package burp;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Marker;
import burp.api.montoya.http.HttpService;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.logging.Logging;
import burp.api.montoya.scanner.audit.issues.AuditIssue;
import burp.api.montoya.scanner.audit.issues.AuditIssueConfidence;
import burp.api.montoya.scanner.audit.issues.AuditIssueDefinition;
import burp.api.montoya.scanner.audit.issues.AuditIssueSeverity;
import burp.api.montoya.utilities.Base64DecodingOptions;
import burp.api.montoya.utilities.Base64EncodingOptions;
import io.swagger.client.ApiException;
import io.swagger.client.model.BurpHttpService;
import io.swagger.client.model.BurpIssue;
import io.swagger.client.model.BurpIssueData;
import io.swagger.client.model.BurpIssueHost;
import io.swagger.client.model.BurpIssueRequest;
import io.swagger.client.model.BurpIssueRequestResponse;
import io.swagger.client.model.BurpIssueResponse;
import io.swagger.client.model.BurpMenu;
import io.swagger.client.model.BurpMenuType;
import io.swagger.client.model.BurpNotification;
import io.swagger.client.model.BurpNotifications;
import io.swagger.client.model.BurpTraffic;
import io.swagger.client.model.ExecuteBurpMenuResult;
import io.swagger.client.model.MatchPosition;
import java.awt.event.ActionEvent;
import java.util.ArrayList;
import java.util.List;
import java.util.UUID;
import javax.swing.AbstractAction;

/* loaded from: input_file:burp/VenariMenuAction.class */
public class VenariMenuAction extends AbstractAction {
    private static final long serialVersionUID = 1;
    private final RestClient restClient;
    private final Logging logging;
    private final String sessionID;
    private final MontoyaApi callbacks;
    private final BurpMenu menu;
    private final List<HttpRequestResponse> traffic;
    private final List<AuditIssue> issues;

    public VenariMenuAction(BurpMenu burpMenu, RestClient restClient, Logging logging, MontoyaApi montoyaApi, String str, List<HttpRequestResponse> list, List<AuditIssue> list2) {
        super(burpMenu.getName());
        this.menu = burpMenu;
        this.restClient = restClient;
        this.logging = logging;
        this.sessionID = str;
        this.callbacks = montoyaApi;
        this.traffic = list;
        this.issues = list2;
    }

    private boolean doesMenuNeedTraffic(BurpMenu burpMenu) {
        boolean z = false;
        try {
            z = burpMenu.isNeedTraffic().booleanValue();
        } catch (Exception e) {
        }
        return z;
    }

    private boolean doesMenuNeedIssues(BurpMenu burpMenu) {
        boolean z = false;
        try {
            z = burpMenu.isNeedIssue().booleanValue();
        } catch (Exception e) {
        }
        return z;
    }

    private ExecuteBurpMenuResult executeMenuIfPossible(BurpMenu burpMenu, String str) throws ApiException {
        boolean doesMenuNeedTraffic = doesMenuNeedTraffic(burpMenu);
        boolean doesMenuNeedIssues = doesMenuNeedIssues(burpMenu);
        if (doesMenuNeedTraffic || doesMenuNeedIssues) {
            return null;
        }
        String name = burpMenu.getName();
        ExecuteBurpMenuResult executeBurpMenu = this.restClient.executeBurpMenu(str, this.sessionID, burpMenu);
        if (executeBurpMenu == null) {
            this.logging.logToOutput("Unable to execute menu: " + name + ".  Unknown error.");
        }
        if (!executeBurpMenu.isSuccess().booleanValue()) {
            String errorMessage = executeBurpMenu.getErrorMessage();
            if (errorMessage == null || errorMessage.length() == 0) {
                this.logging.logToOutput("Unable to execute menu: " + name + ".  Unknown error.");
            } else {
                this.logging.logToOutput("Unable to execute menu: " + name + ". " + errorMessage);
            }
        }
        return executeBurpMenu;
    }

    private List<MatchPosition> createMatchPositionsFromMarkers(List<Marker> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null && list.size() > 0) {
            for (int i = 0; i < list.size(); i++) {
                Marker marker = list.get(i);
                MatchPosition matchPosition = new MatchPosition();
                matchPosition.index(Integer.valueOf(marker.range().startIndexInclusive()));
                matchPosition.length(Integer.valueOf(marker.range().endIndexExclusive() - marker.range().startIndexInclusive()));
                arrayList.add(matchPosition);
            }
        }
        if (arrayList.size() > 0) {
            return arrayList;
        }
        return null;
    }

