package org.owasp.webscarab.plugin.xsscrlf;

import flex.messaging.io.amf.client.AMFConnection;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.logging.Logger;
import org.htmlparser.tags.FormTag;
import org.owasp.webscarab.httpclient.ConversationHandler;
import org.owasp.webscarab.httpclient.FetcherQueue;
import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.NamedValue;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.model.StoreException;
import org.owasp.webscarab.plugin.Framework;
import org.owasp.webscarab.plugin.Hook;
import org.owasp.webscarab.plugin.Plugin;
import org.owasp.webscarab.util.Encoding;

/* loaded from: input_file:main/WebScarab-1.0.0-SNAPSHOT.jar:org/owasp/webscarab/plugin/xsscrlf/XSSCRLF.class */
public class XSSCRLF implements Plugin, ConversationHandler {
    private Framework _framework;
    private XSSCRLFModel _model;
    private Logger _logger = Logger.getLogger(getClass().getName());
    private FetcherQueue _fetcherQueue = null;
    private int _threads = 4;
    private int _delay = 100;
    public static int MINLENGTH = 3;

    public XSSCRLF(Framework framework) {
        this._framework = framework;
        this._model = new XSSCRLFModel(framework.getModel());
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void analyse(ConversationID conversationID, Request request, Response response, String str) {
        String header;
        byte[] content;
        HttpUrl url = request.getURL();
        if (this._framework.getModel().getConversationOrigin(conversationID).equals(getPluginName()) || (header = response.getHeader("Content-Type")) == null) {
            return;
        }
        if (header.matches("text/.*") || header.equals("application/x-javascript")) {
            byte[] content2 = response.getContent();
            if ((content2 == null || content2.length == 0) && !response.getStatus().startsWith("3")) {
                return;
            }
            String upperCase = content2 != null ? new String(content2).toUpperCase() : null;
            NamedValue[] headers = response.getHeaders();
            NamedValue[] namedValueArr = new NamedValue[headers.length];
            for (int i = 0; i < headers.length; i++) {
                namedValueArr[i] = new NamedValue(headers[i].getName().toUpperCase(), headers[i].getValue().toUpperCase());
            }
            String query = request.getURL().getQuery();
            if (query != null && query.length() > 0) {
                checkParams(conversationID, url, NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR), FormTag.GET, namedValueArr, upperCase);
            }
            if (!request.getMethod().equals("POST") || !"application/x-www-form-urlencoded".equals(request.getHeader("Content-Type")) || (content = request.getContent()) == null || content.length <= 0) {
                return;
            }
            checkParams(conversationID, url, NamedValue.splitNamedValues(new String(content), "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR), "POST", namedValueArr, upperCase);
        }
    }

    private void checkParams(ConversationID conversationID, HttpUrl httpUrl, NamedValue[] namedValueArr, String str, NamedValue[] namedValueArr2, String str2) {
        if (namedValueArr == null) {
            return;
        }
        for (int i = 0; i < namedValueArr.length; i++) {
            String upperCase = namedValueArr[i].getValue().toUpperCase();
            if (upperCase.length() >= MINLENGTH) {
                if (isInHeaders(upperCase, namedValueArr2)) {
                    this._model.markAsCRLFSuspicious(conversationID, httpUrl, str, namedValueArr[i].getName());
                }
                if (str2 != null && str2.indexOf(upperCase) > -1) {
                    this._model.markAsXSSSuspicious(conversationID, httpUrl, str, namedValueArr[i].getName());
                }
            }
        }
    }

    private boolean isInHeaders(String str, NamedValue[] namedValueArr) {
        if (str.length() < MINLENGTH) {
            return false;
        }
        String urlDecode = Encoding.urlDecode(str.toUpperCase());
        for (int i = 0; i < namedValueArr.length; i++) {
            if (namedValueArr[i].getValue().toUpperCase().indexOf(urlDecode) != -1 || namedValueArr[i].getName().toUpperCase().indexOf(urlDecode) != -1) {
                return true;
            }
        }
        return false;
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void flush() throws StoreException {
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public String getPluginName() {
        return "XSS/CRLF";
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public Object getScriptableObject() {
        return null;
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public Hook[] getScriptingHooks() {
        return new Hook[0];
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public String getStatus() {
        return this._model.getStatus();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isBusy() {
        return this._model.isBusy();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isModified() {
        return this._model.isModified();
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean isRunning() {
        return this._model.isRunning();
    }

    @Override // org.owasp.webscarab.plugin.Plugin, java.lang.Runnable
    public void run() {
        this._model.setRunning(true);
        this._model.setStatus("Started");
        this._model.setStopping(false);
        this._fetcherQueue = new FetcherQueue(getPluginName(), this, this._threads, this._delay);
        this._model.setRunning(true);
        while (!this._model.isStopping()) {
            Request dequeueRequest = this._model.dequeueRequest();
            if (dequeueRequest != null) {
                this._fetcherQueue.submit(dequeueRequest);
            }
        }
        this._model.setRunning(false);
        this._model.setStatus("Stopped");
    }

