public static String escapeBadSqlPatternChars(String s) {
StringBuffer sb = new StringBuffer(s);
for (int i = 0, len = sb.length(); i < len; ++i)
if (sb.charAt(i) == '\'') {
sb.insert(i, '\'');
++len;
i += 2;
}
return sb.toString();
}
// return all grantees: thr_0, thr_1, thr_2 ..., excluding itself
private static String getAllGrantees() {
StringBuffer aStr = new StringBuffer(" ");
Map<String, String> userPasswd =
(Map<String, String>) SQLBB.getBB().getSharedMap().get(SQLSecurityTest.userPasswdMap);
for (Map.Entry<String, String> e : userPasswd.entrySet()) {
if (!e.getKey().equalsIgnoreCase("thr_" + RemoteTestModule.getCurrentThread().getThreadId()))
aStr.append(e.getKey() + ", ");
}
if (aStr.charAt(aStr.length() - 2) == ',') {
aStr.deleteCharAt(aStr.length() - 2);
}
aStr.deleteCharAt(0); // delete the leading space
return aStr.toString();
}
// return optionally any insert, delete, trigger, select [col list], update [col list]
private String getPrivilegeLists(String tableName) {
StringBuffer aStr = new StringBuffer(" ");
for (int i = 0; i < tablePriv.length; i++) {
if (SQLTest.random.nextBoolean()) {
aStr.append(tablePriv[i]); // insert delete etc
if (i > 2) {
aStr.append(getColumnLists(tableName)); // column list for the table
} // may include column list
aStr.append(", ");
}
}
if (aStr.charAt(aStr.length() - 2) == ',') {
aStr.deleteCharAt(aStr.length() - 2);
}
aStr.deleteCharAt(0); // delete the leading space
return aStr.toString();
}
// returns column list: column-id, column-id ...
private String getColumnLists(String tableName) {
List<String> colNames = (List<String>) tableCols.get(tableName);
StringBuffer aStr = new StringBuffer(" ");
for (int i = 0; i < colNames.size(); i++) {
if (SQLTest.random.nextBoolean()) {
aStr.append(colNames.get(i) + ", ");
}
}
if (aStr.charAt(aStr.length() - 2) == ',') {
aStr.deleteCharAt(aStr.length() - 2);
}
aStr.deleteCharAt(0); // delete the leading space
if (aStr.length() != 1) {
aStr.insert(1, '(');
aStr.append(')');
} // has column
return aStr.toString();
}
// any number of users excluding itself
private static String getGrantees(int num) {
StringBuffer aStr = new StringBuffer(" ");
Map<String, String> userPasswd =
(Map<String, String>) SQLBB.getBB().getSharedMap().get(SQLSecurityTest.userPasswdMap);
userPasswd.remove("thr_" + RemoteTestModule.getCurrentThread().getThreadId());
String[] users = new String[userPasswd.size()];
userPasswd.keySet().toArray(users);
int i = 0;
while (i < num) {
int x = SQLTest.random.nextInt(users.length);
aStr.append(users[x] + ", ");
i++;
}
if (aStr.charAt(aStr.length() - 2) == ',') {
aStr.deleteCharAt(aStr.length() - 2);
}
aStr.deleteCharAt(0); // delete the leading space
return aStr.toString();
}
static String dirForFqcn(String fqcn) {
int last_dot = fqcn.lastIndexOf('.');
StringBuffer sb = new StringBuffer(fqcn.substring(0, last_dot + 1));
for (int i = 0, len = sb.length(); i < len; ++i) if (sb.charAt(i) == '.') sb.setCharAt(i, '/');
return sb.toString();
}
public void actionPerformed(ActionEvent ae) {
AbstractButton jlab = null;
if ((count > 7)) {
JOptionPane.showMessageDialog(
jlab, "UnSuccessful Submit", "Error", JOptionPane.ERROR_MESSAGE);
} else if ((count == 0)) {
AbstractButton jlab1 = null;
JOptionPane.showMessageDialog(
jlab1, "UnSuccessful Submit", "Error", JOptionPane.ERROR_MESSAGE);
} else if ((ae.getActionCommand().equals("Submit"))) {
AbstractButton jlab2 = null;
System.out.println("Submitted");
// JOptionPane.showMessageDialog(jlab1, "Successfully Submitted.");
JOptionPane.showMessageDialog(
jlab2, "Submited Successfully!" + "\n" + "Choices are: " + choices);
String nameofuser;
// change username with passed parameter here
nameofuser = arg;
System.out.println("Username:"******"select * from user where username= '******'";
try {
pst = con.prepareStatement(sql);
rs = pst.executeQuery();
if (rs.next()) {
this.hide();
allowedchoices.insert(0, rs.getString(9));
threshold = rs.getFloat(7);
}
int i;
StringBuffer temp;
temp = new StringBuffer("-------");
for (i = 0; i < 7; i++) {
if (allowedchoices.charAt(i) != choices.charAt(i)) {
temp.setCharAt(i, choices.charAt(i));
}
}
double risk = 0.0;
for (i = 0; i < 7; i++) {
switch (temp.charAt(i)) {
case 'r':
risk = risk + 0.15;
break;
case 'c':
risk = risk + 0.0;
break;
case 'a':
risk = risk + 0.20;
break;
case 'u':
risk = risk + 0.0;
break;
case 'd':
risk = risk + 0.5;
break;
case 'p':
risk = risk + 0.3;
break;
case 'e':
risk = risk + 0.25;
break;
}
}
System.out.println("Current Risk Value: " + risk);
System.out.println(
"PREMISSION ALLOWED(BY DEFAULT):" + allowedchoices + "THRESHOLD:" + threshold);
if (threshold < risk) {
con = ClientConnect.ConnectDB();
String sql1 =
"update user set accountstatus = '" + 0 + "' where username= '******'";
JOptionPane.showMessageDialog(
jlab1,
"Account Has Been Disabled! \n \t Contact Administrator!",
"Error",
JOptionPane.ERROR_MESSAGE);
Statement stmt = con.createStatement();
stmt.execute(sql1.toString());
stmt.close();
} else {
GUIFRfetch gf = new GUIFRfetch();
}
} catch (SQLException | HeadlessException e) {
JOptionPane.showMessageDialog(null, e);
}
}
}