StrategyBlindBit.java

/*******************************************************************************
 * Copyhacked (H) 2012-2025.
 * This program and the accompanying materials
 * are made available under no term at all, use it like
 * you want, but share and discuss it
 * every time possible with every body.
 *
 * Contributors:
 *      ron190 at ymail dot com - initial implementation
 *******************************************************************************/
package com.jsql.model.injection.strategy;

import com.jsql.model.InjectionModel;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import com.jsql.model.exception.StoppedByUserSlidingException;
import com.jsql.model.injection.strategy.blind.AbstractInjectionBit.BlindOperator;
import com.jsql.model.injection.strategy.blind.InjectionBlindBit;
import com.jsql.model.injection.vendor.model.VendorYaml;
import com.jsql.model.suspendable.AbstractSuspendable;
import com.jsql.util.I18nUtil;
import com.jsql.util.LogLevelUtil;
import com.jsql.util.StringUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class StrategyBlindBit extends AbstractStrategy {
    
    /**
     * Log4j logger sent to view.
     */
    private static final Logger LOGGER = LogManager.getRootLogger();

    private InjectionBlindBit injectionBlindBit;
    
    public StrategyBlindBit(InjectionModel injectionModel) {
        super(injectionModel);
    }

    @Override
    public void checkApplicability() throws StoppedByUserSlidingException {
        if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyBlindBitDisabled()) {
            LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
            return;
        } else if (StringUtils.isEmpty(
            this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy().getBinary().getTest().getBit()
        )) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_ERROR,
                AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
                this.getName(),
                this.injectionModel.getMediatorVendor().getVendor()
            );
            return;
        }

        this.checkInjection(BlindOperator.OR);
        this.checkInjection(BlindOperator.AND);
        this.checkInjection(BlindOperator.STACK);
        this.checkInjection(BlindOperator.NO_MODE);

        if (this.isApplicable) {
            this.allow();
            var requestMessageBinary = new Request();
            requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
            requestMessageBinary.setParameters(this.injectionBlindBit.getInfoMessage());
            this.injectionModel.sendToViews(requestMessageBinary);
        } else {
            this.unallow();
        }
    }

    private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
        if (this.isApplicable) {
            return;
        }

        LOGGER.log(
            LogLevelUtil.CONSOLE_DEFAULT,
            "{} [{}] with [{}]...",
            () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
            this::getName,
            () -> blindOperator
        );
        this.injectionBlindBit = new InjectionBlindBit(this.injectionModel, blindOperator);
        this.isApplicable = this.injectionBlindBit.isInjectable();

        if (this.isApplicable) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_SUCCESS,
                "{} [{}] injection with [{}]",
                () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
                this::getName,
                () -> blindOperator
            );
        }
    }

    @Override
    public void allow(int... i) {
        this.injectionModel.appendAnalysisReport(
            StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
            + this.injectionModel.getReportWithoutIndex(
                this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlindWithOperator(
                    this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "&lt;query&gt;"), "0", true),
                    this.injectionBlindBit.getBooleanMode()
                ),
                "metadataInjectionProcess",
                null
            )
        );
        this.markVulnerability(Interaction.MARK_BLIND_BIT_VULNERABLE);
    }

    @Override
    public void unallow(int... i) {
        this.markVulnerability(Interaction.MARK_BLIND_BIT_INVULNERABLE);
    }

    @Override
    public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
        return this.injectionBlindBit.inject(
            this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
            stoppable
        );
    }

    @Override
    public void activateWhenApplicable() {
        if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_INFORM,
                "{} [{}] with [{}]",
                () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
                this::getName,
                () -> this.injectionBlindBit.getBooleanMode().name()
            );
            this.injectionModel.getMediatorStrategy().setStrategy(this);

            var requestMarkBlindBitStrategy = new Request();
            requestMarkBlindBitStrategy.setMessage(Interaction.MARK_BLIND_BIT_STRATEGY);
            this.injectionModel.sendToViews(requestMarkBlindBitStrategy);
        }
    }
    
    @Override
    public String getPerformanceLength() {
        return VendorYaml.DEFAULT_CAPACITY;
    }
    
