From d7f1e64083c1329532244a75860f5146ff5f7f0b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 11 Mar 2026 22:21:42 +0000
Subject: [PATCH 1/5] Initial plan


From d5617a0e825eeb1ee0425a093692f220f93dc1e3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 11 Mar 2026 22:26:16 +0000
Subject: [PATCH 2/5] Add GitHub Actions CI pipeline for testing with upstream
 libinjection

Co-authored-by: fzipi <3012076+fzipi@users.noreply.github.com>
---
 .github/workflows/ci.yml | 66 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..707aeeb
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,66 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+  schedule:
+    # Run weekly on Mondays at midnight UTC to catch upstream changes
+    - cron: '0 0 * * 1'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y swig gcc python3-dev
+
+      - name: Install Python dependencies
+        run: |
+          pip install --upgrade pip setuptools pytest
+
+      - name: Clone upstream libinjection
+        run: |
+          git clone --depth=1 https://github.com/libinjection/libinjection.git upstream
+
+      - name: Copy upstream source files
+        run: |
+          cp -f upstream/src/libinjection*.h upstream/src/libinjection*.c libinjection/
+
+      - name: Create tests symlink for test_driver.py
+        # test_driver.py resolves test files relative to ../tests from the repo root
+        run: |
+          ln -s "$(realpath upstream/tests)" "$(realpath ..)/tests"
+
+      - name: Generate words.py from upstream data
+        run: |
+          python json2python.py < upstream/src/sqlparse_data.json > words.py
+
+      - name: Generate SWIG wrapper
+        run: |
+          swig -py3 -python -builtin -Wall -Wextra libinjection/libinjection.i
+
+      - name: Build C extension in-place
+        run: |
+          python setup.py build_ext --inplace
+
+      - name: Run tests
+        run: |
+          pytest test_driver.py -v

From 09faf79ddd76a92eeb2e803754187ec057333c4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felipe=20Zipitr=C3=ADa?=
 <3012076+fzipi@users.noreply.github.com>
Date: Mon, 16 Mar 2026 08:09:25 -0300
Subject: [PATCH 3/5] Apply suggestion from @fzipi

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 707aeeb..52a8cf9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+        python-version: ['3.9', '3.10', '3.11', '3.12']
 
     steps:
       - uses: actions/checkout@v4

From a697e572c62796e7c918d23faa619a0467d21305 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felipe=20Zipitr=C3=ADa?=
 <3012076+fzipi@users.noreply.github.com>
Date: Mon, 16 Mar 2026 08:11:45 -0300
Subject: [PATCH 4/5] Apply suggestions from code review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Felipe Zipitría <3012076+fzipi@users.noreply.github.com>
---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 52a8cf9..fa7ba3f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [ main, master ]
+    branches: [ main ]
   pull_request:
-    branches: [ main, master ]
+    branches: [ main ]
   schedule:
     # Run weekly on Mondays at midnight UTC to catch upstream changes
     - cron: '0 0 * * 1'

From 2b9c83da84a2d727656c362fae86f24b8b1fee57 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 16 Mar 2026 11:26:57 +0000
Subject: [PATCH 5/5] Fix pipeline warnings: upgrade actions to Node.js 24, fix
 undefined symbol for static C functions

Co-authored-by: fzipi <3012076+fzipi@users.noreply.github.com>
---
 .github/workflows/ci.yml    | 6 +++---
 json2python.py              | 4 +++-
 libinjection/libinjection.i | 9 +++++++++
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fa7ba3f..fc6f485 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,10 +20,10 @@ jobs:
         python-version: ['3.9', '3.10', '3.11', '3.12']
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -55,7 +55,7 @@ jobs:
 
       - name: Generate SWIG wrapper
         run: |
-          swig -py3 -python -builtin -Wall -Wextra libinjection/libinjection.i
+          swig -python -builtin -Wall -Wextra libinjection/libinjection.i
 
       - name: Build C extension in-place
         run: |
diff --git a/json2python.py b/json2python.py
index 381fc5e..effbee5 100755
--- a/json2python.py
+++ b/json2python.py
@@ -21,7 +21,9 @@ def lookup(state, stype, keyword):
         keyword = keyword.decode('latin-1')
     keyword = keyword.upper()
     if stype == libinjection.LOOKUP_FINGERPRINT:
-        if keyword in fingerprints and libinjection.sqli_not_whitelist(state):
+        # sqli_check_fingerprint calls sqli_blacklist (fingerprint membership
+        # check) and sqli_not_whitelist (false-positive reduction) internally.
+        if libinjection.sqli_check_fingerprint(state):
             return 'F'
         else:
             return chr(0)
diff --git a/libinjection/libinjection.i b/libinjection/libinjection.i
index 2a9b370..9b9ac8f 100644
--- a/libinjection/libinjection.i
+++ b/libinjection/libinjection.i
@@ -154,5 +154,14 @@ for (i = 0; i < $1_dim0; i++) {
 }
 %include "libinjection_error.h"
 %include "libinjection.h"
+
+// These functions are declared static in the upstream header and therefore
+// cannot be exported as symbols from the compiled extension.  Ignore them
+// so SWIG does not generate wrappers that produce undefined symbol errors
+// at import time.  Use sqli_check_fingerprint (non-static) instead.
+%ignore libinjection_sqli_reset;
+%ignore libinjection_sqli_lookup_word;
+%ignore libinjection_sqli_blacklist;
+%ignore libinjection_sqli_not_whitelist;
 %include "libinjection_sqli.h"
 %include "libinjection_xss.h"