View Javadoc
1   package com.jsql.model.suspendable;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.bean.util.Header;
5   import com.jsql.model.bean.util.Interaction;
6   import com.jsql.model.bean.util.Request;
7   import com.jsql.model.exception.JSqlRuntimeException;
8   import com.jsql.model.exception.StoppedByUserSlidingException;
9   import com.jsql.model.injection.strategy.blind.AbstractInjectionBit;
10  import com.jsql.model.injection.strategy.blind.InjectionVendor;
11  import com.jsql.util.LogLevelUtil;
12  import org.apache.commons.lang3.StringUtils;
13  import org.apache.logging.log4j.LogManager;
14  import org.apache.logging.log4j.Logger;
15  
16  import java.util.EnumMap;
17  import java.util.Map;
18  import java.util.concurrent.atomic.AtomicBoolean;
19  
20  public class SuspendableGetVendor extends AbstractSuspendable {
21  
22      /**
23       * Log4j logger sent to view.
24       */
25      private static final Logger LOGGER = LogManager.getRootLogger();
26  
27      public SuspendableGetVendor(InjectionModel injectionModel) {
28          super(injectionModel);
29      }
30  
31      @Override
32      public String run(Object... args) {
33          LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "Fingerprinting database with Boolean match...");
34  
35          AtomicBoolean isVendorFound = new AtomicBoolean(false);
36          this.injectionModel.getMediatorVendor().getVendors()
37          .stream()
38          .filter(vendor -> vendor != this.injectionModel.getMediatorVendor().getAuto())
39          .filter(vendor -> StringUtils.isNotEmpty(
40              vendor.instance().getModelYaml().getStrategy().getConfiguration().getFingerprint().getVendorSpecific()
41          ))
42          .forEach(vendor -> {
43              if (isVendorFound.get()) {
44                  return;
45              }
46              String vendorSpecificWithOperator = String.format(
47                  "%s %s",
48                  AbstractInjectionBit.BlindOperator.OR.name(),
49                  vendor.instance().getModelYaml().getStrategy().getConfiguration().getFingerprint().getVendorSpecific()
50              );
51              try {
52                  var injectionCharInsertion = new InjectionVendor(this.injectionModel, vendorSpecificWithOperator, vendor);
53                  if (injectionCharInsertion.isInjectable(vendorSpecificWithOperator)) {
54                      if (this.isSuspended()) {
55                          throw new StoppedByUserSlidingException();
56                      }
57  
58                      LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "Found [{}] using Boolean match", vendor);
59                      this.injectionModel.getMediatorVendor().setVendor(vendor);
60                      isVendorFound.set(true);
61  
62                      var requestSetVendor = new Request();
63                      requestSetVendor.setMessage(Interaction.SET_VENDOR);
64                      Map<Header, Object> msgHeader = new EnumMap<>(Header.class);
65                      msgHeader.put(Header.URL, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser());
66                      msgHeader.put(Header.VENDOR, this.injectionModel.getMediatorVendor().getVendor());
67                      requestSetVendor.setParameters(msgHeader);
68                      this.injectionModel.sendToViews(requestSetVendor);
69                  }
70              } catch (StoppedByUserSlidingException e) {
71                  throw new JSqlRuntimeException(e);
72              }
73          });
74          return null;  // unused
75      }
76  }