package org.zaproxy.zap.spider.parser;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import net.htmlparser.jericho.Element;
import net.htmlparser.jericho.FormControl;
import net.htmlparser.jericho.FormControlType;
import net.htmlparser.jericho.FormField;
import net.htmlparser.jericho.FormFields;
import net.htmlparser.jericho.Source;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.network.HtmlParameter;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.spider.SpiderParam;
import org.zaproxy.zap.spider.URLCanonicalizer;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/spider/parser/SpiderHtmlFormParser.class */
public class SpiderHtmlFormParser extends SpiderParser {
    private static final String ENCODING_TYPE = "UTF-8";
    private static final String DEFAULT_NUMBER_VALUE = "1";
    private static final String DEFAULT_FILE_VALUE = "test_file.txt";
    private static final String DEFAULT_TEXT_VALUE = "ZAP";
    private static final String METHOD_POST = "POST";
    private static final String ATTR_TYPE = "type";
    private static final String DEFAULT_EMPTY_VALUE = "";
    private static final String DEFAULT_PASS_VALUE = "ZAP";
    SpiderParam param;

    public SpiderHtmlFormParser(SpiderParam spiderParam) {
        this.param = spiderParam;
    }

    @Override // org.zaproxy.zap.spider.parser.SpiderParser
    public void parseResource(HttpMessage httpMessage, Source source, int i) {
        if (this.param.isProcessForm()) {
            if (source == null) {
                source = new Source(httpMessage.getResponseBody().toString());
            }
            String uri = httpMessage == null ? "" : httpMessage.getRequestHeader().getURI().toString();
            Element firstElement = source.getFirstElement("base");
            if (firstElement != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Base tag was found in HTML: " + firstElement.getDebugInfo());
                }
                if (firstElement.getAttributeValue("href") != null) {
                    uri = firstElement.getAttributeValue("href");
                }
            }
            for (Element element : source.getAllElements("form")) {
                String attributeValue = element.getAttributeValue("method");
                String attributeValue2 = element.getAttributeValue("action");
                log.debug("Found new form with method: '" + attributeValue + "' and action: " + attributeValue2);
                if (attributeValue2 == null) {
                    log.debug("No form 'action' defined. Using base URL: " + uri);
                    attributeValue2 = uri;
                }
                if (this.param.isPostForm() || attributeValue == null || !attributeValue.trim().equalsIgnoreCase("POST")) {
                    List<HtmlParameter> prepareFormDataSet = prepareFormDataSet(element.getFormFields());
                    if (attributeValue == null || !attributeValue.trim().equalsIgnoreCase("POST")) {
                        String buildEncodedUrlQuery = buildEncodedUrlQuery(prepareFormDataSet);
                        log.debug("Submiting form with GET method and query with form parameters: " + buildEncodedUrlQuery);
                        if (attributeValue2.contains("#")) {
                            attributeValue2 = attributeValue2.substring(0, attributeValue2.lastIndexOf("#"));
                        }
                        if (!attributeValue2.contains("?")) {
                            processURL(httpMessage, i, attributeValue2 + "?" + buildEncodedUrlQuery, uri);
                        } else if (attributeValue2.endsWith("?")) {
                            processURL(httpMessage, i, attributeValue2 + buildEncodedUrlQuery, uri);
                        } else {
                            processURL(httpMessage, i, attributeValue2 + "&" + buildEncodedUrlQuery, uri);
                        }
                    } else {
                        String buildEncodedUrlQuery2 = buildEncodedUrlQuery(prepareFormDataSet);
                        log.debug("Submiting form with POST method and message body with form parameters (normal encoding): " + buildEncodedUrlQuery2);
                        String canonicalURL = URLCanonicalizer.getCanonicalURL(attributeValue2, uri);
                        if (canonicalURL == null) {
                            return;
                        }
                        log.debug("Canonical URL constructed using '" + attributeValue2 + "': " + canonicalURL);
                        notifyListenersPostResourceFound(httpMessage, i + 1, canonicalURL, buildEncodedUrlQuery2);
                    }
                } else {
                    log.debug("Skipping form with POST method because of user settings.");
                }
            }
        }
    }

