| 1 | package com.jsql.model.injection.strategy.blind.callable; | |
| 2 | ||
| 3 | import com.jsql.model.injection.strategy.blind.InjectionCharInsertion; | |
| 4 | import name.fraser.neil.plaintext.diff_match_patch; | |
| 5 | import static name.fraser.neil.plaintext.diff_match_patch.Diff; | |
| 6 | ||
| 7 | import java.util.LinkedList; | |
| 8 | import java.util.List; | |
| 9 | import java.util.concurrent.CopyOnWriteArrayList; | |
| 10 | ||
| 11 | /** | |
| 12 | * Define a call HTTP to the server, require the associated url, character | |
| 13 | * position and bit. Opcodes represent the differences between | |
| 14 | * the reference page, and the resulting page. | |
| 15 | */ | |
| 16 | public class CallableCharInsertion extends AbstractCallableBit<CallableCharInsertion> { | |
| 17 | | |
| 18 | private LinkedList<Diff> opcodes = new LinkedList<>(); // List of differences found between the reference page, and the present page | |
| 19 | ||
| 20 | private static final diff_match_patch DIFF_MATCH_PATCH = new diff_match_patch(); | |
| 21 | ||
| 22 | private final InjectionCharInsertion injectionCharInsertion; | |
| 23 | | |
| 24 | private final String metadataInjectionProcess; | |
| 25 | | |
| 26 | /** | |
| 27 | * Constructor for preparation and blind confirmation. | |
| 28 | */ | |
| 29 | public CallableCharInsertion(String inj, InjectionCharInsertion injectionCharInsertion, String metadataInjectionProcess) { | |
| 30 | this.injectionCharInsertion = injectionCharInsertion; | |
| 31 | this.metadataInjectionProcess = metadataInjectionProcess; | |
| 32 | this.booleanUrl = inj; | |
| 33 | } | |
| 34 | ||
| 35 | /** | |
| 36 | * Check if a result page means the SQL query is true, | |
| 37 | * confirm that nothing in the resulting page is also defined | |
| 38 | * in the pages from every FALSE SQL queries. | |
| 39 | * @return true if the current SQL query is true | |
| 40 | */ | |
| 41 | @Override | |
| 42 | public boolean isTrue() { | |
| 43 | // Fix #95422: ConcurrentModificationException on iterator.next() | |
| 44 | List<Diff> copyTrueMarks = new CopyOnWriteArrayList<>(this.injectionCharInsertion.getConstantTrueMark()); | |
| 45 | for (Diff trueDiff: copyTrueMarks) { | |
| 46 |
1
1. isTrue : negated conditional → NO_COVERAGE |
if (!this.opcodes.contains(trueDiff)) { |
| 47 |
1
1. isTrue : replaced boolean return with true for com/jsql/model/injection/strategy/blind/callable/CallableCharInsertion::isTrue → NO_COVERAGE |
return false; |
| 48 | } | |
| 49 | } | |
| 50 |
1
1. isTrue : replaced boolean return with false for com/jsql/model/injection/strategy/blind/callable/CallableCharInsertion::isTrue → NO_COVERAGE |
return true; |
| 51 | } | |
| 52 | ||
| 53 | /** | |
| 54 | * Process the URL HTTP call, use function inject() from the model. | |
| 55 | * Build the list of differences found between TRUE and the current page. | |
| 56 | * @return Functional Blind Callable | |
| 57 | */ | |
| 58 | @Override | |
| 59 | public CallableCharInsertion call() { | |
| 60 | String source = this.injectionCharInsertion.callUrl(this.booleanUrl, this.metadataInjectionProcess, this); | |
| 61 | | |
| 62 | this.opcodes = CallableCharInsertion.DIFF_MATCH_PATCH.diff_main( | |
| 63 | this.injectionCharInsertion.getBlankFalseMark(), | |
| 64 | source, | |
| 65 | false | |
| 66 | ); | |
| 67 | ||
| 68 |
1
1. call : removed call to name/fraser/neil/plaintext/diff_match_patch::diff_cleanupEfficiency → NO_COVERAGE |
CallableCharInsertion.DIFF_MATCH_PATCH.diff_cleanupEfficiency(this.opcodes); |
| 69 |
1
1. call : replaced return value with null for com/jsql/model/injection/strategy/blind/callable/CallableCharInsertion::call → NO_COVERAGE |
return this; |
| 70 | } | |
| 71 | | |
| 72 | public List<Diff> getOpcodes() { | |
| 73 |
1
1. getOpcodes : replaced return value with Collections.emptyList for com/jsql/model/injection/strategy/blind/callable/CallableCharInsertion::getOpcodes → NO_COVERAGE |
return this.opcodes; |
| 74 | } | |
| 75 | } | |
Mutations | ||
| 46 |
1.1 |
|
| 47 |
1.1 |
|
| 50 |
1.1 |
|
| 68 |
1.1 |
|
| 69 |
1.1 |
|
| 73 |
1.1 |