package org.owasp.webgoat.plugin;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import net.sourceforge.jtds.jdbc.DefaultProperties;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.WebSession;
import org.springframework.web.servlet.tags.form.AbstractHtmlElementTag;

/* loaded from: input_file:WebGoat.war:plugin_lessons/java-script-validation-1.0.jar:org/owasp/webgoat/plugin/JavaScriptValidation.class */
public class JavaScriptValidation extends LessonAdapter {
    private static final Integer DEFAULT_RANKING = new Integer(120);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Pattern compile = Pattern.compile("^[a-z]{3}$");
        Pattern compile2 = Pattern.compile("^[0-9]{3}$");
        Pattern compile3 = Pattern.compile("^[a-zA-Z0-9 ]*$");
        Pattern compile4 = Pattern.compile("^(one|two|three|four|five|six|seven|eight|nine)$");
        Pattern compile5 = Pattern.compile("^\\d{5}$");
        Pattern compile6 = Pattern.compile("^\\d{5}(-\\d{4})?$");
        Pattern compile7 = Pattern.compile("^[2-9]\\d{2}-?\\d{3}-?\\d{4}$");
        String property = System.getProperty("line.separator");
        String str = "<SCRIPT>" + property + "regex1=/^[a-z]{3}$/;" + property + "regex2=/^[0-9]{3}$/;" + property + "regex3=/^[a-zA-Z0-9 ]*$/;" + property + "regex4=/^(one|two|three|four|five|six|seven|eight|nine)$/;" + property + "regex5=/^\\d{5}$/;" + property + "regex6=/^\\d{5}(-\\d{4})?$/;" + property + "regex7=/^[2-9]\\d{2}-?\\d{3}-?\\d{4}$/;" + property + "function validate() { " + property + "msg='JavaScript found form errors'; err=0; " + property + "if (!regex1.test(document.form.field1.value)) {err+=1; msg+='\\n  bad field1';}" + property + "if (!regex2.test(document.form.field2.value)) {err+=1; msg+='\\n  bad field2';}" + property + "if (!regex3.test(document.form.field3.value)) {err+=1; msg+='\\n  bad field3';}" + property + "if (!regex4.test(document.form.field4.value)) {err+=1; msg+='\\n  bad field4';}" + property + "if (!regex5.test(document.form.field5.value)) {err+=1; msg+='\\n  bad field5';}" + property + "if (!regex6.test(document.form.field6.value)) {err+=1; msg+='\\n  bad field6';}" + property + "if (!regex7.test(document.form.field7.value)) {err+=1; msg+='\\n  bad field7';}" + property + "if ( err > 0 ) alert(msg);" + property + "else document.form.submit();" + property + "} " + property + "</SCRIPT>" + property;
        try {
            String rawParameter = webSession.getParser().getRawParameter("field1", "abc");
            String rawParameter2 = webSession.getParser().getRawParameter("field2", DefaultProperties.PROCESS_ID);
            String rawParameter3 = webSession.getParser().getRawParameter("field3", "abc 123 ABC");
            String rawParameter4 = webSession.getParser().getRawParameter("field4", "seven");
            String rawParameter5 = webSession.getParser().getRawParameter("field5", "90210");
            String rawParameter6 = webSession.getParser().getRawParameter("field6", "90210-1111");
            String rawParameter7 = webSession.getParser().getRawParameter("field7", "301-604-4882");
            elementContainer.addElement(new StringElement(str));
            TextArea addElement = new TextArea("field1", 1, 25).addElement(rawParameter);
            TextArea addElement2 = new TextArea("field2", 1, 25).addElement(rawParameter2);
            TextArea addElement3 = new TextArea("field3", 1, 25).addElement(rawParameter3);
            TextArea addElement4 = new TextArea("field4", 1, 25).addElement(rawParameter4);
            TextArea addElement5 = new TextArea("field5", 1, 25).addElement(rawParameter5);
            TextArea addElement6 = new TextArea("field6", 1, 25).addElement(rawParameter6);
            TextArea addElement7 = new TextArea("field7", 1, 25).addElement(rawParameter7);
            Input input = new Input();
            input.setType(Input.SUBMIT);
            input.setValue("Submit");
            input.setID("submit_btn");
            input.addAttribute(AbstractHtmlElementTag.ONCLICK_ATTRIBUTE, "validate();");
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("3LowerCase") + "(^[a-z]{3}$)")));
            elementContainer.addElement(new Div().addElement(addElement));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("Exactly3Digits") + "(^[0-9]{3}$)")));
            elementContainer.addElement(new Div().addElement(addElement2));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("LettersNumbersSpaceOnly") + "(^[a-zA-Z0-9 ]*$)")));
            elementContainer.addElement(new Div().addElement(addElement3));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("EnumerationOfNumbers") + " (^(one|two|three|four|five|six|seven|eight|nine)$)")));
            elementContainer.addElement(new Div().addElement(addElement4));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("SimpleZipCode") + " (^\\d{5}$)")));
            elementContainer.addElement(new Div().addElement(addElement5));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("ZIPDashFour") + " (^\\d{5}(-\\d{4})?$)")));
            elementContainer.addElement(new Div().addElement(addElement6));
            elementContainer.addElement(new P());
            elementContainer.addElement(new Div().addElement(new StringElement(getLabelManager().get("USPhoneNumber") + " (^[2-9]\\d{2}-?\\d{3}-?\\d{4}$)")));
            elementContainer.addElement(new Div().addElement(addElement7));
            elementContainer.addElement(new P());
            elementContainer.addElement(input);
            int i = 0;
            String str2 = "";
            if (!compile.matcher(rawParameter).matches()) {
                i = 0 + 1;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + " Field1.";
            }
            if (!compile2.matcher(rawParameter2).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + " Field2.";
            }
            if (!compile3.matcher(rawParameter3).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + "Field3.";
            }
            if (!compile4.matcher(rawParameter4).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + "Field4.";
            }
            if (!compile5.matcher(rawParameter5).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + "Field5.";
            }
            if (!compile6.matcher(rawParameter6).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + "Field6.";
            }
            if (!compile7.matcher(rawParameter7).matches()) {
                i++;
                str2 = str2 + "<BR>" + getLabelManager().get("ServerSideValidationViolation") + "Field7.";
            }
            if (i > 0) {
                webSession.setMessage(str2);
            }
            if (i >= 7) {
                makeSuccess(webSession);
            }
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.PARAMETER_TAMPERING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getLabelManager().get("JavaScriptValidationHint1"));
        arrayList.add(getLabelManager().get("JavaScriptValidationHint2"));
        arrayList.add(getLabelManager().get("JavaScriptValidationHint3"));
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Bypass Client Side JavaScript Validation";
    }
}
