View Javadoc
1   package com.jsql.model.suspendable;
2   
3   import com.jsql.model.InjectionModel;
4   import com.jsql.model.bean.util.Header;
5   import com.jsql.model.bean.util.Interaction;
6   import com.jsql.model.bean.util.Request;
7   import com.jsql.model.exception.JSqlRuntimeException;
8   import com.jsql.model.exception.StoppedByUserSlidingException;
9   import com.jsql.model.injection.strategy.blind.AbstractInjectionBit;
10  import com.jsql.model.injection.strategy.blind.InjectionVendor;
11  import com.jsql.util.LogLevelUtil;
12  import org.apache.commons.lang3.StringUtils;
13  import org.apache.logging.log4j.LogManager;
14  import org.apache.logging.log4j.Logger;
15  
16  import java.util.EnumMap;
17  import java.util.Map;
18  import java.util.concurrent.atomic.AtomicBoolean;
19  
20  public class SuspendableGetVendor extends AbstractSuspendable {
21  
22      private static final Logger LOGGER = LogManager.getRootLogger();
23  
24      public SuspendableGetVendor(InjectionModel injectionModel) {
25          super(injectionModel);
26      }
27  
28      @Override
29      public String run(Object... args) {
30          LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "Fingerprinting database with Boolean match...");
31  
32          AtomicBoolean isVendorFound = new AtomicBoolean(false);
33          this.injectionModel.getMediatorVendor().getVendorsForFingerprint()
34          .stream()
35          .filter(vendor -> vendor != this.injectionModel.getMediatorVendor().getAuto())
36          .filter(vendor -> StringUtils.isNotEmpty(
37              vendor.instance().getModelYaml().getStrategy().getConfiguration().getFingerprint().getVendorSpecific()
38          ))
39          .forEach(vendor -> {
40              if (isVendorFound.get()) {
41                  return;
42              }
43              String vendorSpecificWithOperator = this.injectionModel.getMediatorVendor().getVendor().instance().sqlTestBlindWithOperator(
44                  vendor.instance().getModelYaml().getStrategy().getConfiguration().getFingerprint().getVendorSpecific(),
45                  AbstractInjectionBit.BlindOperator.OR  // TODO should also test AND and no mode
46              );
47              try {
48                  var injectionCharInsertion = new InjectionVendor(this.injectionModel, vendorSpecificWithOperator, vendor);
49                  if (injectionCharInsertion.isInjectable(vendorSpecificWithOperator)) {
50                      if (this.isSuspended()) {
51                          throw new StoppedByUserSlidingException();
52                      }
53  
54                      LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "Found [{}] using Boolean match", vendor);
55                      this.injectionModel.getMediatorVendor().setVendor(vendor);
56                      isVendorFound.set(true);
57  
58                      var requestSetVendor = new Request();
59                      requestSetVendor.setMessage(Interaction.SET_VENDOR);
60                      Map<Header, Object> msgHeader = new EnumMap<>(Header.class);
61                      msgHeader.put(Header.URL, this.injectionModel.getMediatorUtils().getConnectionUtil().getUrlByUser());
62                      msgHeader.put(Header.VENDOR, this.injectionModel.getMediatorVendor().getVendor());
63                      requestSetVendor.setParameters(msgHeader);
64                      this.injectionModel.sendToViews(requestSetVendor);
65                  }
66              } catch (StoppedByUserSlidingException e) {
67                  throw new JSqlRuntimeException(e);
68              }
69          });
70          return null;  // unused
71      }
72  }