package com.eviware.soapui.security.scan;

import com.eviware.soapui.SoapUI;
import com.eviware.soapui.config.CrossSiteScriptingScanConfig;
import com.eviware.soapui.config.SecurityScanConfig;
import com.eviware.soapui.config.StrategyTypeConfig;
import com.eviware.soapui.impl.wsdl.teststeps.WsdlTestRequestStepResult;
import com.eviware.soapui.impl.wsdl.teststeps.WsdlTestStep;
import com.eviware.soapui.model.ModelItem;
import com.eviware.soapui.model.security.SecurityCheckedParameter;
import com.eviware.soapui.model.testsuite.TestCaseRunner;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.security.SecurityTestRunner;
import com.eviware.soapui.security.SecurityTestRunnerImpl;
import com.eviware.soapui.security.assertion.CrossSiteScriptAssertion;
import com.eviware.soapui.support.SecurityScanUtil;
import com.eviware.soapui.support.UISupport;
import com.eviware.soapui.support.types.StringToStringMap;
import com.eviware.soapui.support.xml.XmlObjectTreeModel;
import com.eviware.x.form.support.ADialogBuilder;
import com.eviware.x.form.support.AField;
import com.eviware.x.form.support.AForm;
import com.eviware.x.impl.swing.JFormDialog;
import com.eviware.x.impl.swing.JStringListFormField;
import java.awt.Dimension;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Stack;
import javax.swing.JComponent;
import javax.swing.JLabel;
import javax.swing.JPanel;
import org.apache.xml.serializer.SerializerConstants;
import org.custommonkey.xmlunit.XMLConstants;

/* loaded from: input_file:soapui-4.0.0.jar:com/eviware/soapui/security/scan/CrossSiteScriptingScan.class */
public class CrossSiteScriptingScan extends AbstractSecurityScanWithProperties {
    public static final String TYPE = "CrossSiteScriptingScan";
    public static final String NAME = "Cross Site Scripting";
    public static final String PARAMETER_EXPOSURE_SCAN_CONFIG = "CrossSiteScriptingScanConfig";
    public static final String TEST_CASE_RUNNER = "testCaseRunner";
    public static final String TEST_STEP = "testStep";
    private CrossSiteScriptingScanConfig cssConfig;
    StrategyTypeConfig.Enum strategy;
    List<String> defaultParameterExposureStrings;
    private JFormDialog dialog;

    @AForm(description = CrossSiteScriptingScan.NAME, name = CrossSiteScriptingScan.NAME)
    /* loaded from: input_file:soapui-4.0.0.jar:com/eviware/soapui/security/scan/CrossSiteScriptingScan$AdvancedSettings.class */
    protected interface AdvancedSettings {

        @AField(description = "Cross Site Scripting Vectors", name = PARAMETER_EXPOSURE_STRINGS, type = AField.AFieldType.STRINGLIST)
        public static final String PARAMETER_EXPOSURE_STRINGS = "###Cross Site Scripting";
    }

    public CrossSiteScriptingScan(TestStep testStep, SecurityScanConfig securityScanConfig, ModelItem modelItem, String str) {
        super(testStep, securityScanConfig, modelItem, str);
        this.strategy = StrategyTypeConfig.ONE_BY_ONE;
        this.defaultParameterExposureStrings = new ArrayList();
        if (securityScanConfig.getConfig() == null || !(securityScanConfig.getConfig() instanceof CrossSiteScriptingScanConfig)) {
            initConfig();
        } else {
            this.cssConfig = (CrossSiteScriptingScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        }
    }

    private void initDefaultVectors() {
        try {
            InputStream resourceAsStream = SoapUI.class.getResourceAsStream("/com/eviware/soapui/resources/security/XSS-vectors.txt");
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    resourceAsStream.close();
                    return;
                }
                this.defaultParameterExposureStrings.add(readLine);
            }
        } catch (Exception e) {
            SoapUI.logError(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    public void initAssertions() {
        super.initAssertions();
        if (this.assertionsSupport.getAssertionByName(CrossSiteScriptAssertion.LABEL) == null) {
            this.assertionsSupport.addWsdlAssertion(CrossSiteScriptAssertion.LABEL);
        }
    }