    @Override
    public String getName() {
        return "Blind bit";
    }
}
































Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

Report generated by PIT 1.19.1

1		/*******************************************************************************
2		* Copyhacked (H) 2012-2025.
3		* This program and the accompanying materials
4		* are made available under no term at all, use it like
5		* you want, but share and discuss it
6		* every time possible with every body.
7		*
8		* Contributors:
9		* ron190 at ymail dot com - initial implementation
10		*******************************************************************************/
11		package com.jsql.model.injection.strategy;
12
13		import com.jsql.model.InjectionModel;
14		import com.jsql.model.bean.util.Interaction;
15		import com.jsql.model.bean.util.Request;
16		import com.jsql.model.exception.StoppedByUserSlidingException;
17		import com.jsql.model.injection.strategy.blind.AbstractInjectionBit.BlindOperator;
18		import com.jsql.model.injection.strategy.blind.InjectionBlindBit;
19		import com.jsql.model.injection.vendor.model.VendorYaml;
20		import com.jsql.model.suspendable.AbstractSuspendable;
21		import com.jsql.util.I18nUtil;
22		import com.jsql.util.LogLevelUtil;
23		import com.jsql.util.StringUtil;
24		import org.apache.commons.lang3.StringUtils;
25		import org.apache.logging.log4j.LogManager;
26		import org.apache.logging.log4j.Logger;
27
28		public class StrategyBlindBit extends AbstractStrategy {
29
30		/**
31		* Log4j logger sent to view.
32		*/
33		private static final Logger LOGGER = LogManager.getRootLogger();
34
35		private InjectionBlindBit injectionBlindBit;
36
37		public StrategyBlindBit(InjectionModel injectionModel) {
38		super(injectionModel);
39		}
40
41		@Override
42		public void checkApplicability() throws StoppedByUserSlidingException {
43	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyBlindBitDisabled()) {
44		LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
45		return;
46	1 1. checkApplicability : negated conditional → NO_COVERAGE	} else if (StringUtils.isEmpty(
47		this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy().getBinary().getTest().getBit()
48		)) {
49		LOGGER.log(
50		LogLevelUtil.CONSOLE_ERROR,
51		AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
52		this.getName(),
53		this.injectionModel.getMediatorVendor().getVendor()
54		);
55		return;
56		}
57
58	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE	this.checkInjection(BlindOperator.OR);
59	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE	this.checkInjection(BlindOperator.AND);
60	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE	this.checkInjection(BlindOperator.STACK);
61	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE	this.checkInjection(BlindOperator.NO_MODE);
62
63	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (this.isApplicable) {
64	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::allow → NO_COVERAGE	this.allow();
65		var requestMessageBinary = new Request();
66	1 1. checkApplicability : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE	requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
67	1 1. checkApplicability : removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE	requestMessageBinary.setParameters(this.injectionBlindBit.getInfoMessage());
68	1 1. checkApplicability : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE	this.injectionModel.sendToViews(requestMessageBinary);
69		} else {
70	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::unallow → NO_COVERAGE	this.unallow();
71		}
72		}
73
74		private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
75	1 1. checkInjection : negated conditional → NO_COVERAGE	if (this.isApplicable) {
76		return;
77		}
78
79		LOGGER.log(
80		LogLevelUtil.CONSOLE_DEFAULT,
81		"{} [{}] with [{}]...",
82	1 1. lambda$checkInjection$0 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$0 → NO_COVERAGE	() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
83		this::getName,
84	1 1. lambda$checkInjection$1 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$1 → NO_COVERAGE	() -> blindOperator
85		);
86		this.injectionBlindBit = new InjectionBlindBit(this.injectionModel, blindOperator);
87		this.isApplicable = this.injectionBlindBit.isInjectable();
88
89	1 1. checkInjection : negated conditional → NO_COVERAGE	if (this.isApplicable) {
90		LOGGER.log(
91		LogLevelUtil.CONSOLE_SUCCESS,
92		"{} [{}] injection with [{}]",
93	1 1. lambda$checkInjection$2 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$2 → NO_COVERAGE	() -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
94		this::getName,
95	1 1. lambda$checkInjection$3 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$3 → NO_COVERAGE	() -> blindOperator
96		);
97		}
98		}
99
100		@Override
101		public void allow(int... i) {
102	1 1. allow : removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE	this.injectionModel.appendAnalysisReport(
103		StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
104		+ this.injectionModel.getReportWithoutIndex(
105		this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlindWithOperator(
