package org.parosproxy.paros.core.scanner;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.InvalidParameterException;
import java.util.Date;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.httpclient.HttpException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.core.scanner.Plugin;
import org.parosproxy.paros.extension.encoder.Encoder;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.extension.anticsrf.AntiCsrfToken;
import org.zaproxy.zap.extension.anticsrf.ExtensionAntiCSRF;
import org.zaproxy.zap.model.Tech;
import org.zaproxy.zap.model.TechSet;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/parosproxy/paros/core/scanner/AbstractPlugin.class */
public abstract class AbstractPlugin implements Plugin, Comparable<Object> {
    protected static final int PATTERN_PARAM = 10;
    protected static final String CRLF = "\r\n";
    private int delayInMs;
    private static final Plugin.AlertThreshold[] alertThresholdsSupported = {Plugin.AlertThreshold.MEDIUM};
    private static final Plugin.AttackStrength[] attackStrengthsSupported = {Plugin.AttackStrength.MEDIUM};
    private HostProcess parent = null;
    private HttpMessage msg = null;
    private Logger log = Logger.getLogger(getClass());
    private Configuration config = null;
    private ExtensionAntiCSRF extAntiCSRF = null;
    private Encoder encoder = new Encoder();
    private Plugin.AlertThreshold defaultAttackThreshold = Plugin.AlertThreshold.MEDIUM;
    private Plugin.AttackStrength defaultAttackStrength = Plugin.AttackStrength.MEDIUM;
    private TechSet techSet = null;
    private Date started = null;
    private Date finished = null;

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract int getId();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract String getName();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public String getCodeName() {
        String name = getClass().getName();
        int lastIndexOf = getClass().getName().lastIndexOf(".");
        if (lastIndexOf > -1) {
            name = name.substring(lastIndexOf + 1);
        }
        return name;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract String[] getDependency();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract String getDescription();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract int getCategory();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract String getSolution();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract String getReference();

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void init(HttpMessage httpMessage, HostProcess hostProcess) {
        this.msg = httpMessage.cloneAll();
        this.parent = hostProcess;
        init();
    }

    public abstract void init();

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpMessage getNewMsg() {
        return this.msg.cloneRequest();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpMessage getBaseMsg() {
        return this.msg;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendAndReceive(HttpMessage httpMessage) throws HttpException, IOException {
        sendAndReceive(httpMessage, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendAndReceive(HttpMessage httpMessage, boolean z) throws HttpException, IOException {
        sendAndReceive(httpMessage, z, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendAndReceive(HttpMessage httpMessage, boolean z, boolean z2) throws HttpException, IOException {
        if (this.parent.handleAntiCsrfTokens() && z2) {
            if (this.extAntiCSRF == null) {
                this.extAntiCSRF = (ExtensionAntiCSRF) Control.getSingleton().getExtensionLoader().getExtension(ExtensionAntiCSRF.NAME);
            }
            if (this.extAntiCSRF != null) {
                List<AntiCsrfToken> tokens = this.extAntiCSRF.getTokens(httpMessage);
                AntiCsrfToken antiCsrfToken = null;
                if (tokens.size() > 0) {
                    antiCsrfToken = tokens.get(0);
                }
                if (antiCsrfToken != null) {
                    regenerateAntiCsrfToken(httpMessage, antiCsrfToken);
                }
            }
        }
        httpMessage.getRequestHeader().setHeader(HttpHeader.IF_MODIFIED_SINCE, null);
        httpMessage.getRequestHeader().setHeader(HttpHeader.IF_NONE_MATCH, null);
        httpMessage.getRequestHeader().setContentLength(httpMessage.getRequestBody().length());
        if (getDelayInMs() > 0) {
            try {
                Thread.sleep(getDelayInMs());
            } catch (InterruptedException e) {
            }
        }
        this.parent.getHttpSender().sendAndReceive(httpMessage, z);
        this.parent.notifyNewMessage(httpMessage);
    }