    private List<HtmlParameter> prepareFormDataSet(FormFields formFields) {
        LinkedList linkedList = new LinkedList();
        Iterator it = formFields.iterator();
        while (it.hasNext()) {
            FormField formField = (FormField) it.next();
            if (log.isDebugEnabled()) {
                log.debug("New form field: " + formField.getDebugInfo());
            }
            List values = formField.getValues();
            if (log.isDebugEnabled()) {
                log.debug("Existing values: " + values);
            }
            if (values.isEmpty() || (values.size() == 1 && ((String) values.get(0)).isEmpty())) {
                String str = "";
                Collection predefinedValues = formField.getPredefinedValues();
                if (!predefinedValues.isEmpty()) {
                    Iterator it2 = predefinedValues.iterator();
                    str = (String) it2.next();
                    if (it2.hasNext()) {
                        str = (String) it2.next();
                    }
                } else if (formField.getUserValueCount() > 0) {
                    str = getDefaultTextValue(formField);
                }
                log.debug("No existing value for field " + formField.getName() + ". Generated: " + str);
                linkedList.add(new HtmlParameter(HtmlParameter.Type.form, formField.getName(), str));
            } else {
                Iterator it3 = values.iterator();
                while (it3.hasNext()) {
                    linkedList.add(new HtmlParameter(HtmlParameter.Type.form, formField.getName(), (String) it3.next()));
                }
            }
        }
        return linkedList;
    }

    private String getDefaultTextValue(FormField formField) {
        FormControl formControl = formField.getFormControl();
        if (formControl.getFormControlType() != FormControlType.TEXT) {
            return formControl.getFormControlType() == FormControlType.PASSWORD ? Constant.PROGRAM_NAME_SHORT : formControl.getFormControlType() == FormControlType.FILE ? DEFAULT_FILE_VALUE : "";
        }
        String str = (String) formControl.getAttributesMap().get(ATTR_TYPE);
        if (str == null || str.equalsIgnoreCase("text")) {
            return Constant.PROGRAM_NAME_SHORT;
        }
        if (!str.equalsIgnoreCase("number") && !str.equalsIgnoreCase("range")) {
            return str.equalsIgnoreCase("url") ? "http://www.example.com" : str.equalsIgnoreCase("email") ? "foo-bar@example.com" : str.equalsIgnoreCase("color") ? "#ffffff" : str.equalsIgnoreCase("tel") ? "9999999999" : str.equalsIgnoreCase("datetime") ? new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'").format(new Date()) : str.equalsIgnoreCase("datetime-local") ? new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss").format(new Date()) : str.equalsIgnoreCase("date") ? new SimpleDateFormat("yyyy-MM-dd").format(new Date()) : str.equalsIgnoreCase("time") ? new SimpleDateFormat("HH:mm:ss").format(new Date()) : str.equalsIgnoreCase("month") ? new SimpleDateFormat("yyyy-MM").format(new Date()) : str.equalsIgnoreCase("week") ? new SimpleDateFormat("yyyy-'W'ww").format(new Date()) : "";
        }
        String str2 = (String) formControl.getAttributesMap().get("min");
        if (str2 != null) {
            return str2;
        }
        String str3 = (String) formControl.getAttributesMap().get("min");
        return str3 != null ? str3 : DEFAULT_NUMBER_VALUE;
    }

    private String buildEncodedUrlQuery(List<HtmlParameter> list) {
        StringBuilder sb = new StringBuilder();
        for (HtmlParameter htmlParameter : list) {
            try {
                sb.append(URLEncoder.encode(htmlParameter.getName(), ENCODING_TYPE));
                sb.append("=");
                sb.append(URLEncoder.encode(htmlParameter.getValue(), ENCODING_TYPE));
            } catch (UnsupportedEncodingException e) {
                log.warn("Error while encoding query for form.", e);
            }
            sb.append("&");
        }
        if (sb.length() > 0) {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }
}
