package org.jenkinsci.plugins.scriptler;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.Util;
import hudson.markup.MarkupFormatter;
import hudson.markup.RawHtmlMarkupFormatter;
import hudson.model.Failure;
import hudson.model.Item;
import hudson.model.ManagementLink;
import hudson.model.RootAction;
import hudson.security.Permission;
import jakarta.servlet.ServletException;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jenkins.model.Jenkins;
import org.apache.commons.fileupload2.core.FileItem;
import org.jenkinsci.plugins.scriptler.config.Parameter;
import org.jenkinsci.plugins.scriptler.config.Script;
import org.jenkinsci.plugins.scriptler.config.ScriptlerConfiguration;
import org.jenkinsci.plugins.scriptler.git.GitScriptlerRepository;
import org.jenkinsci.plugins.scriptler.share.CatalogInfo;
import org.jenkinsci.plugins.scriptler.share.ScriptInfo;
import org.jenkinsci.plugins.scriptler.share.ScriptInfoCatalog;
import org.jenkinsci.plugins.scriptler.util.ScriptHelper;
import org.jenkinsci.plugins.scriptler.util.UIHelper;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.ForwardToView;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest2;
import org.kohsuke.stapler.StaplerResponse2;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
/* loaded from: input_file:org/jenkinsci/plugins/scriptler/ScriptlerManagement.class */
public class ScriptlerManagement extends ManagementLink implements RootAction {
    private static final String INVALID_PATH = "Invalid file path received: ";
    private static final String INDEX = "index";
    private static final String NOT_APPROVED_YET = "notApprovedYet";
    private static final String CAN_BYPASS_APPROVAL = "canByPassScriptApproval";
    private static final String SCRIPT = "script";
    private static final Logger LOGGER = Logger.getLogger(ScriptlerManagement.class.getName());
    private static final MarkupFormatter INSTANCE = RawHtmlMarkupFormatter.INSTANCE;

    public Permission getScriptlerRunScripts() {
        return ScriptlerPermissions.RUN_SCRIPTS;
    }

    public Permission getScriptlerConfigure() {
        return ScriptlerPermissions.CONFIGURE;
    }

    public boolean hasAtLeastOneScriptlerPermission() {
        return Jenkins.get().hasPermission(ScriptlerPermissions.RUN_SCRIPTS) || Jenkins.get().hasPermission(ScriptlerPermissions.CONFIGURE);
    }

    public void checkAtLeastOneScriptlerPermission() {
        if (Jenkins.get().hasPermission(ScriptlerPermissions.RUN_SCRIPTS)) {
            return;
        }
        Jenkins.get().checkPermission(ScriptlerPermissions.CONFIGURE);
    }

    public String getIconFileName() {
        if (hasAtLeastOneScriptlerPermission()) {
            return "symbol-file-tray-stacked-outline plugin-ionicons-api";
        }
        return null;
    }

    @NonNull
    public ManagementLink.Category getCategory() {
        return ManagementLink.Category.CONFIGURATION;
    }

    public String getUrlName() {
        return "scriptler";
    }

    public boolean disableRemoteCatalog() {
        return getConfiguration().isDisableRemoteCatalog();
    }

    public String getDisplayName() {
        return Messages.display_name();
    }

    public String getDescription() {
        return Messages.description();
    }

    public ScriptlerManagement getScriptler() {
        return this;
    }

    public ScriptlerConfiguration getConfiguration() {
        return ScriptlerConfiguration.getConfiguration();
    }

    public MarkupFormatter getMarkupFormatter() {
        return INSTANCE;
    }

    @RequirePOST
    public HttpResponse doScriptlerSettings(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("disableRemoteCatalog") boolean z) throws IOException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        ScriptlerConfiguration configuration = getConfiguration();
        configuration.setDisableRemoteCatalog(z);
        configuration.save();
        return new HttpRedirect("settings");
    }

