View Javadoc
1   package com.jsql.util;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.exception.JSqlException;
5   import org.apache.commons.lang3.StringUtils;
6   import org.apache.logging.log4j.LogManager;
7   import org.apache.logging.log4j.Logger;
8   
9   import java.util.AbstractMap;
10  import java.util.List;
11  import java.util.stream.Collectors;
12  import java.util.stream.Stream;
13  
14  public class CookiesUtil {
15  
16      /**
17       * Log4j logger sent to view.
18       */
19      private static final Logger LOGGER = LogManager.getRootLogger();
20  
21      private final InjectionModel injectionModel;
22  
23      public CookiesUtil(InjectionModel injectionModel) {
24          this.injectionModel = injectionModel;
25      }
26  
27      public boolean testParameters(boolean hasFoundInjection) {
28          if (!hasFoundInjection) {
29              if (!this.injectionModel.getMediatorUtils().getPreferencesUtil().isCheckingAllCookieParam()) {
30                  return false;
31              }
32              LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "{} cookies...", () -> I18nUtil.valueByKey("LOG_CHECKING"));
33          } else {
34              return true;
35          }
36  
37          String rawHeader = this.injectionModel.getMediatorUtils().getParameterUtil().getRawHeader();
38  
39          List<AbstractMap.SimpleEntry<String, String>> cookies = this.injectionModel.getMediatorUtils().getParameterUtil().getListHeader()
40              .stream()
41              .filter(entry -> "cookie".equalsIgnoreCase(entry.getKey()))
42              .findFirst()
43              .map(cookieHeader -> cookieHeader.getValue().split(";"))
44              .stream()
45              .flatMap(Stream::of)
46              .filter(cookie -> cookie != null && cookie.contains("="))
47              .map(cookie -> cookie.split("=", 2))
48              .map(arrayEntry -> new AbstractMap.SimpleEntry<>(
49                  arrayEntry[0].trim(),
50                  arrayEntry[1] == null ? StringUtils.EMPTY : arrayEntry[1].trim()
51              ))
52              .collect(Collectors.toList());
53  
54          for (AbstractMap.SimpleEntry<String, String> cookie: cookies) {
55              String keyValue = cookie.getKey() + "=" + cookie.getValue();
56              String headerCookieWithStar = rawHeader.replace(keyValue, keyValue + InjectionModel.STAR);
57  
58              this.injectionModel.getMediatorUtils().getParameterUtil().initHeader(headerCookieWithStar);
59  
60              try {
61                  LOGGER.log(
62                      LogLevelUtil.CONSOLE_DEFAULT,
63                      "{} cookie {}={}",
64                      () -> I18nUtil.valueByKey("LOG_CHECKING"),
65                      cookie::getKey,
66                      () -> cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
67                  );
68                  if (this.injectionModel.getMediatorMethod().getHeader().testParameters()) {
69                      return true;
70                  }
71              } catch (JSqlException e) {
72                  LOGGER.log(
73                      LogLevelUtil.CONSOLE_ERROR,
74                      String.format(
75                          "No Cookie injection for %s=%s",
76                          cookie.getKey(),
77                          cookie.getValue().replace(InjectionModel.STAR, StringUtils.EMPTY)
78                      )
79                  );
80              }
81          }
82          return false;
83      }
84  }