    private BurpIssueData createBurpIssueFromAuditIssue(AuditIssue auditIssue, Logging logging) {
        BurpIssueData burpIssueData = new BurpIssueData();
        burpIssueData.name(auditIssue.name());
        burpIssueData.severity(auditIssue.severity().name());
        HttpService httpService = auditIssue.httpService();
        if (httpService != null) {
            BurpIssueHost burpIssueHost = new BurpIssueHost();
            String host = httpService.host();
            int port = httpService.port();
            String str = (httpService.secure() ? "https://" : "http://") + host;
            if (port != 80 && port != 443) {
                str = str + ":" + String.valueOf(port);
            }
            burpIssueHost.value(str);
            burpIssueData.host(burpIssueHost);
        }
        String detail = auditIssue.detail();
        if (detail != null && detail.length() > 0) {
            burpIssueData.issueDetail(detail);
        }
        String remediation = auditIssue.remediation();
        if (remediation != null && remediation.length() > 0) {
            burpIssueData.remediationDetail(remediation);
        }
        AuditIssueDefinition definition = auditIssue.definition();
        if (definition != null) {
            String background = definition.background();
            if ((background != null) & (background.length() > 0)) {
                burpIssueData.issueBackground(background);
            }
        }
        List<HttpRequestResponse> requestResponses = auditIssue.requestResponses();
        if (requestResponses != null && requestResponses.size() > 0) {
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < requestResponses.size(); i++) {
                HttpRequestResponse httpRequestResponse = requestResponses.get(i);
                String method = httpRequestResponse.request().method();
                String url = httpRequestResponse.request().url();
                String host2 = httpRequestResponse.httpService().host();
                int port2 = httpRequestResponse.httpService().port();
                String str2 = httpRequestResponse.httpService().secure() ? "https" : "http";
                logging.logToOutput("Sending to playground: (" + method + ") " + url);
                BurpTraffic burpTraffic = new BurpTraffic();
                burpTraffic.setBase64RequestBytes(this.callbacks.utilities().base64Utils().encodeToString(httpRequestResponse.request().toByteArray(), new Base64EncodingOptions[0]));
                ByteArray byteArray = httpRequestResponse.response().toByteArray();
                if (byteArray != null && byteArray.length() > 0) {
                    burpTraffic.setBase64ResponseBytes(this.callbacks.utilities().base64Utils().encodeToString(byteArray, new Base64EncodingOptions[0]));
                }
                BurpHttpService burpHttpService = new BurpHttpService();
                burpHttpService.setHost(host2);
                burpHttpService.setPort(Integer.valueOf(port2));
                burpHttpService.setScheme(str2);
                burpTraffic.setHttpService(burpHttpService);
                burpTraffic.setSessionID(this.sessionID);
                BurpIssueRequestResponse burpIssueRequestResponse = new BurpIssueRequestResponse();
                if (httpRequestResponse.request() != null) {
                    burpIssueRequestResponse.httpService(burpTraffic.getHttpService());
                    BurpIssueRequest burpIssueRequest = new BurpIssueRequest();
                    burpIssueRequest.isBase64(true);
                    burpIssueRequest.text(burpTraffic.getBase64RequestBytes());
                    burpIssueRequest.method(httpRequestResponse.request().method());
                    burpIssueRequestResponse.request(burpIssueRequest);
                    if (httpRequestResponse.response() != null) {
                        BurpIssueResponse burpIssueResponse = new BurpIssueResponse();
                        burpIssueResponse.isBase64(true);
                        burpIssueResponse.text(burpTraffic.getBase64ResponseBytes());
                        burpIssueRequestResponse.response(burpIssueResponse);
                    }
                }
                burpIssueRequestResponse.setRequestMarkers(createMatchPositionsFromMarkers(httpRequestResponse.requestMarkers()));
                burpIssueRequestResponse.setResponseMarkers(createMatchPositionsFromMarkers(httpRequestResponse.responseMarkers()));
                arrayList.add(burpIssueRequestResponse);
            }
            if (arrayList.size() > 0) {
                burpIssueData.requestResponses(arrayList);
            }
        }
        return burpIssueData;
    }

    private AuditIssueSeverity convertSeverityFromString(String str) {
        return (str.toLowerCase().contains("critical") || str.toLowerCase().contains("high")) ? AuditIssueSeverity.HIGH : str.toLowerCase().contains("medium") ? AuditIssueSeverity.MEDIUM : str.toLowerCase().contains("low") ? AuditIssueSeverity.LOW : AuditIssueSeverity.INFORMATION;
    }

