package org.owasp.webgoat.plugin;

import com.gargoylesoftware.htmlunit.html.HtmlForm;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipException;
import java.util.zip.ZipFile;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.Form;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.openqa.selenium.remote.ErrorCodes;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/zip-bomb-1.0.jar:org/owasp/webgoat/plugin/ZipBomb.class */
public class ZipBomb extends LessonAdapter {
    private static final Integer DEFAULT_RANKING = new Integer(10);
    private static final String ZIP_DOS = "ZIP_DOS";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        if (ErrorCodes.SUCCESS_STRING.equalsIgnoreCase((String) webSession.get(ZIP_DOS))) {
            System.out.println("final success");
            makeSuccess(webSession);
        }
        try {
            elementContainer.addElement(new P().addElement("Upload new File"));
            elementContainer.addElement(new Input(Input.FILE, "myfile", ""));
            elementContainer.addElement(ECSFactory.makeButton("Start Upload"));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.DOS;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("You can upload up to 2MB file at once,see what can you insert INTO the file");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "Server accepts only ZIP files, \nextracts them after uploading, does something with them and deletes,\n it provides 20 MB temporal storage to handle all request \ntry do perform DOS attack that consume all  temporal storage with one request";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "ZipBomb";
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        File file = (File) webSession.getRequest().getServletContext().getAttribute("javax.servlet.context.tempdir");
        try {
            if (ServletFileUpload.isMultipartContent(webSession.getRequest())) {
                DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
                diskFileItemFactory.setSizeThreshold(500000);
                for (FileItem fileItem : new ServletFileUpload(diskFileItemFactory).parseRequest(webSession.getRequest())) {
                    if (!fileItem.isFormField()) {
                        File file2 = new File(file, fileItem.getName());
                        if (fileItem.getSize() >= 2048000) {
                            webSession.setMessage("Only up to 2 MB files are accepted");
                        } else if (fileItem.getName().endsWith(".zip")) {
                            fileItem.write(file2);
                            long unzippedSize = unzippedSize(file2);
                            webSession.setMessage("File uploaded");
                            if (unzippedSize > 20971520) {
                                webSession.add(ZIP_DOS, ErrorCodes.SUCCESS_STRING);
                                System.out.println(ErrorCodes.SUCCESS_STRING);
                                makeMessages(webSession);
                            } else {
                                webSession.setMessage("I still have plenty of free storage on the server...");
                            }
                        } else {
                            webSession.setMessage("Only ZIP files are accepted");
                        }
                    }
                }
            }
            Form encType = new Form(getFormAction(), "POST").setName(HtmlForm.TAG_NAME).setEncType("multipart/form-data");
            encType.addElement(createContent(webSession));
            setContent(encType);
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
    }

    private long unzippedSize(File file) throws ZipException, IOException {
        long j = 0;
        Enumeration<? extends ZipEntry> entries = new ZipFile(file).entries();
        while (entries.hasMoreElements()) {
            j += entries.nextElement().getSize();
        }
        return j;
    }
}