    private void regenerateAntiCsrfToken(HttpMessage httpMessage, AntiCsrfToken antiCsrfToken) {
        if (antiCsrfToken == null) {
            return;
        }
        String str = null;
        try {
            HttpMessage cloneAll = antiCsrfToken.getMsg().cloneAll();
            sendAndReceive(cloneAll, true, false);
            str = this.extAntiCSRF.getTokenValue(cloneAll, antiCsrfToken.getName());
        } catch (Exception e) {
            this.log.error(e.getMessage(), e);
        }
        if (str != null) {
            this.log.debug("regenerateAntiCsrfToken replacing " + antiCsrfToken.getValue() + " with " + this.encoder.getURLEncode(str));
            httpMessage.setRequestBody(httpMessage.getRequestBody().toString().replace(this.encoder.getURLEncode(antiCsrfToken.getValue()), this.encoder.getURLEncode(str)));
            this.extAntiCSRF.registerAntiCsrfToken(new AntiCsrfToken(httpMessage, antiCsrfToken.getName(), str, antiCsrfToken.getFormIndex()));
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            if (!isStop()) {
                this.started = new Date();
                scan();
            }
        } catch (Exception e) {
            getLog().error(e.getMessage(), e);
        }
        notifyPluginCompleted(getParent());
        this.finished = new Date();
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract void scan();

    protected void bingo(int i, int i2, String str, String str2, String str3, String str4, HttpMessage httpMessage) {
        bingo(i, i2, getName(), getDescription(), str, str2, str3, str4, getSolution(), httpMessage);
    }

    protected void bingo(int i, int i2, String str, String str2, String str3, String str4, String str5, String str6, String str7, HttpMessage httpMessage) {
        this.log.debug("New alert pluginid=" + getId() + " " + str + " uri=" + str3);
        Alert alert = new Alert(getId(), i, i2, str);
        if (str3 == null || str3.equals(Constant.USER_AGENT)) {
            str3 = httpMessage.getRequestHeader().getURI().toString();
        }
        if (str4 == null) {
            str4 = Constant.USER_AGENT;
        }
        alert.setDetail(str2, str3, str4, str5, str6, str7, getReference(), Constant.USER_AGENT, getCweId(), getWascId(), httpMessage);
        this.parent.alertFound(alert);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void bingo(int i, int i2, String str, String str2, String str3, String str4, String str5, HttpMessage httpMessage) {
        bingo(i, i2, getName(), getDescription(), str, str2, str3, str4, getSolution(), str5, httpMessage);
    }

