@Test public void testCloseQuote() { assertTrue(FindSqlInjection.isCloseQuote("'")); assertTrue(FindSqlInjection.isCloseQuote("' ")); assertTrue(FindSqlInjection.isCloseQuote("',")); assertTrue(FindSqlInjection.isCloseQuote("')")); assertFalse(FindSqlInjection.isCloseQuote("'abc'")); assertFalse(FindSqlInjection.isCloseQuote("='abc'")); } }
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) { InstructionHandle handle = location.getHandle(); Instruction ins = handle.getInstruction(); if (!isConstantStringLoad(location, cpg)) { throw new IllegalArgumentException("instruction must be LDC"); } LDC load = (LDC) ins; Object value = load.getValue(cpg); String stringValue = ((String) value).trim(); if (stringValue.startsWith(",") || stringValue.endsWith(",")) { stringAppendState.setSawComma(handle); } if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) { stringAppendState.setSawCloseQuote(handle); } if (isOpenQuote(stringValue)) { stringAppendState.setSawOpenQuote(handle); } return stringAppendState; }
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) { InstructionHandle handle = location.getHandle(); Instruction ins = handle.getInstruction(); if (!isConstantStringLoad(location, cpg)) { throw new IllegalArgumentException("instruction must be LDC"); } LDC load = (LDC) ins; Object value = load.getValue(cpg); String stringValue = ((String) value).trim(); if (stringValue.startsWith(",") || stringValue.endsWith(",")) { stringAppendState.setSawComma(handle); } if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) { stringAppendState.setSawCloseQuote(handle); } if (isOpenQuote(stringValue)) { stringAppendState.setSawOpenQuote(handle); } return stringAppendState; }