1 | package com.jsql.model.injection.strategy; | |
2 | ||
3 | import com.jsql.model.InjectionModel; | |
4 | import com.jsql.model.bean.util.Header; | |
5 | import com.jsql.model.bean.util.Interaction; | |
6 | import com.jsql.model.bean.util.Request; | |
7 | import com.jsql.model.exception.JSqlException; | |
8 | import com.jsql.model.exception.StoppedByUserSlidingException; | |
9 | import com.jsql.model.suspendable.AbstractSuspendable; | |
10 | ||
11 | import java.util.EnumMap; | |
12 | import java.util.Map; | |
13 | ||
14 | /** | |
15 | * Define a strategy to inject SQL with methods like Error and Time. | |
16 | */ | |
17 | public abstract class AbstractStrategy { | |
18 | ||
19 | protected static final String KEY_LOG_CHECKING_STRATEGY = "LOG_CHECKING_STRATEGY"; | |
20 | protected static final String KEY_LOG_VULNERABLE = "LOG_VULNERABLE"; | |
21 | protected static final String FORMAT_STRATEGY_NOT_IMPLEMENTED = "Strategy [{}] for [{}] missing, please share your implementation"; | |
22 | protected static final String FORMAT_SKIP_STRATEGY_DISABLED = "Skipping strategy [{}] disabled"; | |
23 | protected static final String FORMAT_CHECKING_STRATEGY = "{} [{}]..."; | |
24 | ||
25 | /** | |
26 | * True if injection can be used, false otherwise. | |
27 | */ | |
28 | protected boolean isApplicable = false; | |
29 | ||
30 | protected final InjectionModel injectionModel; | |
31 | | |
32 | protected AbstractStrategy(InjectionModel injectionModel) { | |
33 | this.injectionModel = injectionModel; | |
34 | } | |
35 | ||
36 | /** | |
37 | * Test if this strategy can be used to inject SQL. | |
38 | */ | |
39 | public abstract void checkApplicability() throws JSqlException; | |
40 | | |
41 | /** | |
42 | * Inform the view that this strategy can be used. | |
43 | */ | |
44 | protected abstract void allow(int... i); | |
45 | | |
46 | /** | |
47 | * Inform the view that this strategy can't be used. | |
48 | */ | |
49 | protected abstract void unallow(int... i); | |
50 | | |
51 | /** | |
52 | * Start the strategy work. | |
53 | * @return Source code | |
54 | */ | |
55 | public abstract String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException; | |
56 | | |
57 | /** | |
58 | * Change model strategy to current applicable strategy only when not already set. | |
59 | * Normal > Stacked > Error > Multibit > Blind > Time | |
60 | */ | |
61 | public abstract void activateWhenApplicable(); | |
62 | | |
63 | /** | |
64 | * Get number of characters you can obtain from the strategy. | |
65 | */ | |
66 | public abstract String getPerformanceLength(); | |
67 | | |
68 | /** | |
69 | * Get the injection strategy name. | |
70 | */ | |
71 | public abstract String getName(); | |
72 | | |
73 | public void markVulnerability(Interaction message, int... indexErrorStrategy) { | |
74 | | |
75 | var request = new Request(); | |
76 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE |
request.setMessage(message); |
77 | | |
78 | Map<Header, Object> msgHeader = new EnumMap<>(Header.class); | |
79 | msgHeader.put(Header.URL, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser()); | |
80 | | |
81 | // Ellipse default to non null array | |
82 |
2
1. markVulnerability : changed conditional boundary → NO_COVERAGE 2. markVulnerability : negated conditional → NO_COVERAGE |
if (indexErrorStrategy.length > 0) { |
83 | | |
84 | msgHeader.put(Header.INDEX_ERROR_STRATEGY, indexErrorStrategy[0]); | |
85 | msgHeader.put(Header.INJECTION_MODEL, this.injectionModel); | |
86 | } | |
87 | ||
88 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE |
request.setParameters(msgHeader); |
89 |
1
1. markVulnerability : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE |
this.injectionModel.sendToViews(request); |
90 | } | |
91 | | |
92 | @Override | |
93 | public String toString() { | |
94 |
1
1. toString : replaced return value with "" for com/jsql/model/injection/strategy/AbstractStrategy::toString → NO_COVERAGE |
return this.getName(); |
95 | } | |
96 | ||
97 | ||
98 | // Getter and setter | |
99 | | |
100 | public boolean isApplicable() { | |
101 |
2
1. isApplicable : replaced boolean return with false for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE 2. isApplicable : replaced boolean return with true for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE |
return this.isApplicable; |
102 | } | |
103 | | |
104 | public void setApplicable(boolean isApplicable) { | |
105 | this.isApplicable = isApplicable; | |
106 | } | |
107 | } | |
Mutations | ||
76 |
1.1 |
|
82 |
1.1 2.2 |
|
88 |
1.1 |
|
89 |
1.1 |
|
94 |
1.1 |
|
101 |
1.1 2.2 |