From 898d9fd788ad77f976c95ade7785326b9c6b0f9b Mon Sep 17 00:00:00 2001 From: "antoine.vinot" Date: Tue, 17 Oct 2023 11:18:00 +0200 Subject: [PATCH 1/4] Add pokemon class --- src/main/java/test/Pokemon.java | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 src/main/java/test/Pokemon.java diff --git a/src/main/java/test/Pokemon.java b/src/main/java/test/Pokemon.java new file mode 100644 index 0000000..3894d00 --- /dev/null +++ b/src/main/java/test/Pokemon.java @@ -0,0 +1,41 @@ +package test; + +public abstract class Pokemon { + private String name; + private String type; + private int level; + + public Pokemon(String name, String type, int level) { + this.name = name; + this.type = type; + this.level = level; + } + + public String getName() { + return name; + } + + public String getType() { + return type; + } + + public int getLevel() { + return level; + } + + public void setName(String name) { + this.name = name; + } + + public void setType(String type) { + this.type = type; + } + + public void setLevel(int level) { + this.level = level; + } + + public String toString() { + return "Pokemon: " + name + " " + type + " " + level; + } +} From 82920d6b494f9a197c740a1d8c28aa8765fd31e5 Mon Sep 17 00:00:00 2001 From: "antoine.vinot" Date: Tue, 17 Oct 2023 14:56:11 +0200 Subject: [PATCH 2/4] Add Pikachu --- src/main/java/test/Pikachu.java | 45 +++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 src/main/java/test/Pikachu.java diff --git a/src/main/java/test/Pikachu.java b/src/main/java/test/Pikachu.java new file mode 100644 index 0000000..2a6cba4 --- /dev/null +++ b/src/main/java/test/Pikachu.java @@ -0,0 +1,45 @@ +package test; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.SQLException; +import java.util.Collection; + +public class Pikachu extends Pokemon { + + public Pikachu(String name, String type, int level) { + super(name, type, level); + } + + public void attack() { + System.out.println("Pikachu attack!"); + } + + private static PreparedStatement createStatement(String projectUuid, Collection dispatcherKeys, Connection connection) throws SQLException { + String sql = + "SELECT count(1) FROM properties pp " + + "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; + PreparedStatement res = connection.prepareStatement(sql); + res.setString(1, projectUuid); + int index = 2; + for (String dispatcherKey : dispatcherKeys) { + res.setString(index, "PREFIX" + dispatcherKey + ".%"); + index++; + } + return res; + } + + private static PreparedStatement createStatement2(String projectUuid, Collection dispatcherKeys, Connection connection) throws SQLException { + String sql = + "SELECT count(1) FROM properties pp " + + "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; + PreparedStatement res = connection.prepareStatement(sql); + res.setString(1, projectUuid); + int index = 2; + for (String dispatcherKey : dispatcherKeys) { + res.setString(index, "PREFIX" + dispatcherKey + ".%"); + index++; + } + return res; + } +} From 8b40517a11114eaf6d491bcaa186ba8495e3d0ed Mon Sep 17 00:00:00 2001 From: "antoine.vinot" Date: Tue, 17 Oct 2023 15:02:52 +0200 Subject: [PATCH 3/4] Add duplication code --- src/main/java/test/Pikachu.java | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/main/java/test/Pikachu.java b/src/main/java/test/Pikachu.java index 2a6cba4..6a4c353 100644 --- a/src/main/java/test/Pikachu.java +++ b/src/main/java/test/Pikachu.java @@ -21,7 +21,17 @@ private static PreparedStatement createStatement(String projectUuid, Collection< "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; PreparedStatement res = connection.prepareStatement(sql); res.setString(1, projectUuid); - int index = 2; + //For loop + int j = 0; + for (int i = 1; i <= 100; ++i) { + j += i; + if (j % 2 == 0) { + j += 1; + } else { + j +=2; + } + } + int index = 2 + j; for (String dispatcherKey : dispatcherKeys) { res.setString(index, "PREFIX" + dispatcherKey + ".%"); index++; @@ -35,7 +45,17 @@ private static PreparedStatement createStatement2(String projectUuid, Collection "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; PreparedStatement res = connection.prepareStatement(sql); res.setString(1, projectUuid); - int index = 2; + //For loop + int j = 0; + for (int i = 1; i <= 100; ++i) { + j += i; + if (j % 2 == 0) { + j += 1; + } else { + j +=2; + } + } + int index = 2 + j; for (String dispatcherKey : dispatcherKeys) { res.setString(index, "PREFIX" + dispatcherKey + ".%"); index++; From 121e674eb6907c12ad4ff06441ae2a3565a007fc Mon Sep 17 00:00:00 2001 From: "antoine.vinot" Date: Tue, 17 Oct 2023 15:10:37 +0200 Subject: [PATCH 4/4] Add duplication code --- src/main/java/test/Pikachu.java | 48 +++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/src/main/java/test/Pikachu.java b/src/main/java/test/Pikachu.java index 6a4c353..6feccac 100644 --- a/src/main/java/test/Pikachu.java +++ b/src/main/java/test/Pikachu.java @@ -1,9 +1,14 @@ package test; import java.sql.Connection; +import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.SQLException; import java.util.Collection; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import org.springframework.util.DigestUtils; +import org.springframework.util.StringUtils; public class Pikachu extends Pokemon { @@ -18,7 +23,8 @@ public void attack() { private static PreparedStatement createStatement(String projectUuid, Collection dispatcherKeys, Connection connection) throws SQLException { String sql = "SELECT count(1) FROM properties pp " + - "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; + "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) " + + "and (" + repeat("pp.prop_key like ?", " or ", dispatcherKeys.size()) + ")"; PreparedStatement res = connection.prepareStatement(sql); res.setString(1, projectUuid); //For loop @@ -39,10 +45,19 @@ private static PreparedStatement createStatement(String projectUuid, Collection< return res; } + public void myVulnerability() { + try { + DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); + } catch (SQLException e) { + throw new RuntimeException(e); + } + } + private static PreparedStatement createStatement2(String projectUuid, Collection dispatcherKeys, Connection connection) throws SQLException { String sql = "SELECT count(1) FROM properties pp " + - "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) "; + "where pp.user_uuid is not null and (pp.entity_uuid is null or pp.entity_uuid=?) " + + "and (" + repeat("pp.prop_key like ?", " or ", dispatcherKeys.size()) + ")"; PreparedStatement res = connection.prepareStatement(sql); res.setString(1, projectUuid); //For loop @@ -62,4 +77,33 @@ private static PreparedStatement createStatement2(String projectUuid, Collection } return res; } + + public void myVulnerability2() { + try { + DriverManager.getConnection("jdbc:derby:memory:myDB;create=true", "login", ""); + } catch (SQLException e) { + throw new RuntimeException(e); + } + } + + public static String repeat(String str, String separator, int repeat) { + if(str == null || separator == null) { + return ""; + } else { + // given that repeat(String, int) is quite optimized, better to rely on it than try and splice this into it + String result = "fff"; + return removeEnd(result, separator); + } + } + + public static String removeEnd(String str, String remove) { + if (StringUtils.isEmpty(str) || StringUtils.isEmpty(remove)) { + return str; + } + if (str.endsWith(remove)) { + return str.substring(0, str.length() - remove.length()); + } + return str; + } + }