    private AuditIssueConfidence convertConfidenceFromString(String str) {
        return str == "Tentative" ? AuditIssueConfidence.TENTATIVE : AuditIssueConfidence.CERTAIN;
    }

    private HttpRequestResponse convertToRequestResponse(BurpTraffic burpTraffic) {
        Boolean bool = false;
        if (burpTraffic.getHttpService().getScheme().startsWith("https")) {
            bool = true;
        }
        HttpService httpService = HttpService.httpService(burpTraffic.getHttpService().getHost(), burpTraffic.getHttpService().getPort().intValue(), bool.booleanValue());
        ByteArray decode = this.callbacks.utilities().base64Utils().decode(burpTraffic.getBase64RequestBytes(), new Base64DecodingOptions[0]);
        ByteArray decode2 = this.callbacks.utilities().base64Utils().decode(burpTraffic.getBase64ResponseBytes(), new Base64DecodingOptions[0]);
        HttpRequest httpRequest = HttpRequest.httpRequest(httpService, decode);
        HttpResponse httpResponse = HttpResponse.httpResponse(decode2);
        List<MatchPosition> requestMatches = burpTraffic.getRequestMatches();
        List<Marker> list = null;
        if (requestMatches != null && requestMatches.size() > 0) {
            list = convertToMarkers(requestMatches);
        }
        List<MatchPosition> responseMatches = burpTraffic.getResponseMatches();
        List<Marker> list2 = null;
        if (responseMatches != null && responseMatches.size() > 0) {
            list2 = convertToMarkers(responseMatches);
        }
        HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest, httpResponse);
        if (list != null) {
            httpRequestResponse = httpRequestResponse.withRequestMarkers(list);
        }
        if (list2 != null) {
            httpRequestResponse = httpRequestResponse.withResponseMarkers(list2);
        }
        return httpRequestResponse;
    }

    private List<Marker> convertToMarkers(List<MatchPosition> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null && list.size() > 0) {
            for (int i = 0; i < list.size(); i++) {
                MatchPosition matchPosition = list.get(i);
                arrayList.add(Marker.marker(matchPosition.getIndex().intValue(), matchPosition.getIndex().intValue() + matchPosition.getLength().intValue()));
            }
        }
        return arrayList.size() > 0 ? arrayList : null;
    }