    private void initConfig() {
        initDefaultVectors();
        ((SecurityScanConfig) getConfig()).setConfig(CrossSiteScriptingScanConfig.Factory.newInstance());
        this.cssConfig = (CrossSiteScriptingScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        this.cssConfig.setParameterExposureStringsArray((String[]) this.defaultParameterExposureStrings.toArray(new String[this.defaultParameterExposureStrings.size()]));
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties, com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public void updateSecurityConfig(SecurityScanConfig securityScanConfig) {
        super.updateSecurityConfig(securityScanConfig);
        if (this.cssConfig != null) {
            this.cssConfig = (CrossSiteScriptingScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        }
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected void execute(SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        sendToContext(securityTestRunContext, testStep, securityTestRunner);
        PropertyMutation popMutation = PropertyMutation.popMutation(securityTestRunContext);
        if (popMutation != null) {
            WsdlTestRequestStepResult wsdlTestRequestStepResult = (WsdlTestRequestStepResult) popMutation.getTestStep().run((TestCaseRunner) securityTestRunner, securityTestRunContext);
            wsdlTestRequestStepResult.setRequestContent("", false);
            createMessageExchange(popMutation.getMutatedParameters(), wsdlTestRequestStepResult, securityTestRunContext);
        }
    }

    private void sendToContext(SecurityTestRunContext securityTestRunContext, TestStep testStep, SecurityTestRunner securityTestRunner) {
        securityTestRunContext.put(TEST_CASE_RUNNER, (Object) securityTestRunner);
        securityTestRunContext.put(TEST_STEP, (Object) testStep);
    }

    private void removeFromContext(SecurityTestRunContext securityTestRunContext) {
        securityTestRunContext.remove(TEST_CASE_RUNNER);
        securityTestRunContext.remove(TEST_STEP);
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    /* renamed from: getComponent */
    public JComponent mo760getComponent() {
        JPanel createEmptyPanel = UISupport.createEmptyPanel(5, 75, 0, 5);
        createEmptyPanel.add(new JLabel("Strings for Cross Site Scripting can be configured under Advanced Settings"));
        return createEmptyPanel;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getType() {
        return TYPE;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected boolean hasNext(TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        if (securityTestRunContext.hasProperty(PropertyMutation.REQUEST_MUTATIONS_STACK)) {
            if (!((Stack) securityTestRunContext.get(PropertyMutation.REQUEST_MUTATIONS_STACK)).empty()) {
                return true;
            }
            securityTestRunContext.remove(PropertyMutation.REQUEST_MUTATIONS_STACK);
            securityTestRunContext.remove(PARAMETER_EXPOSURE_SCAN_CONFIG);
            removeFromContext(securityTestRunContext);
            return false;
        }
        securityTestRunContext.put(PropertyMutation.REQUEST_MUTATIONS_STACK, (Object) new Stack());
        securityTestRunContext.put(PARAMETER_EXPOSURE_SCAN_CONFIG, (Object) this.cssConfig);
        try {
            extractMutations(testStep, securityTestRunContext);
        } catch (Exception e) {
            SoapUI.logError(e);
        }
        return checkIfEmptyStack(securityTestRunContext);
    }

    private boolean checkIfEmptyStack(SecurityTestRunContext securityTestRunContext) {
        return !((Stack) securityTestRunContext.get(PropertyMutation.REQUEST_MUTATIONS_STACK)).empty();
    }

