From 7d3e4dc28b10703b898d2b2eb3182ab19473ac06 Mon Sep 17 00:00:00 2001
From: Tobe O <thosakwe@gmail.com>
Date: Fri, 16 Aug 2019 10:49:18 -0400
Subject: [PATCH] SQL filter middleware

---
 lib/src/native/sqli.dart | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/lib/src/native/sqli.dart b/lib/src/native/sqli.dart
index 643b3f81..6c4c02e4 100644
--- a/lib/src/native/sqli.dart
+++ b/lib/src/native/sqli.dart
@@ -9,6 +9,28 @@ LibInjectionScore sqlInjectionScore(String text) {
   return LibInjectionScore(result[0] as bool, result[1] as String);
 }
 
+/// Uses `libinjection` to filter out possible SQL injections from the
+/// query parameters ([RequestContext.queryParameters]).
+/// 
+/// Note: This is *destructive*, and modifies the query parameter map,
+/// instead of returning new data.
+bool sqliFilterQuery(RequestContext req, ResponseContext res) {
+  var out = <String, dynamic>{};
+  req.queryParameters.forEach((k, v) {
+    if (v is! String) {
+      out[k] = v;
+    } else {
+      var score = sqlInjectionScore(v as String);
+      if (!score.isInjection) {
+        out[k] = v;
+      }
+    }
+  });
+
+  req.queryParameters..clear()..addAll(out);
+  return true;
+}
+
 class LibInjectionScore {
   final bool isInjection;
   final String signature;