public static String escapeBadSqlPatternChars(String s) {
   StringBuffer sb = new StringBuffer(s);
   for (int i = 0, len = sb.length(); i < len; ++i)
     if (sb.charAt(i) == '\'') {
       sb.insert(i, '\'');
       ++len;
       i += 2;
     }
   return sb.toString();
 }
 // return all grantees: thr_0, thr_1, thr_2 ..., excluding itself
 private static String getAllGrantees() {
   StringBuffer aStr = new StringBuffer("  ");
   Map<String, String> userPasswd =
       (Map<String, String>) SQLBB.getBB().getSharedMap().get(SQLSecurityTest.userPasswdMap);
   for (Map.Entry<String, String> e : userPasswd.entrySet()) {
     if (!e.getKey().equalsIgnoreCase("thr_" + RemoteTestModule.getCurrentThread().getThreadId()))
       aStr.append(e.getKey() + ", ");
   }
   if (aStr.charAt(aStr.length() - 2) == ',') {
     aStr.deleteCharAt(aStr.length() - 2);
   }
   aStr.deleteCharAt(0); // delete the leading space
   return aStr.toString();
 }
 // return optionally any insert, delete, trigger, select [col list], update [col list]
 private String getPrivilegeLists(String tableName) {
   StringBuffer aStr = new StringBuffer("  ");
   for (int i = 0; i < tablePriv.length; i++) {
     if (SQLTest.random.nextBoolean()) {
       aStr.append(tablePriv[i]); // insert delete etc
       if (i > 2) {
         aStr.append(getColumnLists(tableName)); // column list for the table
       } // may include column list
       aStr.append(", ");
     }
   }
   if (aStr.charAt(aStr.length() - 2) == ',') {
     aStr.deleteCharAt(aStr.length() - 2);
   }
   aStr.deleteCharAt(0); // delete the leading space
   return aStr.toString();
 }
 // returns column list: column-id, column-id ...
 private String getColumnLists(String tableName) {
   List<String> colNames = (List<String>) tableCols.get(tableName);
   StringBuffer aStr = new StringBuffer("  ");
   for (int i = 0; i < colNames.size(); i++) {
     if (SQLTest.random.nextBoolean()) {
       aStr.append(colNames.get(i) + ", ");
     }
   }
   if (aStr.charAt(aStr.length() - 2) == ',') {
     aStr.deleteCharAt(aStr.length() - 2);
   }
   aStr.deleteCharAt(0); // delete the leading space
   if (aStr.length() != 1) {
     aStr.insert(1, '(');
     aStr.append(')');
   } // has column
   return aStr.toString();
 }
  // any number of users excluding itself
  private static String getGrantees(int num) {
    StringBuffer aStr = new StringBuffer("  ");
    Map<String, String> userPasswd =
        (Map<String, String>) SQLBB.getBB().getSharedMap().get(SQLSecurityTest.userPasswdMap);
    userPasswd.remove("thr_" + RemoteTestModule.getCurrentThread().getThreadId());
    String[] users = new String[userPasswd.size()];
    userPasswd.keySet().toArray(users);
    int i = 0;
    while (i < num) {
      int x = SQLTest.random.nextInt(users.length);
      aStr.append(users[x] + ", ");
      i++;
    }

    if (aStr.charAt(aStr.length() - 2) == ',') {
      aStr.deleteCharAt(aStr.length() - 2);
    }
    aStr.deleteCharAt(0); // delete the leading space
    return aStr.toString();
  }
Exemple #6
0
 static String dirForFqcn(String fqcn) {
   int last_dot = fqcn.lastIndexOf('.');
   StringBuffer sb = new StringBuffer(fqcn.substring(0, last_dot + 1));
   for (int i = 0, len = sb.length(); i < len; ++i) if (sb.charAt(i) == '.') sb.setCharAt(i, '/');
   return sb.toString();
 }
  public void actionPerformed(ActionEvent ae) {
    AbstractButton jlab = null;
    if ((count > 7)) {
      JOptionPane.showMessageDialog(
          jlab, "UnSuccessful Submit", "Error", JOptionPane.ERROR_MESSAGE);

    } else if ((count == 0)) {
      AbstractButton jlab1 = null;

      JOptionPane.showMessageDialog(
          jlab1, "UnSuccessful Submit", "Error", JOptionPane.ERROR_MESSAGE);

    } else if ((ae.getActionCommand().equals("Submit"))) {
      AbstractButton jlab2 = null;

      System.out.println("Submitted");
      // JOptionPane.showMessageDialog(jlab1, "Successfully Submitted.");

      JOptionPane.showMessageDialog(
          jlab2, "Submited Successfully!" + "\n" + "Choices are:  " + choices);
      String nameofuser;

      // change username with passed parameter here

      nameofuser = arg;
      System.out.println("Username:"******"select * from user where username= '******'";

      try {
        pst = con.prepareStatement(sql);
        rs = pst.executeQuery();
        if (rs.next()) {
          this.hide();

          allowedchoices.insert(0, rs.getString(9));
          threshold = rs.getFloat(7);
        }

        int i;
        StringBuffer temp;
        temp = new StringBuffer("-------");

        for (i = 0; i < 7; i++) {
          if (allowedchoices.charAt(i) != choices.charAt(i)) {

            temp.setCharAt(i, choices.charAt(i));
          }
        }

        double risk = 0.0;
        for (i = 0; i < 7; i++) {
          switch (temp.charAt(i)) {
            case 'r':
              risk = risk + 0.15;
              break;
            case 'c':
              risk = risk + 0.0;
              break;
            case 'a':
              risk = risk + 0.20;
              break;
            case 'u':
              risk = risk + 0.0;
              break;
            case 'd':
              risk = risk + 0.5;
              break;
            case 'p':
              risk = risk + 0.3;
              break;
            case 'e':
              risk = risk + 0.25;
              break;
          }
        }
        System.out.println("Current Risk Value: " + risk);
        System.out.println(
            "PREMISSION ALLOWED(BY DEFAULT):" + allowedchoices + "THRESHOLD:" + threshold);

        if (threshold < risk) {
          con = ClientConnect.ConnectDB();
          String sql1 =
              "update user set accountstatus = '" + 0 + "' where username= '******'";
          JOptionPane.showMessageDialog(
              jlab1,
              "Account Has Been Disabled! \n \t Contact Administrator!",
              "Error",
              JOptionPane.ERROR_MESSAGE);
          Statement stmt = con.createStatement();
          stmt.execute(sql1.toString());
          stmt.close();
        } else {
          GUIFRfetch gf = new GUIFRfetch();
        }

      } catch (SQLException | HeadlessException e) {
        JOptionPane.showMessageDialog(null, e);
      }
    }
  }