CallableBlind.java

1 
package com.jsql.model.injection.strategy.blind;
2
3 
import com.jsql.model.InjectionModel;
4 
import com.jsql.model.injection.strategy.blind.AbstractInjectionBoolean.BooleanMode;
5 
import com.jsql.model.injection.strategy.blind.patch.Diff;
6 
import com.jsql.model.injection.strategy.blind.patch.DiffMatchPatch;
7
8 
import java.util.LinkedList;
9 
import java.util.List;
10 
import java.util.concurrent.CopyOnWriteArrayList;
11
12 
/**
13 
 * Define a call HTTP to the server, require the associated url, character
14 
 * position and bit. Diffs represent the differences between
15 
 * the reference page, and the current page.
16 
 */
17 
public class CallableBlind extends AbstractCallableBoolean<CallableBlind> {
18
19 
    // List of differences found between the reference page, and the current page
20 
    private LinkedList<Diff> diffsWithReference = new LinkedList<>();
21
22 
    private static final DiffMatchPatch DIFF_MATCH_PATCH = new DiffMatchPatch();
23
24 
    private final InjectionBlind injectionBlind;
25
26 
    private final InjectionModel injectionModel;
27 
    private final String metadataInjectionProcess;
28
29 
    /**
30 
     * Constructor for preparation and blind confirmation.
31 
     */
32 
    public CallableBlind(String sqlQuery, InjectionModel injectionModel, InjectionBlind injectionBlind, BooleanMode blindMode, String metadataInjectionProcess) {
33
34 
        this.injectionModel = injectionModel;
35 
        this.injectionBlind = injectionBlind;
36 
        this.metadataInjectionProcess = metadataInjectionProcess;
37 
        this.booleanUrl = this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlind(sqlQuery, blindMode);
38 
    }
39
40 
    /**
41 
     * Constructor for bits test.
42 
     */
43 
    public CallableBlind(
44 
        String sqlQuery,
45 
        int indexCharacter,
46 
        int bit,
47 
        InjectionModel injectionModel,
48 
        InjectionBlind injectionBlind,
49 
        BooleanMode blindMode,
50 
        String metadataInjectionProcess
51 
    ) {
52
53 
        this(sqlQuery, injectionModel, injectionBlind, blindMode, metadataInjectionProcess);
54 
        this.booleanUrl = this.injectionModel.getMediatorVendor().getVendor().instance().sqlBitTestBlind(sqlQuery, indexCharacter, bit, blindMode);
55 
        this.currentIndex = indexCharacter;
56 
        this.currentBit = bit;
57 
    }
58
59 
    /**
60 
     * Check if a result page means the SQL query is true,
61 
     * confirm that nothing in the resulting page is also defined
62 
     * in the pages from every FALSE SQL queries.
63 
     * @return true if the current SQL query is true
64 
     */
65 
    @Override
66 
    public boolean isTrue() {
67
68 
        // Fix #95426: ConcurrentModificationException on iterator.next()
69 
        List<Diff> falseDiffs = new CopyOnWriteArrayList<>(this.injectionBlind.getFalseDiffs());
70 
        for (Diff falseDiff: falseDiffs) {
71 
            // Fix #4386: NullPointerException on contains()
72 
            // diffsWithReference is initialized to an empty new LinkedList<>()
73 1 1. isTrue : negated conditional → NO_COVERAGE
 
            if (this.diffsWithReference.contains(falseDiff)) {
74 1 1. isTrue : replaced boolean return with true for com/jsql/model/injection/strategy/blind/CallableBlind::isTrue → NO_COVERAGE
 
                return false;
75 
            }
76 
        }
77
78 1 1. isTrue : replaced boolean return with false for com/jsql/model/injection/strategy/blind/CallableBlind::isTrue → NO_COVERAGE
 
        return true;
79 
    }
80
81 
    /**
82 
     * Process the URL HTTP call, use function inject() from the model.
83 
     * Build the list of differences found between TRUE and the current page.
84 
     * @return Functional Blind Callable
85 
     */
86 
    @Override
87 
    public CallableBlind call() {
88
89 
        String result = this.injectionBlind.callUrl(this.booleanUrl, this.metadataInjectionProcess, this);
90
91 
        this.diffsWithReference = DIFF_MATCH_PATCH.diffMain(this.injectionBlind.getSourceReferencePage(), result, true);
92
93 1 1. call : removed call to com/jsql/model/injection/strategy/blind/patch/DiffMatchPatch::diffCleanupEfficiency → NO_COVERAGE
 
        DIFF_MATCH_PATCH.diffCleanupEfficiency(this.diffsWithReference);
94
95 1 1. call : replaced return value with null for com/jsql/model/injection/strategy/blind/CallableBlind::call → NO_COVERAGE
 
        return this;
96 
    }
97
98 
    public List<Diff> getDiffsWithReference() {
99 1 1. getDiffsWithReference : replaced return value with Collections.emptyList for com/jsql/model/injection/strategy/blind/CallableBlind::getDiffsWithReference → NO_COVERAGE
 
        return this.diffsWithReference;
100 
    }
101 
}

Mutations

73

1.1
Location : isTrue
Killed by : none negated conditional → NO_COVERAGE
74

1.1
Location : isTrue
Killed by : none replaced boolean return with true for com/jsql/model/injection/strategy/blind/CallableBlind::isTrue → NO_COVERAGE
78

1.1
Location : isTrue
Killed by : none replaced boolean return with false for com/jsql/model/injection/strategy/blind/CallableBlind::isTrue → NO_COVERAGE
93

1.1
Location : call
Killed by : none removed call to com/jsql/model/injection/strategy/blind/patch/DiffMatchPatch::diffCleanupEfficiency → NO_COVERAGE
95

1.1
Location : call
Killed by : none replaced return value with null for com/jsql/model/injection/strategy/blind/CallableBlind::call → NO_COVERAGE
99

1.1
Location : getDiffsWithReference
Killed by : none replaced return value with Collections.emptyList for com/jsql/model/injection/strategy/blind/CallableBlind::getDiffsWithReference → NO_COVERAGE

Active mutators

Tests examined


Report generated by PIT 1.16.1