StrategyInjectionBlind.java

/*******************************************************************************
 * Copyhacked (H) 2012-2020.
 * This program and the accompanying materials
 * are made available under no term at all, use it like
 * you want, but share and discuss about it
 * every time possible with every body.
 *
 * Contributors:
 *      ron190 at ymail dot com - initial implementation
 *******************************************************************************/
package com.jsql.model.injection.strategy;

import com.jsql.model.InjectionModel;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import com.jsql.model.exception.StoppedByUserSlidingException;
import com.jsql.model.injection.strategy.blind.AbstractInjectionBoolean.BooleanMode;
import com.jsql.model.injection.strategy.blind.InjectionBlind;
import com.jsql.model.injection.vendor.model.VendorYaml;
import com.jsql.model.suspendable.AbstractSuspendable;
import com.jsql.util.I18nUtil;
import com.jsql.util.LogLevelUtil;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

public class StrategyInjectionBlind extends AbstractStrategy {
    
    /**
     * Log4j logger sent to view.
     */
    private static final Logger LOGGER = LogManager.getRootLogger();

    private InjectionBlind injectionBlind;
    
    public StrategyInjectionBlind(InjectionModel injectionModel) {
        super(injectionModel);
    }

    @Override
    public void checkApplicability() throws StoppedByUserSlidingException {

        if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyBlindDisabled()) {

            LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, getName());
            return;

        } else if (StringUtils.isEmpty(this.injectionModel.getMediatorVendor().getVendor().instance().sqlBooleanBlind())) {

            LOGGER.log(
                LogLevelUtil.CONSOLE_ERROR,
                AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
                getName(),
                this.injectionModel.getMediatorVendor().getVendor()
            );
            return;
        }

        checkInjection(BooleanMode.OR);
        checkInjection(BooleanMode.AND);
        checkInjection(BooleanMode.STACKED);
        checkInjection(BooleanMode.NO_MODE);

        if (this.isApplicable) {

            this.allow();

            var requestMessageBinary = new Request();
            requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
            requestMessageBinary.setParameters(this.injectionBlind.getInfoMessage());
            this.injectionModel.sendToViews(requestMessageBinary);

        } else {
            this.unallow();
        }
    }

    private void checkInjection(BooleanMode booleanMode) throws StoppedByUserSlidingException {

        if (this.isApplicable) {
            return;
        }

        LOGGER.log(
            LogLevelUtil.CONSOLE_DEFAULT,
            "{} [{}] with [{}]...",
            () -> I18nUtil.valueByKey(KEY_LOG_CHECKING_STRATEGY),
            this::getName,
            () -> booleanMode
        );
        this.injectionBlind = new InjectionBlind(this.injectionModel, booleanMode);
        this.isApplicable = this.injectionBlind.isInjectable();

        if (this.isApplicable) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_SUCCESS,
                "{} [{}] injection with [{}]",
                () -> I18nUtil.valueByKey(KEY_LOG_VULNERABLE),
                this::getName,
                () -> booleanMode
            );
        }
    }

    @Override
    public void allow(int... i) {

        this.injectionModel.appendAnalysisReport(
            "<span style=color:rgb(0,0,255)>### Strategy: " + getName() + "</span>"
            + this.injectionModel.getReportWithoutIndex(
                this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlind(
                    this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind("<span style=color:rgb(0,128,0)>&lt;query&gt;</span>", "0", true),
                    this.injectionBlind.getBooleanMode()
                ),
                "metadataInjectionProcess",
                null
            )
        );
        this.markVulnerability(Interaction.MARK_BLIND_VULNERABLE);
    }

    @Override
    public void unallow(int... i) {
        this.markVulnerability(Interaction.MARK_BLIND_INVULNERABLE);
    }

    @Override
    public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
        return this.injectionBlind.inject(
            this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
            stoppable
        );
    }

    @Override
    public void activateWhenApplicable() {
        if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {

            LOGGER.log(
                LogLevelUtil.CONSOLE_INFORM,
                "{} [{}] with [{}]",
                () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
                this::getName,
                () -> this.injectionBlind.getBooleanMode().name()
            );
            this.injectionModel.getMediatorStrategy().setStrategy(this.injectionModel.getMediatorStrategy().getBlind());

            var requestMarkBlindStrategy = new Request();
            requestMarkBlindStrategy.setMessage(Interaction.MARK_BLIND_STRATEGY);
            this.injectionModel.sendToViews(requestMarkBlindStrategy);
        }
    }
    
