View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    *
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   *******************************************************************************/
11  package com.jsql.model.injection.strategy;
12  
13  import com.jsql.model.InjectionModel;
14  import com.jsql.view.subscriber.Seal;
15  import com.jsql.model.exception.StoppedByUserSlidingException;
16  import com.jsql.model.injection.strategy.blind.AbstractInjectionBit.BlindOperator;
17  import com.jsql.model.injection.strategy.blind.InjectionMultibit;
18  import com.jsql.model.injection.engine.model.EngineYaml;
19  import com.jsql.model.suspendable.AbstractSuspendable;
20  import com.jsql.util.I18nUtil;
21  import com.jsql.util.LogLevelUtil;
22  import com.jsql.util.StringUtil;
23  import org.apache.commons.lang3.StringUtils;
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  
27  public class StrategyMultibit extends AbstractStrategy {
28  
29      private static final Logger LOGGER = LogManager.getRootLogger();
30  
31      private InjectionMultibit injection;
32  
33      public StrategyMultibit(InjectionModel injectionModel) {
34          super(injectionModel);
35      }
36  
37      @Override
38      public void checkApplicability() throws StoppedByUserSlidingException {
39          if (this.injectionModel.getMediatorUtils().preferencesUtil().isStrategyMultibitDisabled()) {
40              LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
41              return;
42          } else if (StringUtils.isEmpty(
43              this.injectionModel.getMediatorEngine().getEngine().instance().getModelYaml().getStrategy().getBinary().getMultibit()
44          )) {
45              LOGGER.log(
46                  LogLevelUtil.CONSOLE_INFORM,
47                  AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
48                  this.getName(),
49                  this.injectionModel.getMediatorEngine().getEngine()
50              );
51              return;
52          }
53  
54          this.checkInjection(BlindOperator.NO_MODE);
55  
56          if (this.isApplicable) {
57              this.allow();
58              this.injectionModel.sendToViews(new Seal.MessageBinary(this.injection.getInfoMessage()));
59          } else {
60              this.unallow();
61          }
62      }
63  
64      private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
65          if (this.isApplicable) {
66              return;
67          }
68          this.logChecking();
69          this.injection = new InjectionMultibit(this.injectionModel, blindOperator);
70          this.isApplicable = this.injection.isInjectable();
71          if (this.isApplicable) {
72              LOGGER.log(
73                  LogLevelUtil.CONSOLE_SUCCESS,
74                  "{} Multibit injection",
75                  () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE)
76              );
77          }
78      }
79  
80      @Override
81      public void allow(int... i) {
82          this.injectionModel.appendAnalysisReport(
83              StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
84              + this.injectionModel.getReportWithoutIndex(
85                      this.injectionModel.getMediatorEngine().getEngine().instance().sqlMultibit(
86                      this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(
87                          StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"),
88                          "0",
89                          true
90                      ),
91                      0,
92                      1
93                  ),
94                  "metadataInjectionProcess",
95                  null
96              )
97          );
98          this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
99      }
100 
101     @Override
102     public void unallow(int... i) {
103         this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
104     }
105 
106     @Override
107     public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
108         return this.injection.inject(
109             this.injectionModel.getMediatorEngine().getEngine().instance().sqlBlind(sqlQuery, startPosition, false),
110             stoppable
111         );
112     }
113 
114     @Override
115     public void activateWhenApplicable() {
116         if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
117             LOGGER.log(
118                 LogLevelUtil.CONSOLE_INFORM,
119                 "{} [{}]",
120                 () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
121                 this::getName
122             );
123             this.injectionModel.getMediatorStrategy().setStrategy(this);
124             this.injectionModel.sendToViews(new Seal.ActivateStrategy(this));
125         }
126     }
127     
128     @Override
129     public String getPerformanceLength() {
130         return EngineYaml.DEFAULT_CAPACITY;
131     }
132     
133     @Override
134     public String getName() {
135         return "Multibit";
136     }
137 }