View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.exception.JSqlException;
5   import org.apache.commons.lang3.StringUtils;
6   import org.apache.logging.log4j.LogManager;
7   import org.apache.logging.log4j.Logger;
8   
9   import java.util.AbstractMap;
10  import java.util.List;
11  import java.util.stream.Collectors;
12  import java.util.stream.Stream;
13  
14  public class CookiesUtil {
15  
16      private static final Logger LOGGER = LogManager.getRootLogger();
17  
18      private final InjectionModel injectionModel;
19  
20      public CookiesUtil(InjectionModel injectionModel) {
21          this.injectionModel = injectionModel;
22      }
23  
24      public boolean testParameters(boolean hasFoundInjection) {
25          if (!hasFoundInjection) {
26              if (!this.injectionModel.getMediatorUtils().getPreferencesUtil().isCheckingAllCookieParam()) {
27                  return false;
28              }
29              LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} cookies...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
30          } else {
31              return true;
32          }
33  
34          String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
35  
36          List<AbstractMap.SimpleEntry<String, String>> cookies = this.injectionModel.getMediatorUtils().getParameterUtil().getListHeader()
37              .stream()
38              .filter(entry -> "cookie".equalsIgnoreCase(entry.getKey()))
39              .findFirst()
40              .map(cookieHeader -> cookieHeader.getValue().split(";"))
41              .stream()
42              .flatMap(Stream::of)
43              .filter(cookie -> cookie != null && cookie.contains("="))
44              .map(cookie -> cookie.split("=", 2))
45              .map(arrayEntry -> new AbstractMap.SimpleEntry<>(
46                  arrayEntry[0].trim(),
47                  arrayEntry[1] == null ? StringUtils.EMPTY : arrayEntry[1].trim()
48              ))
49              .collect(Collectors.toList());
50  
51          for (AbstractMap.SimpleEntry<String, String> cookie: cookies) {
52              String keyValue = cookie.getKey() + "=" + cookie.getValue();
53              String headerCookieWithStar = rawHeader.replace(keyValue, keyValue + InjectionModel.STAR);
54  
55              this.injectionModel.getMediatorUtils().getParameterUtil().initHeader(headerCookieWithStar);
56  
57              try {
58                  LOGGER.log(
59                      LogLevelUtil.CONSOLE_DEFAULT,
60                      "{} cookie {}={}",
61                      () -> I18nUtil.valueByKey("LOG_CHECKING"),
62                      cookie::getKey,
63                      () -> cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
64                  );
65                  if (this.injectionModel.getMediatorMethod().getHeader().testParameters()) {
66                      return true;
67                  }
68              } catch (JSqlException e) {
69                  LOGGER.log(
70                      LogLevelUtil.CONSOLE_ERROR,
71                      String.format(
72                          "No Cookie injection for %s=%s",
73                          cookie.getKey(),
74                          cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
75                      )
76                  );
77              }
78          }
79          return false;
80      }
81  }