StrategyInjectionStacked.java

package com.jsql.model.injection.strategy;

import com.jsql.model.InjectionModel;
import com.jsql.model.accessible.DataAccess;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import com.jsql.model.injection.vendor.model.VendorYaml;
import com.jsql.model.injection.vendor.model.yaml.Configuration;
import com.jsql.model.suspendable.AbstractSuspendable;
import com.jsql.util.I18nUtil;
import com.jsql.util.LogLevelUtil;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class StrategyInjectionStacked extends AbstractStrategy {

    /**
     * Log4j logger sent to view.
     */
    private static final Logger LOGGER = LogManager.getRootLogger();

    private String performanceLength = "0";

    public StrategyInjectionStacked(InjectionModel injectionModel) {
        super(injectionModel);
    }

    @Override
    public void checkApplicability() {

        if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyStackedDisabled()) {

            LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, getName());
            return;
        }

        // Reset applicability of new Vendor
        this.isApplicable = false;
        var strategyYaml = this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy();
        var configurationYaml = strategyYaml.getConfiguration();

        LOGGER.log(
            LogLevelUtil.CONSOLE_DEFAULT,
            AbstractStrategy.FORMAT_CHECKING_STRATEGY,
            () -> I18nUtil.valueByKey("LOG_CHECKING_STRATEGY"),
            this::getName
        );

        boolean methodIsApplicable = this.isApplicable(configurationYaml, strategyYaml.getStacked());

        if (methodIsApplicable) {

            Matcher regexSearch = this.getPerformance(configurationYaml, strategyYaml.getStacked());

            if (!regexSearch.find()) {

                LOGGER.log(
                    LogLevelUtil.CONSOLE_ERROR,
                    "{} {} but injectable size is incorrect",
                    () -> I18nUtil.valueByKey("LOG_VULNERABLE"),
                    () -> "Stacked"
                );

                methodIsApplicable = false;
            } else {
                this.performanceLength = "" + regexSearch.group(1).length();
            }
        }

        if (methodIsApplicable) {

            LOGGER.log(
                LogLevelUtil.CONSOLE_SUCCESS,
                "{} Stacked injection using [{}] characters",
                () -> I18nUtil.valueByKey("LOG_VULNERABLE"),
                () -> this.performanceLength
            );

            this.allow();

        } else {
            this.unallow();
        }
    }

    private boolean isApplicable(Configuration configurationYaml, String stacked) {
        
        var methodIsApplicable = false;
        var indexZeroToFind = "0";
      
        String performanceSourcePage = this.injectionModel.injectWithoutIndex(
            VendorYaml.replaceTags(
                stacked
                .replace(VendorYaml.WINDOW, configurationYaml.getSlidingWindow())
                .replace(VendorYaml.INJECTION, configurationYaml.getFailsafe().replace(VendorYaml.INDICE,indexZeroToFind))
                .replace(VendorYaml.WINDOW_CHAR, "1")
                .replace(VendorYaml.CAPACITY, VendorYaml.DEFAULT_CAPACITY)
            ),
            "stacked#confirm"
        );
   
        String regexIndexZero = String.format(VendorYaml.FORMAT_INDEX, indexZeroToFind);
        if (performanceSourcePage.matches("(?s).*"+ regexIndexZero +".*")) {
            methodIsApplicable = true;
            this.isApplicable = true;
        }
        
        return methodIsApplicable;
    }

    private Matcher getPerformance(Configuration configurationYaml, String stacked) {
        
        String performanceSourcePage = this.injectionModel.injectWithoutIndex(
            VendorYaml.replaceTags(
                stacked
                .replace(VendorYaml.WINDOW, configurationYaml.getSlidingWindow())
                .replace(VendorYaml.INJECTION, configurationYaml.getCalibrator())
                .replace(VendorYaml.WINDOW_CHAR, "1")
                .replace(VendorYaml.CAPACITY, VendorYaml.DEFAULT_CAPACITY)
            ),
            "stacked#size"
        );
        
        return Pattern.compile("(?s)"+ DataAccess.LEAD +"(#+)").matcher(performanceSourcePage);
    }

