package io.jenkinsci.security;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.SchemeRequirement;
import com.jcraft.jsch.ChannelExec;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import hudson.EnvVars;
import hudson.Extension;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.slaves.EnvironmentVariablesNodeProperty;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.DescribableList;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.StreamTaskListener;
import io.jenkinsci.security.analysis.DASTAnalysis;
import io.jenkinsci.security.analysis.SASTAnalysis;
import java.io.BufferedReader;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import lombok.NonNull;
import net.sf.json.JSONObject;
import org.jenkinsci.plugins.jsch.JSchConnector;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:io/jenkinsci/security/WsapBuilder.class */
public class WsapBuilder extends Builder implements SimpleBuildStep, ConsoleSupport {
    private static final int SSH_PORT = 22;
    private String targetUrl;
    private String envVar;
    private String credentialsId;
    private String wsapLocation;
    private String ipAddress;
    private int port;
    public SASTAnalysis sastAnalysis;
    public DASTAnalysis dastAnalysis;
    public static final SchemeRequirement SSH_SCHEME = new SchemeRequirement("ssh");

    @Extension
    /* loaded from: input_file:io/jenkinsci/security/WsapBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        private String WSAP_LOCATION;
        private String TARGET_URL;
        private String ENV_VAR;
        private String SCANNER_IP;
        private String SCANNER_PORT;

        public DescriptorImpl() {
            load();
        }

        public synchronized void load() {
            this.WSAP_LOCATION = "WSAP_LOCATION_DIRECTORY/wsap";
            this.TARGET_URL = "http://TARGET_URL";
            this.ENV_VAR = "DEFINE_ME";
            this.SCANNER_IP = "127.0.0.1";
            this.SCANNER_PORT = "8010";
            super.load();
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup itemGroup, @QueryParameter String str) {
            return new StandardListBoxModel().includeEmptyValue().includeAs(ACL.SYSTEM, itemGroup, SSHUserPrivateKey.class, Collections.singletonList(WsapBuilder.SSH_SCHEME)).includeCurrentValue(str);
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        @NonNull
        public String getDisplayName() {
            return "Web Security Application Project (WSAP)";
        }

        public FormValidation doCheckPort(@QueryParameter String str) {
            try {
                return Long.parseLong(str) < 0 ? FormValidation.error("Please enter a positive number") : FormValidation.ok();
            } catch (Exception e) {
                return FormValidation.error("Please enter a valid number");
            }
        }

        public FormValidation doCheckScanMethod(@QueryParameter String str) {
            return FormValidation.error(str);
        }

        public FormValidation doCheckTargetUrl(@QueryParameter String str) {
            try {
                new URL(str).toURI();
                return FormValidation.ok();
            } catch (MalformedURLException | URISyntaxException e) {
                return FormValidation.error(e.getMessage());
            }
        }

        public FormValidation doCheckCredentialId(@QueryParameter String str) {
            return (str == null || str.isEmpty()) ? FormValidation.error("Please provide a credentialsID") : FormValidation.ok();
        }

        public String getWSAP_LOCATION() {
            return this.WSAP_LOCATION;
        }

        public void setWSAP_LOCATION(String str) {
            this.WSAP_LOCATION = str;
        }

        public String getTARGET_URL() {
            return this.TARGET_URL;
        }

        public void setTARGET_URL(String str) {
            this.TARGET_URL = str;
        }

        public String getENV_VAR() {
            return this.ENV_VAR;
        }

        public void setENV_VAR(String str) {
            this.ENV_VAR = str;
        }

        public String getSCANNER_IP() {
            return this.SCANNER_IP;
        }

        public void setSCANNER_IP(String str) {
            this.SCANNER_IP = str;
        }

        public String getSCANNER_PORT() {
            return this.SCANNER_PORT;
        }

        public void setSCANNER_PORT(String str) {
            this.SCANNER_PORT = str;
        }
    }

    @DataBoundConstructor
    public WsapBuilder(String str, String str2, String str3, String str4, String str5, int i, String str6, SASTAnalysis sASTAnalysis, DASTAnalysis dASTAnalysis) {
        this.wsapLocation = str;
        this.targetUrl = str4;
        this.credentialsId = str3;
        this.envVar = str2;
        this.ipAddress = str5;
        this.port = i;
        this.sastAnalysis = sASTAnalysis;
        this.dastAnalysis = dASTAnalysis;
    }

