View Javadoc
1   package com.jsql.model.injection.strategy.blind.callable;
2   
3   import com.jsql.model.injection.strategy.blind.InjectionCharInsertion;
4   import com.jsql.model.injection.strategy.blind.patch.Diff;
5   import com.jsql.model.injection.strategy.blind.patch.DiffMatchPatch;
6   
7   import java.util.LinkedList;
8   import java.util.List;
9   import java.util.concurrent.CopyOnWriteArrayList;
10  
11  /**
12   * Define a call HTTP to the server, require the associated url, character
13   * position and bit. Opcodes represent the differences between
14   * the reference page, and the resulting page.
15   */
16  public class CallableCharInsertion extends AbstractCallableBit<CallableCharInsertion> {
17  
18      private LinkedList<Diff> opcodes = new LinkedList<>();  // List of differences found between the reference page, and the present page
19  
20      private static final DiffMatchPatch DIFF_MATCH_PATCH = new DiffMatchPatch();
21  
22      private final InjectionCharInsertion injectionCharInsertion;
23  
24      private final String metadataInjectionProcess;
25  
26      /**
27       * Constructor for preparation and blind confirmation.
28       */
29      public CallableCharInsertion(String inj, InjectionCharInsertion injectionCharInsertion, String metadataInjectionProcess) {
30          this.injectionCharInsertion = injectionCharInsertion;
31          this.metadataInjectionProcess = metadataInjectionProcess;
32          this.booleanUrl = inj;
33      }
34  
35      /**
36       * Check if a result page means the SQL query is true,
37       * confirm that nothing in the resulting page is also defined
38       * in the pages from every FALSE SQL queries.
39       * @return true if the current SQL query is true
40       */
41      @Override
42      public boolean isTrue() {
43          // Fix #95422: ConcurrentModificationException on iterator.next()
44          List<Diff> copyTrueMarks = new CopyOnWriteArrayList<>(this.injectionCharInsertion.getConstantTrueMark());
45          for (Diff trueDiff: copyTrueMarks) {
46              try {  // Fix #96229: NullPointerException on contains()
47                  if (!this.opcodes.contains(trueDiff)) {
48                      return false;
49                  }
50              } catch (NullPointerException e) {
51                  return false;
52              }
53          }
54          return true;
55      }
56  
57      /**
58       * Process the URL HTTP call, use function inject() from the model.
59       * Build the list of differences found between TRUE and the current page.
60       * @return Functional Blind Callable
61       */
62      @Override
63      public CallableCharInsertion call() {
64          String source = this.injectionCharInsertion.callUrl(this.booleanUrl, this.metadataInjectionProcess, this);
65  
66          this.opcodes = CallableCharInsertion.DIFF_MATCH_PATCH.diffMain(
67              this.injectionCharInsertion.getBlankFalseMark(),
68              source,
69              false
70          );
71  
72          CallableCharInsertion.DIFF_MATCH_PATCH.diffCleanupEfficiency(this.opcodes);
73          return this;
74      }
75  
76      public List<Diff> getOpcodes() {
77          return this.opcodes;
78      }
79  }