    @Override
    public void allow(int... i) {

        this.injectionModel.appendAnalysisReport(
            "<span style=color:rgb(0,0,255)>### Strategy: " + getName() + "</span>"
            + this.injectionModel.getReportWithoutIndex(
                this.injectionModel.getMediatorVendor().getVendor().instance().sqlStacked("<span style=color:rgb(0,128,0)>&lt;query&gt;</span>", "0", true),
                "metadataInjectionProcess"
            )
        );
        this.markVulnerability(Interaction.MARK_STACKED_VULNERABLE);
    }

    @Override
    public void unallow(int... i) {
        this.markVulnerability(Interaction.MARK_STACKED_INVULNERABLE);
    }

    @Override
    public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) {
        return this.injectionModel.injectWithoutIndex(
            this.injectionModel.getMediatorVendor().getVendor().instance().sqlStacked(sqlQuery, startPosition, false),
            metadataInjectionProcess
        );
    }

    @Override
    public void activateWhenApplicable() {
        if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {

            LOGGER.log(
                LogLevelUtil.CONSOLE_INFORM,
                "{} [{}]",
                () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
                this::getName
            );
            this.injectionModel.getMediatorStrategy().setStrategy(this.injectionModel.getMediatorStrategy().getStacked());

            var request = new Request();
            request.setMessage(Interaction.MARK_STACKED_STRATEGY);
            this.injectionModel.sendToViews(request);
        }
    }

    @Override
    public String getPerformanceLength() {
        return this.performanceLength;
    }

