Add hypersql sink

bitterpanda63 · bitterpanda63 · commit 86bfe5e22a42 · 2025-09-30T15:27:01.000+02:00
diff --git a/agent/src/main/java/dev/aikido/agent/Wrappers.java b/agent/src/main/java/dev/aikido/agent/Wrappers.java
@@ -41,6 +41,7 @@ private Wrappers() {}
             new JavalinWrapper(),
             new JavalinDataWrapper(),
             new JavalinContextClearWrapper(),
-            new SQLiteWrapper()
+            new SQLiteWrapper(),
+            new HyperSQLWrapper()
     );
 }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/jdbc/HyperSQLWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/jdbc/HyperSQLWrapper.java
@@ -0,0 +1,27 @@
+package dev.aikido.agent.wrappers.jdbc;
+
+import dev.aikido.agent.wrappers.Wrapper;
+import net.bytebuddy.description.method.MethodDescription;
+import net.bytebuddy.description.type.TypeDescription;
+import net.bytebuddy.matcher.ElementMatcher;
+
+import java.sql.Connection;
+import java.sql.Statement;
+
+import static net.bytebuddy.matcher.ElementMatchers.isSubTypeOf;
+import static net.bytebuddy.matcher.ElementMatchers.nameContains;
+
+public class HyperSQLWrapper implements Wrapper {
+    public String getName() {
+        return JDBCConnectionAdvice.class.getName();
+    }
+    public ElementMatcher<? super MethodDescription> getMatcher() {
+        return JDBCConnectionAdvice.getMatcher("org.hsqldb.jdbc");
+    }
+
+    @Override
+    public ElementMatcher<? super TypeDescription> getTypeMatcher() {
+        return nameContains("org.hsqldb.jdbc")
+                .and(isSubTypeOf(Connection.class).or(isSubTypeOf(Statement.class)));
+    }
+}
diff --git a/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/sql_injection/Dialect.java b/agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/sql_injection/Dialect.java
@@ -18,6 +18,11 @@ public Dialect(String dialect) {
         } else if(Objects.equals(dialect, "sqlite")) {
           rustDialectInt = 12;
           humanName = "SQLite";
+        } else if(Objects.equals(dialect, "hsql database engine")) {
+            // HyperSQL dialect doesn't exist yet on our tokenizer, so we use generic dialect,
+            // which is SQL:2016, HyperSQL is closest to this variant.
+          rustDialectInt = 0;
+          humanName = "HyperSQL";
         } else {
             rustDialectInt = 0; // Default option
             humanName = "Generic";

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ private Wrappers() {}`
`41`	`41`	`new JavalinWrapper(),`
`42`	`42`	`new JavalinDataWrapper(),`
`43`	`43`	`new JavalinContextClearWrapper(),`
`44`		`- new SQLiteWrapper()`
	`44`	`+ new SQLiteWrapper(),`
	`45`	`+ new HyperSQLWrapper()`
`45`	`46`	`);`
`46`	`47`	`}`