MultipartUtil.java

package com.jsql.util;

import com.jsql.model.InjectionModel;
import com.jsql.model.exception.JSqlException;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class MultipartUtil {

    /**
     * Log4j logger sent to view.
     */
    private static final Logger LOGGER = LogManager.getRootLogger();

    private final InjectionModel injectionModel;

    public MultipartUtil(InjectionModel injectionModel) {
        this.injectionModel = injectionModel;
    }

    public boolean testParameters(boolean hasFoundInjection) {
        if (!hasFoundInjection) {
            LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} multipart...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
        } else {
            return true;
        }
        
        String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
        String rawRequest = this.injectionModel.getMediatorUtils().getParameterUtil().getRawRequest();

        Matcher matcherBoundary = Pattern.compile("boundary=([^;]*)").matcher(rawHeader);
        if (!matcherBoundary.find()) {
            return false;
        }
        
        String boundary = matcherBoundary.group(1);

        Matcher matcherFormDataParameters = Pattern
            .compile("Content-Disposition\\s*:\\s*form-data\\s*;\\s*name\\s*=\"(.*?)\"(.*?)--" + boundary, Pattern.DOTALL)
            .matcher(rawRequest);

        while (matcherFormDataParameters.find()) {
            if (this.isBoundaryInjectable(rawRequest, boundary, matcherFormDataParameters)) {
                return true;
            }
        }
        return false;
    }

    private boolean isBoundaryInjectable(String rawRequest, String boundary, Matcher matcherFormDataParameters) {
        String nameParameter = matcherFormDataParameters.group(1);
        String valueParameter = matcherFormDataParameters.group(2);

        String rawRequestWithStar = rawRequest.replaceAll(
            "(?i)(Content-Disposition\\s*:\\s*form-data\\s*;\\s*name\\s*=\\s*\"" + nameParameter + "\".*?)([\\\\r\\\\n]*--" + boundary + ")",
            "$1" + InjectionModel.STAR + "$2"
        );

        this.injectionModel.getMediatorUtils().getParameterUtil().initRequest(rawRequestWithStar);

        try {
            LOGGER.log(
                LogLevelUtil.CONSOLE_INFORM,
                "{} multipart boundary {}={}",
                () -> I18nUtil.valueByKey("LOG_CHECKING"),
                () -> nameParameter,
                () -> valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
            );
            return this.injectionModel.getMediatorMethod().getRequest().testParameters();
        } catch (JSqlException e) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_ERROR,
                String.format(
                    "No Multipart boundary injection for %s=%s",
                    nameParameter,
                    valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
                )
            );
        }
        return false;
    }
}
















Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

Report generated by PIT 1.19.1

1		package com.jsql.util;
2
3		import com.jsql.model.InjectionModel;
4		import com.jsql.model.exception.JSqlException;
5		import org.apache.commons.lang3.StringUtils;
6		import org.apache.logging.log4j.LogManager;
7		import org.apache.logging.log4j.Logger;
8
9		import java.util.regex.Matcher;
10		import java.util.regex.Pattern;
11
12		public class MultipartUtil {
13
14		/**
15		* Log4j logger sent to view.
16		*/
17		private static final Logger LOGGER = LogManager.getRootLogger();
18
19		private final InjectionModel injectionModel;
20
21		public MultipartUtil(InjectionModel injectionModel) {
22		this.injectionModel = injectionModel;
23		}
24
25		public boolean testParameters(boolean hasFoundInjection) {
26	1 1. testParameters : negated conditional → NO_COVERAGE	if (!hasFoundInjection) {
27		LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} multipart...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
28		} else {
29	1 1. testParameters : replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return true;
30		}
31
32		String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
33		String rawRequest = this.injectionModel.getMediatorUtils().getParameterUtil().getRawRequest();
34
35		Matcher matcherBoundary = Pattern.compile("boundary=([^;]*)").matcher(rawHeader);
36	1 1. testParameters : negated conditional → NO_COVERAGE	if (!matcherBoundary.find()) {
37	1 1. testParameters : replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return false;
38		}
39
40		String boundary = matcherBoundary.group(1);
41
42		Matcher matcherFormDataParameters = Pattern
43		.compile("Content-Disposition\\s:\\sform-data\\s;\\sname\\s=\"(.?)\"(.*?)--" + boundary, Pattern.DOTALL)
44		.matcher(rawRequest);
45
46	1 1. testParameters : negated conditional → NO_COVERAGE	while (matcherFormDataParameters.find()) {
47	1 1. testParameters : negated conditional → NO_COVERAGE	if (this.isBoundaryInjectable(rawRequest, boundary, matcherFormDataParameters)) {
48	1 1. testParameters : replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return true;
49		}
50		}
51	1 1. testParameters : replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return false;
52		}
53
54		private boolean isBoundaryInjectable(String rawRequest, String boundary, Matcher matcherFormDataParameters) {
55		String nameParameter = matcherFormDataParameters.group(1);
56		String valueParameter = matcherFormDataParameters.group(2);
57
58		String rawRequestWithStar = rawRequest.replaceAll(
59		"(?i)(Content-Disposition\\s:\\sform-data\\s;\\sname\\s=\\s\"" + nameParameter + "\".?)([\\\\r\\\\n]--" + boundary + ")",
60		"$1" + InjectionModel.STAR + "$2"
61		);
62
63	1 1. isBoundaryInjectable : removed call to com/jsql/util/ParameterUtil::initRequest → NO_COVERAGE	this.injectionModel.getMediatorUtils().getParameterUtil().initRequest(rawRequestWithStar);
64
65		try {
66		LOGGER.log(
67		LogLevelUtil.CONSOLE_INFORM,
68		"{} multipart boundary {}={}",
69	1 1. lambda$isBoundaryInjectable$1 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$1 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_CHECKING"),
70	1 1. lambda$isBoundaryInjectable$2 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$2 → NO_COVERAGE	() -> nameParameter,
71	1 1. lambda$isBoundaryInjectable$3 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$3 → NO_COVERAGE	() -> valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
72		);
73	2 1. isBoundaryInjectable : replaced boolean return with false for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE 2. isBoundaryInjectable : replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE	return this.injectionModel.getMediatorMethod().getRequest().testParameters();
74		} catch (JSqlException e) {
75		LOGGER.log(
76		LogLevelUtil.CONSOLE_ERROR,
77		String.format(
78		"No Multipart boundary injection for %s=%s",
79		nameParameter,
80		valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
81		)
82		);
83		}
84	1 1. isBoundaryInjectable : replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE	return false;
85		}
86		}
		Mutations
26		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
29		1.1 Location : testParameters Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
36		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
37		1.1 Location : testParameters Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
46		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
47		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
48		1.1 Location : testParameters Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
51		1.1 Location : testParameters Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
63		1.1 Location : isBoundaryInjectable Killed by : none removed call to com/jsql/util/ParameterUtil::initRequest → NO_COVERAGE
69		1.1 Location : lambda$isBoundaryInjectable$1 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$1 → NO_COVERAGE
70		1.1 Location : lambda$isBoundaryInjectable$2 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$2 → NO_COVERAGE
71		1.1 Location : lambda$isBoundaryInjectable$3 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$3 → NO_COVERAGE
73		1.1 Location : isBoundaryInjectable Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE 2.2 Location : isBoundaryInjectable Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE
84		1.1 Location : isBoundaryInjectable Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE

MultipartUtil.java

Mutations

Active mutators

Tests examined