package burp.scan.pocscan;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.HttpService;
import burp.api.montoya.http.handler.HttpHandler;
import burp.api.montoya.http.handler.HttpRequestToBeSent;
import burp.api.montoya.http.handler.HttpResponseReceived;
import burp.api.montoya.http.handler.RequestToBeSentAction;
import burp.api.montoya.http.handler.ResponseReceivedAction;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.logging.Logging;
import burp.config.Global_config;
import burp.log.LogTreeEntry;
import burp.log.VulnEntry;
import burp.ui.ConfigPanel;
import burp.ui.FingerPANEL;
import burp.ui.VulnPanel;
import burp.utils.Rule;
import burp.utils.Rules;
import com.google.common.net.HttpHeaders;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.yaml.snakeyaml.Yaml;

/* loaded from: input_file:burp/scan/pocscan/ProxyPocScanHandler.class */
public class ProxyPocScanHandler implements HttpHandler {
    private final Logging logging;
    private MontoyaApi api;
    private String yamlPoc;
    private Rules rules;
    private static final Map<String, String> poc_scan_map = new HashMap();

    public ProxyPocScanHandler(MontoyaApi montoyaApi) {
        this.logging = montoyaApi.logging();
        this.api = montoyaApi;
    }

    public boolean evaluateExpression(String str, HttpRequestResponse httpRequestResponse) {
        short statusCode = httpRequestResponse.response().statusCode();
        String httpResponse = httpRequestResponse.response().toString();
        String replacePlaceholders = replacePlaceholders(str, statusCode, httpResponse);
        try {
            return evaluateCompositeCondition(replacePlaceholders, httpResponse);
        } catch (Exception e) {
            ConfigPanel.printErr("Error evaluating expression: " + replacePlaceholders);
            return false;
        }
    }

    private String replacePlaceholders(String str, int i, String str2) {
        return str.replace("response.status", String.valueOf(i)).replace("responseBody.contains(\"", "responseBody.contains(\"").replaceAll("\\s+", " ");
    }

    private boolean evaluateCompositeCondition(String str, String str2) {
        ConfigPanel.printDebug("Evaluating expression: " + str);
        if (str.contains("||")) {
            for (String str3 : str.split("\\s*\\|\\|\\s*")) {
                if (evaluateCompositeCondition(str3.trim(), str2)) {
                    return true;
                }
            }
            return false;
        }
        if (!str.contains("&&")) {
            return evaluateCondition(str, str2);
        }
        for (String str4 : str.split("\\s*&&\\s*")) {
            if (!evaluateCompositeCondition(str4.trim(), str2)) {
                return false;
            }
        }
        return true;
    }

    private boolean evaluateCondition(String str, String str2) {
        ConfigPanel.printDebug("Evaluating condition: " + str);
        return str.contains("==") ? evaluateEqualityCondition(str) : str.contains("responseBody.contains") ? evaluateContainsCondition(str, str2) : Boolean.parseBoolean(str);
    }

    private boolean evaluateEqualityCondition(String str) {
        String[] split = str.split("\\s*==\\s*");
        return split.length == 2 && split[0].trim().equals(split[1].trim());
    }

    private boolean evaluateContainsCondition(String str, String str2) {
        Matcher matcher = Pattern.compile("responseBody.contains\\(\\\"(.*?)\\\"\\)").matcher(str);
        while (matcher.find()) {
            if (!str2.contains(matcher.group(1))) {
                return false;
            }
        }
        return true;
    }

