View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    *
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   *******************************************************************************/
11  package com.jsql.model.injection.strategy;
12  
13  import com.jsql.model.InjectionModel;
14  import com.jsql.model.bean.util.Interaction;
15  import com.jsql.model.bean.util.Request;
16  import com.jsql.model.exception.StoppedByUserSlidingException;
17  import com.jsql.model.injection.strategy.blind.AbstractInjectionBinary.BinaryMode;
18  import com.jsql.model.injection.strategy.blind.InjectionMultibit;
19  import com.jsql.model.injection.vendor.model.VendorYaml;
20  import com.jsql.model.suspendable.AbstractSuspendable;
21  import com.jsql.util.I18nUtil;
22  import com.jsql.util.LogLevelUtil;
23  import com.jsql.util.StringUtil;
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  
27  public class StrategyInjectionMultibit extends AbstractStrategy {
28  
29      /**
30       * Log4j logger sent to view.
31       */
32      private static final Logger LOGGER = LogManager.getRootLogger();
33  
34      private InjectionMultibit injectionMultibit;
35  
36      public StrategyInjectionMultibit(InjectionModel injectionModel) {
37          super(injectionModel);
38      }
39  
40      @Override
41      public void checkApplicability() throws StoppedByUserSlidingException {
42          if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyMultibitDisabled()) {
43              LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
44              return;
45          }
46          this.logChecking();
47  
48          this.injectionMultibit = new InjectionMultibit(this.injectionModel, BinaryMode.STACK);
49          this.isApplicable = this.injectionMultibit.isInjectable();
50  
51          if (this.isApplicable) {
52              LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "{} Multibit injection", () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE));
53              this.allow();
54  
55              var requestMessageBinary = new Request();
56              requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
57              requestMessageBinary.setParameters(this.injectionMultibit.getInfoMessage());
58              this.injectionModel.sendToViews(requestMessageBinary);
59          } else {
60              this.unallow();
61          }
62      }
63  
64      @Override
65      public void allow(int... i) {
66          this.injectionModel.appendAnalysisReport(
67              StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
68              + this.injectionModel.getReportWithoutIndex(
69                      this.injectionModel.getMediatorVendor().getVendor().instance().sqlMultibit(
70                      this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(
71                          StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"),
72                          "0",
73                          true
74                      ),
75                      0,
76                      1
77                  ),
78                  "metadataInjectionProcess",
79                  null
80              )
81          );
82          this.markVulnerability(Interaction.MARK_MULTI_VULNERABLE);
83      }
84  
85      @Override
86      public void unallow(int... i) {
87          this.markVulnerability(Interaction.MARK_MULTI_INVULNERABLE);
88      }
89  
90      @Override
91      public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
92          return this.injectionMultibit.inject(
93              this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
94              stoppable
95          );
96      }
97  
98      @Override
99      public void activateWhenApplicable() {
100         if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
101             LOGGER.log(
102                 LogLevelUtil.CONSOLE_INFORM,
103                 "{} [{}]",
104                 () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
105                 this::getName
106             );
107             this.injectionModel.getMediatorStrategy().setStrategy(this.injectionModel.getMediatorStrategy().getMultibit());
108 
109             var requestMarkBlindStrategy = new Request();
110             requestMarkBlindStrategy.setMessage(Interaction.MARK_MULTI_STRATEGY);
111             this.injectionModel.sendToViews(requestMarkBlindStrategy);
112         }
113     }
114     
115     @Override
116     public String getPerformanceLength() {
117         return VendorYaml.DEFAULT_CAPACITY;
118     }
119     
120     @Override
121     public String getName() {
122         return "Multibit";
123     }
124 }