create encode_safely helper function, and use it for sql inj algo

bitterpanda63 · bitterpanda63 · commit 1f5c362ae02d · 2025-07-15T10:40:43.000+02:00
diff --git a/aikido_zen/helpers/encode_safely.py b/aikido_zen/helpers/encode_safely.py
@@ -0,0 +1,3 @@
+def encode_safely(string: str) -> bytes:
+    """Encodes the given string using UTF-8 encoding, and replaces encoding errors with �"""
+    return string.encode("utf-8", errors="replace")
diff --git a/aikido_zen/vulnerabilities/sql_injection/__init__.py b/aikido_zen/vulnerabilities/sql_injection/__init__.py
@@ -7,6 +7,7 @@
 from aikido_zen.helpers.logging import logger
 from .map_dialect_to_rust_int import map_dialect_to_rust_int
 from .get_lib_path import get_binary_path
+from ...helpers.encode_safely import encode_safely
 
 
 def detect_sql_injection(query, user_input, dialect):
@@ -20,9 +21,12 @@ def detect_sql_injection(query, user_input, dialect):
             return False
 
         internals_lib = ctypes.CDLL(get_binary_path())
-        query_bytes = query_l.encode("utf-8")
-        userinput_bytes = userinput_l.encode("utf-8")
+
+        # Parse input variables for rust function
+        query_bytes = encode_safely(query_l)
+        userinput_bytes = encode_safely(userinput_l)
         dialect_int = map_dialect_to_rust_int(dialect)
+
         c_int_res = internals_lib.detect_sql_injection(
             query_bytes, userinput_bytes, dialect_int
         )

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+def encode_safely(string: str) -> bytes:`
	`2`	`+ """Encodes the given string using UTF-8 encoding, and replaces encoding errors with �"""`
	`3`	`+ return string.encode("utf-8", errors="replace")`