package org.owasp.webgoat.plugin;

import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.Select;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

/* loaded from: input_file:WebGoat.war:plugin_lessons/bypass-html-field-restrictions-1.0.jar:org/owasp/webgoat/plugin/BypassHtmlFieldRestrictions.class */
public class BypassHtmlFieldRestrictions extends SequentialLessonAdapter {
    private static final String USERID = "userid";
    private String userid;
    private static final Integer DEFAULT_RANKING = new Integer(10);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            boolean z = false;
            elementContainer.addElement(new Div().addElement(new StringElement("Select field with two possible values:")));
            elementContainer.addElement(new Select("select", new String[]{"foo", "bar"}));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement("Radio button with two possible values:")));
            Input input = new Input("radio", "radio", "foo");
            input.setChecked(true);
            elementContainer.addElement(input);
            elementContainer.addElement(new StringElement("foo"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new Input("radio", "radio", "bar"));
            elementContainer.addElement(new StringElement("bar"));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement("Checkbox:")));
            Input input2 = new Input("checkbox", "checkbox");
            input2.setChecked(true);
            elementContainer.addElement(input2);
            elementContainer.addElement(new StringElement("checkbox"));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement("Input field restricted to 5 characters:")));
            Input input3 = new Input("TEXT", "shortinput", "12345");
            input3.setMaxlength(5);
            elementContainer.addElement(input3);
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement("Disabled input field:")));
            Input input4 = new Input("TEXT", "disabledinput", "disabled");
            input4.setDisabled(true);
            elementContainer.addElement(input4);
            elementContainer.addElement(new BR());
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement("Submit button:")));
            elementContainer.addElement(ECSFactory.makeButton("Submit"));
            String rawParameter = webSession.getParser().getRawParameter("select");
            if (rawParameter.equals("foo")) {
                z = true;
            }
            if (rawParameter.equals("bar")) {
                z = true;
            }
            webSession.getParser().getRawParameter("radio");
            if (rawParameter.equals("foo")) {
                z = true;
            }
            if (rawParameter.equals("bar")) {
                z = true;
            }
            if (webSession.getParser().getRawParameter("checkbox").equals(CustomBooleanEditor.VALUE_ON)) {
                z = true;
            }
            if (webSession.getParser().getRawParameter("shortinput").length() < 6) {
                z = true;
            }
            if (webSession.getParser().getRawParameter("disabledinput").equals("disabled")) {
                z = true;
            }
            if (webSession.getParser().getRawParameter(Input.SUBMIT).equals("Submit")) {
                z = true;
            }
            if (!z) {
                makeSuccess(webSession);
            }
        } catch (ParameterNotFoundException e) {
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.PARAMETER_TAMPERING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint1"));
        arrayList.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint2"));
        arrayList.add(getLabelManager().get("BypassHtmlFieldRestrictionsHint3"));
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Bypass HTML Field Restrictions";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "The form below uses HTML form field restrictions.  In order to pass this lesson, submit the form with each field containing an unallowed value. <b>You must submit invalid values for all six fields in one form submission.</b>";
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        try {
            super.handleRequest(webSession);
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
    }
}
