package com.eviware.soapui.security.scan;

import com.eviware.soapui.SoapUI;
import com.eviware.soapui.config.SQLInjectionScanConfig;
import com.eviware.soapui.config.SecurityScanConfig;
import com.eviware.soapui.model.ModelItem;
import com.eviware.soapui.model.iface.MessageExchange;
import com.eviware.soapui.model.security.SecurityCheckedParameter;
import com.eviware.soapui.model.testsuite.TestCaseRunner;
import com.eviware.soapui.model.testsuite.TestProperty;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.security.SecurityTestRunner;
import com.eviware.soapui.support.UISupport;
import com.eviware.soapui.support.xml.XmlObjectTreeModel;
import com.eviware.soapui.support.xml.XmlUtils;
import com.eviware.x.form.support.ADialogBuilder;
import com.eviware.x.form.support.AField;
import com.eviware.x.form.support.AForm;
import com.eviware.x.impl.swing.JFormDialog;
import com.eviware.x.impl.swing.JStringListFormField;
import java.awt.Dimension;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.swing.JComponent;
import javax.swing.JLabel;
import javax.swing.JPanel;
import org.apache.xmlbeans.XmlException;

/* loaded from: input_file:com/eviware/soapui/security/scan/SQLInjectionScan.class */
public class SQLInjectionScan extends AbstractSecurityScanWithProperties {
    public static final String TYPE = "SQLInjectionScan";
    public static final String NAME = "SQL Injection";
    private SQLInjectionScanConfig sqlInjectionConfig;
    private Map<SecurityCheckedParameter, ArrayList<String>> parameterMutations;
    String[] defaultSqlInjectionStrings;
    private boolean mutation;
    private JFormDialog dialog;

    @AForm(description = "SQL Injection Strings", name = "SQL Injection Strings")
    /* loaded from: input_file:com/eviware/soapui/security/scan/SQLInjectionScan$AdvancedSettings.class */
    protected interface AdvancedSettings {

        @AField(description = "SQL Strings", name = "###Injection Strings", type = AField.AFieldType.STRINGLIST)
        public static final String INJECTION_STRINGS = "###Injection Strings";
    }

    public SQLInjectionScan(TestStep testStep, SecurityScanConfig securityScanConfig, ModelItem modelItem, String str) {
        super(testStep, securityScanConfig, modelItem, str);
        this.parameterMutations = new HashMap();
        this.defaultSqlInjectionStrings = new String[]{"' or '1'='1", "'--", "1'", "admin'--", "/*!10000%201/0%20*/", "/*!10000 1/0 */", "1/0", "'%20o/**/r%201/0%20--", "' o/**/r 1/0 --", ";", "'%20and%201=2%20--", "' and 1=2 --", "test�%20UNION%20select%201,%20@@version,%201,%201;�", "test� UNION select 1, @@version, 1, 1;�"};
        if (securityScanConfig.getConfig() == null || !(securityScanConfig.getConfig() instanceof SQLInjectionScanConfig)) {
            initSqlInjectionConfig();
        } else {
            this.sqlInjectionConfig = (SQLInjectionScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        }
    }

    private void initSqlInjectionConfig() {
        ((SecurityScanConfig) getConfig()).setConfig(SQLInjectionScanConfig.Factory.newInstance());
        this.sqlInjectionConfig = (SQLInjectionScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        this.sqlInjectionConfig.setSqlInjectionStringsArray(this.defaultSqlInjectionStrings);
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties, com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public void updateSecurityConfig(SecurityScanConfig securityScanConfig) {
        super.updateSecurityConfig(securityScanConfig);
        if (this.sqlInjectionConfig != null) {
            this.sqlInjectionConfig = (SQLInjectionScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        }
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    /* renamed from: getComponent */
    public JComponent mo813getComponent() {
        JPanel createEmptyPanel = UISupport.createEmptyPanel(5, 75, 0, 5);
        createEmptyPanel.add(new JLabel("Strings for SQL injection can be changed under advanced settings"));
        return createEmptyPanel;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getType() {
        return TYPE;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected void execute(SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        try {
            createMessageExchange(update(testStep, securityTestRunContext), (MessageExchange) testStep.run((TestCaseRunner) securityTestRunner, securityTestRunContext), securityTestRunContext);
        } catch (XmlException e) {
            SoapUI.logError(e, "[SqlInjectionSecurityScan]XPath seems to be invalid!");
            reportSecurityScanException("Property value is not XML or XPath is wrong!");
        } catch (Exception e2) {
            SoapUI.logError(e2, "[SqlInjectionSecurityScan]Property value is not valid xml!");
            reportSecurityScanException("Property value is not XML or XPath is wrong!");
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x00ae, code lost:
    