    private List<Rules> loadAllRules() {
        ArrayList arrayList = new ArrayList();
        Yaml yaml = new Yaml();
        Path path = Paths.get(Global_config.Poc_PATH, new String[0]);
        try {
            Stream<Path> walk = Files.walk(path, new FileVisitOption[0]);
            try {
                walk.filter(path2 -> {
                    return Files.isRegularFile(path2, new LinkOption[0]);
                }).filter(path3 -> {
                    return path3.toString().endsWith(".yml");
                }).forEach(path4 -> {
                    try {
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(Files.newInputStream(path4, new OpenOption[0]), StandardCharsets.UTF_8));
                        StringBuilder sb = new StringBuilder();
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            } else {
                                sb.append(readLine).append("\n");
                            }
                        }
                        Map map = (Map) yaml.load(sb.toString());
                        this.yamlPoc = sb.toString();
                        Map map2 = (Map) map.get("rules");
                        Rules rules = new Rules();
                        rules.name = (String) map.get("name");
                        rules.rules = new HashMap();
                        rules.expression = (String) map.get("expression");
                        for (Map.Entry entry : map2.entrySet()) {
                            String str = (String) entry.getKey();
                            Map map3 = (Map) entry.getValue();
                            Rule rule = new Rule();
                            rule.request = parseRequest((Map) map3.get("request"));
                            rule.expression = (String) map3.get("expression");
                            rules.rules.put(str, rule);
                        }
                        arrayList.add(rules);
                    } catch (IOException e) {
                        ConfigPanel.printErr("Error loading YAML file: " + String.valueOf(path4));
                    }
                });
                if (walk != null) {
                    walk.close();
                }
            } finally {
            }
        } catch (IOException e) {
            ConfigPanel.printErr("Error reading YAML directory: " + String.valueOf(path));
        }
        return arrayList;
    }

    private Rule.Request parseRequest(Map<String, Object> map) {
        Rule.Request request = new Rule.Request();
        request.method = (String) map.get("method");
        request.path = (String) map.get("path");
        request.body = (String) map.get("body");
        request.headers = (Map) map.get("headers");
        return request;
    }

    @Override // burp.api.montoya.http.handler.HttpHandler
    public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent httpRequestToBeSent) {
        return null;
    }

    @Override // burp.api.montoya.http.handler.HttpHandler
    public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
        String str = httpResponseReceived.toolSource().toolType().toolName();
        boolean z = ("Proxy".equals(str) && Global_config.clicks_Proxy) || ("Repeater".equals(str) && Global_config.clicks_Repeater) || ("Intruder".equals(str) && Global_config.clicks_Intruder);
        String valueOf = String.valueOf(httpResponseReceived.initiatingRequest().header(HttpHeaders.HOST));
        ConfigPanel.printDebug("isTarget:" + isTarget(httpResponseReceived.initiatingRequest().httpService()));
        if (!isTarget(httpResponseReceived.initiatingRequest().httpService()) || !z || !Global_config.switchs_sen) {
            return null;
        }
        if (!poc_scan_map.isEmpty() && poc_scan_map.get(valueOf) != null) {
            ConfigPanel.printDebug("扫描过的资产：" + String.valueOf(poc_scan_map));
            return null;
        }
        poc_scan_map.put(valueOf, "pocScan");
        new Thread(() -> {
            checkPoc(httpResponseReceived, str);
        }).start();
        return null;
    }

    public boolean isTarget(HttpService httpService) {
        String host = httpService.host();
        ConfigPanel.printDebug("switchs_black: " + Global_config.switchs_black);
        ConfigPanel.printDebug("switchs_white: " + Global_config.switchs_white);
        if (Global_config.switchs_black && new HashSet(Arrays.asList(Global_config.black_URL.split("\n"))).contains(host)) {
            ConfigPanel.printDebug(host + "黑名单指定不扫描，跳过～");
            return false;
        }
        if (!Global_config.switchs_white || !new HashSet(Arrays.asList(Global_config.white_URL.split("\n"))).contains(host)) {
            return true;
        }
        ConfigPanel.printDebug(host + "白名单扫描");
        return true;
    }

