MultipartUtil.java

package com.jsql.util;

import com.jsql.model.InjectionModel;
import com.jsql.model.exception.JSqlException;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

public class MultipartUtil {

    private static final Logger LOGGER = LogManager.getRootLogger();

    private final InjectionModel injectionModel;

    public MultipartUtil(InjectionModel injectionModel) {
        this.injectionModel = injectionModel;
    }

    public boolean testParameters(boolean hasFoundInjection) {
        if (!hasFoundInjection) {
            LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} multipart...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
        } else {
            return true;
        }
        
        String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
        String rawRequest = this.injectionModel.getMediatorUtils().getParameterUtil().getRawRequest();

        Matcher matcherBoundary = Pattern.compile("boundary=([^;]*)").matcher(rawHeader);
        if (!matcherBoundary.find()) {
            return false;
        }
        
        String boundary = matcherBoundary.group(1);

        Matcher matcherFormDataParameters = Pattern
            .compile("Content-Disposition\\s*:\\s*form-data\\s*;\\s*name\\s*=\"(.*?)\"(.*?)--" + boundary, Pattern.DOTALL)
            .matcher(rawRequest);

        while (matcherFormDataParameters.find()) {
            if (this.isBoundaryInjectable(rawRequest, boundary, matcherFormDataParameters)) {
                return true;
            }
        }
        return false;
    }

    private boolean isBoundaryInjectable(String rawRequest, String boundary, Matcher matcherFormDataParameters) {
        String nameParameter = matcherFormDataParameters.group(1);
        String valueParameter = matcherFormDataParameters.group(2);

        String rawRequestWithStar = rawRequest.replaceAll(
            "(?i)(Content-Disposition\\s*:\\s*form-data\\s*;\\s*name\\s*=\\s*\"" + nameParameter + "\".*?)([\\\\r\\\\n]*--" + boundary + ")",
            "$1" + InjectionModel.STAR + "$2"
        );

        this.injectionModel.getMediatorUtils().getParameterUtil().initRequest(rawRequestWithStar);

        try {
            LOGGER.log(
                LogLevelUtil.CONSOLE_INFORM,
                "{} multipart boundary {}={}",
                () -> I18nUtil.valueByKey("LOG_CHECKING"),
                () -> nameParameter,
                () -> valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
            );
            return this.injectionModel.getMediatorMethod().getRequest().testParameters();
        } catch (JSqlException e) {
            LOGGER.log(
                LogLevelUtil.CONSOLE_ERROR,
                String.format(
                    "No Multipart boundary injection for %s=%s",
                    nameParameter,
                    valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
                )
            );
        }
        return false;
    }
}
















Active mutators

CONDITIONALS_BOUNDARY
EMPTY_RETURNS
FALSE_RETURNS
INCREMENTS
INVERT_NEGS
MATH
NEGATE_CONDITIONALS
NULL_RETURNS
PRIMITIVE_RETURNS
TRUE_RETURNS
VOID_METHOD_CALLS

