package org.owasp.webgoat.plugin;

import java.sql.Connection;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/thread-safety-problem-1.0.jar:org/owasp/webgoat/plugin/ThreadSafetyProblem.class */
public class ThreadSafetyProblem extends LessonAdapter {
    private static final String USER_NAME = "username";
    private static String currentUser;
    private String originalUser;
    private static final Integer DEFAULT_RANKING = new Integer(80);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            Connection connection = DatabaseUtilities.getConnection(webSession);
            elementContainer.addElement(new StringElement("Enter user name: "));
            elementContainer.addElement(new Input("TEXT", USER_NAME, ""));
            currentUser = webSession.getParser().getRawParameter(USER_NAME, "");
            this.originalUser = currentUser;
            String str = new String(currentUser);
            elementContainer.addElement(ECSFactory.makeButton("Submit"));
            elementContainer.addElement(new P());
            if (!"".equals(currentUser)) {
                Thread.sleep(1500L);
                ResultSet executeQuery = connection.createStatement(1004, 1007).executeQuery("SELECT * FROM user_system_data WHERE user_name = '" + currentUser + "'");
                if (executeQuery == null || !executeQuery.first()) {
                    webSession.setMessage("'" + currentUser + "' is not a user in the WebGoat database.");
                } else {
                    elementContainer.addElement("Account information for user: " + this.originalUser + "<br><br>");
                    elementContainer.addElement(DatabaseUtilities.writeTable(executeQuery, executeQuery.getMetaData()));
                }
            }
            if (!str.equals(currentUser)) {
                makeSuccess(webSession);
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Web applications handle many HTTP requests at the same time.");
        arrayList.add("Developers use variables that are not thread safe.");
        arrayList.add("Show the Java source code and trace the 'currentUser' variable");
        arrayList.add("Open two browsers and send 'jeff' in one and 'dave' in the other.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "The user should be able to exploit the concurrency error in this web application and view login information for another user that is attempting the same function at the same time.  <b>This will require the use of two browsers</b>. Valid user names are 'jeff' and 'dave'.<p>Please enter your username to access your account.";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.CONCURRENCY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Thread Safety Problems";
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        try {
            super.handleRequest(webSession);
        } catch (Exception e) {
            e.printStackTrace(System.out);
        }
    }
}
