View Javadoc
1   package com.jsql.model.injection.strategy.blind;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.injection.strategy.blind.AbstractInjectionBinary.BinaryMode;
5   import com.jsql.model.injection.strategy.blind.patch.Diff;
6   import com.jsql.model.injection.strategy.blind.patch.DiffMatchPatch;
7   
8   import java.util.LinkedList;
9   import java.util.List;
10  import java.util.concurrent.CopyOnWriteArrayList;
11  
12  /**
13   * Define a call HTTP to the server, require the associated url, character
14   * position and bit. Diffs represent the differences between
15   * the reference page, and the current page.
16   */
17  public class CallableBlind extends AbstractCallableBinary<CallableBlind> {
18      
19      // List of differences found between the reference page, and the current page
20      private LinkedList<Diff> diffsWithReference = new LinkedList<>();
21      
22      private static final DiffMatchPatch DIFF_MATCH_PATCH = new DiffMatchPatch();
23  
24      private final InjectionBlind injectionBlind;
25      
26      private final InjectionModel injectionModel;
27      private final String metadataInjectionProcess;
28      
29      /**
30       * Constructor for preparation and blind confirmation.
31       */
32      public CallableBlind(String sqlQuery, InjectionModel injectionModel, InjectionBlind injectionBlind, BinaryMode blindMode, String metadataInjectionProcess) {
33          this.injectionModel = injectionModel;
34          this.injectionBlind = injectionBlind;
35          this.metadataInjectionProcess = metadataInjectionProcess;
36          this.booleanUrl = this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlind(sqlQuery, blindMode);
37      }
38      
39      /**
40       * Constructor for bits test.
41       */
42      public CallableBlind(
43          String sqlQuery,
44          int indexCharacter,
45          int bit,
46          InjectionModel injectionModel,
47          InjectionBlind injectionBlind,
48          BinaryMode blindMode,
49          String metadataInjectionProcess
50      ) {
51          this(sqlQuery, injectionModel, injectionBlind, blindMode, metadataInjectionProcess);
52          this.booleanUrl = this.injectionModel.getMediatorVendor().getVendor().instance().sqlBitTestBlind(sqlQuery, indexCharacter, bit, blindMode);
53          this.currentIndex = indexCharacter;
54          this.currentBit = bit;
55      }
56  
57      /**
58       * Check if a result page means the SQL query is true,
59       * confirm that nothing in the resulting page is also defined
60       * in the pages from every FALSE SQL queries.
61       * @return true if the current SQL query is true
62       */
63      @Override
64      public boolean isTrue() {
65          // Fix #95426: ConcurrentModificationException on iterator.next()
66          List<Diff> falseDiffs = new CopyOnWriteArrayList<>(this.injectionBlind.getFalseDiffs());
67          for (Diff falseDiff: falseDiffs) {
68              // Fix #4386: NullPointerException on contains()
69              // diffsWithReference is initialized to an empty new LinkedList<>()
70              if (this.diffsWithReference.contains(falseDiff)) {
71                  return false;
72              }
73          }
74          return true;
75      }
76  
77      /**
78       * Process the URL HTTP call, use function inject() from the model.
79       * Build the list of differences found between TRUE and the current page.
80       * @return Functional Blind Callable
81       */
82      @Override
83      public CallableBlind call() {
84          String result = this.injectionBlind.callUrl(this.booleanUrl, this.metadataInjectionProcess, this);
85          this.diffsWithReference = CallableBlind.DIFF_MATCH_PATCH.diffMain(this.injectionBlind.getSourceReferencePage(), result, true);
86          CallableBlind.DIFF_MATCH_PATCH.diffCleanupEfficiency(this.diffsWithReference);
87          return this;
88      }
89      
90      public List<Diff> getDiffsWithReference() {
91          return this.diffsWithReference;
92      }
93  }