    public void actionPerformed(ActionEvent actionEvent) {
        BurpNotifications burpNotifications;
        String str;
        String name = this.menu.getName();
        String applicationName = this.menu.getApplicationName();
        if (applicationName != null && applicationName.length() > 0) {
            name = "[" + applicationName + "]" + name;
        }
        try {
            this.logging.logToOutput("Executing Venari menu: " + name);
            final String venariToken = BurpExtender.getVenariToken(this.logging);
            if (venariToken != null && !venariToken.isEmpty()) {
                boolean z = true;
                final ExecuteBurpMenuResult executeMenuIfPossible = executeMenuIfPossible(this.menu, venariToken);
                if (doesMenuNeedTraffic(this.menu)) {
                    if (this.traffic == null || this.traffic.size() == 0) {
                        this.logging.logToOutput("Unable to execute menu: " + name + ". No HTTP traffic selected.");
                        z = false;
                    } else {
                        this.logging.logToOutput("Invoking asynchronous menu " + name + "...");
                    }
                } else if (doesMenuNeedIssues(this.menu)) {
                    if (this.issues == null || this.issues.size() == 0) {
                        this.logging.logToOutput("Unable to execute menu: " + name + ". No issues selected.");
                        z = false;
                    } else {
                        this.logging.logToOutput("Invoking asynchronous menu " + name + "...");
                    }
                } else if (executeMenuIfPossible == null || !executeMenuIfPossible.isSuccess().booleanValue()) {
                    z = false;
                }
                if (z) {
                    if (this.menu.getType() == BurpMenuType.NUMBER_1) {
                        this.logging.logToOutput("Started Venari scan for " + name + "...");
                        str = "Finished Venari scan for " + name + ".";
                        burpNotifications = null;
                    } else if (this.menu.getType() == BurpMenuType.NUMBER_2) {
                        this.logging.logToOutput("Getting site map for " + name + "...");
                        burpNotifications = new BurpNotifications();
                        burpNotifications.setIsComplete(true);
                        burpNotifications.setChanges(executeMenuIfPossible.getResultIds());
                        str = "Finished getting site map for " + name + ".";
                    } else if (this.menu.getType() == BurpMenuType.NUMBER_3) {
                        this.logging.logToOutput("Getting issues for " + name + "...");
                        burpNotifications = new BurpNotifications();
                        burpNotifications.setIsComplete(true);
                        burpNotifications.setChanges(executeMenuIfPossible.getResultIds());
                        str = "Finished getting issues for " + name + ".";
                    } else if (this.menu.getType() == BurpMenuType.NUMBER_4) {
                        this.logging.logToOutput("Getting scan for " + name + "...");
                        burpNotifications = new BurpNotifications();
                        burpNotifications.setIsComplete(true);
                        burpNotifications.setChanges(executeMenuIfPossible.getResultIds());
                        str = "Finished scan for " + name + ".";
                    } else {
                        burpNotifications = null;
                        str = "";
                    }
                    final BurpNotifications burpNotifications2 = burpNotifications;
                    final String str2 = str;
                    new Thread(new Runnable() { // from class: burp.VenariMenuAction.1
                        @Override // java.lang.Runnable
                        public void run() {
                            List<BurpNotification> changes;
                            Boolean bool = true;
                            Integer num = 0;
                            while (true) {
                                if (!bool.booleanValue()) {
                                    break;
                                }
                                try {
                                } catch (Exception e) {
                                    VenariMenuAction.this.logging.logToOutput("Error retrieving Venari notifications. " + e.getMessage());
                                    num = Integer.valueOf(num.intValue() + 1);
                                }
                                if (VenariMenuAction.this.menu.getType() == BurpMenuType.NUMBER_5) {
                                    for (int i = 0; i < VenariMenuAction.this.traffic.size(); i++) {
                                        HttpRequestResponse httpRequestResponse = VenariMenuAction.this.traffic.get(i);
                                        String method = httpRequestResponse.request().method();
                                        String url = httpRequestResponse.request().url();
                                        String host = httpRequestResponse.httpService().host();
                                        int port = httpRequestResponse.httpService().port();
                                        String str3 = httpRequestResponse.httpService().secure() ? "https" : "http";
                                        VenariMenuAction.this.logging.logToOutput("Sending to playground: (" + method + ") " + url);
                                        BurpTraffic burpTraffic = new BurpTraffic();
                                        burpTraffic.setBase64RequestBytes(VenariMenuAction.this.callbacks.utilities().base64Utils().encodeToString(httpRequestResponse.request().toByteArray(), new Base64EncodingOptions[0]));
                                        ByteArray byteArray = httpRequestResponse.response().toByteArray();
                                        if (byteArray != null && byteArray.length() > 0) {
                                            burpTraffic.setBase64ResponseBytes(VenariMenuAction.this.callbacks.utilities().base64Utils().encodeToString(byteArray, new Base64EncodingOptions[0]));
                                        }
                                        BurpHttpService burpHttpService = new BurpHttpService();
                                        burpHttpService.setHost(host);
                                        burpHttpService.setPort(Integer.valueOf(port));
                                        burpHttpService.setScheme(str3);
                                        burpTraffic.setHttpService(burpHttpService);
                                        burpTraffic.setSessionID(VenariMenuAction.this.sessionID);
                                        ArrayList arrayList = new ArrayList();
                                        arrayList.add(burpTraffic);
                                        VenariMenuAction.this.restClient.setBurpTraffic(venariToken, arrayList);
                                        VenariMenuAction.this.restClient.executeBurpMenu(venariToken, VenariMenuAction.this.sessionID, VenariMenuAction.this.menu);
                                    }
                                } else if (VenariMenuAction.this.menu.getType() == BurpMenuType.NUMBER_6) {
                                    for (int i2 = 0; i2 < VenariMenuAction.this.issues.size(); i2++) {
                                        AuditIssue auditIssue = VenariMenuAction.this.issues.get(i2);