    public void checkPoc(HttpResponseReceived httpResponseReceived, String str) {
        for (Rules rules : loadAllRules()) {
            ConfigPanel.printDebug("Start checkPoc with poc: " + rules.name);
            String str2 = rules.expression;
            HttpRequest httpRequest = null;
            HttpRequestResponse httpRequestResponse = null;
            Set<String> extractRuleIds = extractRuleIds(str2);
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (Map.Entry<String, Rule> entry : rules.rules.entrySet()) {
                String key = entry.getKey();
                if (extractRuleIds.contains(key)) {
                    Rule value = entry.getValue();
                    httpRequest = buildRequest(value.request, httpResponseReceived);
                    try {
                        httpRequestResponse = this.api.http().sendRequest(httpRequest);
                        boolean evaluateExpression = evaluateExpression(value.expression, httpRequestResponse);
                        HashMap hashMap3 = new HashMap();
                        hashMap3.put(httpRequest, httpRequestResponse);
                        hashMap2.put(key, hashMap3);
                        hashMap.put(key, Boolean.valueOf(evaluateExpression));
                        if (evaluateExpression) {
                            ConfigPanel.printDebug("Rule " + key + " matched: " + value.expression);
                        } else {
                            ConfigPanel.printDebug("Rule " + key + " did not match: " + value.expression);
                        }
                    } finally {
                        ConfigPanel.printDebug("Finished checking rule: " + key);
                    }
                }
            }
            if (evaluateFinalExpression(str2, hashMap)) {
                ConfigPanel.printMsg("Vuln found!!! " + rules.name);
                LogTreeEntry logTreeEntry = new LogTreeEntry(new VulnEntry(FingerPANEL.count, str, httpRequest, httpRequestResponse, rules.name, rules.expression));
                for (Map.Entry entry2 : hashMap2.entrySet()) {
                    String str3 = (String) entry2.getKey();
                    Map map = (Map) entry2.getValue();
                    ConfigPanel.printDebug("Rule ID: " + str3);
                    int i = 0;
                    for (Map.Entry entry3 : map.entrySet()) {
                        logTreeEntry.addSubEntry(new LogTreeEntry(new VulnEntry(i, str, (HttpRequest) entry3.getKey(), (HttpRequestResponse) entry3.getValue(), "", "")));
                        i++;
                    }
                }
                VulnPanel.vulnTableModel.add(logTreeEntry);
                VulnPanel.vulnTableModel.fireTableDataChanged();
                FingerPANEL.count++;
            } else {
                ConfigPanel.printDebug("POC Failed for this rules:" + rules.name);
            }
        }
    }

    private Set<String> extractRuleIds(String str) {
        HashSet hashSet = new HashSet();
        Matcher matcher = Pattern.compile("(r\\d+)\\(\\)").matcher(str);
        while (matcher.find()) {
            hashSet.add(matcher.group(1));
        }
        return hashSet;
    }

    private boolean evaluateFinalExpression(String str, Map<String, Boolean> map) {
        for (Map.Entry<String, Boolean> entry : map.entrySet()) {
            str = str.replace(entry.getKey() + "()", entry.getValue().toString());
        }
        return evaluateBooleanExpression(str);
    }

    private boolean evaluateBooleanExpression(String str) {
        return Boolean.parseBoolean(evaluateCondition(str.replaceAll("\\s+", "")));
    }

    private String evaluateCondition(String str) {
        if (str.contains("||")) {
            for (String str2 : str.split("\\|\\|")) {
                if (Boolean.parseBoolean(evaluateCondition(str2))) {
                    return "true";
                }
            }
            return "false";
        }
        if (!str.contains("&&")) {
            return str;
        }
        for (String str3 : str.split("&&")) {
            if (!Boolean.parseBoolean(evaluateCondition(str3))) {
                return "false";
            }
        }
        return "true";
    }

    private HttpRequest buildRequest(Rule.Request request, HttpResponseReceived httpResponseReceived) {
        HttpRequest withHeader = HttpRequest.httpRequest().withService(httpResponseReceived.initiatingRequest().httpService()).withHeader(httpResponseReceived.initiatingRequest().header(HttpHeaders.HOST)).withMethod(request.method).withPath(request.path).withHeader(HttpHeader.httpHeader("User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.100 Safari/537.36"));
        Map<String, String> map = request.headers;
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                withHeader = withHeader.withHeader(HttpHeader.httpHeader(entry.getKey() + ": " + entry.getValue()));
            }
        }
        ConfigPanel.printDebug(String.valueOf(httpResponseReceived.initiatingRequest().header(HttpHeaders.HOST)) + " buildRequest start! ================================\n\n" + String.valueOf(withHeader));
        ConfigPanel.printDebug(String.valueOf(httpResponseReceived.initiatingRequest().header(HttpHeaders.HOST)) + " buildRequest over! ================================");
        return withHeader;
    }
}
