From 7fe1c64273b8f31c4ddd05cd18bedecba95f2821 Mon Sep 17 00:00:00 2001
From: "antoine.vinot" <antoine.vinot@sonarsource.com>
Date: Tue, 17 Oct 2023 15:10:37 +0200
Subject: [PATCH] Add duplication code

---
 src/main/java/test/Pikachu.java | 45 ++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/src/main/java/test/Pikachu.java b/src/main/java/test/Pikachu.java
index 6a4c353..f35caa4 100644
--- a/src/main/java/test/Pikachu.java
+++ b/src/main/java/test/Pikachu.java
@@ -1,9 +1,14 @@
 package test;
 
 import java.sql.Connection;
+import java.sql.DriverManager;
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 import java.util.Collection;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.springframework.util.DigestUtils;
+import org.springframework.util.StringUtils;
 
 public class Pikachu extends Pokemon {
 
@@ -39,10 +44,19 @@ private static PreparedStatement createStatement(String projectUuid, Collection<
     return res;
   }
 
+  public void myVulnerability() {
+    try {
+      DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");
+    } catch (SQLException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
   private static PreparedStatement createStatement2(String projectUuid, Collection<String> dispatcherKeys, Connection connection) throws SQLException {
     String sql =
       "SELECT count(1) FROM properties pp " +
-        "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) ";
+        "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) " +
+        "and (" + repeat("pp.prop_key like ?", " or ", dispatcherKeys.size()) + ")";
     PreparedStatement res = connection.prepareStatement(sql);
     res.setString(1, projectUuid);
     //For loop
@@ -62,4 +76,33 @@ private static PreparedStatement createStatement2(String projectUuid, Collection
     }
     return res;
   }
+
+  public void myVulnerability2() {
+    try {
+      DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", "");
+    } catch (SQLException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public static String repeat(String str, String separator, int repeat) {
+    if(str == null || separator == null) {
+      return "";
+    } else {
+      // given that repeat(String, int) is quite optimized, better to rely on it than try and splice this into it
+      String result = "fff";
+      return removeEnd(result, separator);
+    }
+  }
+
+  public static String removeEnd(String str, String remove) {
+    if (StringUtils.isEmpty(str) || StringUtils.isEmpty(remove)) {
+      return str;
+    }
+    if (str.endsWith(remove)) {
+      return str.substring(0, str.length() - remove.length());
+    }
+    return str;
+  }
+
 }