View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.exception.JSqlException;
5   import org.apache.commons.lang3.StringUtils;
6   import org.apache.logging.log4j.LogManager;
7   import org.apache.logging.log4j.Logger;
8   
9   import java.util.AbstractMap;
10  import java.util.List;
11  import java.util.stream.Collectors;
12  import java.util.stream.Stream;
13  
14  public class CookiesUtil {
15  
16      /**
17       * Log4j logger sent to view.
18       */
19      private static final Logger LOGGER = LogManager.getRootLogger();
20  
21      private final InjectionModel injectionModel;
22  
23      public CookiesUtil(InjectionModel injectionModel) {
24          this.injectionModel = injectionModel;
25      }
26  
27      public boolean testParameters(boolean hasFoundInjection) {
28  
29          if (!hasFoundInjection) {
30              if (!this.injectionModel.getMediatorUtils().getPreferencesUtil().isCheckingAllCookieParam()) {
31                  return false;
32              }
33              LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "Checking cookies params...");
34          } else {
35              return true;
36          }
37  
38          String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
39  
40          List<AbstractMap.SimpleEntry<String, String>> cookies = this.injectionModel.getMediatorUtils().getParameterUtil().getListHeader()
41              .stream()
42              .filter(entry -> "cookie".equalsIgnoreCase(entry.getKey()))
43              .findFirst()
44              .map(cookieHeader -> cookieHeader.getValue().split(";"))
45              .stream()
46              .flatMap(Stream::of)
47              .filter(cookie -> cookie != null && cookie.contains("="))
48              .map(cookie -> cookie.split("=", 2))
49              .map(arrayEntry -> new AbstractMap.SimpleEntry<>(
50                  arrayEntry[0].trim(),
51                  arrayEntry[1] == null ? "" : arrayEntry[1].trim()
52              ))
53              .collect(Collectors.toList());
54  
55          for (AbstractMap.SimpleEntry<String, String> cookie: cookies) {
56  
57              String keyValue = cookie.getKey() + "=" + cookie.getValue();
58              String headerCookieWithStar = rawHeader.replace(keyValue, keyValue + InjectionModel.STAR);
59  
60              this.injectionModel.getMediatorUtils().getParameterUtil().initializeHeader(headerCookieWithStar);
61  
62              try {
63                  LOGGER.log(
64                      LogLevelUtil.CONSOLE_DEFAULT,
65                      "Checking cookie {}={}",
66                      cookie::getKey,
67                      () -> cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
68                  );
69  
70                  if (this.injectionModel.getMediatorMethod().getHeader().testParameters()) {
71                      return true;
72                  }
73              } catch (JSqlException e) {
74                  LOGGER.log(
75                      LogLevelUtil.CONSOLE_ERROR,
76                      String.format(
77                          "No Cookie injection for %s=%s",
78                          cookie.getKey(),
79                          cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
80                      )
81                  );
82              }
83          }
84  
85          return false;
86      }
87  }