View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    *
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   *******************************************************************************/
11  package com.jsql.model.injection.strategy;
12  
13  import com.jsql.model.InjectionModel;
14  import com.jsql.model.bean.util.Interaction;
15  import com.jsql.model.bean.util.Request;
16  import com.jsql.model.exception.StoppedByUserSlidingException;
17  import com.jsql.model.injection.strategy.blind.AbstractInjectionBit.BlindOperator;
18  import com.jsql.model.injection.strategy.blind.InjectionMultibit;
19  import com.jsql.model.injection.vendor.model.VendorYaml;
20  import com.jsql.model.suspendable.AbstractSuspendable;
21  import com.jsql.util.I18nUtil;
22  import com.jsql.util.LogLevelUtil;
23  import com.jsql.util.StringUtil;
24  import org.apache.commons.lang3.StringUtils;
25  import org.apache.logging.log4j.LogManager;
26  import org.apache.logging.log4j.Logger;
27  
28  public class StrategyMultibit extends AbstractStrategy {
29  
30      private static final Logger LOGGER = LogManager.getRootLogger();
31  
32      private InjectionMultibit injection;
33  
34      public StrategyMultibit(InjectionModel injectionModel) {
35          super(injectionModel);
36      }
37  
38      @Override
39      public void checkApplicability() throws StoppedByUserSlidingException {
40          if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isStrategyMultibitDisabled()) {
41              LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
42              return;
43          } else if (StringUtils.isEmpty(
44              this.injectionModel.getMediatorVendor().getVendor().instance().getModelYaml().getStrategy().getBinary().getMultibit()
45          )) {
46              LOGGER.log(
47                  LogLevelUtil.CONSOLE_INFORM,
48                  AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
49                  this.getName(),
50                  this.injectionModel.getMediatorVendor().getVendor()
51              );
52              return;
53          }
54  
55          this.checkInjection(BlindOperator.NO_MODE);
56  
57          if (this.isApplicable) {
58              this.allow();
59              var requestMessageBinary = new Request();
60              requestMessageBinary.setMessage(Interaction.MESSAGE_BINARY);
61              requestMessageBinary.setParameters(this.injection.getInfoMessage());
62              this.injectionModel.sendToViews(requestMessageBinary);
63          } else {
64              this.unallow();
65          }
66      }
67  
68      private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
69          if (this.isApplicable) {
70              return;
71          }
72          this.logChecking();
73          this.injection = new InjectionMultibit(this.injectionModel, blindOperator);
74          this.isApplicable = this.injection.isInjectable();
75          if (this.isApplicable) {
76              LOGGER.log(
77                  LogLevelUtil.CONSOLE_SUCCESS,
78                  "{} Multibit injection",
79                  () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE)
80              );
81          }
82      }
83  
84      @Override
85      public void allow(int... i) {
86          this.injectionModel.appendAnalysisReport(
87              StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
88              + this.injectionModel.getReportWithoutIndex(
89                      this.injectionModel.getMediatorVendor().getVendor().instance().sqlMultibit(
90                      this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(
91                          StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"),
92                          "0",
93                          true
94                      ),
95                      0,
96                      1
97                  ),
98                  "metadataInjectionProcess",
99                  null
100             )
101         );
102         this.markVulnerability(Interaction.MARK_MULTIBIT_VULNERABLE);
103     }
104 
105     @Override
106     public void unallow(int... i) {
107         this.markVulnerability(Interaction.MARK_MULTIBIT_INVULNERABLE);
108     }
109 
110     @Override
111     public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
112         return this.injection.inject(
113             this.injectionModel.getMediatorVendor().getVendor().instance().sqlBlind(sqlQuery, startPosition, false),
114             stoppable
115         );
116     }
117 
118     @Override
119     public void activateWhenApplicable() {
120         if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
121             LOGGER.log(
122                 LogLevelUtil.CONSOLE_INFORM,
123                 "{} [{}]",
124                 () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
125                 this::getName
126             );
127             this.injectionModel.getMediatorStrategy().setStrategy(this);
128 
129             var request = new Request();
130             request.setMessage(Interaction.MARK_MULTIBIT_STRATEGY);
131             this.injectionModel.sendToViews(request);
132         }
133     }
134     
135     @Override
136     public String getPerformanceLength() {
137         return VendorYaml.DEFAULT_CAPACITY;
138     }
139     
140     @Override
141     public String getName() {
142         return "Multibit";
143     }
144 }