        r6.getProperties().get(r0.getName()).setValue(r5.parameterMutations.get(r0).get(0));
        r0.put((com.eviware.soapui.support.types.StringToStringMap) r0.getLabel(), r5.parameterMutations.get(r0).get(0));
        r5.parameterMutations.get(r0).remove(0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.eviware.soapui.support.types.StringToStringMap update(com.eviware.soapui.model.testsuite.TestStep r6, com.eviware.soapui.security.SecurityTestRunContext r7) throws org.apache.xmlbeans.XmlException, java.lang.Exception {
        /*
            Method dump skipped, instructions count: 995
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.eviware.soapui.security.scan.SQLInjectionScan.update(com.eviware.soapui.model.testsuite.TestStep, com.eviware.soapui.security.SecurityTestRunContext):com.eviware.soapui.support.types.StringToStringMap");
    }

    private void mutateParameters(TestStep testStep, SecurityTestRunContext securityTestRunContext) throws XmlException, Exception {
        this.mutation = true;
        for (SecurityCheckedParameter securityCheckedParameter : getParameterHolder().getParameterList()) {
            if (securityCheckedParameter.isChecked()) {
                TestProperty testProperty = testStep.getProperties().get(securityCheckedParameter.getName());
                if (securityCheckedParameter.getXpath() == null || securityCheckedParameter.getXpath().trim().length() == 0) {
                    for (String str : this.sqlInjectionConfig.getSqlInjectionStringsList()) {
                        if (!this.parameterMutations.containsKey(securityCheckedParameter)) {
                            this.parameterMutations.put(securityCheckedParameter, new ArrayList<>());
                        }
                        this.parameterMutations.get(securityCheckedParameter).add(str);
                    }
                } else if (testProperty.getValue() != null || testProperty.getDefaultValue() != null) {
                    XmlObjectTreeModel.XmlTreeNode[] selectTreeNodes = new XmlObjectTreeModel(testProperty.getSchemaType().getTypeSystem(), XmlUtils.createXmlObject(securityTestRunContext.expand(testProperty.getValue()))).selectTreeNodes(securityTestRunContext.expand(securityCheckedParameter.getXpath()));
                    for (String str2 : this.sqlInjectionConfig.getSqlInjectionStringsList()) {
                        if (selectTreeNodes.length > 0) {
                            if (!this.parameterMutations.containsKey(securityCheckedParameter)) {
                                this.parameterMutations.put(securityCheckedParameter, new ArrayList<>());
                            }
                            this.parameterMutations.get(securityCheckedParameter).add(str2);
                        }
                    }
                }
            }
        }
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected boolean hasNext(TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        boolean z = false;
        if ((this.parameterMutations != null && this.parameterMutations.size() != 0) || this.mutation) {
            Iterator<SecurityCheckedParameter> it = this.parameterMutations.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (this.parameterMutations.get(it.next()).size() > 0) {
                    z = true;
                    break;
                }
            }
        } else {
            z = getParameterHolder().getParameterList().size() > 0;
        }
        if (!z) {
            this.parameterMutations.clear();
            this.mutation = false;
        }
        return z;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigDescription() {
        return "Configures SQL injection security scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigName() {
        return "SQL Injection Security Scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getHelpURL() {
        return "http://soapui.org/Security/sql-injection.html";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public JComponent getAdvancedSettingsPanel() {
        this.dialog = (JFormDialog) ADialogBuilder.buildDialog(AdvancedSettings.class);
        JStringListFormField jStringListFormField = (JStringListFormField) this.dialog.getFormField("###Injection Strings");
        jStringListFormField.setOptions(this.sqlInjectionConfig.getSqlInjectionStringsList().toArray());
        jStringListFormField.setProperty("dimension", new Dimension(470, 150));
        jStringListFormField.getComponent().addPropertyChangeListener("options", new PropertyChangeListener() { // from class: com.eviware.soapui.security.scan.SQLInjectionScan.1
            @Override // java.beans.PropertyChangeListener
            public void propertyChange(PropertyChangeEvent propertyChangeEvent) {
                String[] strArr = (String[]) propertyChangeEvent.getNewValue();
                SQLInjectionScan.this.sqlInjectionConfig.setSqlInjectionStringsArray(strArr);
            }
        });
        return this.dialog.getPanel();
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScanWithProperties, com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.impl.wsdl.AbstractWsdlModelItem, com.eviware.soapui.model.Releasable
    public void release() {
        if (this.dialog != null) {
            this.dialog.release();
        }
        super.release();
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected void clear() {
        this.parameterMutations.clear();
        this.mutation = false;
    }
}