                                        BurpIssueData createBurpIssueFromAuditIssue = VenariMenuAction.this.createBurpIssueFromAuditIssue(auditIssue, VenariMenuAction.this.logging);
                                        VenariMenuAction.this.logging.logToOutput("Sending to issue to Venari: " + auditIssue.name());
                                        ArrayList arrayList2 = new ArrayList();
                                        arrayList2.add(createBurpIssueFromAuditIssue);
                                        VenariMenuAction.this.restClient.setBurpIssues(venariToken, VenariMenuAction.this.sessionID, arrayList2);
                                        VenariMenuAction.this.restClient.executeBurpMenu(venariToken, VenariMenuAction.this.sessionID, VenariMenuAction.this.menu);
                                    }
                                } else {
                                    if (executeMenuIfPossible == null) {
                                        break;
                                    }
                                    BurpNotifications burpNotifications3 = burpNotifications2 == null ? VenariMenuAction.this.restClient.getBurpNotifications(venariToken, VenariMenuAction.this.sessionID) : burpNotifications2;
                                    if (burpNotifications3 == null || burpNotifications3.isIsComplete().booleanValue()) {
                                        bool = false;
                                    }
                                    if (burpNotifications3 != null && (changes = burpNotifications3.getChanges()) != null && changes.size() > 0) {
                                        for (int i3 = 0; i3 < changes.size(); i3++) {
                                            BurpNotification burpNotification = changes.get(i3);
                                            UUID scanID = VenariMenuAction.this.menu.getScanID();
                                            if (scanID == null || scanID == UUID.fromString("00000000-0000-0000-0000-000000000000")) {
                                                scanID = executeMenuIfPossible.getScanID();
                                            }
                                            if (burpNotification.getType() == BurpNotification.TypeEnum.NUMBER_0) {
                                                List<BurpTraffic> burpTraffic2 = VenariMenuAction.this.restClient.getBurpTraffic(venariToken, VenariMenuAction.this.sessionID, burpNotification.getID(), scanID);
                                                if (burpTraffic2 != null && burpTraffic2.size() > 0) {
                                                    for (int i4 = 0; i4 < burpTraffic2.size(); i4++) {
                                                        HttpRequestResponse convertToRequestResponse = VenariMenuAction.this.convertToRequestResponse(burpTraffic2.get(i4));
                                                        VenariMenuAction.this.logging.logToOutput("Adding to site map: (" + convertToRequestResponse.request().method() + ") " + convertToRequestResponse.request().url());
                                                        VenariMenuAction.this.callbacks.siteMap().add(convertToRequestResponse);
                                                    }
                                                }
                                            } else if (burpNotification.getType() == BurpNotification.TypeEnum.NUMBER_1) {
                                                String applicationName2 = VenariMenuAction.this.menu.getApplicationName();
                                                if (applicationName2 == null || applicationName2.length() == 0) {
                                                    applicationName2 = VenariMenuAction.this.menu.getName();
                                                }
                                                BurpIssue burpIssue = VenariMenuAction.this.restClient.getBurpIssue(venariToken, VenariMenuAction.this.sessionID, burpNotification.getID(), applicationName2, scanID);
                                                if (burpIssue != null) {
                                                    ArrayList arrayList3 = new ArrayList();
                                                    List<BurpTraffic> traffic = burpIssue.getTraffic();
                                                    if (traffic != null && traffic.size() > 0) {
                                                        for (int i5 = 0; i5 < traffic.size(); i5++) {
                                                            arrayList3.add(VenariMenuAction.this.convertToRequestResponse(traffic.get(i5)));
                                                        }
                                                    }
                                                    AuditIssueSeverity convertSeverityFromString = VenariMenuAction.this.convertSeverityFromString(burpIssue.getSeverity());
                                                    AuditIssue auditIssue2 = AuditIssue.auditIssue(burpIssue.getName(), burpIssue.getDescription(), (String) null, burpIssue.getUrl(), convertSeverityFromString, VenariMenuAction.this.convertConfidenceFromString(burpIssue.getConfidence()), (String) null, (String) null, convertSeverityFromString, arrayList3);
                                                    VenariMenuAction.this.logging.logToOutput("Found issue: " + auditIssue2.name() + " Severity: '" + burpIssue.getSeverity() + "'");
                                                    List<HttpRequestResponse> requestResponses = auditIssue2.requestResponses();
                                                    if (requestResponses != null && requestResponses.size() > 0) {
                                                        VenariMenuAction.this.logging.logToOutput("Issue locations:");
                                                        for (int i6 = 0; i6 < requestResponses.size(); i6++) {
                                                            HttpRequestResponse httpRequestResponse2 = requestResponses.get(i6);
                                                            VenariMenuAction.this.logging.logToOutput("  (" + httpRequestResponse2.request().method() + ") " + httpRequestResponse2.request().url());
                                                        }
                                                    }
                                                    VenariMenuAction.this.callbacks.siteMap().add(auditIssue2);
                                                }
                                            }
                                        }
                                    }
                                    try {
                                        Thread.sleep(2000L);
                                    } catch (Exception e2) {
                                        VenariMenuAction.this.logging.logToOutput("Thread sleep failed. " + e2.toString());
                                    }
                                    if (num.intValue() > 10) {
                                        bool = false;
                                    }
                                }
                            }
                            VenariMenuAction.this.logging.logToOutput(str2);
                        }
                    }).start();
                }
            }
        } catch (Exception e) {
            this.logging.logToOutput("Unable to execute Venari menu " + name + ". " + e.toString());
        }
    }
}
