

Constraints and Limitations

One piece of audited data can match only one SQL injection rule.

Managing SQL Injection Rules

  1. Log in to the DBSS console.
  2. Click in the upper left corner on the displayed page and select a region.
  3. In the navigation tree on the left, choose Rules.
  4. In the Instance drop-down list, select an instance.
  5. Click the SQL Injection tab.

Adding an SQL Injection Rule

  1. Click Add and configure parameters.

    Figure 1 Adding an SQL injection rule
    Table 1 SQL injection rule parameters

    Parameter

    Parameters

    Example Value

    Rule Name

    Name of an SQL rule, which can be customized.

    Postal Code SQL Injection Rule

    Risk Level

    Level of risks matching an SQL rule. Its value can be:

    • High
    • Medium
    • Low
    • No risk

    Medium

    Status

    Indicates the SQL injection rule is enabled or disabled.

    • Enabled
    • Disabled

    Enabled

    Regular Expression

    A regular expression that checks for content in a certain pattern.

    ^\d{6}$

    Raw Data

    Content that matches the regular expression.

    Enter content and click Test to verify that the regular expression works properly.

    628307

    Result

    Test result. It can be:

    • Hit: The regular expression is correct.
    • Missed: The regular expression is incorrect.

    Missed

  2. Confirm the information, and click OK. The new SQL injection rule is displayed as the first rule in the list by default.

Checking the SQL Injection Rule List

Check the SQL injection rule list. For details, see Table 2.

You can select an attribute from the search box above the list or enter a keyword to search for a specified SQL injection rule.

Figure 2 Viewing information about the SQL injection detection
Table 2 Parameters of SQL injection detection

Parameter

Description

Name

Name of the SQL injection detection rule.

Command Feature

Command features of the SQL injection detection.

Risk Level

Risk level of the SQL injection detection.

  • High
  • Medium
  • Low
  • No risk

Status

Status of the SQL injection detection.

  • Enabled
  • Disabled

References