package org.owasp.webgoat.plugin;

import com.gargoylesoftware.htmlunit.html.HtmlImage;
import com.gargoylesoftware.htmlunit.html.HtmlInlineFrame;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Script;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/dom-xss-1.0.jar:org/owasp/webgoat/plugin/DOMXSS.class */
public class DOMXSS extends SequentialLessonAdapter {
    private static final String PERSON = "person";
    private static final Integer DEFAULT_RANKING = new Integer(10);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        StringBuffer stringBuffer = new StringBuffer(webSession.getParser().getStringParameter(PERSON, ""));
        elementContainer.addElement(mainContent(webSession));
        if (stringBuffer.toString().toLowerCase().indexOf(HtmlImage.TAG_NAME) != -1 && stringBuffer.toString().toLowerCase().indexOf("images/logos/owasp.jpg") != -1) {
            getLessonTracker(webSession).setStage(2);
            webSession.setMessage("Stage 1 completed. ");
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        StringBuffer stringBuffer = new StringBuffer(webSession.getParser().getStringParameter(PERSON, ""));
        elementContainer.addElement(mainContent(webSession));
        if (stringBuffer.toString().toLowerCase().indexOf(HtmlImage.TAG_NAME) == -1 || stringBuffer.toString().toLowerCase().indexOf("onerror") == -1 || stringBuffer.toString().toLowerCase().indexOf("alert") == -1) {
            webSession.setMessage("Only &lt;img onerror...  attacks are recognized for success criteria");
        } else {
            getLessonTracker(webSession).setStage(3);
            webSession.setMessage("Stage 2 completed. ");
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage3(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        StringBuffer stringBuffer = new StringBuffer(webSession.getParser().getStringParameter(PERSON, ""));
        elementContainer.addElement(mainContent(webSession));
        if (stringBuffer.toString().toLowerCase().indexOf(HtmlInlineFrame.TAG_NAME) != -1 && stringBuffer.toString().toLowerCase().indexOf("javascript:alert") != -1) {
            getLessonTracker(webSession).setStage(4);
            webSession.setMessage("Stage 3 completed.");
        } else if (stringBuffer.toString().toLowerCase().indexOf(HtmlInlineFrame.TAG_NAME) == -1 || stringBuffer.toString().toLowerCase().indexOf("onload") == -1 || stringBuffer.toString().toLowerCase().indexOf("alert") == -1) {
            webSession.setMessage("Only &lt;iframe javascript/onload...  attacks are recognized for success criteria");
        } else {
            getLessonTracker(webSession).setStage(4);
            webSession.setMessage("Stage 3 completed. ");
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage4(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        StringBuffer stringBuffer = new StringBuffer(webSession.getParser().getStringParameter(PERSON, ""));
        elementContainer.addElement(mainContent(webSession));
        if (stringBuffer.toString().toLowerCase().indexOf("please enter your password:") != -1 && stringBuffer.toString().toLowerCase().indexOf("javascript:alert") != -1) {
            getLessonTracker(webSession).setStage(5);
            webSession.setMessage("Stage 4 completed.");
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage5(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(mainContent(webSession));
        if (getFileContent(webSession.getWebResource(LessonUtil.buildJsFileSystemPath(webSession, this, "DOMXSS.js"))).indexOf("escapeHTML(name)") != -1) {
            makeSuccess(webSession);
        }
        return elementContainer;
    }

    protected ElementContainer mainContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "DOMXSS.js")));
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "escape.js")));
            elementContainer.addElement(new H1().setID("greeting"));
            elementContainer.addElement(new StringElement("Enter your name: "));
            Input input = new Input("TEXT", PERSON, new StringBuffer(webSession.getParser().getStringParameter(PERSON, "")).toString());
            input.setOnKeyUp("displayGreeting(person.value)");
            elementContainer.addElement(input);
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
            elementContainer.addElement(ECSFactory.makeButton("Submit Solution"));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Stage 1: Try entering the following: &lt;IMG SRC=\"images/logos/owasp.jpg\"/&gt;");
        arrayList.add("Stage 2: Try entering the following: &lt;img src=x onerror=;;alert('XSS') /&gt;");
        arrayList.add("Stage 3: Try entering the following: &lt;IFRAME SRC=\"javascript:alert('XSS');\"&gt;&lt;/IFRAME&gt;");
        arrayList.add("Stage 4: Try entering the following: Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;");
        arrayList.add("Stage 5: You will find the JavaScripts in tomcat\\webapps\\WebGoat\\javascript (Standart Version) or in WebContent\\javascript (Developer Version).");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AJAX_SECURITY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "LAB: DOM-Based cross-site scripting";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        String str = "";
        if (getLessonTracker(webSession).getStage() == 1) {
            str = "STAGE 1:\tFor this exercise, your mission is to deface this website using the image at the following location: <a href = '/WebGoat/images/logos/owasp.jpg'>OWASP IMAGE</a>";
        } else if (getLessonTracker(webSession).getStage() == 2) {
            str = "STAGE 2:\tNow, try to create a JavaScript alert using the image tag";
        } else if (getLessonTracker(webSession).getStage() == 3) {
            str = "STAGE 3:\tNext, try to create a JavaScript alert using the IFRAME tag.";
        } else if (getLessonTracker(webSession).getStage() == 4) {
            str = "STAGE 4:\tUse the following to create a fake login form:<br><br>Please enter your password:&lt;BR&gt;&lt;input type = \"password\" name=\"pass\"/&gt;&lt;button onClick=\"javascript:alert('I have your password: ' + pass.value);\"&gt;Submit&lt;/button&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;&lt;BR&gt;";
        } else if (getLessonTracker(webSession).getStage() == 5) {
            str = "STAGE 5:\tPerform client-side HTML entity encoding to mitigate the DOM XSS vulnerability. A utility method is provided for you in escape.js.";
        }
        return str;
    }

    private String getFileContent(String str) {
        BufferedReader bufferedReader = null;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(new File(str)));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    stringBuffer.append(readLine);
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                    }
                }
            }
            return stringBuffer.toString();
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }
}
