package org.alfresco.repo.web.scripts;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.rest.api.tests.client.AuthenticatedHttp;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.util.testing.category.LuceneTests;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.junit.experimental.categories.Category;
import org.springframework.extensions.webscripts.DeclarativeRegistry;
import org.springframework.extensions.webscripts.Description;
import org.springframework.extensions.webscripts.TestWebScriptServer;
import org.springframework.extensions.webscripts.WebScript;
import org.springframework.extensions.webscripts.WebScriptException;

@Category({LuceneTests.class})
/* loaded from: input_file:org/alfresco/repo/web/scripts/XssVulnerabilityTest.class */
public class XssVulnerabilityTest extends BaseWebScriptTest {
    private Log logger = LogFactory.getLog(XssVulnerabilityTest.class);
    private DeclarativeRegistry webscriptsRegistry;
    static final String START_ARG = "{";
    static final String END_ARG = "}";
    static final String[] METHODS_TO_CHECK_ARRAY = {"GET", "DELETE", "POST", "PUT"};
    static final Set<String> METHODS_TO_CHECK_SET = new HashSet(Arrays.asList(METHODS_TO_CHECK_ARRAY));
    static final String[] FORMATS_TO_CHECK_ARRAY = {"html"};
    static final Set<String> FORMATS_TO_CHECK_SET = new HashSet(Arrays.asList(FORMATS_TO_CHECK_ARRAY));
    static final String[] URI_TO_SKIP_ARRAY = {".rss", ".atom"};
    static final String MALARG1 = "<script>alert('XSS')</script>";
    static final String MALARG2 = "</script><script>alert('XSS')</script>";
    static final String MALARG3 = "\"</script><script>alert('XSS')</script>";
    static final String MALARG4 = "'\"</style></script><script>alert('XSS')</script>";
    static final String[] MALICIOUS_ARGS = {MALARG1, MALARG2, MALARG3, MALARG4};
    static final String[] SKIP_WEBSCRIPT_CHECK_ARRAY = {"org/alfresco/cmis/client/cmisbrowser/federatedquery.get", "org/alfresco/cmis/test.post.desc.xml"};
    static final Set<String> SKIP_WEBSCRIPT_CHECK_ID_SET = new HashSet(Arrays.asList(SKIP_WEBSCRIPT_CHECK_ARRAY));

    protected void setUp() throws Exception {
        super.setUp();
        this.webscriptsRegistry = (DeclarativeRegistry) getServer().getApplicationContext().getBean("webscripts.registry.prototype");
        setDefaultRunAs(AuthenticationUtil.getAdminUserName());
    }

    protected void tearDown() throws Exception {
        super.tearDown();
    }

    protected Log getLogger() {
        return this.logger;
    }

    public void testXssVulnerability() throws Throwable {
        this.webscriptsRegistry.reset();
        int size = this.webscriptsRegistry.getWebScripts().size();
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        int i4 = 0;
        LinkedList linkedList = new LinkedList();
        for (WebScript webScript : this.webscriptsRegistry.getWebScripts()) {
            if (getLogger().isDebugEnabled()) {
                i++;
                getLogger().debug("progress: " + i + "/" + size);
            }
            Description description = webScript.getDescription();
            if (!SKIP_WEBSCRIPT_CHECK_ID_SET.contains(description.getId())) {
                boolean contains = METHODS_TO_CHECK_SET.contains(description.getMethod());
                boolean contains2 = FORMATS_TO_CHECK_SET.contains(description.getDefaultFormat());
                if (contains && contains2) {
                    for (String str : MALICIOUS_ARGS) {
                        for (String str2 : description.getURIs()) {
                            if (!isUriSkip(str2)) {
                                List<String> parseArgsFromURI = parseArgsFromURI(str2);
                                if (0 != parseArgsFromURI.size()) {
                                    String substituteMaliciousArgInURI = substituteMaliciousArgInURI(str2, parseArgsFromURI, str);
                                    try {
                                        TestWebScriptServer.Response sendRequest = sendRequest(createRequest(description.getMethod(), substituteMaliciousArgInURI), -1);
                                        String contentAsString = sendRequest.getContentAsString();
                                        if (sendRequest.getStatus() == 200) {
                                            i2++;
                                        }
                                        if (contentAsString.toLowerCase().contains(str.toLowerCase())) {
                                            linkedList.add(description.getMethod() + " " + substituteMaliciousArgInURI);
                                            i4++;
                                        }
                                    } catch (WebScriptException e) {
                                        i3++;
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        if (getLogger().isDebugEnabled()) {
            getLogger().debug("OK html responses count: " + i2);
            getLogger().debug("Webscript errors count: " + i3);
            getLogger().debug("Vulnerabile URLs count: " + i4);
        }
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            getLogger().warn("Vulnerabile URL: " + ((String) it.next()));
        }
        assertTrue("Vulnerabile URLs found: " + linkedList, linkedList.size() == 0);
    }

    private boolean isUriSkip(String str) {
        for (String str2 : URI_TO_SKIP_ARRAY) {
            if (str.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private List<String> parseArgsFromURI(String str) {
        LinkedList linkedList = new LinkedList();
        int indexOf = str.indexOf(START_ARG, 0);
        while (true) {
            int i = indexOf;
            if (i == -1) {
                return linkedList;
            }
            int indexOf2 = str.indexOf(END_ARG, i);
            if (indexOf2 == -1) {
                throw new AlfrescoRuntimeException("Invalid webscript URI : " + str);
            }
            String substring = str.substring(i + 1, indexOf2);
            if (substring.endsWith("?")) {
                substring = substring.substring(0, substring.length() - 1);
            }
            linkedList.add(substring);
            indexOf = str.indexOf(START_ARG, indexOf2);
        }
    }

    private TestWebScriptServer.Request createRequest(String str, String str2) throws Exception {
        boolean z = -1;
        switch (str.hashCode()) {
            case 70454:
                if (str.equals("GET")) {
                    z = true;
                    break;
                }
                break;
            case 79599:
                if (str.equals("PUT")) {
                    z = 2;
                    break;
                }
                break;
            case 2461856:
                if (str.equals("POST")) {
                    z = 3;
                    break;
                }
                break;
            case 2012838315:
                if (str.equals("DELETE")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new TestWebScriptServer.DeleteRequest(str2);
            case true:
                return new TestWebScriptServer.GetRequest(str2);
            case true:
                return new TestWebScriptServer.PutRequest(str2, "{}", AuthenticatedHttp.MIME_TYPE_JSON);
            case true:
                return new TestWebScriptServer.PostRequest(str2, "{}", AuthenticatedHttp.MIME_TYPE_JSON);
            default:
                throw new InvalidArgumentException("HTTP method not supported");
        }
    }

    private String substituteMaliciousArgInURI(String str, List<String> list, String str2) {
        String str3 = str;
        for (String str4 : list) {
            str3 = str3.replace(START_ARG + str4 + END_ARG, "a" + str2).replace(START_ARG + str4 + "?" + END_ARG, "a" + str2);
        }
        if (str3.contains(START_ARG) || str3.contains(END_ARG)) {
            throw new AlfrescoRuntimeException("Arguments were not properly substituted: " + str3);
        }
        return str3;
    }
}
