@Test public void testOpenQuote() { assertTrue(FindSqlInjection.isOpenQuote("'")); assertTrue(FindSqlInjection.isOpenQuote(" '")); assertTrue(FindSqlInjection.isOpenQuote("='")); assertTrue(FindSqlInjection.isOpenQuote(",'")); assertTrue(FindSqlInjection.isOpenQuote("('")); assertFalse(FindSqlInjection.isOpenQuote("'abc'")); assertFalse(FindSqlInjection.isOpenQuote("='abc'")); }
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) { InstructionHandle handle = location.getHandle(); Instruction ins = handle.getInstruction(); if (!isConstantStringLoad(location, cpg)) { throw new IllegalArgumentException("instruction must be LDC"); } LDC load = (LDC) ins; Object value = load.getValue(cpg); String stringValue = ((String) value).trim(); if (stringValue.startsWith(",") || stringValue.endsWith(",")) { stringAppendState.setSawComma(handle); } if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) { stringAppendState.setSawCloseQuote(handle); } if (isOpenQuote(stringValue)) { stringAppendState.setSawOpenQuote(handle); } return stringAppendState; }
private StringAppendState updateStringAppendState(Location location, ConstantPoolGen cpg, StringAppendState stringAppendState) { InstructionHandle handle = location.getHandle(); Instruction ins = handle.getInstruction(); if (!isConstantStringLoad(location, cpg)) { throw new IllegalArgumentException("instruction must be LDC"); } LDC load = (LDC) ins; Object value = load.getValue(cpg); String stringValue = ((String) value).trim(); if (stringValue.startsWith(",") || stringValue.endsWith(",")) { stringAppendState.setSawComma(handle); } if (isCloseQuote(stringValue) && stringAppendState.getSawOpenQuote(handle)) { stringAppendState.setSawCloseQuote(handle); } if (isOpenQuote(stringValue)) { stringAppendState.setSawOpenQuote(handle); } return stringAppendState; }