package org.owasp.validator.html.scan;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.Queue;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.batik.css.parser.ParseException;
import org.apache.xerces.dom.DocumentImpl;
import org.cyberneko.html.parsers.DOMFragmentParser;
import org.owasp.validator.css.CssScanner;
import org.owasp.validator.css.ExternalCssScanner;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.owasp.validator.html.model.Attribute;
import org.owasp.validator.html.model.Tag;
import org.owasp.validator.html.util.ErrorMessageUtil;
import org.owasp.validator.html.util.HTMLEntityEncoder;
import org.w3c.dom.Comment;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.ProcessingInstruction;
import org.w3c.dom.Text;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;

/* loaded from: input_file:org/owasp/validator/html/scan/AntiSamyDOMScanner.class */
public class AntiSamyDOMScanner extends AbstractAntiSamyScanner {
    private Document document;
    private DocumentFragment dom;
    private CleanResults results;
    private static final int maxDepth = 250;
    private static final Pattern invalidXmlCharacters = Pattern.compile("[\\u0000-\\u001F\\uD800-\\uDFFF\\uFFFE-\\uFFFF&&[^\\u0009\\u000A\\u000D]]");
    private static final Pattern conditionalDirectives = Pattern.compile("<?!?\\[\\s*(?:end)?if[^]]*\\]>?");
    private static final Queue<CachedItem> cachedItems = new ConcurrentLinkedQueue();

    /* loaded from: input_file:org/owasp/validator/html/scan/AntiSamyDOMScanner$CachedItem.class */
    static class CachedItem {
        private final Matcher invalidXmlCharMatcher = AntiSamyDOMScanner.invalidXmlCharacters.matcher("");
        private final DOMFragmentParser parser = AntiSamyDOMScanner.getDomParser();

        CachedItem() throws SAXNotSupportedException, SAXNotRecognizedException {
        }

        DOMFragmentParser getDomFragmentParser() {
            return this.parser;
        }
    }

    public AntiSamyDOMScanner(Policy policy) {
        super(policy);
        this.document = new DocumentImpl();
        this.dom = this.document.createDocumentFragment();
        this.results = null;
    }

    public AntiSamyDOMScanner() throws PolicyException {
        this.document = new DocumentImpl();
        this.dom = this.document.createDocumentFragment();
        this.results = null;
    }

    @Override // org.owasp.validator.html.scan.AbstractAntiSamyScanner
    public CleanResults scan(String str) throws ScanException {
        if (str == null) {
            throw new ScanException(new NullPointerException("Null input"));
        }
        this.errorMessages.clear();
        int maxInputSize = this.policy.getMaxInputSize();
        if (maxInputSize < str.length()) {
            addError(ErrorMessageUtil.ERROR_INPUT_SIZE, new Object[]{Integer.valueOf(str.length()), Integer.valueOf(maxInputSize)});
            throw new ScanException(this.errorMessages.get(0));
        }
        this.isNofollowAnchors = this.policy.isNofollowAnchors();
        this.isValidateParamAsEmbed = this.policy.isValidateParamAsEmbed();
        long currentTimeMillis = System.currentTimeMillis();
        try {
            CachedItem poll = cachedItems.poll();
            if (poll == null) {
                poll = new CachedItem();
            }
            String stripNonValidXMLCharacters = stripNonValidXMLCharacters(str, poll.invalidXmlCharMatcher);
            try {
                poll.getDomFragmentParser().parse(new InputSource(new StringReader(stripNonValidXMLCharacters)), this.dom);
                processChildren(this.dom, 0);
                StringWriter stringWriter = new StringWriter();
                getHTMLSerializer(stringWriter, getOutputFormat()).serialize(this.dom);
                final String trim = trim(stripNonValidXMLCharacters, stringWriter.getBuffer().toString());
                this.results = new CleanResults(currentTimeMillis, new Callable<String>() { // from class: org.owasp.validator.html.scan.AntiSamyDOMScanner.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public String call() throws Exception {
                        return trim;
                    }
                }, this.dom, this.errorMessages);
                cachedItems.add(poll);
                return this.results;
            } catch (Exception e) {
                throw new ScanException(e);
            }
        } catch (IOException e2) {
            throw new ScanException(e2);
        } catch (SAXException e3) {
            throw new ScanException(e3);
        }
    }

