SQentineL

SQentineL is a simple education focused SAST tool designed to detect SQL Injection, Command-Line Injection, and code injection attacks.

Comment

Inspiration

A few of our members are enthusiastic about cybersecurity and wanted to take this opportunity to get hands on experience both developing security tools and handling real threats/vulnerabilities. We also wanted to make information and mitigation strategies more accessible to people who may just be beginning their educational or professional careers.

What it does

SQentineL is an education focused Static Application Security Testing (SAST) tool designed to detect various types of injection attacks in python source code. It then informs the user about what vulnerabilities have been detected, why they're a problem, and suggest alternative solutions.

How we built it

We built a custom rules based classifier using Abstract Syntax Trees (AST) and the python ast library. We have custom output and rule templates that allow for easy creation of new rules and their associated info and formatting. We take code input from the website or CLI and pass it into the analyzer so that it can attempt to build an AST of the code. Once the tree has been built we can traverse it from node to node with no risk of executing any code. As we traverse we can examine the contents of each node and attempt to classify them based on our rules. The website backend is built using fast-api and the frontend itself was built using the standard html/css/js.

Challenges we ran into

We had a particularly difficult time getting the analyzer to detect tainted data as still being tainted after being passed into and returned from a function. We managed to make a solution that handles tainted data in function calls, as parameters, and in return statements, but I suspect it would be insufficient for complex codebases and call-stacks.

Accomplishments that we're proud of

Our tool passes every test case and handles situations originally outside the projects' scope, handles input sanitization, and has a fully design frontend.

What we learned

We learned a lot about AST's, system level commands, input validation, and its associated security concerns, and fundamental website/frontend design.

What's next for SQentineL

We would like to get the tool properly hosted on a website, increase the types of vulnerabilities it can detect, and incorporate some type of machine learning model to assist in generating secure code.

Built With

Share this project:

Updates