package org.owasp.webscarab.plugin.xsscrlf;

import java.util.HashSet;
import java.util.LinkedList;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.logging.Logger;
import org.owasp.webscarab.model.ConversationID;
import org.owasp.webscarab.model.ConversationModel;
import org.owasp.webscarab.model.FilteredConversationModel;
import org.owasp.webscarab.model.FrameworkModel;
import org.owasp.webscarab.model.HttpUrl;
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.plugin.AbstractPluginModel;

/* loaded from: input_file:org/owasp/webscarab/plugin/xsscrlf/XSSCRLFModel.class */
public class XSSCRLFModel extends AbstractPluginModel {
    private FrameworkModel _model;
    private ConversationModel _conversationModel;
    private ConversationModel _suspectedConversationModel;
    private LinkedList toBeAnalyzedQueue = new LinkedList();
    private Logger _logger = Logger.getLogger(getClass().getName());
    private Set testedURLandParameterpairs = new HashSet();
    private String xssTestString = "><script>a=/XSS BUG/; alert(a.source)</script>";
    private String crlfTestString = "%0d%0aWebscarabXSSCRLFTest:%20OK%0d%0a";
    private String crlfInjectedHeader = "WebscarabXSSCRLFTest";

    public XSSCRLFModel(FrameworkModel frameworkModel) {
        this._model = frameworkModel;
        this._conversationModel = new FilteredConversationModel(this, frameworkModel, frameworkModel.getConversationModel()) { // from class: org.owasp.webscarab.plugin.xsscrlf.XSSCRLFModel.1
            private final XSSCRLFModel this$0;

            {
                this.this$0 = this;
            }

            @Override // org.owasp.webscarab.model.FilteredConversationModel
            public boolean shouldFilter(ConversationID conversationID) {
                return (this.this$0.isXSSVulnerable(conversationID) || this.this$0.isCRLFVulnerable(conversationID)) ? false : true;
            }
        };
        this._suspectedConversationModel = new FilteredConversationModel(this, frameworkModel, frameworkModel.getConversationModel()) { // from class: org.owasp.webscarab.plugin.xsscrlf.XSSCRLFModel.2
            private final XSSCRLFModel this$0;

            {
                this.this$0 = this;
            }

            @Override // org.owasp.webscarab.model.FilteredConversationModel
            public boolean shouldFilter(ConversationID conversationID) {
                return (this.this$0.isCRLFSuspected(conversationID) || this.this$0.isXSSSuspected(conversationID)) ? false : true;
            }
        };
    }

    public ConversationModel getVulnerableConversationModel() {
        return this._conversationModel;
    }

    public ConversationModel getSuspectedConversationModel() {
        return this._suspectedConversationModel;
    }

    public void markAsXSSSuspicious(ConversationID conversationID, HttpUrl httpUrl, String str, String str2) {
        this._model.addConversationProperty(conversationID, new StringBuffer().append("XSS-").append(str).toString(), str2);
        this._model.addUrlProperty(httpUrl, new StringBuffer().append("XSS-").append(str).toString(), str2);
    }

    public void markAsCRLFSuspicious(ConversationID conversationID, HttpUrl httpUrl, String str, String str2) {
        this._model.addConversationProperty(conversationID, new StringBuffer().append("CRLF-").append(str).toString(), str2);
        this._model.addUrlProperty(httpUrl, new StringBuffer().append("CRLF-").append(str).toString(), str2);
    }

    public boolean isXSSSuspected(ConversationID conversationID) {
        return false | (this._model.getConversationProperty(conversationID, "XSS-GET") != null) | (this._model.getConversationProperty(conversationID, "XSS-POST") != null);
    }

    public boolean isCRLFSuspected(ConversationID conversationID) {
        return false | (this._model.getConversationProperty(conversationID, "CRLF-GET") != null) | (this._model.getConversationProperty(conversationID, "CRLF-POST") != null);
    }

    public boolean isSuspected(HttpUrl httpUrl) {
        return false | (this._model.getUrlProperty(httpUrl, "XSS-GET") != null) | (this._model.getUrlProperty(httpUrl, "XSS-POST") != null) | (this._model.getUrlProperty(httpUrl, "CRLF-GET") != null) | (this._model.getUrlProperty(httpUrl, "CRLF-POST") != null);
    }

    public void setCRLFVulnerable(ConversationID conversationID, HttpUrl httpUrl) {
        this._model.setUrlProperty(httpUrl, "CRLF", "TRUE");
        this._model.setConversationProperty(conversationID, "CRLF", "TRUE");
    }

    public boolean isCRLFVulnerable(ConversationID conversationID) {
        return "TRUE".equals(this._model.getConversationProperty(conversationID, "CRLF"));
    }

    public boolean isCRLFVulnerable(HttpUrl httpUrl) {
        return "TRUE".equals(this._model.getUrlProperty(httpUrl, "CRLF"));
    }

    public void setXSSVulnerable(ConversationID conversationID, HttpUrl httpUrl) {
        this._model.setUrlProperty(httpUrl, "XSS", "TRUE");
        this._model.setConversationProperty(conversationID, "XSS", "TRUE");
    }

    public boolean isXSSVulnerable(ConversationID conversationID) {
        return "TRUE".equals(this._model.getConversationProperty(conversationID, "XSS"));
    }

    public boolean isXSSVulnerable(HttpUrl httpUrl) {
        return "TRUE".equals(this._model.getUrlProperty(httpUrl, "XSS"));
    }

    public String[] getCRLFSuspiciousParameters(ConversationID conversationID, String str) {
        return this._model.getConversationProperties(conversationID, new StringBuffer().append("CRLF-").append(str).toString());
    }

    public String[] getXSSSuspiciousParameters(ConversationID conversationID, String str) {
        return this._model.getConversationProperties(conversationID, new StringBuffer().append("XSS-").append(str).toString());
    }

    public String getXSSTestString() {
        return this.xssTestString;
    }

    public void setXSSTestString(String str) {
        this.xssTestString = str;
    }

    public String getCRLFTestString() {
        return this.crlfTestString;
    }

    public void setCRLFTestString(String str) {
        this.crlfTestString = str;
    }

    public String getCRLFInjectedHeader() {
        return this.crlfInjectedHeader;
    }

    public void setCRLFInjectedHeader(String str) {
        this.crlfInjectedHeader = str;
    }

    public Request getRequest(ConversationID conversationID) {
        return this._model.getRequest(conversationID);
    }

    public Response getResponse(ConversationID conversationID) {
        return this._model.getResponse(conversationID);
    }

    private boolean isTested(Request request, String str) {
        return this.testedURLandParameterpairs.contains(new StringBuffer().append(request.getURL().getSHPP()).append(str).toString());
    }

    public void enqueueRequest(Request request, String str) {
        synchronized (this.toBeAnalyzedQueue) {
            if (!isTested(request, str)) {
                this.toBeAnalyzedQueue.addLast(request);
                this.toBeAnalyzedQueue.notifyAll();
                this.testedURLandParameterpairs.add(new StringBuffer().append(request.getURL().getSHPP()).append(str).toString());
            }
        }
    }

    public Request dequeueRequest() {
        Request request;
        synchronized (this.toBeAnalyzedQueue) {
            while (this.toBeAnalyzedQueue.isEmpty()) {
                try {
                    this.toBeAnalyzedQueue.wait();
                } catch (InterruptedException e) {
                    return null;
                } catch (NoSuchElementException e2) {
                    return null;
                }
            }
            request = (Request) this.toBeAnalyzedQueue.removeFirst();
        }
        return request;
    }
}