    protected void bingo(int i, int i2, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, HttpMessage httpMessage) {
        this.log.debug("New alert pluginid=" + getId() + " " + str + " uri=" + str3);
        Alert alert = new Alert(getId(), i, i2, str);
        if (str3 == null || str3.equals(Constant.USER_AGENT)) {
            str3 = httpMessage.getRequestHeader().getURI().toString();
        }
        if (str4 == null) {
            str4 = Constant.USER_AGENT;
        }
        alert.setDetail(str2, str3, str4, str5, str6, str7, getReference(), str8, getCweId(), getWascId(), httpMessage);
        this.parent.alertFound(alert);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void bingo(int i, int i2, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, int i3, int i4, HttpMessage httpMessage) {
        this.log.debug("New alert pluginid=" + getId() + " " + str + " uri=" + str3);
        Alert alert = new Alert(getId(), i, i2, str);
        if (str3 == null || str3.equals(Constant.USER_AGENT)) {
            str3 = httpMessage.getRequestHeader().getURI().toString();
        }
        if (str4 == null) {
            str4 = Constant.USER_AGENT;
        }
        alert.setDetail(str2, str3, str4, str5, str6, str7, getReference(), str8, i3, i4, httpMessage);
        this.parent.alertFound(alert);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFileExist(HttpMessage httpMessage) {
        return this.parent.getAnalyser().isFileExist(httpMessage);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isStop() {
        return this.parent.isStop() || this.parent.isSkipped(this);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public boolean isEnabled() {
        return getProperty("enabled").equals("1");
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public boolean isVisible() {
        return true;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setEnabled(boolean z) {
        if (z) {
            setProperty("enabled", "1");
        } else {
            setProperty("enabled", "0");
        }
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AlertThreshold getAlertThreshold() {
        return getAlertThreshold(false);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AlertThreshold getAlertThreshold(boolean z) {
        Plugin.AlertThreshold alertThreshold = null;
        try {
            alertThreshold = Plugin.AlertThreshold.valueOf(getProperty("level"));
        } catch (Exception e) {
        }
        if (alertThreshold == null) {
            alertThreshold = isEnabled() ? z ? Plugin.AlertThreshold.DEFAULT : this.defaultAttackThreshold : Plugin.AlertThreshold.OFF;
        } else if (alertThreshold.equals(Plugin.AlertThreshold.DEFAULT)) {
            alertThreshold = z ? Plugin.AlertThreshold.DEFAULT : this.defaultAttackThreshold;
        }
        return alertThreshold;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setAlertThreshold(Plugin.AlertThreshold alertThreshold) {
        setProperty("level", alertThreshold.name());
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setDefaultAlertThreshold(Plugin.AlertThreshold alertThreshold) {
        this.defaultAttackThreshold = alertThreshold;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AlertThreshold[] getAlertThresholdsSupported() {
        return alertThresholdsSupported;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AttackStrength getAttackStrength(boolean z) {
        Plugin.AttackStrength attackStrength = null;
        try {
            attackStrength = Plugin.AttackStrength.valueOf(getProperty("strength"));
        } catch (Exception e) {
        }
        if (attackStrength == null) {
            attackStrength = z ? Plugin.AttackStrength.DEFAULT : this.defaultAttackStrength;
        } else if (attackStrength.equals(Plugin.AttackStrength.DEFAULT)) {
            attackStrength = z ? Plugin.AttackStrength.DEFAULT : this.defaultAttackStrength;
        }
        return attackStrength;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AttackStrength getAttackStrength() {
        return getAttackStrength(false);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setAttackStrength(Plugin.AttackStrength attackStrength) {
        setProperty("strength", attackStrength.name());
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setDefaultAttackStrength(Plugin.AttackStrength attackStrength) {
        this.defaultAttackStrength = attackStrength;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Plugin.AttackStrength[] getAttackStrengthsSupported() {
        return attackStrengthsSupported;
    }

    @Override // java.lang.Comparable
    public int compareTo(Object obj) {
        int i = -1;
        if (obj instanceof AbstractPlugin) {
            AbstractPlugin abstractPlugin = (AbstractPlugin) obj;
            i = getId() < abstractPlugin.getId() ? -1 : getId() > abstractPlugin.getId() ? 1 : 0;
        }
        return i;
    }

    public boolean equals(Object obj) {
        return compareTo(obj) == 0;
    }

    protected boolean matchHeaderPattern(HttpMessage httpMessage, String str, Pattern pattern) {
        String header;
        if (httpMessage.getResponseHeader().isEmpty() || (header = httpMessage.getResponseHeader().getHeader(str)) == null) {
            return false;
        }
        return pattern.matcher(header).find();
    }

    protected boolean matchBodyPattern(HttpMessage httpMessage, Pattern pattern, StringBuilder sb) {
        Matcher matcher = pattern.matcher(httpMessage.getResponseBody().toString());
        boolean find = matcher.find();
        if (find && sb != null) {
            sb.append(matcher.group());
        }
        return find;
    }

    protected void writeProgress(String str) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HostProcess getParent() {
        return this.parent;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public abstract void notifyPluginCompleted(HostProcess hostProcess);

