UnsafeSQLExample and Bi Directional Char Dmeos

Author: svenruppert

pom.xml

@@ -412,11 +412,7 @@
           <artifactId>webdriverextensions-maven-plugin</artifactId>
           <version>3.4.0</version>
         </plugin>
-        <!--                <plugin>-->
-        <!--                    <groupId>de.sormuras.junit</groupId>-->
-        <!--                    <artifactId>junit-platform-maven-plugin</artifactId>-->
-        <!--                    <version>${junit-platform-maven-plugin.version}</version>-->
-        <!--                </plugin>-->
+
       </plugins>
     </pluginManagement>
     <plugins>

src/main/java/com/svenruppert/cli/InsecureTempFileExample.java

@@ -13,9 +13,9 @@ public static void main(String[] args) throws IOException {
     tempFile.createNewFile();
     System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
 
-    File tempFile = File.createTempFile("tempfile_", ".tmp");
-    tempFile.deleteOnExit(); // Ensures the file is deleted when the JVM exits
-    System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
+//    File tempFile = File.createTempFile("tempfile_", ".tmp");
+//    tempFile.deleteOnExit(); // Ensures the file is deleted when the JVM exits
+//    System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
 
   }
 

src/main/java/com/svenruppert/cli/demo002/BideirectionalDemo.java

@@ -0,0 +1,36 @@
+package com.svenruppert.cli.demo002;
+
+import java.io.File;
+import java.io.IOException;
+
+import static java.nio.file.Files.createFile;
+
+public class BideirectionalDemo {
+
+  public static void main(String[] args) {
+      // U+202E is the Right-to-Left Override (RLO) character
+      String normalName = "report.txt";
+      String deceptiveName = "report" + "\u202E" + "exe.txt";
+      // Try to create files with these names
+      createFile(normalName);
+      createFile(deceptiveName);
+      // Print what the names look like to the Java program
+      System.out.println("Expected file name: " + normalName);
+      System.out.println("Deceptive file name appears as: " + deceptiveName);
+    }
+
+    private static void createFile(String fileName) {
+      File file = new File(fileName);
+      try {
+        if (file.createNewFile()) {
+          System.out.println("File created: " + file.getName());
+        } else {
+          System.out.println("File already exists: " + file.getName());
+        }
+      } catch (IOException e) {
+        System.out.println("An error occurred while creating the file: " + fileName);
+        e.printStackTrace();
+      }
+    }
+
+  }

src/main/java/com/svenruppert/cli/demo002/RLMExample.java

@@ -0,0 +1,17 @@
+package com.svenruppert.cli.demo002;
+
+public class RLMExample {
+  public static void main(String[] args) {
+    // Arabic reads right to left, English left to right
+    String englishText = "Version 1.0";
+    String arabicText = "الإصدار";
+    // Concatenate without RLM
+    String withoutRLM = arabicText + " " + englishText;
+    // Concatenate with RLM
+    String withRLM = arabicText + "\u200F" + " " + englishText;
+    // Print the results
+    System.out.println("Without RLM: " + withoutRLM);
+    System.out.println("With RLM: " + withRLM);
+  }
+
+}

src/main/java/com/svenruppert/cli/demo002/RLODemo.java

@@ -0,0 +1,13 @@
+package com.svenruppert.cli.demo002;
+
+public class RLODemo {
+    public static void main(String[] args) {
+        System.out.println("Start der Methode");
+        // \u202E }  \u2066 System.out.println("BAD CODE!"); }\u202C
+        System.out.println("Ende der Methode");
+
+      System.out.println("\u202EHallo\u202C");
+
+    }
+}
+

src/main/java/com/svenruppert/cli/demo03/UnsafeSQLExample.java

@@ -0,0 +1,43 @@
+package com.svenruppert.cli.demo03;
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.ResultSet;
+import java.sql.Statement;
+import java.util.Scanner;
+
+public class UnsafeSQLExample {
+  public static void main(String[] args) {
+    Scanner scanner = new Scanner(System.in);
+    System.out.println("Gib deinen Benutzernamen ein:");
+    String username = scanner.nextLine();
+
+    System.out.println("Gib dein Passwort ein:");
+    String password = scanner.nextLine();
+
+    try {
+      // Verbindung zur Datenbank herstellen
+      Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "root", "password");
+      Statement statement = connection.createStatement();
+
+      // Unsichere SQL-Abfrage, die Eingaben direkt verwendet (SQL-Injection möglich!)
+      String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
+      ResultSet resultSet = statement.executeQuery(query);
+
+      if (resultSet.next()) {
+        System.out.println("Erfolgreich eingeloggt!");
+      } else {
+        System.out.println("Login fehlgeschlagen.");
+      }
+
+      // Ressourcen schließen
+      resultSet.close();
+      statement.close();
+      connection.close();
+    } catch (Exception e) {
+      e.printStackTrace();
+    } finally {
+      scanner.close();
+    }
+  }
+}