    @Override // io.jenkinsci.security.ConsoleSupport
    public JSONObject generateJSON() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("target.url", this.targetUrl);
        jSONObject.put("scanner.ip", this.ipAddress);
        jSONObject.put("scanner.port", Integer.valueOf(this.port));
        jSONObject.put("sastAnalysis", this.sastAnalysis.generateJSON());
        jSONObject.put("dastAnalysis", this.dastAnalysis.generateJSON());
        return jSONObject;
    }

    public void createGlobalEnvironmentVariables(String str, String str2) throws IOException {
        EnvVars envVars;
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull == null) {
            throw new IOException("Unable to load Jenkins instance");
        }
        DescribableList globalNodeProperties = instanceOrNull.getGlobalNodeProperties();
        if (globalNodeProperties == null) {
            throw new IOException("Unable to load global node properties");
        }
        List all = globalNodeProperties.getAll(EnvironmentVariablesNodeProperty.class);
        if (all == null || all.size() == 0) {
            EnvironmentVariablesNodeProperty environmentVariablesNodeProperty = new EnvironmentVariablesNodeProperty(new EnvironmentVariablesNodeProperty.Entry[0]);
            globalNodeProperties.add(environmentVariablesNodeProperty);
            envVars = environmentVariablesNodeProperty.getEnvVars();
        } else {
            envVars = ((EnvironmentVariablesNodeProperty) all.get(0)).getEnvVars();
        }
        envVars.put(str, str2);
        instanceOrNull.save();
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        StandardUsernameCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, SSHUserPrivateKey.class, abstractBuild, new DomainRequirement[]{SSH_SCHEME});
        if (findCredentialById == null) {
            String str = "Credentials with id '" + this.credentialsId + "', no longer exist!";
            buildListener.getLogger().println(str);
            throw new InterruptedException(str);
        }
        String username = findCredentialById.getUsername();
        JSchConnector jSchConnector = new JSchConnector(username, this.ipAddress, SSH_PORT);
        buildListener.getLogger().println("Successfully created Connector");
        SSHAuthenticator.newInstance(jSchConnector, findCredentialById).authenticate(new StreamTaskListener(buildListener.getLogger(), Charset.defaultCharset()));
        Session session = jSchConnector.getSession();
        Properties properties = new Properties();
        properties.put("StrictHostKeyChecking", "no");
        properties.put("PreferredAuthentications", "publickey");
        session.setConfig(properties);
        try {
            session.connect();
            if (!session.isConnected()) {
                throw new JSchException("Not connected to an open session");
            }
            launchWASPServer(buildListener, session, username);
            try {
                buildListener.getLogger().println("Waiting for server to be available");
                Thread.sleep(20000L);
            } catch (InterruptedException e) {
                e.printStackTrace();
            }
            JSONObject sendingWSAPParams = sendingWSAPParams(buildListener);
            if (sendingWSAPParams != null) {
                generateCriticalEnvVariables(buildListener, sendingWSAPParams);
            }
            return true;
        } catch (JSchException e2) {
            throw new InterruptedException(e2.getMessage());
        }
    }

    private void generateCriticalEnvVariables(BuildListener buildListener, JSONObject jSONObject) throws IOException {
        createGlobalEnvironmentVariables(this.envVar.toUpperCase(), this.targetUrl);
        buildListener.getLogger().println(String.format("Created variable %s with the targetUrl", this.envVar.toUpperCase()));
        Iterator keys = jSONObject.keys();
        while (keys.hasNext()) {
            String str = (String) keys.next();
            JSONObject jSONObject2 = jSONObject.getJSONObject(str);
            Iterator keys2 = jSONObject2.keys();
            String str2 = this.envVar + "_" + str;
            if (keys2.hasNext()) {
                createGlobalEnvironmentVariables(str2.toUpperCase(), jSONObject2.getString((String) keys2.next()));
                buildListener.getLogger().println(String.format("Created variable %s with the amount of critical vulnerabilities found", str2.toUpperCase()));
            } else {
                createGlobalEnvironmentVariables(str2.toUpperCase(), "No data");
                buildListener.getLogger().println(String.format("Created variable %s, but no report was found", str2.toUpperCase()));
            }
        }
    }