    @Override
    public String getName() {
        return "Stacked";
    }
}



























Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

Report generated by PIT 1.16.1

1		package com.jsql.model.injection.strategy;
2
3		import com.jsql.model.InjectionModel;
4		import com.jsql.model.accessible.DataAccess;
5		import com.jsql.model.bean.util.Interaction;
6		import com.jsql.model.bean.util.Request;
7		import com.jsql.model.injection.vendor.model.VendorYaml;
8		import com.jsql.model.injection.vendor.model.yaml.Configuration;
9		import com.jsql.model.suspendable.AbstractSuspendable;
10		import com.jsql.util.I18nUtil;
11		import com.jsql.util.LogLevelUtil;
12		import org.apache.logging.log4j.LogManager;
13		import org.apache.logging.log4j.Logger;
14
15		import java.util.regex.Matcher;
16		import java.util.regex.Pattern;
17
18		public class StrategyInjectionStacked extends AbstractStrategy {
19
20		/**
21		* Log4j logger sent to view.
22		*/
23		private static final Logger LOGGER = LogManager.getRootLogger();
24
25		private String performanceLength = "0";
26
27		public StrategyInjectionStacked(InjectionModel injectionModel) {
28		super(injectionModel);
29		}
30
31		@Override
32		public void checkApplicability() {
33
34	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyStackedDisabled()) {
35
36		LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, getName());
37		return;
38		}
39
40		// Reset applicability of new Vendor
41		this.isApplicable = false;
42		var strategyYaml = this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy();
43		var configurationYaml = strategyYaml.getConfiguration();
44
45		LOGGER.log(
46		LogLevelUtil.CONSOLE_DEFAULT,
47		AbstractStrategy.FORMAT_CHECKING_STRATEGY,
48	1 1. lambda$checkApplicability$0 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$0 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_CHECKING_STRATEGY"),
49		this::getName
50		);
51
52		boolean methodIsApplicable = this.isApplicable(configurationYaml, strategyYaml.getStacked());
53
54	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (methodIsApplicable) {
55
56		Matcher regexSearch = this.getPerformance(configurationYaml, strategyYaml.getStacked());
57
58	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (!regexSearch.find()) {
59
60		LOGGER.log(
61		LogLevelUtil.CONSOLE_ERROR,
62		"{} {} but injectable size is incorrect",
63	1 1. lambda$checkApplicability$1 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$1 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_VULNERABLE"),
64	1 1. lambda$checkApplicability$2 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$2 → NO_COVERAGE	() -> "Stacked"
65		);
66
67		methodIsApplicable = false;
68		} else {
69		this.performanceLength = "" + regexSearch.group(1).length();
70		}
71		}
72
73	1 1. checkApplicability : negated conditional → NO_COVERAGE	if (methodIsApplicable) {
74
75		LOGGER.log(
76		LogLevelUtil.CONSOLE_SUCCESS,
77		"{} Stacked injection using [{}] characters",
78	1 1. lambda$checkApplicability$3 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$3 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_VULNERABLE"),
79	1 1. lambda$checkApplicability$4 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$4 → NO_COVERAGE	() -> this.performanceLength
80		);
81
82	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::allow → NO_COVERAGE	this.allow();
83
84		} else {
85	1 1. checkApplicability : removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::unallow → NO_COVERAGE	this.unallow();
86		}
87		}
88
89		private boolean isApplicable(Configuration configurationYaml, String stacked) {
90
91		var methodIsApplicable = false;
92		var indexZeroToFind = "0";
93
94		String performanceSourcePage = this.injectionModel.injectWithoutIndex(
95		VendorYaml.replaceTags(
96		stacked
97		.replace(VendorYaml.WINDOW, configurationYaml.getSlidingWindow())
98		.replace(VendorYaml.INJECTION, configurationYaml.getFailsafe().replace(VendorYaml.INDICE,indexZeroToFind))
99		.replace(VendorYaml.WINDOW_CHAR, "1")
100		.replace(VendorYaml.CAPACITY, VendorYaml.DEFAULT_CAPACITY)
101		),
102		"stacked#confirm"
103		);
104
105		String regexIndexZero = String.format(VendorYaml.FORMAT_INDEX, indexZeroToFind);
106	1 1. isApplicable : negated conditional → NO_COVERAGE	if (performanceSourcePage.matches("(?s)."+ regexIndexZero +".")) {
107		methodIsApplicable = true;
108		this.isApplicable = true;
109		}
110
111	2 1. isApplicable : replaced boolean return with false for com/jsql/model/injection/strategy/StrategyInjectionStacked::isApplicable → NO_COVERAGE 2. isApplicable : replaced boolean return with true for com/jsql/model/injection/strategy/StrategyInjectionStacked::isApplicable → NO_COVERAGE	return methodIsApplicable;
112		}
113
114		private Matcher getPerformance(Configuration configurationYaml, String stacked) {
115
116		String performanceSourcePage = this.injectionModel.injectWithoutIndex(
117		VendorYaml.replaceTags(
118		stacked
119		.replace(VendorYaml.WINDOW, configurationYaml.getSlidingWindow())
120		.replace(VendorYaml.INJECTION, configurationYaml.getCalibrator())
121		.replace(VendorYaml.WINDOW_CHAR, "1")
122		.replace(VendorYaml.CAPACITY, VendorYaml.DEFAULT_CAPACITY)
123		),
124		"stacked#size"
125		);
126
127	1 1. getPerformance : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::getPerformance → NO_COVERAGE	return Pattern.compile("(?s)"+ DataAccess.LEAD +"(#+)").matcher(performanceSourcePage);
128		}
129
130		@Override
131		public void allow(int... i) {
132
133	1 1. allow : removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE	this.injectionModel.appendAnalysisReport(