    @RequirePOST
    public HttpResponse doDownloadScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str, @QueryParameter("catalog") String str2) throws IOException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        if (getConfiguration().isDisableRemoteCatalog()) {
            return new HttpRedirect(INDEX);
        }
        for (ScriptInfoCatalog<ScriptInfo> scriptInfoCatalog : getCatalogs()) {
            if (str2.equals(scriptInfoCatalog.getInfo().name)) {
                ScriptInfo entryById = scriptInfoCatalog.getEntryById(str);
                String scriptSource = scriptInfoCatalog.getScriptSource(scriptInfoCatalog.getEntryById(str));
                ArrayList arrayList = new ArrayList();
                Iterator<String> it = entryById.getParameters().iterator();
                while (it.hasNext()) {
                    arrayList.add(new Parameter(it.next(), null));
                }
                return new HttpRedirect("editScript?id=" + saveScriptAndForward(str, entryById.getName(), entryById.getComment(), scriptSource, false, false, str2, str, arrayList));
            }
        }
        ForwardToView forwardToView = new ForwardToView(this, "catalog.jelly");
        forwardToView.with("message", Messages.download_failed(str, str2));
        forwardToView.with("catName", str2);
        return forwardToView;
    }

    @RequirePOST
    public HttpResponse doScriptAdd(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str, @QueryParameter("name") String str2, @QueryParameter("comment") String str3, @QueryParameter("script") String str4, @QueryParameter("nonAdministerUsing") boolean z, @QueryParameter("onlyBuiltIn") boolean z2, String str5, String str6) throws IOException, ServletException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        saveScriptAndForward(str, str2, str3, str4, z, z2, str5, str6, UIHelper.extractParameters(staplerRequest2.getSubmittedForm()));
        return new HttpRedirect(INDEX);
    }

    private String saveScriptAndForward(String str, String str2, String str3, String str4, boolean z, boolean z2, String str5, String str6, @NonNull List<Parameter> list) throws IOException {
        String str7 = str4 == null ? "TODO" : str4;
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("'id' must not be empty!");
        }
        String str8 = str2 == null ? str : str2;
        String fixFileName = fixFileName(str5, str);
        Path scriptDirectory2 = getScriptDirectory2();
        Path resolve = scriptDirectory2.resolve(fixFileName);
        if (!Util.isDescendant(scriptDirectory2.toFile(), resolve.toFile())) {
            LOGGER.log(Level.WARNING, "Folder traversal detected, file path received: {0}, after fixing: {1}", new Object[]{str, fixFileName});
            throw new IOException("Invalid file path received: " + str);
        }
        ScriptHelper.writeScriptToFile(resolve, str7);
        commitFileToGitRepo(fixFileName);
        ScriptHelper.putScriptInApprovalQueueIfRequired(str7);
        Script script = (str6 == null || str6.isEmpty()) ? new Script(fixFileName, str8, str3, z, list, z2) : new Script(fixFileName, str8, str3, true, str5, str6, new SimpleDateFormat("dd MMM yyyy HH:mm:ss a").format(new Date()), list);
        ScriptlerConfiguration configuration = getConfiguration();
        configuration.addOrReplace(script);
        configuration.save();
        return fixFileName;
    }

    private void commitFileToGitRepo(String str) {
        getGitRepo().addSingleFileToRepo(str);
    }

    @Restricted({NoExternalUse.class})
    public GitScriptlerRepository getGitRepo() {
        return (GitScriptlerRepository) ExtensionList.lookupSingleton(GitScriptlerRepository.class);
    }

    @RequirePOST
    public HttpResponse doHardResetGit() throws IOException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        getGitRepo().hardReset();
        return new HttpRedirect("../scriptler.git");
    }

    @RequirePOST
    public HttpResponse doRemoveScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str) throws IOException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        Path scriptDirectory2 = getScriptDirectory2();
        Path resolve = scriptDirectory2.resolve(str);
        if (!Util.isDescendant(scriptDirectory2.toFile(), resolve.toFile())) {
            LOGGER.log(Level.WARNING, "Folder traversal detected, file path received: {0}, after fixing: {1}", new Object[]{str, resolve});
            throw new Failure("Invalid file path received: " + str);
        }
        try {
            Files.delete(resolve);
            try {
                getGitRepo().rmSingleFileToRepo(str);
                ScriptlerConfiguration configuration = getConfiguration();
                configuration.removeScript(str);
                configuration.save();
                return new HttpRedirect(INDEX);
            } catch (IllegalStateException e) {
                throw new IOException("failed to update git repo", e);
            }
        } catch (IOException e2) {
            Failure failure = new Failure("not able to delete " + resolve);
            failure.initCause(e2);
            throw failure;
        }
    }