    @Override
    public String getPerformanceLength() {
        return VendorYaml.DEFAULT_CAPACITY;
    }
    
    @Override
    public String getName() {
        return "Blind";
    }
}
































Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

Report generated by PIT 1.16.1

1		/*******************************************************************************
2		* Copyhacked (H) 2012-2020.
3		* This program and the accompanying materials
4		* are made available under no term at all, use it like
5		* you want, but share and discuss about it
6		* every time possible with every body.
7		*
8		* Contributors:
9		* ron190 at ymail dot com - initial implementation
10		*******************************************************************************/
11		package com.jsql.model.injection.strategy;
12
13		import com.jsql.model.InjectionModel;
14		import com.jsql.model.bean.util.Interaction;
15		import com.jsql.model.bean.util.Request;
16		import com.jsql.model.exception.StoppedByUserSlidingException;
17		import com.jsql.model.injection.strategy.blind.AbstractInjectionBoolean.BooleanMode;
18		import com.jsql.model.injection.strategy.blind.InjectionBlind;
19		import com.jsql.model.injection.vendor.model.VendorYaml;
20		import com.jsql.model.suspendable.AbstractSuspendable;
21		import com.jsql.util.I18nUtil;
22		import com.jsql.util.LogLevelUtil;
23		import org.apache.commons.lang3.StringUtils;
24		import org.apache.logging.log4j.LogManager;
25		import org.apache.logging.log4j.Logger;
26
27		public class StrategyInjectionBlind extends AbstractStrategy {
28
29		/**
30		* Log4j logger sent to view.
31		*/
32		private static final Logger LOGGER = LogManager.getRootLogger();
33
34		private InjectionBlind injectionBlind;
35
36		public StrategyInjectionBlind(InjectionModel injectionModel) {
37		super(injectionModel);
38		}
39
40		@Override
41		public void checkApplicability() throws StoppedByUserSlidingException {
42
43	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyBlindDisabled()) {
44
45		LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, getName());
46		return;
47
48	1 1. checkApplicability : negated conditional → NO_COVERAGE	} else if (StringUtils.isEmpty(this.injectionModel.getMediatorVendor().getVendor().instance().sqlBooleanBlind())) {
49
50		LOGGER.log(
51		LogLevelUtil.CONSOLE_ERROR,
52		AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
53		getName(),
54		this.injectionModel.getMediatorVendor().getVendor()
55		);
56		return;
57		}
58
59	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE	checkInjection(BooleanMode.OR);
60	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE	checkInjection(BooleanMode.AND);
61	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE	checkInjection(BooleanMode.STACKED);
62	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE	checkInjection(BooleanMode.NO_MODE);
63
64	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (this.isApplicable) {
65
66	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::allow → NO_COVERAGE	this.allow();
67
68		var requestMessageBinary = new Request();
69	1 1. checkApplicability : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE	requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
70	1 1. checkApplicability : removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE	requestMessageBinary.setParameters(this.injectionBlind.getInfoMessage());
71	1 1. checkApplicability : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE	this.injectionModel.sendToViews(requestMessageBinary);
72
73		} else {
74	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::unallow → NO_COVERAGE	this.unallow();
75		}
76		}
77
78		private void checkInjection(BooleanMode booleanMode) throws StoppedByUserSlidingException {
79
80	1 1. checkInjection : negated conditional → NO_COVERAGE	if (this.isApplicable) {
81		return;
82		}
83
84		LOGGER.log(
85		LogLevelUtil.CONSOLE_DEFAULT,
86		"{} [{}] with [{}]...",
87	1 1. lambda$checkInjection$0 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$0 → NO_COVERAGE	() -> I18nUtil.valueByKey(KEY_LOG_CHECKING_STRATEGY),
88		this::getName,
89	1 1. lambda$checkInjection$1 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$1 → NO_COVERAGE	() -> booleanMode
90		);
91		this.injectionBlind = new InjectionBlind(this.injectionModel, booleanMode);
92		this.isApplicable = this.injectionBlind.isInjectable();
93
94	1 1. checkInjection : negated conditional → NO_COVERAGE	if (this.isApplicable) {
95		LOGGER.log(
96		LogLevelUtil.CONSOLE_SUCCESS,
97		"{} [{}] injection with [{}]",
98	1 1. lambda$checkInjection$2 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$2 → NO_COVERAGE	() -> I18nUtil.valueByKey(KEY_LOG_VULNERABLE),
99		this::getName,
100	1 1. lambda$checkInjection$3 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$3 → NO_COVERAGE	() -> booleanMode
101		);
102		}
103		}
104
105		@Override
106		public void allow(int... i) {
107
108	1 1. allow : removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE	this.injectionModel.appendAnalysisReport(
109		"<span style=color:rgb(0,0,255)>### Strategy: " + getName() + "</span>"
110		+ this.injectionModel.getReportWithoutIndex(
111		this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlind(
