package org.owasp.webgoat.plugin;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/blind-numeric-sql-injection-1.0.jar:org/owasp/webgoat/plugin/BlindNumericSqlInjection.class */
public class BlindNumericSqlInjection extends LessonAdapter {
    private static final String ACCT_NUM = "account_number";
    private static final String TARGET_CC_NUM = "1111222233334444";
    private static final Integer DEFAULT_RANKING = new Integer(90);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            Connection connection = DatabaseUtilities.getConnection(webSession);
            elementContainer.addElement(new P().addElement("Enter your Account Number: "));
            String rawParameter = webSession.getParser().getRawParameter(ACCT_NUM, "101");
            elementContainer.addElement(new Input("TEXT", ACCT_NUM, rawParameter.toString()));
            elementContainer.addElement(ECSFactory.makeButton("Go!"));
            String str = "SELECT * FROM user_data WHERE userid = " + rawParameter;
            try {
                ResultSet executeQuery = connection.createStatement(1004, 1007).executeQuery("SELECT pin FROM pins WHERE cc_number = '1111222233334444'");
                executeQuery.first();
                System.out.println("Account: " + rawParameter);
                System.out.println("Answer : " + executeQuery.getString(1));
                if (rawParameter.toString().equals(executeQuery.getString(1))) {
                    makeSuccess(webSession);
                } else {
                    ResultSet executeQuery2 = connection.createStatement(1004, 1007).executeQuery(str);
                    if (executeQuery2 == null || !executeQuery2.first()) {
                        elementContainer.addElement(new P().addElement("Invalid account number."));
                    } else {
                        elementContainer.addElement(new P().addElement("Account number is valid."));
                    }
                }
            } catch (SQLException e) {
                elementContainer.addElement(new P().addElement("An error occurred, please try again."));
            }
        } catch (Exception e2) {
            webSession.setMessage("Error generating " + getClass().getName());
            e2.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.INJECTION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Create a SQL statement that you can use as a true/false test and then start narrowing down the number using > and <<br><br>The backend database is HSQLDB, but this shouldn't make any difference because you can solve this lesson with standard SQL syntax.");
        arrayList.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. You will need to make use of the following SQL functions: <br><br>AND - combine the logic of the normal query with a boolean result<br><br>( and ) - group subexpressions so they evaluate properly<br><br>SELECT - make a subquery for your target data and get a number<br><br>&gt and = and &lt - once you have the number, compare it to a choosen one");
        arrayList.add("This is the code for the query being built and issued by WebGoat:<br><br> \"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
        arrayList.add("Here is an example for another table:<br><br> In the table <i>user_data</i>, is the <i>userid</i> for the record with a <i>cc_number</i> of <i>333498703333</i> greater than 100? <br><br>101 AND ((SELECT userid FROM user_data WHERE cc_number='333498703333') &gt 100 ); <br><br>If you get back that account number is valid, then yes.  If get back that the number is invalid then answer is no.");
        arrayList.add("Partial Solution:<br><br>Is the <i>pin</i> of the record with a <i>cc_number</i> of <i>1111222233334444</i> greater than 1000? <br><br>101 AND ((SELECT pin FROM pins WHERE cc_number='1111222233334444') &gt 1000 ); <br><br>If you get back that account number is valid, then yes.  If get back that the number is invalid then answer is no.");
        arrayList.add("Another Part of Solution:<br><br>Is the <i>pin</i> of the record with a <i>cc_number</i> of <i>1111222233334444</i> greater than 10000? <br><br>101 AND ((SELECT pin FROM pins WHERE cc_number='1111222233334444') &gt 10000 ); <br><br>If you get back that account number is valid, then yes.  If get back that the number is invalid then answer is no.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "The form below allows a user to enter an account number and determine if it is valid or not.  Use this form to develop a true / false test check other entries in the database.  <br><br>The goal is to find the value of the field <b>pin</b> in table <b>pins</b> for the row with the <b>cc_number</b> of <b> 1111222233334444</b>.  The field is of type int, which is an integer.<br><br>Put the discovered pin value in the form to pass the lesson.";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Blind Numeric SQL Injection";
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        try {
            super.handleRequest(webSession);
        } catch (Exception e) {
            System.out.println("Exception caught: " + e);
            e.printStackTrace(System.out);
        }
    }
}
