Loading a big .txt file into memory and comparing each request to it feels like a good first start. Hopefully the open source community takes it further.
Yeah. This is kind of a thing that already exists, it's typically marketed as a "web application firewall". Like most antivirus, it's more for show than anything. Nice layer of protection if someone is really piping HTTP headers directly into database queries without quoting, or installed a 20 years out of date app behind the firewall. Most people aren't really doing that anymore, so the value is unclear to me. But, plenty of people will sell you one, so there must be some value. (Notably, it's required for certain compliance certifications.)
Is there one that comes in (.txt, .csv, etc) that I can download for free? I'd like to put together a proof of concept for ExpressJS (NodeJS) tomorrow.
Doubt this is the state of the art, but ModSecurity seems to exist and has rulesets floating around, like this one from OWASP: https://github.com/coreruleset/coreruleset