106		this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
107		this.injectionBlindBit.getBooleanMode()
108		),
109		"metadataInjectionProcess",
110		null
111		)
112		);
113	1 1. allow : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_BLIND_BIT_VULNERABLE);
114		}
115
116		@Override
117		public void unallow(int... i) {
118	1 1. unallow : removed call to com/jsql/model/injection/strategy/StrategyBlindBit::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_BLIND_BIT_INVULNERABLE);
119		}
120
121		@Override
122		public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
123	1 1. inject : replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::inject → NO_COVERAGE	return this.injectionBlindBit.inject(
124		this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
125		stoppable
126		);
127		}
128
129		@Override
130		public void activateWhenApplicable() {
131	2 1. activateWhenApplicable : negated conditional → NO_COVERAGE 2. activateWhenApplicable : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
132		LOGGER.log(
133		LogLevelUtil.CONSOLE_INFORM,
134		"{} [{}] with [{}]",
135	1 1. lambda$activateWhenApplicable$4 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$activateWhenApplicable$4 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
136		this::getName,
137	1 1. lambda$activateWhenApplicable$5 : replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$activateWhenApplicable$5 → NO_COVERAGE	() -> this.injectionBlindBit.getBooleanMode().name()
138		);
139	1 1. activateWhenApplicable : removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE	this.injectionModel.getMediatorStrategy().setStrategy(this);
140
141		var requestMarkBlindBitStrategy = new Request();
142	1 1. activateWhenApplicable : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE	requestMarkBlindBitStrategy.setMessage(Interaction.MARK_BLIND_BIT_STRATEGY);
143	1 1. activateWhenApplicable : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE	this.injectionModel.sendToViews(requestMarkBlindBitStrategy);
144		}
145		}
146
147		@Override
148		public String getPerformanceLength() {
149	1 1. getPerformanceLength : replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::getPerformanceLength → NO_COVERAGE	return VendorYaml.DEFAULT_CAPACITY;
150		}
151
152		@Override
153		public String getName() {
154	1 1. getName : replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::getName → NO_COVERAGE	return "Blind bit";
155		}
156		}
		Mutations
43		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
46		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
58		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE
59		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE
60		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE
61		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::checkInjection → NO_COVERAGE
63		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
64		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::allow → NO_COVERAGE
66		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE
67		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE
68		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE
70		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::unallow → NO_COVERAGE
75		1.1 Location : checkInjection Killed by : none negated conditional → NO_COVERAGE
82		1.1 Location : lambda$checkInjection$0 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$0 → NO_COVERAGE
84		1.1 Location : lambda$checkInjection$1 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$1 → NO_COVERAGE
89		1.1 Location : checkInjection Killed by : none negated conditional → NO_COVERAGE
93		1.1 Location : lambda$checkInjection$2 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$2 → NO_COVERAGE
95		1.1 Location : lambda$checkInjection$3 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$checkInjection$3 → NO_COVERAGE
102		1.1 Location : allow Killed by : none removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE
113		1.1 Location : allow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::markVulnerability → NO_COVERAGE
118		1.1 Location : unallow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyBlindBit::markVulnerability → NO_COVERAGE
123		1.1 Location : inject Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::inject → NO_COVERAGE
131		1.1 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE 2.2 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE
135		1.1 Location : lambda$activateWhenApplicable$4 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$activateWhenApplicable$4 → NO_COVERAGE
137		1.1 Location : lambda$activateWhenApplicable$5 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyBlindBit::lambda$activateWhenApplicable$5 → NO_COVERAGE
139		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE
142		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE
143		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE
149		1.1 Location : getPerformanceLength Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::getPerformanceLength → NO_COVERAGE
154		1.1 Location : getName Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyBlindBit::getName → NO_COVERAGE

StrategyBlindBit.java

Mutations

Active mutators

Tests examined