    @RequirePOST
    public HttpResponse doUploadScript(StaplerRequest2 staplerRequest2) throws IOException, ServletException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        try {
            FileItem<?> fileItem2 = staplerRequest2.getFileItem2("file");
            boolean z = staplerRequest2.getSubmittedForm().getBoolean("nonAdministerUsing");
            String fileName = Util.getFileName(fileItem2.getName());
            if (fileName.isEmpty()) {
                return new HttpRedirect(".");
            }
            saveScript(fileItem2, z, fileName);
            return new HttpRedirect(INDEX);
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
    }

    void saveScript(FileItem<?> fileItem, boolean z, String str) throws IOException {
        String fixFileName = fixFileName(null, str);
        try {
            if (Paths.get(fixFileName, new String[0]).isAbsolute()) {
                LOGGER.log(Level.WARNING, "Folder traversal detected, file path received: {0}, after fixing: {1}. Seems to be an attempt to use absolute path instead of relative one", new Object[]{str, fixFileName});
                throw new IOException("Invalid file path received: " + str);
            }
            Path scriptDirectory2 = getScriptDirectory2();
            Path resolve = scriptDirectory2.resolve(fixFileName);
            if (!Util.isDescendant(scriptDirectory2.toFile(), resolve.toFile())) {
                LOGGER.log(Level.WARNING, "Folder traversal detected, file path received: {0}, after fixing: {1}. Seems to be an attempt to use folder escape.", new Object[]{str, fixFileName});
                throw new IOException("Invalid file path received: " + str);
            }
            fileItem.write(resolve);
            commitFileToGitRepo(fixFileName);
            Script script = ScriptHelper.getScript(fixFileName, false);
            if (script == null) {
                script = new Script(fixFileName, fixFileName, true, z, false);
            }
            ScriptHelper.putScriptInApprovalQueueIfRequired(ScriptHelper.readScriptFromFile(resolve));
            getConfiguration().addOrReplace(script);
        } catch (InvalidPathException e) {
            throw new IOException("Invalid file path received: " + str, e);
        }
    }

    public void doRunScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str) throws IOException, ServletException {
        checkPermission(ScriptlerPermissions.RUN_SCRIPTS);
        Script script = ScriptHelper.getScript(str, true);
        if (script == null) {
            throw new IOException(Messages.scriptNotFound(str));
        }
        if (script.getScriptText() == null) {
            staplerRequest2.setAttribute("scriptNotFound", true);
        } else {
            boolean hasPermission = Jenkins.get().hasPermission(ScriptlerPermissions.BYPASS_APPROVAL);
            if (!ScriptHelper.isApproved(script.getScriptText(), false)) {
                staplerRequest2.setAttribute(NOT_APPROVED_YET, true);
            }
            staplerRequest2.setAttribute(CAN_BYPASS_APPROVAL, Boolean.valueOf(hasPermission));
        }
        staplerRequest2.setAttribute(SCRIPT, script);
        staplerRequest2.setAttribute("currentNode", NodeNames.BUILT_IN);
        staplerRequest2.getView(this, "runScript.jelly").forward(staplerRequest2, staplerResponse2);
    }

