View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.exception.JSqlException;
5   import org.apache.commons.lang3.StringUtils;
6   import org.apache.logging.log4j.LogManager;
7   import org.apache.logging.log4j.Logger;
8   
9   import java.util.AbstractMap;
10  import java.util.List;
11  import java.util.stream.Stream;
12  
13  public class CookiesUtil {
14  
15      private static final Logger LOGGER = LogManager.getRootLogger();
16  
17      private final InjectionModel injectionModel;
18  
19      public CookiesUtil(InjectionModel injectionModel) {
20          this.injectionModel = injectionModel;
21      }
22  
23      public boolean testParameters(boolean hasFoundInjection) {
24          if (!hasFoundInjection) {
25              if (!this.injectionModel.getMediatorUtils().preferencesUtil().isCheckingAllCookieParam()) {
26                  return false;
27              }
28              LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} cookies...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
29          } else {
30              return true;
31          }
32  
33          String rawHeader = this.injectionModel.getMediatorUtils().parameterUtil().getRawHeader();
34  
35          List<AbstractMap.SimpleEntry<String, String>> cookies = this.injectionModel.getMediatorUtils().parameterUtil().getListHeader()
36              .stream()
37              .filter(entry -> "cookie".equalsIgnoreCase(entry.getKey()))
38              .findFirst()
39              .map(cookieHeader -> cookieHeader.getValue().split(";"))
40              .stream()
41              .flatMap(Stream::of)
42              .filter(cookie -> cookie != null && cookie.contains("="))
43              .map(cookie -> cookie.split("=", 2))
44              .map(arrayEntry -> new AbstractMap.SimpleEntry<>(
45                  arrayEntry[0].trim(),
46                  arrayEntry[1] == null ? StringUtils.EMPTY : arrayEntry[1].trim()
47              ))
48              .toList();
49  
50          for (AbstractMap.SimpleEntry<String, String> cookie: cookies) {
51              String keyValue = cookie.getKey() + "=" + cookie.getValue();
52              String headerCookieWithStar = rawHeader.replace(keyValue, keyValue + InjectionModel.STAR);
53  
54              this.injectionModel.getMediatorUtils().parameterUtil().initHeader(headerCookieWithStar);
55  
56              try {
57                  LOGGER.log(
58                      LogLevelUtil.CONSOLE_DEFAULT,
59                      "{} cookie {}={}",
60                      () -> I18nUtil.valueByKey("LOG_CHECKING"),
61                      cookie::getKey,
62                      () -> cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
63                  );
64                  if (this.injectionModel.getMediatorMethod().getHeader().testParameters()) {
65                      return true;
66                  }
67              } catch (JSqlException e) {
68                  LOGGER.log(
69                      LogLevelUtil.CONSOLE_ERROR,
70                      String.format(
71                          "No Cookie injection for %s=%s",
72                          cookie.getKey(),
73                          cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
74                      )
75                  );
76              }
77          }
78          return false;
79      }
80  }