112		this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind("<span style=color:rgb(0,128,0)><query></span>", "0", true),
113		this.injectionBlind.getBooleanMode()
114		),
115		"metadataInjectionProcess",
116		null
117		)
118		);
119	1 1. allow : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_BLIND_VULNERABLE);
120		}
121
122		@Override
123		public void unallow(int... i) {
124	1 1. unallow : removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_BLIND_INVULNERABLE);
125		}
126
127		@Override
128		public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
129	1 1. inject : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::inject → NO_COVERAGE	return this.injectionBlind.inject(
130		this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
131		stoppable
132		);
133		}
134
135		@Override
136		public void activateWhenApplicable() {
137	2 1. activateWhenApplicable : negated conditional → NO_COVERAGE 2. activateWhenApplicable : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
138
139		LOGGER.log(
140		LogLevelUtil.CONSOLE_INFORM,
141		"{} [{}] with [{}]",
142	1 1. lambda$activateWhenApplicable$4 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$activateWhenApplicable$4 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
143		this::getName,
144	1 1. lambda$activateWhenApplicable$5 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$activateWhenApplicable$5 → NO_COVERAGE	() -> this.injectionBlind.getBooleanMode().name()
145		);
146	1 1. activateWhenApplicable : removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE	this.injectionModel.getMediatorStrategy().setStrategy(this.injectionModel.getMediatorStrategy().getBlind());
147
148		var requestMarkBlindStrategy = new Request();
149	1 1. activateWhenApplicable : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE	requestMarkBlindStrategy.setMessage(Interaction.MARK_BLIND_STRATEGY);
150	1 1. activateWhenApplicable : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE	this.injectionModel.sendToViews(requestMarkBlindStrategy);
151		}
152		}
153
154		@Override
155		public String getPerformanceLength() {
156	1 1. getPerformanceLength : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::getPerformanceLength → NO_COVERAGE	return VendorYaml.DEFAULT_CAPACITY;
157		}
158
159		@Override
160		public String getName() {
161	1 1. getName : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::getName → NO_COVERAGE	return "Blind";
162		}
163		}
		Mutations
43		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
48		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
59		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE
60		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE
61		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE
62		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::checkInjection → NO_COVERAGE
64		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
66		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::allow → NO_COVERAGE
69		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE
70		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/bean/util/Request::setParameters → NO_COVERAGE
71		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE
74		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::unallow → NO_COVERAGE
80		1.1 Location : checkInjection Killed by : none negated conditional → NO_COVERAGE
87		1.1 Location : lambda$checkInjection$0 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$0 → NO_COVERAGE
89		1.1 Location : lambda$checkInjection$1 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$1 → NO_COVERAGE
94		1.1 Location : checkInjection Killed by : none negated conditional → NO_COVERAGE
98		1.1 Location : lambda$checkInjection$2 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$2 → NO_COVERAGE
100		1.1 Location : lambda$checkInjection$3 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$checkInjection$3 → NO_COVERAGE
108		1.1 Location : allow Killed by : none removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE
119		1.1 Location : allow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::markVulnerability → NO_COVERAGE
124		1.1 Location : unallow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionBlind::markVulnerability → NO_COVERAGE
129		1.1 Location : inject Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::inject → NO_COVERAGE
137		1.1 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE 2.2 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE
142		1.1 Location : lambda$activateWhenApplicable$4 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$activateWhenApplicable$4 → NO_COVERAGE
144		1.1 Location : lambda$activateWhenApplicable$5 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionBlind::lambda$activateWhenApplicable$5 → NO_COVERAGE
146		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE
149		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE
150		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE
156		1.1 Location : getPerformanceLength Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::getPerformanceLength → NO_COVERAGE
161		1.1 Location : getName Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionBlind::getName → NO_COVERAGE

StrategyInjectionBlind.java

Mutations

Active mutators

Tests examined