    private void extractMutations(TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        this.strategy = getExecutionStrategy().getStrategy();
        Iterator<String> it = this.cssConfig.getParameterExposureStringsList().iterator();
        while (it.hasNext()) {
            String expand = securityTestRunContext.expand(it.next());
            PropertyMutation propertyMutation = new PropertyMutation();
            TestStep testStep2 = null;
            XmlObjectTreeModel xmlObjectTreeModel = null;
            List<SecurityCheckedParameter> parameterList = getParameterHolder().getParameterList();
            StringToStringMap stringToStringMap = new StringToStringMap();
            for (SecurityCheckedParameter securityCheckedParameter : parameterList) {
                if (this.strategy.equals(StrategyTypeConfig.ONE_BY_ONE)) {
                    stringToStringMap = new StringToStringMap();
                    xmlObjectTreeModel = SecurityScanUtil.getXmlObjectTreeModel(testStep, securityCheckedParameter);
                    testStep2 = SecurityTestRunnerImpl.cloneTestStepForSecurityScan((WsdlTestStep) testStep);
                } else {
                    if (xmlObjectTreeModel == null) {
                        xmlObjectTreeModel = SecurityScanUtil.getXmlObjectTreeModel(testStep, securityCheckedParameter);
                    }
                    if (testStep2 == null) {
                        testStep2 = SecurityTestRunnerImpl.cloneTestStepForSecurityScan((WsdlTestStep) testStep);
                    }
                }
                if (securityCheckedParameter.isChecked() && securityCheckedParameter.getXpath().trim().length() > 0) {
                    XmlObjectTreeModel.XmlTreeNode[] selectTreeNodes = xmlObjectTreeModel.selectTreeNodes(securityTestRunContext.expand(securityCheckedParameter.getXpath()));
                    if (selectTreeNodes.length > 0) {
                        XmlObjectTreeModel.XmlTreeNode xmlTreeNode = selectTreeNodes[0];
                        if (xmlTreeNode.isLeaf()) {
                            xmlTreeNode.setValue(1, expand);
                            if (this.strategy.equals(StrategyTypeConfig.ONE_BY_ONE)) {
                                PropertyMutation propertyMutation2 = new PropertyMutation();
                                propertyMutation2.setPropertyName(securityCheckedParameter.getName());
                                propertyMutation2.setPropertyValue(unescapEscaped(xmlObjectTreeModel.getXmlObject().toString()));
                                stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), xmlTreeNode.getNodeText());
                                propertyMutation2.setMutatedParameters(stringToStringMap);
                                propertyMutation2.updateRequestProperty(testStep2);
                                propertyMutation2.setTestStep(testStep2);
                                propertyMutation2.addMutation(securityTestRunContext);
                            } else {
                                propertyMutation.setPropertyName(securityCheckedParameter.getName());
                                propertyMutation.setPropertyValue(unescapEscaped(xmlObjectTreeModel.getXmlObject().toString()));
                                stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), xmlTreeNode.getNodeText());
                                propertyMutation.setMutatedParameters(stringToStringMap);
                                propertyMutation.updateRequestProperty(testStep2);
                                propertyMutation.setTestStep(testStep2);
                            }
                        }
                    }
                } else if (this.strategy.equals(StrategyTypeConfig.ONE_BY_ONE)) {
                    PropertyMutation propertyMutation3 = new PropertyMutation();
                    propertyMutation3.setPropertyName(securityCheckedParameter.getName());
                    propertyMutation3.setPropertyValue(expand);
                    stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), expand);
                    propertyMutation3.setMutatedParameters(stringToStringMap);
                    propertyMutation3.updateRequestProperty(testStep2);
                    propertyMutation3.setTestStep(testStep2);
                    propertyMutation3.addMutation(securityTestRunContext);
                } else {
                    propertyMutation.setPropertyName(securityCheckedParameter.getName());
                    propertyMutation.setPropertyValue(expand);
                    stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), expand);
                    propertyMutation.setMutatedParameters(stringToStringMap);
                    propertyMutation.updateRequestProperty(testStep2);
                    propertyMutation.setTestStep(testStep2);
                }
            }
            if (this.strategy.equals(StrategyTypeConfig.ALL_AT_ONCE)) {
                propertyMutation.addMutation(securityTestRunContext);
            }
        }
    }

    private String unescapEscaped(String str) {
        return str.replaceAll(SerializerConstants.ENTITY_LT, XMLConstants.OPEN_START_NODE);
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigDescription() {
        return "Configures parameter exposure security scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigName() {
        return "Cross Site Scripting Scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getHelpURL() {
        return "http://soapui.org/Security/cross-site-scripting.html";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public JComponent getAdvancedSettingsPanel() {
        this.dialog = (JFormDialog) ADialogBuilder.buildDialog(AdvancedSettings.class);
        JStringListFormField jStringListFormField = (JStringListFormField) this.dialog.getFormField(AdvancedSettings.PARAMETER_EXPOSURE_STRINGS);
        jStringListFormField.setOptions(this.cssConfig.getParameterExposureStringsList().toArray());
        jStringListFormField.setProperty("dimension", new Dimension(470, 150));
        jStringListFormField.getComponent().addPropertyChangeListener("options", new PropertyChangeListener() { // from class: com.eviware.soapui.security.scan.CrossSiteScriptingScan.1
            @Override // java.beans.PropertyChangeListener
            public void propertyChange(PropertyChangeEvent propertyChangeEvent) {
                String[] strArr = (String[]) propertyChangeEvent.getNewValue();
                String[] strArr2 = (String[]) propertyChangeEvent.getOldValue();
                if (strArr.length > strArr2.length) {
                    String[] strArr3 = (String[]) propertyChangeEvent.getNewValue();
                    CrossSiteScriptingScan.this.cssConfig.addParameterExposureStrings(strArr3[strArr3.length - 1]);
                }
                if (strArr.length < strArr2.length) {
                    for (int i = 0; i < strArr2.length; i++) {
                        if (i >= strArr.length) {
                            CrossSiteScriptingScan.this.cssConfig.removeParameterExposureStrings(strArr2.length - 1);
                        } else if (strArr[i] != strArr2[i]) {
                            CrossSiteScriptingScan.this.cssConfig.removeParameterExposureStrings(i);
                            return;
                        }
                    }
                }
            }
        });
        return this.dialog.getPanel();
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties, com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem
    public void release() {
        if (this.dialog != null) {
            this.dialog.release();
        }
        super.release();
    }
}