    static DOMFragmentParser getDomParser() throws SAXNotRecognizedException, SAXNotSupportedException {
        DOMFragmentParser dOMFragmentParser = new DOMFragmentParser();
        dOMFragmentParser.setProperty("http://cyberneko.org/html/properties/names/elems", "lower");
        dOMFragmentParser.setFeature("http://cyberneko.org/html/features/scanner/style/strip-cdata-delims", false);
        dOMFragmentParser.setFeature("http://cyberneko.org/html/features/scanner/cdata-sections", true);
        try {
            dOMFragmentParser.setFeature("http://cyberneko.org/html/features/enforce-strict-attribute-names", true);
        } catch (SAXNotRecognizedException e) {
        }
        return dOMFragmentParser;
    }

    private void recursiveValidateTag(Node node, int i) throws ScanException {
        int i2 = i + 1;
        if (i2 > maxDepth) {
            throw new ScanException("Too many nested tags");
        }
        if (node instanceof Comment) {
            processCommentNode(node);
            return;
        }
        boolean z = node instanceof Element;
        NodeList childNodes = node.getChildNodes();
        if (z && childNodes.getLength() == 0 && removeDisallowedEmpty(node)) {
            return;
        }
        if ((node instanceof Text) && 4 == node.getNodeType()) {
            stripCData(node);
            return;
        }
        if (node instanceof ProcessingInstruction) {
            removePI(node);
        }
        if (z) {
            Element element = (Element) node;
            Node parentNode = element.getParentNode();
            String nodeName = element.getNodeName();
            String lowerCase = nodeName.toLowerCase();
            Tag tagByLowercaseName = this.policy.getTagByLowercaseName(lowerCase);
            Tag embedTag = this.policy.getEmbedTag();
            boolean isMasqueradingParam = isMasqueradingParam(tagByLowercaseName, embedTag, lowerCase);
            if (isMasqueradingParam) {
                tagByLowercaseName = Constants.BASIC_PARAM_TAG_RULE;
            }
            if ((tagByLowercaseName == null && this.policy.isEncodeUnknownTag()) || (tagByLowercaseName != null && tagByLowercaseName.isAction("encode"))) {
                encodeTag(i2, element, nodeName, childNodes);
                return;
            }
            if (tagByLowercaseName == null || tagByLowercaseName.isAction(Policy.ACTION_FILTER)) {
                actionFilter(i2, element, nodeName, tagByLowercaseName, childNodes);
                return;
            }
            if (tagByLowercaseName.isAction(Policy.ACTION_VALIDATE)) {
                actionValidate(i2, element, parentNode, nodeName, lowerCase, tagByLowercaseName, isMasqueradingParam, embedTag, childNodes);
            } else if (tagByLowercaseName.isAction(Policy.ACTION_TRUNCATE)) {
                actionTruncate(element, nodeName, childNodes);
            } else {
                addError(ErrorMessageUtil.ERROR_TAG_DISALLOWED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(nodeName)});
                removeNode(element);
            }
        }
    }

    private boolean isMasqueradingParam(Tag tag, Tag tag2, String str) {
        return tag == null && this.isValidateParamAsEmbed && "param".equals(str) && tag2 != null && tag2.isAction(Policy.ACTION_VALIDATE);
    }

    private void encodeTag(int i, Element element, String str, NodeList nodeList) throws ScanException {
        addError(ErrorMessageUtil.ERROR_TAG_ENCODED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(str)});
        processChildren(nodeList, i);
        encodeAndPromoteChildren(element);
    }

    private void actionFilter(int i, Element element, String str, Tag tag, NodeList nodeList) throws ScanException {
        if (tag == null) {
            addError(ErrorMessageUtil.ERROR_TAG_NOT_IN_POLICY, new Object[]{HTMLEntityEncoder.htmlEntityEncode(str)});
        } else {
            addError(ErrorMessageUtil.ERROR_TAG_FILTERED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(str)});
        }
        processChildren(nodeList, i);
        promoteChildren(element);
    }

    private void actionValidate(int i, Element element, Node node, String str, String str2, Tag tag, boolean z, Tag tag2, NodeList nodeList) throws ScanException {
        String str3 = null;
        if (z) {
            str3 = element.getAttribute("name");
            if (str3 != null && !"".equals(str3)) {
                element.setAttribute(str3, element.getAttribute("value"));
                element.removeAttribute("name");
                element.removeAttribute("value");
                tag = tag2;
            }
        }
        if (("style".equals(str2) && this.policy.getStyleTag() != null && processStyleTag(element, node)) || processAttributes(element, str, tag, i)) {
            return;
        }
        if (this.isNofollowAnchors && "a".equals(str2)) {
            element.setAttribute("rel", "nofollow");
        }
        processChildren(nodeList, i);
        if (!z || str3 == null || "".equals(str3)) {
            return;
        }
        String attribute = element.getAttribute(str3);
        element.setAttribute("name", str3);
        element.setAttribute("value", attribute);
        element.removeAttribute(str3);
    }

