package org.zaproxy.zap.extension.ascan;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import net.sf.json.JSONObject;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.core.scanner.Alert;
import org.parosproxy.paros.core.scanner.Category;
import org.parosproxy.paros.core.scanner.HostProcess;
import org.parosproxy.paros.core.scanner.Plugin;
import org.parosproxy.paros.core.scanner.ScannerListener;
import org.parosproxy.paros.model.HistoryReference;
import org.parosproxy.paros.model.Model;
import org.parosproxy.paros.model.SiteNode;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.extension.alert.ExtensionAlert;
import org.zaproxy.zap.extension.api.ApiAction;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiImplementor;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiResponseList;
import org.zaproxy.zap.extension.api.ApiResponseSet;
import org.zaproxy.zap.extension.api.ApiView;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/ascan/ActiveScanAPI.class */
public class ActiveScanAPI extends ApiImplementor implements ScannerListener {
    private static Logger log = Logger.getLogger(ActiveScanAPI.class);
    private static final String PREFIX = "ascan";
    private static final String ACTION_SCAN = "scan";
    private static final String ACTION_EXCLUDE_FROM_SCAN = "excludeFromScan";
    private static final String ACTION_CLEAR_EXCLUDED_FROM_SCAN = "clearExcludedFromScan";
    private static final String ACTION_ENABLE_ALL_SCANNERS = "enableAllScanners";
    private static final String ACTION_DISABLE_ALL_SCANNERS = "disableAllScanners";
    private static final String ACTION_ENABLE_SCANNERS = "enableScanners";
    private static final String ACTION_DISABLE_SCANNERS = "disableScanners";
    private static final String ACTION_SET_ENABLED_POLICIES = "setEnabledPolicies";
    private static final String ACTION_SET_POLICY_ATTACK_STRENGTH = "setPolicyAttackStrength";
    private static final String ACTION_SET_POLICY_ALERT_THRESHOLD = "setPolicyAlertThreshold";
    private static final String ACTION_SET_SCANNER_ATTACK_STRENGTH = "setScannerAttackStrength";
    private static final String ACTION_SET_SCANNER_ALERT_THRESHOLD = "setScannerAlertThreshold";
    private static final String VIEW_STATUS = "status";
    private static final String VIEW_EXCLUDED_FROM_SCAN = "excludedFromScan";
    private static final String VIEW_SCANNERS = "scanners";
    private static final String VIEW_POLICIES = "policies";
    private static final String PARAM_URL = "url";
    private static final String PARAM_REGEX = "regex";
    private static final String PARAM_RECURSE = "recurse";
    private static final String PARAM_JUST_IN_SCOPE = "inScopeOnly";
    private static final String PARAM_IDS = "ids";
    private static final String PARAM_ID = "id";
    private static final String PARAM_ATTACK_STRENGTH = "attackStrength";
    private static final String PARAM_ALERT_THRESHOLD = "alertThreshold";
    private static final String PARAM_POLICY_ID = "policyId";
    private ExtensionActiveScan extension;
    private ActiveScan activeScan = null;
    private int progress = 0;

    public ActiveScanAPI(ExtensionActiveScan extensionActiveScan) {
        this.extension = extensionActiveScan;
        addApiAction(new ApiAction(ACTION_SCAN, new String[]{PARAM_URL}, new String[]{PARAM_RECURSE, PARAM_JUST_IN_SCOPE}));
        addApiAction(new ApiAction(ACTION_CLEAR_EXCLUDED_FROM_SCAN));
        addApiAction(new ApiAction(ACTION_EXCLUDE_FROM_SCAN, new String[]{PARAM_REGEX}));
        addApiAction(new ApiAction(ACTION_ENABLE_ALL_SCANNERS));
        addApiAction(new ApiAction(ACTION_DISABLE_ALL_SCANNERS));
        addApiAction(new ApiAction(ACTION_ENABLE_SCANNERS, new String[]{PARAM_IDS}));
        addApiAction(new ApiAction(ACTION_DISABLE_SCANNERS, new String[]{PARAM_IDS}));
        addApiAction(new ApiAction(ACTION_SET_ENABLED_POLICIES, new String[]{PARAM_IDS}));
        addApiAction(new ApiAction(ACTION_SET_POLICY_ATTACK_STRENGTH, new String[]{PARAM_ID, PARAM_ATTACK_STRENGTH}));
        addApiAction(new ApiAction(ACTION_SET_POLICY_ALERT_THRESHOLD, new String[]{PARAM_ID, PARAM_ALERT_THRESHOLD}));
        addApiAction(new ApiAction(ACTION_SET_SCANNER_ATTACK_STRENGTH, new String[]{PARAM_ID, PARAM_ATTACK_STRENGTH}));
        addApiAction(new ApiAction(ACTION_SET_SCANNER_ALERT_THRESHOLD, new String[]{PARAM_ID, PARAM_ALERT_THRESHOLD}));
        addApiView(new ApiView(VIEW_STATUS));
        addApiView(new ApiView(VIEW_EXCLUDED_FROM_SCAN));
        addApiView(new ApiView(VIEW_SCANNERS, (String[]) null, new String[]{PARAM_POLICY_ID}));
        addApiView(new ApiView(VIEW_POLICIES));
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public String getPrefix() {
        return "ascan";
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiAction(String str, JSONObject jSONObject) throws ApiException {
        log.debug("handleApiAction " + str + " " + jSONObject.toString());
        boolean z = -1;
        switch (str.hashCode()) {
            case -2130430655:
                if (str.equals(ACTION_EXCLUDE_FROM_SCAN)) {
                    z = 2;
                    break;
                }
                break;
            case -1768343555:
                if (str.equals(ACTION_SET_POLICY_ATTACK_STRENGTH)) {
                    z = 8;
                    break;
                }
                break;
            case -1756062994:
                if (str.equals(ACTION_DISABLE_ALL_SCANNERS)) {
                    z = 4;
                    break;
                }
                break;
            case -1196620386:
                if (str.equals(ACTION_CLEAR_EXCLUDED_FROM_SCAN)) {
                    z = true;
                    break;
                }
                break;
            case -545840936:
                if (str.equals(ACTION_ENABLE_SCANNERS)) {
                    z = 5;
                    break;
                }
                break;
            case 3524221:
                if (str.equals(ACTION_SCAN)) {
                    z = false;
                    break;
                }
                break;
            case 601323891:
                if (str.equals(ACTION_ENABLE_ALL_SCANNERS)) {
                    z = 3;
                    break;
                }
                break;
            case 691202365:
                if (str.equals(ACTION_DISABLE_SCANNERS)) {
                    z = 6;
                    break;
                }
                break;
            case 778074863:
                if (str.equals(ACTION_SET_ENABLED_POLICIES)) {
                    z = 7;
                    break;
                }
                break;
            case 1135097035:
                if (str.equals(ACTION_SET_SCANNER_ALERT_THRESHOLD)) {
                    z = 11;
                    break;
                }
                break;
            case 1526648069:
                if (str.equals(ACTION_SET_SCANNER_ATTACK_STRENGTH)) {
                    z = 10;
                    break;
                }
                break;
            case 2135072707:
                if (str.equals(ACTION_SET_POLICY_ALERT_THRESHOLD)) {
                    z = 9;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String string = jSONObject.getString(PARAM_URL);
                if (string != null && string.length() != 0) {
                    scanURL(jSONObject.getString(PARAM_URL), getParam(jSONObject, PARAM_RECURSE, true), getParam(jSONObject, PARAM_JUST_IN_SCOPE, false));
                    break;
                } else {
                    throw new ApiException(ApiException.Type.MISSING_PARAMETER, PARAM_URL);
                }
            case true:
                try {
                    Model.getSingleton().getSession().setExcludeFromScanRegexs(new ArrayList());
                    break;
                } catch (SQLException e) {
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
            case true:
                try {
                    Model.getSingleton().getSession().addExcludeFromScanRegexs(jSONObject.getString(PARAM_REGEX));
                    break;
                } catch (Exception e2) {
                    throw new ApiException(ApiException.Type.BAD_FORMAT, PARAM_REGEX);
                }
            case true:
                Control.getSingleton().getPluginFactory().setAllPluginEnabled(true);
                break;
            case true:
                Control.getSingleton().getPluginFactory().setAllPluginEnabled(false);
                break;
            case true:
                setScannersEnabled(jSONObject, true);
                break;
            case true:
                setScannersEnabled(jSONObject, false);
                break;
            case true:
                setEnabledPolicies(getParam(jSONObject, PARAM_IDS, Constant.USER_AGENT).split(","));
                break;
            case true:
                int policyIdFromParamId = getPolicyIdFromParamId(jSONObject);
                Plugin.AttackStrength attackStrengthFromParamAttack = getAttackStrengthFromParamAttack(jSONObject);
                for (Plugin plugin : Control.getSingleton().getPluginFactory().getAllPlugin()) {
                    if (plugin.getCategory() == policyIdFromParamId) {
                        plugin.setAttackStrength(attackStrengthFromParamAttack);
                    }
                }
                break;
            case HistoryReference.TYPE_SPIDER_TASK /* 9 */:
                int policyIdFromParamId2 = getPolicyIdFromParamId(jSONObject);
                Plugin.AlertThreshold alertThresholdFromParamAlertThreshold = getAlertThresholdFromParamAlertThreshold(jSONObject);
                for (Plugin plugin2 : Control.getSingleton().getPluginFactory().getAllPlugin()) {
                    if (plugin2.getCategory() == policyIdFromParamId2) {
                        setAlertThresholdToScanner(alertThresholdFromParamAlertThreshold, plugin2);
                    }
                }
                break;
            case HistoryReference.TYPE_SPIDER_AJAX /* 10 */:
                getScannerFromParamId(jSONObject).setAttackStrength(getAttackStrengthFromParamAttack(jSONObject));
                break;
            case HistoryReference.TYPE_AUTHENTICATION /* 11 */:
                setAlertThresholdToScanner(getAlertThresholdFromParamAlertThreshold(jSONObject), getScannerFromParamId(jSONObject));
                break;
            default:
                throw new ApiException(ApiException.Type.BAD_ACTION);
        }
        return ApiResponseElement.OK;
    }

    private void setScannersEnabled(JSONObject jSONObject, boolean z) {
        String[] split = getParam(jSONObject, PARAM_IDS, Constant.USER_AGENT).split(",");
        if (split.length > 0) {
            for (String str : split) {
                try {
                    Plugin plugin = Control.getSingleton().getPluginFactory().getPlugin(Integer.valueOf(str.trim()).intValue());
                    if (plugin != null) {
                        setScannerEnabled(plugin, z);
                    }
                } catch (NumberFormatException e) {
                    log.warn("Failed to parse scanner ID: ", e);
                }
            }
        }
    }

    private static void setScannerEnabled(Plugin plugin, boolean z) {
        plugin.setEnabled(z);
        if (z && plugin.getAlertThreshold() == Plugin.AlertThreshold.OFF) {
            plugin.setAlertThreshold(Plugin.AlertThreshold.DEFAULT);
        }
    }

    private static void setEnabledPolicies(String[] strArr) {
        Control.getSingleton().getPluginFactory().setAllPluginEnabled(false);
        if (strArr.length > 0) {
            for (String str : strArr) {
                try {
                    int intValue = Integer.valueOf(str.trim()).intValue();
                    if (hasPolicyWithId(intValue)) {
                        for (Plugin plugin : Control.getSingleton().getPluginFactory().getAllPlugin()) {
                            if (plugin.getCategory() == intValue) {
                                setScannerEnabled(plugin, true);
                            }
                        }
                    }
                } catch (NumberFormatException e) {
                    log.warn("Failed to parse policy ID: ", e);
                }
            }
        }
    }

    private static boolean hasPolicyWithId(int i) {
        return Arrays.asList(Category.getAllNames()).contains(Category.getName(i));
    }

    private int getPolicyIdFromParamId(JSONObject jSONObject) throws ApiException {
        int param = getParam(jSONObject, PARAM_ID, -1);
        if (param == -1) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_ID);
        }
        if (hasPolicyWithId(param)) {
            return param;
        }
        throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ID);
    }

    private Plugin.AttackStrength getAttackStrengthFromParamAttack(JSONObject jSONObject) throws ApiException {
        try {
            return Plugin.AttackStrength.valueOf(jSONObject.getString(PARAM_ATTACK_STRENGTH).trim().toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ATTACK_STRENGTH);
        }
    }

    private Plugin.AlertThreshold getAlertThresholdFromParamAlertThreshold(JSONObject jSONObject) throws ApiException {
        try {
            return Plugin.AlertThreshold.valueOf(jSONObject.getString(PARAM_ALERT_THRESHOLD).trim().toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ALERT_THRESHOLD);
        }
    }

    private static void setAlertThresholdToScanner(Plugin.AlertThreshold alertThreshold, Plugin plugin) {
        plugin.setAlertThreshold(alertThreshold);
        plugin.setEnabled(!Plugin.AlertThreshold.OFF.equals(alertThreshold));
    }

    private Plugin getScannerFromParamId(JSONObject jSONObject) throws ApiException {
        int param = getParam(jSONObject, PARAM_ID, -1);
        if (param == -1) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_ID);
        }
        Plugin plugin = Control.getSingleton().getPluginFactory().getPlugin(param);
        if (plugin == null) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ID);
        }
        return plugin;
    }

    private void scanURL(String str, boolean z, boolean z2) throws ApiException {
        if (this.activeScan != null && !this.activeScan.isStopped()) {
            throw new ApiException(ApiException.Type.SCAN_IN_PROGRESS);
        }
        try {
            SiteNode findNode = Model.getSingleton().getSession().getSiteTree().findNode(new URI(str, true));
            if (findNode == null) {
                throw new ApiException(ApiException.Type.URL_NOT_FOUND);
            }
            this.activeScan = new ActiveScan(str, this.extension.getScannerParam(), this.extension.getModel().getOptionsParam().getConnectionParam(), null, Control.getSingleton().getPluginFactory().m26clone());
            this.progress = 0;
            this.activeScan.setJustScanInScope(z2);
            this.activeScan.addScannerListener(this);
            this.activeScan.setStartNode(findNode);
            this.activeScan.setScanChildren(z);
            this.activeScan.start();
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.URL_NOT_FOUND);
        }
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiView(String str, JSONObject jSONObject) throws ApiException {
        ApiResponse apiResponse;
        boolean z = -1;
        switch (str.hashCode()) {
            case -933804751:
                if (str.equals(VIEW_EXCLUDED_FROM_SCAN)) {
                    z = true;
                    break;
                }
                break;
            case -892481550:
                if (str.equals(VIEW_STATUS)) {
                    z = false;
                    break;
                }
                break;
            case -889730507:
                if (str.equals(VIEW_SCANNERS)) {
                    z = 2;
                    break;
                }
                break;
            case 546894160:
                if (str.equals(VIEW_POLICIES)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                apiResponse = new ApiResponseElement(str, String.valueOf(this.progress));
                break;
            case true:
                apiResponse = new ApiResponseList(str);
                Iterator<String> it = Model.getSingleton().getSession().getExcludeFromScanRegexs().iterator();
                while (it.hasNext()) {
                    ((ApiResponseList) apiResponse).addItem(new ApiResponseElement(PARAM_REGEX, it.next()));
                }
                break;
            case true:
                List<Plugin> allPlugin = Control.getSingleton().getPluginFactory().getAllPlugin();
                int param = getParam(jSONObject, PARAM_POLICY_ID, -1);
                if (param != -1 && !hasPolicyWithId(param)) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_POLICY_ID);
                }
                ApiResponseList apiResponseList = new ApiResponseList(str);
                for (Plugin plugin : allPlugin) {
                    if (param == -1 || param == plugin.getCategory()) {
                        HashMap hashMap = new HashMap();
                        hashMap.put(PARAM_ID, String.valueOf(plugin.getId()));
                        hashMap.put("name", plugin.getName());
                        hashMap.put("cweId", String.valueOf(plugin.getCweId()));
                        hashMap.put("wascId", String.valueOf(plugin.getWascId()));
                        hashMap.put(PARAM_ATTACK_STRENGTH, String.valueOf(plugin.getAttackStrength(true)));
                        hashMap.put(PARAM_ALERT_THRESHOLD, String.valueOf(plugin.getAlertThreshold(true)));
                        hashMap.put(PARAM_POLICY_ID, String.valueOf(plugin.getCategory()));
                        hashMap.put("enabled", String.valueOf(plugin.isEnabled()));
                        apiResponseList.addItem(new ApiResponseSet("scanner", hashMap));
                    }
                }
                apiResponse = apiResponseList;
                break;
                break;
            case true:
                String[] allNames = Category.getAllNames();
                ApiResponseList apiResponseList2 = new ApiResponseList(str);
                for (String str2 : allNames) {
                    int category = Category.getCategory(str2);
                    Plugin.AttackStrength policyAttackStrength = getPolicyAttackStrength(category);
                    Plugin.AlertThreshold policyAlertThreshold = getPolicyAlertThreshold(category);
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(PARAM_ID, String.valueOf(category));
                    hashMap2.put("name", str2);
                    hashMap2.put(PARAM_ATTACK_STRENGTH, policyAttackStrength == null ? Constant.USER_AGENT : String.valueOf(policyAttackStrength));
                    hashMap2.put(PARAM_ALERT_THRESHOLD, policyAlertThreshold == null ? Constant.USER_AGENT : String.valueOf(policyAlertThreshold));
                    hashMap2.put("enabled", String.valueOf(isPolicyEnabled(category)));
                    apiResponseList2.addItem(new ApiResponseSet("policy", hashMap2));
                }
                apiResponse = apiResponseList2;
                break;
            default:
                throw new ApiException(ApiException.Type.BAD_VIEW);
        }
        return apiResponse;
    }

    private static boolean isPolicyEnabled(int i) {
        for (Plugin plugin : Control.getSingleton().getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i && !plugin.isEnabled()) {
                return false;
            }
        }
        return true;
    }

    private Plugin.AttackStrength getPolicyAttackStrength(int i) {
        Plugin.AttackStrength attackStrength = null;
        for (Plugin plugin : Control.getSingleton().getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i) {
                if (attackStrength == null) {
                    attackStrength = plugin.getAttackStrength(true);
                } else if (!attackStrength.equals(plugin.getAttackStrength(true))) {
                    return null;
                }
            }
        }
        return attackStrength;
    }

    private Plugin.AlertThreshold getPolicyAlertThreshold(int i) {
        Plugin.AlertThreshold alertThreshold = null;
        for (Plugin plugin : Control.getSingleton().getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i) {
                if (alertThreshold == null) {
                    alertThreshold = plugin.getAlertThreshold(true);
                } else if (!alertThreshold.equals(plugin.getAlertThreshold(true))) {
                    return null;
                }
            }
        }
        return alertThreshold;
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void alertFound(Alert alert) {
        ExtensionAlert extensionAlert = (ExtensionAlert) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAlert.NAME);
        if (extensionAlert != null) {
            extensionAlert.alertFound(alert, alert.getHistoryRef());
        }
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void hostComplete(String str) {
        this.activeScan.reset();
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void hostNewScan(String str, HostProcess hostProcess) {
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void hostProgress(String str, String str2, int i) {
        this.progress = i;
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void notifyNewMessage(HttpMessage httpMessage) {
    }

    @Override // org.parosproxy.paros.core.scanner.ScannerListener
    public void scannerComplete() {
    }
}
