package org.zaproxy.addon.spider.parser;

import java.io.ByteArrayInputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import net.htmlparser.jericho.Element;
import org.apache.logging.log4j.LogManager;
import org.parosproxy.paros.network.HttpMessage;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXParseException;
import org.zaproxy.zap.utils.XmlUtils;

/* loaded from: input_file:org/zaproxy/addon/spider/parser/SvgHrefParser.class */
public class SvgHrefParser extends SpiderParser {
    private static final String HREF_EXPRESSION = "//*[@href or @HREF]";
    private static final String SVG_TAG = "SVG";
    private static final String IMAGE_TAG = "IMAGE";
    private static XPathExpression xpathHrefExpression;
    private static DocumentBuilder documentBuilder;
    private static final Pattern PATTERN_SVG_EXTENSION = Pattern.compile("\\.svg\\z", 2);
    private static final String[] ATTRIBUTE_NAMES = {"href", "HREF", "xlink:href", "XLINK:HREF"};

    @Override // org.zaproxy.addon.spider.parser.SpiderParser
    public boolean parseResource(ParseContext parseContext) {
        getLogger().debug("SVG Spider attempting to parse {}", parseContext.getBaseUrl());
        HttpMessage httpMessage = parseContext.getHttpMessage();
        if (!isSvg(httpMessage)) {
            if (containsSvg(parseContext)) {
                return processSvgElements(parseContext, parseContext.getSource().getAllElements(SVG_TAG));
            }
            return false;
        }
        try {
            synchronized (documentBuilder) {
                NodeList nodeList = (NodeList) xpathHrefExpression.evaluate(documentBuilder.parse(new InputSource(new ByteArrayInputStream(httpMessage.getResponseBody().getBytes()))), XPathConstants.NODESET);
                if (nodeList.getLength() <= 0) {
                    return false;
                }
                processNodeList(parseContext, nodeList, parseContext.getBaseUrl());
                return true;
            }
        } catch (SAXParseException e) {
            if (e.getMessage().contains("DOCTYPE is disallowed")) {
                getLogger().debug("Skipping {} due to XXE safety and DOCTYPE declaration present.", parseContext.getBaseUrl());
                return false;
            }
            getLogger().warn("An error occurred trying to parse {}", parseContext.getBaseUrl(), e);
            return false;
        } catch (Exception e2) {
            getLogger().warn("An error occurred trying to parse {}", parseContext.getBaseUrl(), e2);
            return false;
        }
    }

    private boolean processSvgElements(ParseContext parseContext, List<Element> list) {
        if (list.isEmpty()) {
            return false;
        }
        String baseUrl = parseContext.getBaseUrl();
        Element firstElement = parseContext.getSource().getFirstElement("base");
        if (firstElement != null) {
            getLogger().debug("Base tag was found in HTML: {}", firstElement.getDebugInfo());
            String attributeValue = firstElement.getAttributeValue("href");
            if (attributeValue != null && !attributeValue.isEmpty()) {
                baseUrl = getCanonicalUrl(parseContext, attributeValue, baseUrl);
            }
        }
        return processSvgTags(parseContext, baseUrl, list, IMAGE_TAG) || processSvgTags(parseContext, baseUrl, list, "script");
    }

    private boolean processSvgTags(ParseContext parseContext, String str, List<Element> list, String str2) {
        boolean z = false;
        Iterator<Element> it = list.iterator();
        while (it.hasNext()) {
            for (Element element : it.next().getAllElements(str2)) {
                String[] strArr = ATTRIBUTE_NAMES;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String attributeValue = element.getAttributeValue(strArr[i]);
                    if (attributeValue != null && !attributeValue.isEmpty()) {
                        processUrl(parseContext, attributeValue, str);
                        z = true;
                        break;
                    }
                    i++;
                }
            }
        }
        return z;
    }

    private void processNodeList(ParseContext parseContext, NodeList nodeList, String str) {
        getLogger().debug("Identified {} nodes with href attribute from: {}", Integer.valueOf(nodeList.getLength()), str);
        for (int i = 0; i < nodeList.getLength(); i++) {
            String extractUrl = extractUrl(nodeList.item(i));
            if (!extractUrl.isEmpty()) {
                URI uri = null;
                try {
                    uri = new URI(str).resolve(extractUrl);
                } catch (URISyntaxException e) {
                    getLogger().warn("Failed to resolve extracted URL: {} against base URL: {}", extractUrl, parseContext.getBaseUrl());
                }
                getLogger().debug("Resolved URL: {} from: {}", uri, parseContext.getBaseUrl());
                if (uri != null && uri.isAbsolute()) {
                    processUrl(parseContext, extractUrl);
                }
            }
        }
    }

    private static String extractUrl(Node node) {
        String str = "";
        for (String str2 : ATTRIBUTE_NAMES) {
            try {
                str = node.getAttributes().getNamedItem(str2).getNodeValue();
            } catch (NullPointerException e) {
            }
            if (!str.isEmpty()) {
                break;
            }
        }
        return str;
    }

    @Override // org.zaproxy.addon.spider.parser.SpiderParser
    public boolean canParseResource(ParseContext parseContext, boolean z) {
        return isSvg(parseContext.getHttpMessage()) || containsSvg(parseContext);
    }

    private static boolean containsSvg(ParseContext parseContext) {
        return parseContext.getHttpMessage().getResponseHeader().isHtml() && parseContext.getSource().getFirstElement(SVG_TAG) != null;
    }

    private static boolean isSvg(HttpMessage httpMessage) {
        if (httpMessage.getResponseHeader().hasContentType(new String[]{"svg"})) {
            return true;
        }
        String escapedPath = httpMessage.getRequestHeader().getURI().getEscapedPath();
        if (escapedPath != null) {
            return PATTERN_SVG_EXTENSION.matcher(escapedPath).find();
        }
        return false;
    }

    static {
        try {
            xpathHrefExpression = XPathFactory.newInstance().newXPath().compile(HREF_EXPRESSION);
        } catch (XPathExpressionException e) {
            LogManager.getLogger(SvgHrefParser.class).error(e);
        }
        try {
            documentBuilder = XmlUtils.newXxeDisabledDocumentBuilderFactory().newDocumentBuilder();
        } catch (ParserConfigurationException e2) {
            LogManager.getLogger(SvgHrefParser.class).warn("An error occurred while getting the DocumentBuilder", e2);
        }
    }
}
