| 1 | package com.jsql.model.injection.strategy; | |
| 2 | ||
| 3 | import com.jsql.model.InjectionModel; | |
| 4 | import com.jsql.model.bean.util.Header; | |
| 5 | import com.jsql.model.bean.util.Interaction; | |
| 6 | import com.jsql.model.bean.util.Request; | |
| 7 | import com.jsql.model.exception.JSqlException; | |
| 8 | import com.jsql.model.exception.StoppedByUserSlidingException; | |
| 9 | import com.jsql.model.suspendable.AbstractSuspendable; | |
| 10 | import com.jsql.util.I18nUtil; | |
| 11 | import com.jsql.util.LogLevelUtil; | |
| 12 | import org.apache.logging.log4j.LogManager; | |
| 13 | import org.apache.logging.log4j.Logger; | |
| 14 | ||
| 15 | import java.util.EnumMap; | |
| 16 | import java.util.Map; | |
| 17 | ||
| 18 | /** | |
| 19 | * Define a strategy to inject SQL with methods like Error and Time. | |
| 20 | */ | |
| 21 | public abstract class AbstractStrategy { | |
| 22 | ||
| 23 | private static final Logger LOGGER = LogManager.getRootLogger(); | |
| 24 | ||
| 25 | protected static final String KEY_LOG_CHECKING_STRATEGY = "LOG_CHECKING_STRATEGY"; | |
| 26 | protected static final String KEY_LOG_VULNERABLE = "LOG_VULNERABLE"; | |
| 27 | protected static final String FORMAT_STRATEGY_NOT_IMPLEMENTED = "Strategy [{}] for [{}] not implemented, share a working example to GitHub to speed up release"; | |
| 28 | protected static final String FORMAT_SKIP_STRATEGY_DISABLED = "Skipping strategy [{}] disabled"; | |
| 29 | protected static final String FORMAT_CHECKING_STRATEGY = "{} [{}]..."; | |
| 30 | ||
| 31 | /** | |
| 32 | * True if injection can be used, false otherwise. | |
| 33 | */ | |
| 34 | protected boolean isApplicable = false; | |
| 35 | ||
| 36 | protected final InjectionModel injectionModel; | |
| 37 | | |
| 38 | protected AbstractStrategy(InjectionModel injectionModel) { | |
| 39 | this.injectionModel = injectionModel; | |
| 40 | } | |
| 41 | ||
| 42 | /** | |
| 43 | * Test if this strategy can be used to inject SQL. | |
| 44 | */ | |
| 45 | public abstract void checkApplicability() throws JSqlException; | |
| 46 | | |
| 47 | /** | |
| 48 | * Inform the view that this strategy can be used. | |
| 49 | */ | |
| 50 | protected abstract void allow(int... i); | |
| 51 | | |
| 52 | /** | |
| 53 | * Inform the view that this strategy can't be used. | |
| 54 | */ | |
| 55 | protected abstract void unallow(int... i); | |
| 56 | | |
| 57 | /** | |
| 58 | * Start the strategy work. | |
| 59 | * @return Source code | |
| 60 | */ | |
| 61 | public abstract String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException; | |
| 62 | | |
| 63 | /** | |
| 64 | * Change model strategy to current applicable strategy only when not already set. | |
| 65 | * Union > Stacked > Error > Multibit > Blind > Time | |
| 66 | */ | |
| 67 | public abstract void activateWhenApplicable(); | |
| 68 | | |
| 69 | /** | |
| 70 | * Get number of characters you can obtain from the strategy. | |
| 71 | */ | |
| 72 | public abstract String getPerformanceLength(); | |
| 73 | | |
| 74 | /** | |
| 75 | * Get the injection strategy name. | |
| 76 | */ | |
| 77 | public abstract String getName(); | |
| 78 | ||
| 79 | public void logChecking() { | |
| 80 | LOGGER.log( | |
| 81 | LogLevelUtil.CONSOLE_DEFAULT, | |
| 82 | AbstractStrategy.FORMAT_CHECKING_STRATEGY, | |
| 83 |
1
1. lambda$logChecking$0 : replaced return value with null for com/jsql/model/injection/strategy/AbstractStrategy::lambda$logChecking$0 → NO_COVERAGE |
() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY), |
| 84 | this::getName | |
| 85 | ); | |
| 86 | } | |
| 87 | | |
| 88 | public void markVulnerability(Interaction message, int... indexErrorStrategy) { | |
| 89 | var request = new Request(); | |
| 90 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE |
request.setMessage(message); |
| 91 | | |
| 92 | Map<Header, Object> msgHeader = new EnumMap<>(Header.class); | |
| 93 | msgHeader.put(Header.URL, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser()); | |
| 94 | | |
| 95 | // Ellipse default to non null array | |
| 96 |
2
1. markVulnerability : changed conditional boundary → NO_COVERAGE 2. markVulnerability : negated conditional → NO_COVERAGE |
if (indexErrorStrategy.length > 0) { |
| 97 | msgHeader.put(Header.INDEX_ERROR_STRATEGY, indexErrorStrategy[0]); | |
| 98 | msgHeader.put(Header.INJECTION_MODEL, this.injectionModel); | |
| 99 | } | |
| 100 | ||
| 101 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE |
request.setParameters(msgHeader); |
| 102 |
1
1. markVulnerability : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE |
this.injectionModel.sendToViews(request); |
| 103 | } | |
| 104 | | |
| 105 | @Override | |
| 106 | public String toString() { | |
| 107 |
1
1. toString : replaced return value with "" for com/jsql/model/injection/strategy/AbstractStrategy::toString → NO_COVERAGE |
return this.getName(); |
| 108 | } | |
| 109 | ||
| 110 | ||
| 111 | // Getter and setter | |
| 112 | | |
| 113 | public boolean isApplicable() { | |
| 114 |
2
1. isApplicable : replaced boolean return with false for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE 2. isApplicable : replaced boolean return with true for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE |
return this.isApplicable; |
| 115 | } | |
| 116 | | |
| 117 | public void setApplicable(boolean isApplicable) { | |
| 118 | this.isApplicable = isApplicable; | |
| 119 | } | |
| 120 | } | |
Mutations | ||
| 83 |
1.1 |
|
| 90 |
1.1 |
|
| 96 |
1.1 2.2 |
|
| 101 |
1.1 |
|
| 102 |
1.1 |
|
| 107 |
1.1 |
|
| 114 |
1.1 2.2 |