    public void launchWASPServer(BuildListener buildListener, Session session, String str) throws JSchException {
        buildListener.getLogger().println(String.format("Attempting to ssh as: %s", str));
        String format = String.format("python3 %s/main.py --server %s", this.wsapLocation, 9999);
        buildListener.getLogger().println(format);
        ChannelExec openChannel = session.openChannel("exec");
        openChannel.setPty(true);
        openChannel.setCommand(format);
        openChannel.setInputStream((InputStream) null);
        openChannel.setErrStream(System.err);
        openChannel.connect();
        buildListener.getLogger().println("WASP instance was successfully initialized");
        openChannel.disconnect();
    }

    public JSONObject sendingWSAPParams(BuildListener buildListener) throws IOException, JSchException {
        JSONObject jSONObject = null;
        buildListener.getLogger().println("Trying to connect on ip: " + this.ipAddress + ":9999");
        Socket socket = new Socket(this.ipAddress, 9999);
        if (socket.isConnected()) {
            buildListener.getLogger().println("Connected");
            DataInputStream dataInputStream = new DataInputStream(socket.getInputStream());
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(socket.getInputStream(), Charset.forName("UTF-8")));
            JSONObject generateJSON = generateJSON();
            buildListener.getLogger().println("Sending defined parameters to WSAP instance");
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(socket.getOutputStream(), StandardCharsets.UTF_8);
            outputStreamWriter.write(generateJSON.toString());
            outputStreamWriter.flush();
            buildListener.getLogger().println("Waiting for server response... May take a few hours");
            StringBuffer stringBuffer = new StringBuffer();
            boolean z = false;
            while (!z) {
                stringBuffer.append((char) bufferedReader.read());
                if (Utils.isJSONValid(stringBuffer.toString())) {
                    JSONObject fromObject = JSONObject.fromObject(stringBuffer.toString());
                    if (fromObject.containsKey("info")) {
                        buildListener.getLogger().println(fromObject.get("info"));
                    } else {
                        z = true;
                        if (fromObject.containsKey("error")) {
                            throw new IOException(fromObject.get("error").toString());
                        }
                        jSONObject = fromObject;
                    }
                    stringBuffer.setLength(0);
                }
            }
            bufferedReader.close();
            dataInputStream.close();
            socket.close();
            Iterator keys = jSONObject.keys();
            while (keys.hasNext()) {
                String str = (String) keys.next();
                buildListener.getLogger().println("\n" + str);
                JSONObject jSONObject2 = jSONObject.getJSONObject(str);
                Iterator keys2 = jSONObject2.keys();
                if (!keys2.hasNext()) {
                    buildListener.getLogger().println(String.format("- No report found", new Object[0]));
                }
                while (keys2.hasNext()) {
                    String str2 = (String) keys2.next();
                    buildListener.getLogger().println(String.format("- %s [%s]", str2, String.valueOf(jSONObject2.get(str2))));
                }
            }
        }
        return jSONObject;
    }

    public String getTargetUrl() {
        return this.targetUrl;
    }

    public void setTargetUrl(String str) {
        this.targetUrl = str;
    }

    public String getEnvVar() {
        return this.envVar;
    }

    public void setEnvVar(String str) {
        this.envVar = str;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    public String getWsapLocation() {
        return this.wsapLocation;
    }

    public void setWsapLocation(String str) {
        this.wsapLocation = str;
    }

    public String getIpAddress() {
        return this.ipAddress;
    }

    public void setIpAddress(String str) {
        this.ipAddress = str;
    }

    public int getPort() {
        return this.port;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public SASTAnalysis getSastAnalysis() {
        return this.sastAnalysis;
    }

    public void setSastAnalysis(SASTAnalysis sASTAnalysis) {
        this.sastAnalysis = sASTAnalysis;
    }

    public DASTAnalysis getDastAnalysis() {
        return this.dastAnalysis;
    }

    public void setDastAnalysis(DASTAnalysis dASTAnalysis) {
        this.dastAnalysis = dASTAnalysis;
    }
}