    @Override // org.owasp.webscarab.httpclient.ConversationHandler
    public void responseReceived(Response response) {
        String str = new String(response.getContent());
        ConversationID conversationID = null;
        if (str != null && str.length() >= this._model.getXSSTestString().length() && str.indexOf(this._model.getXSSTestString()) != -1) {
            this._logger.info("XSS - Possibly Vulnerable: " + response.getRequest().getURL());
            conversationID = this._framework.addConversation(response.getRequest(), response, getPluginName());
            this._model.setXSSVulnerable(conversationID, response.getRequest().getURL());
        }
        if (response.getHeader(this._model.getCRLFInjectedHeader()) != null) {
            this._logger.info("CRFL - Possibly Vulnerable: " + response.getRequest().getURL());
            if (conversationID == null) {
                conversationID = this._framework.addConversation(response.getRequest(), response, getPluginName());
            }
            this._model.setCRLFVulnerable(conversationID, response.getRequest().getURL());
        }
    }

    @Override // org.owasp.webscarab.httpclient.ConversationHandler
    public void requestError(Request request, IOException iOException) {
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public void setSession(String str, Object obj, String str2) throws StoreException {
    }

    @Override // org.owasp.webscarab.plugin.Plugin
    public boolean stop() {
        this._model.setRunning(false);
        return this._model.isRunning();
    }

    public XSSCRLFModel getModel() {
        return this._model;
    }

    public void stopChecks() {
        System.out.println("stopChecks()");
    }

    public synchronized String loadString(File file) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return stringBuffer.toString();
            }
            stringBuffer.append(readLine);
        }
    }

    public void checkSelected(ConversationID[] conversationIDArr) {
        for (int i = 0; i < conversationIDArr.length; i++) {
            Request request = this._model.getRequest(conversationIDArr[i]);
            checkConversation(conversationIDArr[i], request, FormTag.GET);
            checkConversation(conversationIDArr[i], request, "POST");
        }
    }

    private void checkConversation(ConversationID conversationID, Request request, String str) {
        String[] cRLFSuspiciousParameters = this._model.getCRLFSuspiciousParameters(conversationID, str);
        if (cRLFSuspiciousParameters != null && cRLFSuspiciousParameters.length > 0) {
            for (int i = 0; i < cRLFSuspiciousParameters.length; i++) {
                this._logger.info("Testing for CRLF - Conversation ID: " + conversationID + " Parameter:" + cRLFSuspiciousParameters[i]);
                submitCRLFTest(request, str, cRLFSuspiciousParameters[i]);
            }
        }
        String[] xSSSuspiciousParameters = this._model.getXSSSuspiciousParameters(conversationID, str);
        if (xSSSuspiciousParameters == null || xSSSuspiciousParameters.length <= 0) {
            return;
        }
        for (int i2 = 0; i2 < xSSSuspiciousParameters.length; i2++) {
            this._logger.info("Testing for XSS - Conversation ID: " + conversationID + " Parameter:" + xSSSuspiciousParameters[i2]);
            submitXSSTest(request, FormTag.GET, xSSSuspiciousParameters[i2]);
        }
    }

    private void submitXSSTest(Request request, String str, String str2) {
        String urlEncode = Encoding.urlEncode(this._model.getXSSTestString());
        Request request2 = new Request(request);
        request2.setURL(getURLwithTestString(request2.getURL(), str2, urlEncode));
        this._model.enqueueRequest(request2, str2);
    }

    private void submitCRLFTest(Request request, String str, String str2) {
        String cRLFTestString = this._model.getCRLFTestString();
        Request request2 = new Request(request);
        request2.setURL(getURLwithTestString(request2.getURL(), str2, cRLFTestString));
        this._model.enqueueRequest(request2, str2);
    }

    private HttpUrl getURLwithTestString(HttpUrl httpUrl, String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer("?");
        String query = httpUrl.getQuery();
        if (query == null) {
            return null;
        }
        NamedValue[] splitNamedValues = NamedValue.splitNamedValues(query, "&", AMFConnection.COOKIE_NAMEVALUE_SEPERATOR);
        for (int i = 0; i < splitNamedValues.length; i++) {
            if (splitNamedValues[i].getName().equals(str)) {
                stringBuffer.append(splitNamedValues[i].getName() + AMFConnection.COOKIE_NAMEVALUE_SEPERATOR + str2);
            } else {
                stringBuffer.append(splitNamedValues[i].getName() + AMFConnection.COOKIE_NAMEVALUE_SEPERATOR + splitNamedValues[i].getValue());
            }
            if (i < splitNamedValues.length - 1) {
                stringBuffer.append("&");
            }
        }
        try {
            return new HttpUrl(httpUrl.getSHPP() + stringBuffer.toString());
        } catch (MalformedURLException e) {
            this._logger.info("Exception: " + e);
            return null;
        }
    }
}
