package org.jenkinsci.plugins.workflow.test.steps.input;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.Action;
import hudson.model.ParameterDefinition;
import hudson.model.ParameterValue;
import hudson.model.ParametersAction;
import hudson.model.ParametersDefinitionProperty;
import hudson.model.Result;
import hudson.model.StringParameterDefinition;
import hudson.model.StringParameterValue;
import hudson.model.TaskListener;
import java.net.URL;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import jenkins.model.Jenkins;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.htmlunit.HttpMethod;
import org.htmlunit.MockWebConnection;
import org.htmlunit.WebRequest;
import org.htmlunit.html.HtmlAnchor;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.steps.SynchronousStepExecution;
import org.jenkinsci.plugins.workflow.support.steps.input.POSTHyperlinkNote;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.TestExtension;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:org/jenkinsci/plugins/workflow/test/steps/input/POSTHyperlinkNoteTest.class */
public class POSTHyperlinkNoteTest {

    @Rule
    public JenkinsRule jr = new JenkinsRule();

    /* loaded from: input_file:org/jenkinsci/plugins/workflow/test/steps/input/POSTHyperlinkNoteTest$Security2881ConsoleStep.class */
    public static class Security2881ConsoleStep extends Step {
        private final String urlFragment;

        @TestExtension
        /* loaded from: input_file:org/jenkinsci/plugins/workflow/test/steps/input/POSTHyperlinkNoteTest$Security2881ConsoleStep$DescriptorImpl.class */
        public static final class DescriptorImpl extends StepDescriptor {
            public String getFunctionName() {
                return "security2881";
            }

            @NonNull
            public String getDisplayName() {
                return "Security2881";
            }

            public Set<? extends Class<?>> getRequiredContext() {
                return Collections.singleton(TaskListener.class);
            }

            public String argumentsToString(@NonNull Map<String, Object> map) {
                return null;
            }
        }

        /* loaded from: input_file:org/jenkinsci/plugins/workflow/test/steps/input/POSTHyperlinkNoteTest$Security2881ConsoleStep$Security2881ConsoleStepExecution.class */
        public static class Security2881ConsoleStepExecution extends SynchronousStepExecution<Void> {
            private final String urlFragment;

            protected Security2881ConsoleStepExecution(StepContext stepContext, String str) {
                super(stepContext);
                this.urlFragment = str;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public Void m14run() throws Exception {
                ((TaskListener) getContext().get(TaskListener.class)).getLogger().print(POSTHyperlinkNote.encodeTo(Jenkins.get().getConfiguredRootUrl() + this.urlFragment, "SECURITY-2881"));
                return null;
            }
        }

        @DataBoundConstructor
        public Security2881ConsoleStep(String str) {
            this.urlFragment = str;
        }

        public StepExecution start(StepContext stepContext) throws Exception {
            return new Security2881ConsoleStepExecution(stepContext, this.urlFragment);
        }
    }

    @Test
    public void urlsAreSafeFromJavascriptInjection() throws Exception {
        testSanitization("whatever/'+alert(1)+'");
    }

    @Test
    @Ignore("webclient does not support unicode URLS and this is passed as /jenkins/whatever/%F0%9F%99%88%F0%9F%99%89%F0%9F%99%8A%F0%9F%98%80%E2%98%BA")
    public void testPassingMultiByteCharacters() throws Exception {
        testSanitization("whatever/��������☺");
    }

    @Test
    public void testPassingSingleByte() throws Exception {
        testSanitization("whatever/something?withparameter=baa");
    }

    void testSanitization(String str) throws Exception {
        WorkflowJob createProject = this.jr.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("security2881(params.TEST_URL)\n", true));
        createProject.addProperty(new ParametersDefinitionProperty(new ParameterDefinition[]{new StringParameterDefinition("TEST_URL", "WHOOPS")}));
        WorkflowRun assertBuildStatus = this.jr.assertBuildStatus(Result.SUCCESS, createProject.scheduleBuild2(0, new Action[]{new ParametersAction(new ParameterValue[]{new StringParameterValue("TEST_URL", str)})}));
        JenkinsRule.WebClient createWebClient = this.jr.createWebClient();
        HtmlAnchor anchorByText = createWebClient.getPage(assertBuildStatus, "console").getAnchorByText("SECURITY-2881");
        MatcherAssert.assertThat(anchorByText, Matchers.notNullValue());
        MockWebConnection mockWebConnection = new MockWebConnection();
        mockWebConnection.setDefaultResponse("<html><body>Hello</body></html>");
        createWebClient.setWebConnection(mockWebConnection);
        System.out.println(anchorByText);
        anchorByText.click();
        createWebClient.waitForBackgroundJavaScriptStartingBefore(500L);
        WebRequest lastWebRequest = mockWebConnection.getLastWebRequest();
        MatcherAssert.assertThat(lastWebRequest, Matchers.notNullValue());
        MatcherAssert.assertThat(lastWebRequest.getHttpMethod(), Matchers.is(HttpMethod.POST));
        URL url = lastWebRequest.getUrl();
        System.out.println(url.toExternalForm());
        MatcherAssert.assertThat(url, Matchers.allOf(Matchers.hasProperty("host", Matchers.is(new URL(this.jr.jenkins.getConfiguredRootUrl()).getHost())), Matchers.hasProperty("file", Matchers.is(this.jr.contextPath + "/" + str))));
    }
}