    @RequirePOST
    public void doTriggerScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str, @QueryParameter("script") String str2, @QueryParameter("node") String str3) throws IOException, ServletException {
        String str4;
        checkPermission(ScriptlerPermissions.RUN_SCRIPTS);
        List<Parameter> extractParameters = UIHelper.extractParameters(staplerRequest2.getSubmittedForm());
        boolean hasPermission = Jenkins.get().hasPermission(ScriptlerPermissions.BYPASS_APPROVAL);
        Script script = ScriptHelper.getScript(str, true);
        if (script == null) {
            staplerResponse2.sendError(404, "No script found for id=" + str);
            return;
        }
        String scriptText = script.getScriptText();
        Script copy = script.copy();
        if (scriptText == null || !scriptText.equals(str2)) {
            copy.setScriptText(str2);
            ScriptHelper.putScriptInApprovalQueueIfRequired(str2);
        } else {
            copy.setScriptText(scriptText);
        }
        if (ScriptHelper.isApproved(str2)) {
            str4 = ScriptHelper.runScript(resolveComputerNames(str3), str2, extractParameters);
        } else {
            LOGGER.log(Level.WARNING, "Script {0} was not approved yet, consider asking your administrator to approve it.", str);
            str4 = null;
            staplerRequest2.setAttribute(NOT_APPROVED_YET, true);
        }
        copy.setParameters(extractParameters);
        staplerRequest2.setAttribute(SCRIPT, copy);
        staplerRequest2.setAttribute("currentNode", str3);
        staplerRequest2.setAttribute("output", str4);
        staplerRequest2.setAttribute(CAN_BYPASS_APPROVAL, Boolean.valueOf(hasPermission));
        staplerRequest2.getView(this, "runScript.jelly").forward(staplerRequest2, staplerResponse2);
    }

    @RequirePOST
    public void doRun(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter(fixEmpty = true) String str, @QueryParameter(fixEmpty = true) String str2, @QueryParameter(fixEmpty = true) String str3) throws IOException, ServletException {
        checkPermission(ScriptlerPermissions.RUN_SCRIPTS);
        String restOfPath = staplerRequest2.getRestOfPath();
        if (restOfPath.startsWith("/")) {
            restOfPath = restOfPath.substring(1);
        }
        if (restOfPath.isEmpty()) {
            throw new IOException("Please specify a script id. Use /scriptler/run/<yourScriptId>");
        }
        Script script = ScriptHelper.getScript(restOfPath, true);
        if (script == null) {
            throw new IOException("Unknown script: " + restOfPath + ". Use /scriptler/run/<yourScriptId>");
        }
        if (str == null) {
            str = script.getScriptText();
        }
        if (!ScriptHelper.isApproved(str)) {
            LOGGER.log(Level.WARNING, "Script {0} was not approved yet, consider asking your administrator to approve it.", restOfPath);
            staplerResponse2.sendError(403, "Script not approved yet, consider asking your administrator to approve it.");
            return;
        }
        Collection<Parameter> prepareParameters = prepareParameters(staplerRequest2, script);
        staplerResponse2.setContentType(str3 == null ? "text/plain" : str3);
        List<String> resolveComputerNames = resolveComputerNames(str2 == null ? NodeNames.BUILT_IN : str2);
        if (resolveComputerNames.size() > 1) {
            staplerResponse2.getOutputStream().print(ScriptHelper.runScript(resolveComputerNames, str, prepareParameters));
        } else {
            staplerResponse2.getOutputStream().print(ScriptHelper.runScript(resolveComputerNames.get(0), str, prepareParameters));
        }
    }

    @NonNull
    private Collection<Parameter> prepareParameters(StaplerRequest2 staplerRequest2, Script script) {
        HashMap hashMap = new HashMap();
        for (Parameter parameter : script.getParameters()) {
            hashMap.put(parameter.getName(), parameter);
        }
        for (Map.Entry entry : staplerRequest2.getParameterMap().entrySet()) {
            if (hashMap.containsKey(entry.getKey())) {
                hashMap.put((String) entry.getKey(), new Parameter((String) entry.getKey(), ((String[]) entry.getValue())[0]));
            }
        }
        return hashMap.values();
    }

    private List<String> resolveComputerNames(String str) {
        List<String> computerNames;
        String normalizeNodeName = NodeNames.normalizeNodeName(str);
        if (normalizeNodeName.equalsIgnoreCase(NodeNames.ALL) || normalizeNodeName.equalsIgnoreCase(NodeNames.ALL_AGENTS)) {
            computerNames = getComputerNames();
            if (normalizeNodeName.equalsIgnoreCase(NodeNames.ALL)) {
                computerNames.add(NodeNames.BUILT_IN);
            }
        } else {
            computerNames = List.of(normalizeNodeName);
        }
        return computerNames;
    }