    protected String stripOff(String str, String str2) {
        String uRLEncode = getURLEncode(str2);
        String uRLDecode = getURLDecode(str2);
        return str.replaceAll("\\Q" + str2 + "\\E", Constant.USER_AGENT).replaceAll("\\Q" + uRLEncode + "\\E", Constant.USER_AGENT).replaceAll("\\Q" + uRLDecode + "\\E", Constant.USER_AGENT).replaceAll("\\Q" + getHTMLEncode(str2) + "\\E", Constant.USER_AGENT).replaceAll("\\Q" + getHTMLEncode(uRLEncode) + "\\E", Constant.USER_AGENT).replaceAll("\\Q" + getHTMLEncode(uRLDecode) + "\\E", Constant.USER_AGENT);
    }

    public static String getURLEncode(String str) {
        String str2 = Constant.USER_AGENT;
        try {
            str2 = URLEncoder.encode(str, "UTF8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return str2;
    }

    public static String getURLDecode(String str) {
        String str2 = Constant.USER_AGENT;
        try {
            str2 = URLDecoder.decode(str, "UTF8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return str2;
    }

    public static String getHTMLEncode(String str) {
        return str.replaceAll("<", "&#60;").replaceAll(">", "&#62;");
    }

    protected Kb getKb() {
        return getParent().getKb();
    }

    protected Logger getLog() {
        return this.log;
    }

    public String getProperty(String str) {
        return getProperty(this.config, str);
    }

    private String getProperty(Configuration configuration, String str) {
        return configuration.getString("plugins.p" + getId() + "." + str);
    }

    public void setProperty(String str, String str2) {
        setProperty(this.config, str, str2);
    }

    private void setProperty(Configuration configuration, String str, String str2) {
        configuration.setProperty("plugins.p" + getId() + "." + str, str2);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setConfig(Configuration configuration) {
        this.config = configuration;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Configuration getConfig() {
        return this.config;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void saveTo(Configuration configuration) {
        if (getProperty("enabled") == null) {
            setProperty(configuration, "enabled", "1");
        }
        setProperty(configuration, "level", getProperty("level"));
        setProperty(configuration, "strength", getProperty("strength"));
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void loadFrom(Configuration configuration) {
        if (getProperty(configuration, "enabled") == null) {
            setProperty("enabled", "1");
        }
        setProperty("level", getProperty(configuration, "level"));
        setProperty("strength", getProperty(configuration, "strength"));
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void cloneInto(Plugin plugin) {
        if (!(plugin instanceof AbstractPlugin)) {
            throw new InvalidParameterException("Not an AbstractPlugin");
        }
        AbstractPlugin abstractPlugin = (AbstractPlugin) plugin;
        abstractPlugin.setEnabled(isEnabled());
        abstractPlugin.setAlertThreshold(getAlertThreshold());
        abstractPlugin.setAttackStrength(getAttackStrength());
        abstractPlugin.setDefaultAlertThreshold(this.defaultAttackThreshold);
        abstractPlugin.setDefaultAttackStrength(this.defaultAttackStrength);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void createParamIfNotExist() {
        if (getProperty("enabled") == null) {
            setProperty("enabled", "1");
        }
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public boolean isDepreciated() {
        return false;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public int getRisk() {
        return 2;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public int getDelayInMs() {
        return this.delayInMs;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setDelayInMs(int i) {
        this.delayInMs = i;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public boolean inScope(Tech tech) {
        return this.techSet == null || this.techSet.includes(tech);
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setTechSet(TechSet techSet) {
        this.techSet = techSet;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Date getTimeStarted() {
        return this.started;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public Date getTimeFinished() {
        return this.finished;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setTimeStarted() {
        this.started = new Date();
        this.finished = null;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public void setTimeFinished() {
        this.finished = new Date();
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public int getCweId() {
        return 0;
    }

    @Override // org.parosproxy.paros.core.scanner.Plugin
    public int getWascId() {
        return 0;
    }
}
