package org.owasp.webgoat.plugin;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.PRE;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;

/* loaded from: input_file:WebGoat.war:plugin_lessons/ws-sql-injection-1.0.jar:org/owasp/webgoat/plugin/WsSqlInjection.class */
public class WsSqlInjection extends LessonAdapter {
    public static final String ccNumber = "cc_number";
    private static final String ACCT_NUM = "account_number";
    private String accountNumber;
    static boolean completed;
    private static WebgoatContext webgoatContext;
    private static final Integer DEFAULT_RANKING = new Integer(150);

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void setWebgoatContext(WebgoatContext webgoatContext2) {
        webgoatContext = webgoatContext2;
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public WebgoatContext getWebgoatContext() {
        return webgoatContext;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.WEB_SERVICES;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Try connecting to the WSDL with a browser or Web Service tool.");
        arrayList.add("Sometimes the server side code will perform input validation before issuing  the request to the web service operation.  Try to bypass this check by accessing the web service directly");
        arrayList.add("The URL for the web service is: http://localhost/WebGoat/services/WsSqlInjection?WSDL <br>The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
        arrayList.add("Create a new soap request for the getCreditCard(String id) operation.");
        arrayList.add("A soap request uses the following HTTP header: <br> SOAPAction: some action header, can be &quot;&quot;<br><br>The soap message body has the following format:<br>&lt;?xml version='1.0' encoding='UTF-8'?&gt; <br>&nbsp;&nbsp;&lt;SOAP-ENV:Envelope xmlns:SOAP-ENV='http://schemas.xmlsoap.org/soap/envelope/' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;SOAP-ENV:Body&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;ns1:getCreditCard SOAP-ENV:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/' xmlns:ns1='http://lessons'&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;id xsi:type='xsd:string'&gt;101&lt;/id&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getCreditCard&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>&nbsp;&nbsp;&lt;/SOAP-ENV:Envelope&gt; <br>");
        arrayList.add("Use the \"Webservices\" Functions in OWASP ZAP.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Web Service SQL Injection";
    }

    protected Element makeAccountLine(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new P().addElement("Enter your Account Number: "));
        this.accountNumber = webSession.getParser().getRawParameter(ACCT_NUM, "101");
        elementContainer.addElement(new Input("TEXT", ACCT_NUM, this.accountNumber.toString()));
        elementContainer.addElement(ECSFactory.makeButton("Go!"));
        return elementContainer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(makeAccountLine(webSession));
            elementContainer.addElement(new PRE("SELECT * FROM user_data WHERE userid = " + this.accountNumber));
            for (int i = 0; i < this.accountNumber.length(); i++) {
                char charAt = this.accountNumber.charAt(i);
                if (charAt < '0' || charAt > '9') {
                    elementContainer.addElement("Invalid account number. ");
                    this.accountNumber = "0";
                }
            }
            try {
                ResultSet results = getResults(this.accountNumber);
                if (results == null || !results.first()) {
                    elementContainer.addElement("No results matched.  Try Again.");
                } else {
                    elementContainer.addElement(DatabaseUtilities.writeTable(results, results.getMetaData()));
                    results.last();
                    if (results.getRow() >= 6) {
                    }
                }
            } catch (SQLException e) {
                elementContainer.addElement(new P().addElement(e.getMessage()));
            }
            A a = new A("services/WsSqlInjection?WSDL", "WebGoat WSDL File");
            elementContainer.addElement(new P().addElement("Exploit the following WSDL to access sensitive data:"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(a);
            getLessonTracker(webSession).setCompleted(completed);
        } catch (Exception e2) {
            webSession.setMessage("Error generating " + getClass().getName());
            e2.printStackTrace();
        }
        return elementContainer;
    }

    public ResultSet getResults(String str) {
        try {
            try {
                return DatabaseUtilities.getConnection("guest", getWebgoatContext()).createStatement(1004, 1007).executeQuery("SELECT * FROM user_data WHERE userid = " + str);
            } catch (SQLException e) {
                return null;
            }
        } catch (Exception e2) {
            return null;
        }
    }

    public String[] getCreditCard(String str) {
        ResultSet results = getResults(str);
        if (results == null) {
            return null;
        }
        try {
            results.last();
            String[] strArr = new String[results.getRow()];
            if (strArr.length > 4) {
                completed = true;
            }
            results.beforeFirst();
            while (results.next()) {
                strArr[results.getRow() - 1] = results.getString(ccNumber);
            }
            return strArr;
        } catch (SQLException e) {
            return null;
        }
    }
}