    public void doShowScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @AncestorInPath Item item, @QueryParameter("id") String str) throws IOException, ServletException {
        Item item2 = Jenkins.get();
        if (!item2.hasAnyPermission(new Permission[]{ScriptlerPermissions.RUN_SCRIPTS, ScriptlerPermissions.CONFIGURE})) {
            (item == null ? item2 : item).checkPermission(Item.CONFIGURE);
        }
        staplerRequest2.setAttribute(SCRIPT, ScriptHelper.getScript(str, true));
        staplerRequest2.getView(this, "show.jelly").forward(staplerRequest2, staplerResponse2);
    }

    public void doEditScript(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter("id") String str) throws IOException, ServletException {
        checkPermission(ScriptlerPermissions.CONFIGURE);
        Script script = ScriptHelper.getScript(str, true);
        if (script == null || script.getScriptText() == null) {
            staplerRequest2.setAttribute("scriptNotFound", true);
        } else {
            boolean hasPermission = Jenkins.get().hasPermission(ScriptlerPermissions.BYPASS_APPROVAL);
            if (!ScriptHelper.isApproved(script.getScriptText(), false)) {
                staplerRequest2.setAttribute(NOT_APPROVED_YET, true);
            }
            staplerRequest2.setAttribute(CAN_BYPASS_APPROVAL, Boolean.valueOf(hasPermission));
        }
        staplerRequest2.setAttribute(SCRIPT, script);
        staplerRequest2.getView(this, "edit.jelly").forward(staplerRequest2, staplerResponse2);
    }

    @Deprecated(since = "381")
    public List<String> getSlaveAlias(Script script) {
        return getComputerAliases(script);
    }

    public List<String> getComputerAliases(Script script) {
        if (script.onlyBuiltIn) {
            return List.of(NodeNames.BUILT_IN);
        }
        List<String> computerNames = getComputerNames();
        computerNames.addAll(0, List.of(NodeNames.BUILT_IN, NodeNames.ALL, NodeNames.ALL_AGENTS));
        return computerNames;
    }

    private List<String> getComputerNames() {
        Stream stream = Arrays.stream(Jenkins.get().getComputers());
        Class<Jenkins.MasterComputer> cls = Jenkins.MasterComputer.class;
        Objects.requireNonNull(Jenkins.MasterComputer.class);
        return (List) stream.filter(Predicate.not((v1) -> {
            return r1.isInstance(v1);
        })).map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toCollection(ArrayList::new));
    }

    public List<ScriptInfoCatalog<ScriptInfo>> getCatalogs() {
        return ScriptInfoCatalog.all();
    }

    public ScriptInfoCatalog<ScriptInfo> getCatalogByName(String str) {
        if (str == null || str.isBlank()) {
            return null;
        }
        for (ScriptInfoCatalog<ScriptInfo> scriptInfoCatalog : getCatalogs()) {
            if (str.equals(scriptInfoCatalog.getInfo().name)) {
                return scriptInfoCatalog;
            }
        }
        return null;
    }

    public CatalogInfo getCatalogInfoByName(String str) {
        if (str == null || str.isBlank()) {
            return null;
        }
        Iterator<ScriptInfoCatalog<ScriptInfo>> it = getCatalogs().iterator();
        while (it.hasNext()) {
            CatalogInfo info = it.next().getInfo();
            if (str.equals(info.name)) {
                return info;
            }
        }
        return null;
    }

    @Deprecated(since = "380")
    public static File getScriptDirectory() {
        return new File(getScriptlerHomeDirectory(), "scripts");
    }

    public static Path getScriptDirectory2() {
        return getScriptlerHomeDirectory2().resolve("scripts");
    }

    @Deprecated(since = "380")
    public static File getScriptlerHomeDirectory() {
        return getScriptlerHomeDirectory2().toFile();
    }

    public static Path getScriptlerHomeDirectory2() {
        return Jenkins.get().getRootDir().toPath().resolve("scriptler");
    }

    private void checkPermission(Permission permission) {
        Jenkins.get().checkPermission(permission);
    }

    private String fixFileName(String str, String str2) {
        if (!str2.endsWith(".groovy")) {
            if (str != null && !str.isEmpty()) {
                str2 = str2 + "." + str;
            }
            str2 = str2 + ".groovy";
        }
        String trim = str2.replace(" ", "_").trim();
        LOGGER.log(Level.FINE, "set file name to: {0}", trim);
        return trim;
    }
}
