package org.owasp.webgoat.plugin;

import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.PRE;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.helpers.XMLReaderFactory;

/* loaded from: input_file:WebGoat.war:plugin_lessons/ws-sax-injection-1.0.jar:org/owasp/webgoat/plugin/WsSAXInjection.class */
public class WsSAXInjection extends LessonAdapter {
    private static final String PASSWORD = "password";
    private String password;
    static boolean completed;
    private static String template1 = "<?xml version='1.0' encoding='UTF-8'?>\n<wsns0:Envelope\n  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'\n  xmlns:xsd='http://www.w3.org/2001/XMLSchema'\n  xmlns:wsns0='http://schemas.xmlsoap.org/soap/envelope/'\n  xmlns:wsns1='http://lessons.webgoat.owasp.org'>\n  <wsns0:Body>\n    <wsns1:changePassword>\n      <id xsi:type='xsd:int'>101</id>\n      <password xsi:type='xsd:string'>";
    private static String template2 = "</password>\n    </wsns1:changePassword>\n  </wsns0:Body>\n</wsns0:Envelope>";
    private static final Integer DEFAULT_RANKING = new Integer(150);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WebGoat.war:plugin_lessons/ws-sax-injection-1.0.jar:org/owasp/webgoat/plugin/WsSAXInjection$PasswordChanger.class */
    public static class PasswordChanger extends DefaultHandler {
        private static String PASSWORD_TAG = "password";
        private static String ID_TAG = "id";
        private String id;
        private String password;
        private StringBuffer text;

        private PasswordChanger() {
            this.id = null;
            this.password = null;
            this.text = new StringBuffer();
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            this.text.delete(0, this.text.length());
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void characters(char[] cArr, int i, int i2) throws SAXException {
            this.text.append(cArr, i, i2);
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void endElement(String str, String str2, String str3) throws SAXException {
            if (str2.equals(ID_TAG)) {
                this.id = this.text.toString();
            }
            if (str2.equals(PASSWORD_TAG)) {
                this.password = this.text.toString();
            }
            this.text.delete(0, this.text.length());
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void ignorableWhitespace(char[] cArr, int i, int i2) throws SAXException {
            this.text.append(cArr, i, i2);
        }

        public String getId() {
            return this.id;
        }

        public String getPassword() {
            return this.password;
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.WEB_SERVICES;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("The backend parses the XML received using a SAX parser.");
        arrayList.add("SAX parsers often don't care if an element is repeated.");
        arrayList.add("If there are repeated elements, the last one is the one that is effective");
        arrayList.add("Try injecting matching 'close' tags, and creating your own XML elements");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Web Service SAX Injection";
    }

    protected Element makeInputLine(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new P().addElement("Please change your password: "));
        elementContainer.addElement(new Input("TEXT", "password"));
        elementContainer.addElement(ECSFactory.makeButton("Go!"));
        return elementContainer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(makeInputLine(webSession));
            this.password = webSession.getParser().getRawParameter("password", null);
            PRE pre = new PRE();
            String str = (template1 + (this.password == null ? "[password]" : this.password)) + template2;
            pre.addElement(HtmlEncoder.encode(str));
            elementContainer.addElement(pre);
            if (this.password != null) {
                elementContainer.addElement(checkXML(webSession, str));
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private Element checkXML(WebSession webSession, String str) {
        try {
            XMLReader createXMLReader = XMLReaderFactory.createXMLReader();
            PasswordChanger passwordChanger = new PasswordChanger();
            createXMLReader.setContentHandler(passwordChanger);
            createXMLReader.parse(new InputSource(new StringReader(str)));
            if ("101".equals(passwordChanger.getId())) {
                return new StringElement("You changed the password for userid 101. Try again.");
            }
            makeSuccess(webSession);
            return new B(HtmlEncoder.encode("You have changed the passsword for userid " + passwordChanger.getId() + " to '" + passwordChanger.getPassword() + "'"));
        } catch (IOException e) {
            return new StringElement(e.getLocalizedMessage());
        } catch (SAXException e2) {
            return new StringElement("The XML was not well formed: " + e2.getLocalizedMessage());
        }
    }
}
