| 1 | package com.jsql.model.injection.strategy; | |
| 2 | ||
| 3 | import com.jsql.model.InjectionModel; | |
| 4 | import com.jsql.model.bean.util.Header; | |
| 5 | import com.jsql.model.bean.util.Interaction; | |
| 6 | import com.jsql.model.bean.util.Request; | |
| 7 | import com.jsql.model.exception.JSqlException; | |
| 8 | import com.jsql.model.exception.StoppedByUserSlidingException; | |
| 9 | import com.jsql.model.suspendable.AbstractSuspendable; | |
| 10 | ||
| 11 | import java.util.EnumMap; | |
| 12 | import java.util.Map; | |
| 13 | ||
| 14 | /** | |
| 15 | * Define a strategy to inject SQL with methods like Error and Time. | |
| 16 | */ | |
| 17 | public abstract class AbstractStrategy { | |
| 18 | ||
| 19 | protected static final String KEY_LOG_CHECKING_STRATEGY = "LOG_CHECKING_STRATEGY"; | |
| 20 | protected static final String KEY_LOG_VULNERABLE = "LOG_VULNERABLE"; | |
| 21 | protected static final String FORMAT_STRATEGY_NOT_IMPLEMENTED = "Strategy [{}] for [{}] missing, please share your implementation"; | |
| 22 | protected static final String FORMAT_SKIP_STRATEGY_DISABLED = "Skipping strategy [{}] disabled"; | |
| 23 | protected static final String FORMAT_CHECKING_STRATEGY = "{} [{}]..."; | |
| 24 | ||
| 25 | /** | |
| 26 | * True if injection can be used, false otherwise. | |
| 27 | */ | |
| 28 | protected boolean isApplicable = false; | |
| 29 | ||
| 30 | protected final InjectionModel injectionModel; | |
| 31 | | |
| 32 | protected AbstractStrategy(InjectionModel injectionModel) { | |
| 33 | this.injectionModel = injectionModel; | |
| 34 | } | |
| 35 | ||
| 36 | /** | |
| 37 | * Test if this strategy can be used to inject SQL. | |
| 38 | */ | |
| 39 | public abstract void checkApplicability() throws JSqlException; | |
| 40 | | |
| 41 | /** | |
| 42 | * Inform the view that this strategy can be used. | |
| 43 | */ | |
| 44 | protected abstract void allow(int... i); | |
| 45 | | |
| 46 | /** | |
| 47 | * Inform the view that this strategy can't be used. | |
| 48 | */ | |
| 49 | protected abstract void unallow(int... i); | |
| 50 | | |
| 51 | /** | |
| 52 | * Start the strategy work. | |
| 53 | * @return Source code | |
| 54 | */ | |
| 55 | public abstract String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException; | |
| 56 | | |
| 57 | /** | |
| 58 | * Change model strategy to current applicable strategy only when not already set. | |
| 59 | * Normal > Stacked > Error > Multibit > Blind > Time | |
| 60 | */ | |
| 61 | public abstract void activateWhenApplicable(); | |
| 62 | | |
| 63 | /** | |
| 64 | * Get number of characters you can obtain from the strategy. | |
| 65 | */ | |
| 66 | public abstract String getPerformanceLength(); | |
| 67 | | |
| 68 | /** | |
| 69 | * Get the injection strategy name. | |
| 70 | */ | |
| 71 | public abstract String getName(); | |
| 72 | | |
| 73 | public void markVulnerability(Interaction message, int... indexErrorStrategy) { | |
| 74 | | |
| 75 | var request = new Request(); | |
| 76 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE |
request.setMessage(message); |
| 77 | | |
| 78 | Map<Header, Object> msgHeader = new EnumMap<>(Header.class); | |
| 79 | msgHeader.put(Header.URL, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser()); | |
| 80 | | |
| 81 | // Ellipse default to non null array | |
| 82 |
2
1. markVulnerability : changed conditional boundary → NO_COVERAGE 2. markVulnerability : negated conditional → NO_COVERAGE |
if (indexErrorStrategy.length > 0) { |
| 83 | | |
| 84 | msgHeader.put(Header.INDEX_ERROR_STRATEGY, indexErrorStrategy[0]); | |
| 85 | msgHeader.put(Header.INJECTION_MODEL, this.injectionModel); | |
| 86 | } | |
| 87 | ||
| 88 |
1
1. markVulnerability : removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE |
request.setParameters(msgHeader); |
| 89 |
1
1. markVulnerability : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE |
this.injectionModel.sendToViews(request); |
| 90 | } | |
| 91 | | |
| 92 | @Override | |
| 93 | public String toString() { | |
| 94 |
1
1. toString : replaced return value with "" for com/jsql/model/injection/strategy/AbstractStrategy::toString → NO_COVERAGE |
return this.getName(); |
| 95 | } | |
| 96 | ||
| 97 | ||
| 98 | // Getter and setter | |
| 99 | | |
| 100 | public boolean isApplicable() { | |
| 101 |
2
1. isApplicable : replaced boolean return with false for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE 2. isApplicable : replaced boolean return with true for com/jsql/model/injection/strategy/AbstractStrategy::isApplicable → NO_COVERAGE |
return this.isApplicable; |
| 102 | } | |
| 103 | | |
| 104 | public void setApplicable(boolean isApplicable) { | |
| 105 | this.isApplicable = isApplicable; | |
| 106 | } | |
| 107 | } | |
Mutations | ||
| 76 |
1.1 |
|
| 82 |
1.1 2.2 |
|
| 88 |
1.1 |
|
| 89 |
1.1 |
|
| 94 |
1.1 |
|
| 101 |
1.1 2.2 |