package com.eviware.soapui.security.assertion;

import com.eviware.soapui.config.ParameterExposureCheckConfig;
import com.eviware.soapui.config.TestAssertionConfig;
import com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion;
import com.eviware.soapui.model.iface.MessageExchange;
import com.eviware.soapui.model.iface.SubmitContext;
import com.eviware.soapui.model.testsuite.Assertable;
import com.eviware.soapui.model.testsuite.AssertionError;
import com.eviware.soapui.model.testsuite.AssertionException;
import com.eviware.soapui.model.testsuite.ResponseAssertion;
import com.eviware.soapui.security.check.ParameterExposureCheck;
import com.eviware.soapui.support.SecurityCheckUtil;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:soapui-4.0-beta1.jar:com/eviware/soapui/security/assertion/ParameterExposureAssertion.class */
class ParameterExposureAssertion extends WsdlMessageAssertion implements ResponseAssertion {
    public ParameterExposureAssertion(TestAssertionConfig testAssertionConfig, Assertable assertable) {
        super(testAssertionConfig, assertable, false, true, false, true);
    }

    @Override // com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion
    protected String internalAssertResponse(MessageExchange messageExchange, SubmitContext submitContext) throws AssertionException {
        ParameterExposureCheckConfig parameterExposureCheckConfig = (ParameterExposureCheckConfig) submitContext.getProperty(ParameterExposureCheck.PARAMETER_EXPOSURE_CHECK_CONFIG);
        ArrayList arrayList = new ArrayList();
        if (assertImediateResponse(messageExchange, submitContext, parameterExposureCheckConfig, false, arrayList)) {
            throw new AssertionException((AssertionError[]) arrayList.toArray(new AssertionError[arrayList.size()]));
        }
        return "OK";
    }

    private boolean assertImediateResponse(MessageExchange messageExchange, SubmitContext submitContext, ParameterExposureCheckConfig parameterExposureCheckConfig, boolean z, List<AssertionError> list) {
        Iterator<String> it = parameterExposureCheckConfig.getParameterExposureStringsList().iterator();
        while (it.hasNext()) {
            String expand = submitContext.expand(it.next());
            if (SecurityCheckUtil.contains(submitContext, new String(messageExchange.getRawResponseData()), expand, false) != null) {
                list.add(new AssertionError("Content that is sent in request '" + expand + "' is exposed in response. Possibility for XSS script attack in: " + messageExchange.getModelItem().getName()));
                z = true;
            }
        }
        return z;
    }

    @Override // com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion
    protected String internalAssertRequest(MessageExchange messageExchange, SubmitContext submitContext) throws AssertionException {
        return null;
    }
}