Tests examined

Report generated by PIT 1.19.1

1		package com.jsql.util;
2
3		import com.jsql.model.InjectionModel;
4		import com.jsql.model.exception.JSqlException;
5		import org.apache.commons.lang3.StringUtils;
6		import org.apache.logging.log4j.LogManager;
7		import org.apache.logging.log4j.Logger;
8
9		import java.util.regex.Matcher;
10		import java.util.regex.Pattern;
11
12		public class MultipartUtil {
13
14		private static final Logger LOGGER = LogManager.getRootLogger();
15
16		private final InjectionModel injectionModel;
17
18		public MultipartUtil(InjectionModel injectionModel) {
19		this.injectionModel = injectionModel;
20		}
21
22		public boolean testParameters(boolean hasFoundInjection) {
23	1 1. testParameters : negated conditional → NO_COVERAGE	if (!hasFoundInjection) {
24		LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} multipart...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
25		} else {
26	1 1. testParameters : replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return true;
27		}
28
29		String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
30		String rawRequest = this.injectionModel.getMediatorUtils().getParameterUtil().getRawRequest();
31
32		Matcher matcherBoundary = Pattern.compile("boundary=([^;]*)").matcher(rawHeader);
33	1 1. testParameters : negated conditional → NO_COVERAGE	if (!matcherBoundary.find()) {
34	1 1. testParameters : replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return false;
35		}
36
37		String boundary = matcherBoundary.group(1);
38
39		Matcher matcherFormDataParameters = Pattern
40		.compile("Content-Disposition\\s:\\sform-data\\s;\\sname\\s=\"(.?)\"(.*?)--" + boundary, Pattern.DOTALL)
41		.matcher(rawRequest);
42
43	1 1. testParameters : negated conditional → NO_COVERAGE	while (matcherFormDataParameters.find()) {
44	1 1. testParameters : negated conditional → NO_COVERAGE	if (this.isBoundaryInjectable(rawRequest, boundary, matcherFormDataParameters)) {
45	1 1. testParameters : replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return true;
46		}
47		}
48	1 1. testParameters : replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE	return false;
49		}
50
51		private boolean isBoundaryInjectable(String rawRequest, String boundary, Matcher matcherFormDataParameters) {
52		String nameParameter = matcherFormDataParameters.group(1);
53		String valueParameter = matcherFormDataParameters.group(2);
54
55		String rawRequestWithStar = rawRequest.replaceAll(
56		"(?i)(Content-Disposition\\s:\\sform-data\\s;\\sname\\s=\\s\"" + nameParameter + "\".?)([\\\\r\\\\n]--" + boundary + ")",
57		"$1" + InjectionModel.STAR + "$2"
58		);
59
60	1 1. isBoundaryInjectable : removed call to com/jsql/util/ParameterUtil::initRequest → NO_COVERAGE	this.injectionModel.getMediatorUtils().getParameterUtil().initRequest(rawRequestWithStar);
61
62		try {
63		LOGGER.log(
64		LogLevelUtil.CONSOLE_INFORM,
65		"{} multipart boundary {}={}",
66	1 1. lambda$isBoundaryInjectable$1 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$1 → NO_COVERAGE	() -> I18nUtil.valueByKey("LOG_CHECKING"),
67	1 1. lambda$isBoundaryInjectable$2 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$2 → NO_COVERAGE	() -> nameParameter,
68	1 1. lambda$isBoundaryInjectable$3 : replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$3 → NO_COVERAGE	() -> valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
69		);
70	2 1. isBoundaryInjectable : replaced boolean return with false for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE 2. isBoundaryInjectable : replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE	return this.injectionModel.getMediatorMethod().getRequest().testParameters();
71		} catch (JSqlException e) {
72		LOGGER.log(
73		LogLevelUtil.CONSOLE_ERROR,
74		String.format(
75		"No Multipart boundary injection for %s=%s",
76		nameParameter,
77		valueParameter.replace(InjectionModel.STAR, StringUtils.EMPTY)
78		)
79		);
80		}
81	1 1. isBoundaryInjectable : replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE	return false;
82		}
83		}
		Mutations
23		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
26		1.1 Location : testParameters Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
33		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
34		1.1 Location : testParameters Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
43		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
44		1.1 Location : testParameters Killed by : none negated conditional → NO_COVERAGE
45		1.1 Location : testParameters Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
48		1.1 Location : testParameters Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::testParameters → NO_COVERAGE
60		1.1 Location : isBoundaryInjectable Killed by : none removed call to com/jsql/util/ParameterUtil::initRequest → NO_COVERAGE
66		1.1 Location : lambda$isBoundaryInjectable$1 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$1 → NO_COVERAGE
67		1.1 Location : lambda$isBoundaryInjectable$2 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$2 → NO_COVERAGE
68		1.1 Location : lambda$isBoundaryInjectable$3 Killed by : none replaced return value with null for com/jsql/util/MultipartUtil::lambda$isBoundaryInjectable$3 → NO_COVERAGE
70		1.1 Location : isBoundaryInjectable Killed by : none replaced boolean return with false for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE 2.2 Location : isBoundaryInjectable Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE
81		1.1 Location : isBoundaryInjectable Killed by : none replaced boolean return with true for com/jsql/util/MultipartUtil::isBoundaryInjectable → NO_COVERAGE

MultipartUtil.java

Mutations

Active mutators

Tests examined