Skip to content

Commit 7b18494

Browse files
committed
UnsafeSQLExample and Bi Directional Char Dmeos
1 parent 16d5193 commit 7b18494

File tree

6 files changed

+113
-8
lines changed

6 files changed

+113
-8
lines changed

pom.xml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -412,11 +412,7 @@
412412
<artifactId>webdriverextensions-maven-plugin</artifactId>
413413
<version>3.4.0</version>
414414
</plugin>
415-
<!-- <plugin>-->
416-
<!-- <groupId>de.sormuras.junit</groupId>-->
417-
<!-- <artifactId>junit-platform-maven-plugin</artifactId>-->
418-
<!-- <version>${junit-platform-maven-plugin.version}</version>-->
419-
<!-- </plugin>-->
415+
420416
</plugins>
421417
</pluginManagement>
422418
<plugins>

src/main/java/com/svenruppert/cli/InsecureTempFileExample.java

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,9 @@ public static void main(String[] args) throws IOException {
1313
tempFile.createNewFile();
1414
System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
1515

16-
File tempFile = File.createTempFile("tempfile_", ".tmp");
17-
tempFile.deleteOnExit(); // Ensures the file is deleted when the JVM exits
18-
System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
16+
// File tempFile = File.createTempFile("tempfile_", ".tmp");
17+
// tempFile.deleteOnExit(); // Ensures the file is deleted when the JVM exits
18+
// System.out.println("Temporary file created at: " + tempFile.getAbsolutePath());
1919

2020
}
2121

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
package com.svenruppert.cli.demo002;
2+
3+
import java.io.File;
4+
import java.io.IOException;
5+
6+
import static java.nio.file.Files.createFile;
7+
8+
public class BideirectionalDemo {
9+
10+
public static void main(String[] args) {
11+
// U+202E is the Right-to-Left Override (RLO) character
12+
String normalName = "report.txt";
13+
String deceptiveName = "report" + "\u202E" + "exe.txt";
14+
// Try to create files with these names
15+
createFile(normalName);
16+
createFile(deceptiveName);
17+
// Print what the names look like to the Java program
18+
System.out.println("Expected file name: " + normalName);
19+
System.out.println("Deceptive file name appears as: " + deceptiveName);
20+
}
21+
22+
private static void createFile(String fileName) {
23+
File file = new File(fileName);
24+
try {
25+
if (file.createNewFile()) {
26+
System.out.println("File created: " + file.getName());
27+
} else {
28+
System.out.println("File already exists: " + file.getName());
29+
}
30+
} catch (IOException e) {
31+
System.out.println("An error occurred while creating the file: " + fileName);
32+
e.printStackTrace();
33+
}
34+
}
35+
36+
}
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
package com.svenruppert.cli.demo002;
2+
3+
public class RLMExample {
4+
public static void main(String[] args) {
5+
// Arabic reads right to left, English left to right
6+
String englishText = "Version 1.0";
7+
String arabicText = "الإصدار";
8+
// Concatenate without RLM
9+
String withoutRLM = arabicText + " " + englishText;
10+
// Concatenate with RLM
11+
String withRLM = arabicText + "\u200F" + " " + englishText;
12+
// Print the results
13+
System.out.println("Without RLM: " + withoutRLM);
14+
System.out.println("With RLM: " + withRLM);
15+
}
16+
17+
}
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
package com.svenruppert.cli.demo002;
2+
3+
public class RLODemo {
4+
public static void main(String[] args) {
5+
System.out.println("Start der Methode");
6+
// \u202E } \u2066 System.out.println("BAD CODE!"); }\u202C
7+
System.out.println("Ende der Methode");
8+
9+
System.out.println("\u202EHallo\u202C");
10+
11+
}
12+
}
13+
Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
package com.svenruppert.cli.demo03;
2+
3+
import java.sql.Connection;
4+
import java.sql.DriverManager;
5+
import java.sql.ResultSet;
6+
import java.sql.Statement;
7+
import java.util.Scanner;
8+
9+
public class UnsafeSQLExample {
10+
public static void main(String[] args) {
11+
Scanner scanner = new Scanner(System.in);
12+
System.out.println("Gib deinen Benutzernamen ein:");
13+
String username = scanner.nextLine();
14+
15+
System.out.println("Gib dein Passwort ein:");
16+
String password = scanner.nextLine();
17+
18+
try {
19+
// Verbindung zur Datenbank herstellen
20+
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/testdb", "root", "password");
21+
Statement statement = connection.createStatement();
22+
23+
// Unsichere SQL-Abfrage, die Eingaben direkt verwendet (SQL-Injection möglich!)
24+
String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
25+
ResultSet resultSet = statement.executeQuery(query);
26+
27+
if (resultSet.next()) {
28+
System.out.println("Erfolgreich eingeloggt!");
29+
} else {
30+
System.out.println("Login fehlgeschlagen.");
31+
}
32+
33+
// Ressourcen schließen
34+
resultSet.close();
35+
statement.close();
36+
connection.close();
37+
} catch (Exception e) {
38+
e.printStackTrace();
39+
} finally {
40+
scanner.close();
41+
}
42+
}
43+
}

0 commit comments

Comments
 (0)