134		"<span style=color:rgb(0,0,255)>### Strategy: " + getName() + "</span>"
135		+ this.injectionModel.getReportWithoutIndex(
136		this.injectionModel.getMediatorVendor().getVendor().instance().sqlStacked("<span style=color:rgb(0,128,0)><query></span>", "0", true),
137		"metadataInjectionProcess"
138		)
139		);
140	1 1. allow : removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_STACKED_VULNERABLE);
141		}
142
143		@Override
144		public void unallow(int... i) {
145	1 1. unallow : removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::markVulnerability → NO_COVERAGE	this.markVulnerability(Interaction.MARK_STACKED_INVULNERABLE);
146		}
147
148		@Override
149		public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) {
150	1 1. inject : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::inject → NO_COVERAGE	return this.injectionModel.injectWithoutIndex(
151		this.injectionModel.getMediatorVendor().getVendor().instance().sqlStacked(sqlQuery, startPosition, false),
152		metadataInjectionProcess
153		);
154		}
155
156		@Override
157		public void activateWhenApplicable() {
158	2 1. activateWhenApplicable : negated conditional → NO_COVERAGE 2. activateWhenApplicable : negated conditional → NO_COVERAGE	if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
159
160		LOGGER.log(
161		LogLevelUtil.CONSOLE_INFORM,
162		"{} [{}]",
163	1 1. lambda$activateWhenApplicable$5 : replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$activateWhenApplicable$5 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
164		this::getName
165		);
166	1 1. activateWhenApplicable : removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE	this.injectionModel.getMediatorStrategy().setStrategy(this.injectionModel.getMediatorStrategy().getStacked());
167
168		var request = new Request();
169	1 1. activateWhenApplicable : removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE	request.setMessage(Interaction.MARK_STACKED_STRATEGY);
170	1 1. activateWhenApplicable : removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE	this.injectionModel.sendToViews(request);
171		}
172		}
173
174		@Override
175		public String getPerformanceLength() {
176	1 1. getPerformanceLength : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::getPerformanceLength → NO_COVERAGE	return this.performanceLength;
177		}
178
179		@Override
180		public String getName() {
181	1 1. getName : replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::getName → NO_COVERAGE	return "Stacked";
182		}
183		}
		Mutations
34		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
48		1.1 Location : lambda$checkApplicability$0 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$0 → NO_COVERAGE
54		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
58		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
63		1.1 Location : lambda$checkApplicability$1 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$1 → NO_COVERAGE
64		1.1 Location : lambda$checkApplicability$2 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$2 → NO_COVERAGE
73		1.1 Location : checkApplicability Killed by : none negated conditional → NO_COVERAGE
78		1.1 Location : lambda$checkApplicability$3 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$3 → NO_COVERAGE
79		1.1 Location : lambda$checkApplicability$4 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$checkApplicability$4 → NO_COVERAGE
82		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::allow → NO_COVERAGE
85		1.1 Location : checkApplicability Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::unallow → NO_COVERAGE
106		1.1 Location : isApplicable Killed by : none negated conditional → NO_COVERAGE
111		1.1 Location : isApplicable Killed by : none replaced boolean return with false for com/jsql/model/injection/strategy/StrategyInjectionStacked::isApplicable → NO_COVERAGE 2.2 Location : isApplicable Killed by : none replaced boolean return with true for com/jsql/model/injection/strategy/StrategyInjectionStacked::isApplicable → NO_COVERAGE
127		1.1 Location : getPerformance Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::getPerformance → NO_COVERAGE
133		1.1 Location : allow Killed by : none removed call to com/jsql/model/InjectionModel::appendAnalysisReport → NO_COVERAGE
140		1.1 Location : allow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::markVulnerability → NO_COVERAGE
145		1.1 Location : unallow Killed by : none removed call to com/jsql/model/injection/strategy/StrategyInjectionStacked::markVulnerability → NO_COVERAGE
150		1.1 Location : inject Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::inject → NO_COVERAGE
158		1.1 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE 2.2 Location : activateWhenApplicable Killed by : none negated conditional → NO_COVERAGE
163		1.1 Location : lambda$activateWhenApplicable$5 Killed by : none replaced return value with null for com/jsql/model/injection/strategy/StrategyInjectionStacked::lambda$activateWhenApplicable$5 → NO_COVERAGE
166		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/injection/strategy/MediatorStrategy::setStrategy → NO_COVERAGE
169		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/bean/util/Request::setMessage → NO_COVERAGE
170		1.1 Location : activateWhenApplicable Killed by : none removed call to com/jsql/model/InjectionModel::sendToViews → NO_COVERAGE
176		1.1 Location : getPerformanceLength Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::getPerformanceLength → NO_COVERAGE
181		1.1 Location : getName Killed by : none replaced return value with "" for com/jsql/model/injection/strategy/StrategyInjectionStacked::getName → NO_COVERAGE

StrategyInjectionStacked.java

Mutations

Active mutators

Tests examined