View Javadoc
1   package com.jsql.model.injection.strategy;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.exception.JSqlException;
5   import com.jsql.model.exception.StoppedByUserSlidingException;
6   import com.jsql.model.suspendable.AbstractSuspendable;
7   import com.jsql.util.I18nUtil;
8   import com.jsql.util.LogLevelUtil;
9   import org.apache.logging.log4j.LogManager;
10  import org.apache.logging.log4j.Logger;
11  
12  /**
13   * Define a strategy to inject SQL with methods like Error and Time.
14   */
15  public abstract class AbstractStrategy {
16  
17      private static final Logger LOGGER = LogManager.getRootLogger();
18  
19      protected static final String KEY_LOG_CHECKING_STRATEGY = "LOG_CHECKING_STRATEGY";
20      protected static final String KEY_LOG_VULNERABLE = "LOG_VULNERABLE";
21      protected static final String FORMAT_STRATEGY_NOT_IMPLEMENTED = "Strategy [{}] for [{}] not implemented, share a working example on GitHub to speed up release";
22      protected static final String FORMAT_SKIP_STRATEGY_DISABLED = "Skipping strategy [{}] disabled";
23      protected static final String FORMAT_CHECKING_STRATEGY = "{} [{}]...";
24  
25      /**
26       * True if injection can be used, false otherwise.
27       */
28      protected boolean isApplicable = false;
29  
30      protected final InjectionModel injectionModel;
31      
32      protected AbstractStrategy(InjectionModel injectionModel) {
33          this.injectionModel = injectionModel;
34      }
35  
36      /**
37       * Test if this strategy can be used to inject SQL.
38       */
39      public abstract void checkApplicability() throws JSqlException;
40      
41      /**
42       * Inform the view that this strategy can be used.
43       */
44      protected abstract void allow(int... i);
45      
46      /**
47       * Inform the view that this strategy can't be used.
48       */
49      protected abstract void unallow(int... i);
50      
51      /**
52       * Start the strategy work.
53       * @return Source code
54       */
55      public abstract String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException;
56      
57      /**
58       * Change model strategy to current applicable strategy only when not already set.
59       * Union > Stacked > Error > Multibit > Blind > Time
60       */
61      public abstract void activateWhenApplicable();
62      
63      /**
64       * Get number of characters you can obtain from the strategy.
65       */
66      public abstract String getPerformanceLength();
67      
68      /**
69       * Get the injection strategy name.
70       */
71      public abstract String getName();
72  
73      public void logChecking() {
74          LOGGER.log(
75              LogLevelUtil.CONSOLE_DEFAULT,
76              AbstractStrategy.FORMAT_CHECKING_STRATEGY,
77              () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
78              this::getName
79          );
80      }
81      
82      @Override
83      public String toString() {
84          return this.getName();
85      }
86  
87  
88      // Getter and setter
89      
90      public boolean isApplicable() {
91          return this.isApplicable;
92      }
93      
94      public void setApplicable(boolean isApplicable) {
95          this.isApplicable = isApplicable;
96      }
97  }