Adding an SQL Injection Rule
You can add SQL injection rules to audit all the databases connected to database audit.
Prerequisites
The database audit instance is in the Running state.
Constraints and Limitations
One piece of audited data can match only one SQL injection rule.
Managing SQL Injection Rules
- Log in to the DBSS console.
- Click
in the upper left corner on the displayed page and select a region. - In the navigation tree on the left, choose Rules.
- In the Instance drop-down list, select an instance.
- Click the SQL Injection tab.
Adding an SQL Injection Rule
- Click Add and configure parameters. Figure 1 Adding an SQL injection rule
Table 1 SQL injection rule parameters Parameter
Parameters
Example Value
Rule Name
Name of an SQL rule, which can be customized.
Postal Code SQL Injection Rule
Risk Level
Level of risks matching an SQL rule. Its value can be:
- High
- Medium
- Low
- No risk
Medium
Status
Indicates the SQL injection rule is enabled or disabled.
- Enabled
- Disabled
Enabled
Regular Expression
A regular expression that checks for content in a certain pattern.
^\d{6}$
Raw Data
Content that matches the regular expression.
Enter content and click Test to verify that the regular expression works properly.
628307
Result
Test result. It can be:
- Hit: The regular expression is correct.
- Missed: The regular expression is incorrect.
Missed
- Confirm the information, and click OK. The new SQL injection rule is displayed as the first rule in the list by default.
Checking the SQL Injection Rule List
Check the SQL injection rule list. For details, see Table 2.
You can select an attribute from the search box above the list or enter a keyword to search for a specified SQL injection rule.
| Parameter | Description |
|---|---|
| Name | Name of the SQL injection detection rule. |
| Command Feature | Command features of the SQL injection detection. |
| Risk Level | Risk level of the SQL injection detection.
|
| Status | Status of the SQL injection detection.
|
References
- You can add an audit scope rule. For details, see Configuring an Audit Scope Rule.
- You can add a risky operation rule to audit risky operations on databases. For details, see Managing Risky Operation Rules.
- To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage. For details, see Configuring Privacy Data Protection Rules.
- You can add trusted SQL statements to the whitelist. Database audit will ignore whitelisted SQL statements. For details, see Configuring SQL Whitelist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot