package org.zaproxy.zap.extension.fuzz.impl.http;

import java.io.IOException;
import java.util.ArrayList;
import org.apache.commons.httpclient.HttpException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.extension.encoder.Encoder;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpSender;
import org.zaproxy.zap.extension.anticsrf.AntiCsrfToken;
import org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF;
import org.zaproxy.zap.extension.fuzz.AbstractFuzzProcess;
import org.zaproxy.zap.extension.fuzz.FuzzResult;
import org.zaproxy.zap.extension.httppanel.view.FuzzableMessage;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/fuzz/impl/http/HttpFuzzProcess.class */
public class HttpFuzzProcess extends AbstractFuzzProcess {
    private static final Logger logger = Logger.getLogger(HttpFuzzProcess.class);
    private HttpSender httpSender;
    private FuzzableMessage fuzzableHttpMessage;
    private Encoder encoder;
    private boolean urlEncode;
    private ExtensionAntiCSRF extAntiCSRF;
    private AntiCsrfToken acsrfToken;
    private boolean showTokenRequests;

    public HttpFuzzProcess(HttpSender httpSender, FuzzableMessage fuzzableMessage, ExtensionAntiCSRF extensionAntiCSRF, AntiCsrfToken antiCsrfToken, boolean z, boolean z2, Encoder encoder) {
        this.httpSender = httpSender;
        this.fuzzableHttpMessage = fuzzableMessage;
        this.acsrfToken = antiCsrfToken;
        this.showTokenRequests = z;
        this.urlEncode = z2;
        this.extAntiCSRF = extensionAntiCSRF;
        this.encoder = encoder;
    }

    @Override // org.zaproxy.zap.extension.fuzz.AbstractFuzzProcess
    public FuzzResult fuzz(String str) {
        String str2 = null;
        HttpFuzzResult httpFuzzResult = new HttpFuzzResult();
        if (this.acsrfToken != null) {
            try {
                HttpMessage cloneAll = this.acsrfToken.getMsg().cloneAll();
                this.httpSender.sendAndReceive(cloneAll);
                str2 = this.extAntiCSRF.getTokenValue(cloneAll, this.acsrfToken.getName());
                if (this.showTokenRequests) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(cloneAll);
                    httpFuzzResult.setTokenRequestMessages(arrayList);
                }
            } catch (HttpException e) {
                logger.error(e.getMessage(), e);
            } catch (IOException e2) {
                logger.error(e2.getMessage(), e2);
            }
        }
        try {
            HttpMessage httpMessage = (HttpMessage) this.fuzzableHttpMessage.fuzz(this.urlEncode ? this.encoder.getURLEncode(str) : str);
            httpMessage.setNote(str);
            if (str2 != null) {
                httpMessage.setRequestBody(httpMessage.getRequestBody().toString().replace(this.encoder.getURLEncode(this.acsrfToken.getValue()), this.encoder.getURLEncode(str2)));
            }
            httpMessage.getRequestHeader().setContentLength(httpMessage.getRequestBody().length());
            try {
                this.httpSender.sendAndReceive(httpMessage);
                if (isFuzzStringReflected(httpMessage, str)) {
                    httpFuzzResult.setState(FuzzResult.State.REFLECTED);
                }
            } catch (HttpException e3) {
                logger.error(e3.getMessage(), e3);
                httpFuzzResult.setState(FuzzResult.State.ERROR);
            } catch (IOException e4) {
                logger.error(e4.getMessage(), e4);
                httpFuzzResult.setState(FuzzResult.State.ERROR);
            }
            httpFuzzResult.setMessage(httpMessage);
            return httpFuzzResult;
        } catch (Exception e5) {
            HttpMessage cloneRequest = ((HttpMessage) this.fuzzableHttpMessage.getMessage()).cloneRequest();
            cloneRequest.setNote(str);
            httpFuzzResult.setMessage(cloneRequest);
            httpFuzzResult.setState(FuzzResult.State.ERROR);
            return httpFuzzResult;
        }
    }

    private boolean isFuzzStringReflected(HttpMessage httpMessage, String str) {
        return httpMessage.getResponseBody().toString().indexOf(str, ((HttpMessage) this.fuzzableHttpMessage.getMessage()).getResponseBody().toString().indexOf(str)) != -1;
    }
}
