View Javadoc
1   /*******************************************************************************
2    * Copyhacked (H) 2012-2025.
3    * This program and the accompanying materials
4    * are made available under no term at all, use it like
5    * you want, but share and discuss it
6    * every time possible with every body.
7    *
8    * Contributors:
9    *      ron190 at ymail dot com - initial implementation
10   *******************************************************************************/
11  package com.jsql.model.injection.strategy;
12  
13  import com.jsql.model.InjectionModel;
14  import com.jsql.view.subscriber.Seal;
15  import com.jsql.model.exception.StoppedByUserSlidingException;
16  import com.jsql.model.injection.strategy.blind.AbstractInjectionBit.BlindOperator;
17  import com.jsql.model.injection.strategy.blind.InjectionTime;
18  import com.jsql.model.injection.engine.model.EngineYaml;
19  import com.jsql.model.suspendable.AbstractSuspendable;
20  import com.jsql.util.I18nUtil;
21  import com.jsql.util.LogLevelUtil;
22  import com.jsql.util.StringUtil;
23  import org.apache.commons.lang3.StringUtils;
24  import org.apache.logging.log4j.LogManager;
25  import org.apache.logging.log4j.Logger;
26  
27  public class StrategyTime extends AbstractStrategy {
28  
29      private static final Logger LOGGER = LogManager.getRootLogger();
30  
31      private InjectionTime injection;
32  
33      public StrategyTime(InjectionModel injectionModel) {
34          super(injectionModel);
35      }
36  
37      @Override
38      public void checkApplicability() throws StoppedByUserSlidingException {
39          if (this.injectionModel.getMediatorUtils().preferencesUtil().isStrategyTimeDisabled()) {
40              LOGGER.log(LogLevelUtil.CONSOLE_INFORM, AbstractStrategy.FORMAT_SKIP_STRATEGY_DISABLED, this.getName());
41              return;
42          } else if (StringUtils.isEmpty(
43              this.injectionModel.getMediatorEngine().getEngine().instance().getModelYaml().getStrategy().getBinary().getTime()
44          )) {
45              LOGGER.log(
46                  LogLevelUtil.CONSOLE_INFORM,
47                  AbstractStrategy.FORMAT_STRATEGY_NOT_IMPLEMENTED,
48                  this.getName(),
49                  this.injectionModel.getMediatorEngine().getEngine()
50              );
51              return;
52          }
53  
54          this.checkInjection(BlindOperator.OR);
55          this.checkInjection(BlindOperator.AND);
56          this.checkInjection(BlindOperator.STACK);
57          this.checkInjection(BlindOperator.NO_MODE);
58  
59          if (this.isApplicable) {
60              this.allow();
61              this.injectionModel.sendToViews(new Seal.MessageBinary(this.injection.getInfoMessage()));
62          } else {
63              this.unallow();
64          }
65      }
66  
67      private void checkInjection(BlindOperator blindOperator) throws StoppedByUserSlidingException {
68          if (this.isApplicable) {
69              return;
70          }
71          LOGGER.log(
72              LogLevelUtil.CONSOLE_DEFAULT,
73              "{} [{}] with [{}]...",
74              () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_CHECKING_STRATEGY),
75              this::getName,
76              () -> blindOperator
77          );
78          this.injection = new InjectionTime(this.injectionModel, blindOperator);
79          this.isApplicable = this.injection.isInjectable();
80          if (this.isApplicable) {
81              LOGGER.log(
82                  LogLevelUtil.CONSOLE_SUCCESS,
83                  "{} [{}] injection with [{}]",
84                  () -> I18nUtil.valueByKey(AbstractStrategy.KEY_LOG_VULNERABLE),
85                  this::getName,
86                  () -> blindOperator
87              );
88          }
89      }
90  
91      @Override
92      public void allow(int... i) {
93          this.injectionModel.appendAnalysisReport(
94              StringUtil.formatReport(LogLevelUtil.COLOR_BLU, "### Strategy: " + this.getName())
95              + this.injectionModel.getReportWithoutIndex(
96                  this.injectionModel.getMediatorEngine().getEngine().instance().sqlTestTimeWithOperator(
97                      this.injectionModel.getMediatorEngine().getEngine().instance().sqlTime(StringUtil.formatReport(LogLevelUtil.COLOR_GREEN, "<query>"), "0", true),
98                      this.injection.getBlindOperator()
99                  ),
100                 "metadataInjectionProcess",
101                 null
102             )
103         );
104         this.injectionModel.sendToViews(new Seal.MarkStrategyVulnerable(this));
105     }
106 
107     @Override
108     public void unallow(int... i) {
109         this.injectionModel.sendToViews(new Seal.MarkStrategyInvulnerable(this));
110     }
111 
112     @Override
113     public String inject(String sqlQuery, String startPosition, AbstractSuspendable stoppable, String metadataInjectionProcess) throws StoppedByUserSlidingException {
114         return this.injection.inject(
115             this.injectionModel.getMediatorEngine().getEngine().instance().sqlTime(sqlQuery, startPosition, false),
116             stoppable
117         );
118     }
119 
120     @Override
121     public void activateWhenApplicable() {
122         if (this.injectionModel.getMediatorStrategy().getStrategy() == null && this.isApplicable()) {
123             LOGGER.log(
124                 LogLevelUtil.CONSOLE_INFORM,
125                 "{} [{}] with [{}]",
126                 () -> I18nUtil.valueByKey("LOG_USING_STRATEGY"),
127                 this::getName,
128                 () -> this.injection.getBlindOperator().name()
129             );
130             this.injectionModel.getMediatorStrategy().setStrategy(this);
131             this.injectionModel.sendToViews(new Seal.ActivateStrategy(this));
132         }
133     }
134     
135     @Override
136     public String getPerformanceLength() {
137         return EngineYaml.DEFAULT_CAPACITY;
138     }
139     
140     @Override
141     public String getName() {
142         return "Time";
143     }
144 }