    private boolean processStyleTag(Element element, Node node) {
        CssScanner externalCssScanner = this.policy.isEmbedStyleSheets() ? new ExternalCssScanner(this.policy, messages) : new CssScanner(this.policy, messages);
        try {
            Node firstChild = element.getFirstChild();
            if (firstChild != null) {
                CleanResults scanStyleSheet = externalCssScanner.scanStyleSheet(firstChild.getNodeValue(), this.policy.getMaxInputSize());
                this.errorMessages.addAll(scanStyleSheet.getErrorMessages());
                String cleanHTML = scanStyleSheet.getCleanHTML();
                if (cleanHTML == null || cleanHTML.equals("")) {
                    firstChild.setNodeValue("/* */");
                } else {
                    firstChild.setNodeValue(cleanHTML);
                }
            }
            return false;
        } catch (NumberFormatException e) {
            addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(element.getFirstChild().getNodeValue())});
            node.removeChild(element);
            return true;
        } catch (ScanException e2) {
            addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(element.getFirstChild().getNodeValue())});
            node.removeChild(element);
            return true;
        } catch (DOMException e3) {
            addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(element.getFirstChild().getNodeValue())});
            node.removeChild(element);
            return true;
        } catch (ParseException e4) {
            addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(element.getFirstChild().getNodeValue())});
            node.removeChild(element);
            return true;
        }
    }

    private void actionTruncate(Element element, String str, NodeList nodeList) {
        NamedNodeMap attributes = element.getAttributes();
        while (attributes.getLength() > 0) {
            addError(ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(attributes.item(0).getNodeName())});
            element.removeAttribute(attributes.item(0).getNodeName());
        }
        int i = 0;
        int length = nodeList.getLength();
        for (int i2 = 0; i2 < length; i2++) {
            Node item = nodeList.item(i);
            if (item.getNodeType() != 3) {
                element.removeChild(item);
            } else {
                i++;
            }
        }
    }

    private boolean processAttributes(Element element, String str, Tag tag, int i) throws ScanException {
        NamedNodeMap attributes = element.getAttributes();
        int i2 = 0;
        while (i2 < attributes.getLength()) {
            Node item = attributes.item(i2);
            String nodeName = item.getNodeName();
            String nodeValue = item.getNodeValue();
            Attribute attributeByName = tag.getAttributeByName(nodeName.toLowerCase());
            if (attributeByName == null) {
                attributeByName = this.policy.getGlobalAttributeByName(nodeName);
            }
            boolean z = false;
            if ("style".equals(nodeName.toLowerCase()) && attributeByName != null) {
                try {
                    CleanResults scanInlineStyle = new CssScanner(this.policy, messages).scanInlineStyle(nodeValue, str, this.policy.getMaxInputSize());
                    item.setNodeValue(scanInlineStyle.getCleanHTML());
                    this.errorMessages.addAll(scanInlineStyle.getErrorMessages());
                } catch (ScanException e) {
                    addError(ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(element.getNodeValue())});
                    element.removeAttribute(item.getNodeName());
                    i2--;
                } catch (DOMException e2) {
                    addError(ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(element.getNodeValue())});
                    element.removeAttribute(item.getNodeName());
                    i2--;
                }
            } else if (attributeByName != null) {
                if (attributeByName.containsAllowedValue(nodeValue.toLowerCase())) {
                    z = true;
                }
                if (attributeByName.matchesAllowedExpression(nodeValue)) {
                    z = true;
                }
                if (z) {
                    continue;
                } else {
                    String onInvalid = attributeByName.getOnInvalid();
                    if ("removeTag".equals(onInvalid)) {
                        removeNode(element);
                        addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID_REMOVED, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(nodeName), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                        return true;
                    }
                    if ("filterTag".equals(onInvalid)) {
                        processChildren(element, i);
                        promoteChildren(element);
                        addError("error.attribute.invalid.filtered", new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(nodeName), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                    } else if ("encodeTag".equals(onInvalid)) {
                        processChildren(element, i);
                        encodeAndPromoteChildren(element);
                        addError(ErrorMessageUtil.ERROR_ATTRIBUTE_CAUSE_ENCODE, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(nodeName), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                    } else {
                        element.removeAttribute(item.getNodeName());
                        i2--;
                        addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(nodeName), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                        if ("removeTag".equals(onInvalid) || "filterTag".equals(onInvalid)) {
                            return true;
                        }
                    }
                }
            } else {
                addError(ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY, new Object[]{str, HTMLEntityEncoder.htmlEntityEncode(nodeName), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                element.removeAttribute(item.getNodeName());
                i2--;
            }
            i2++;
        }
        return false;
    }

    private void processChildren(Node node, int i) throws ScanException {
        processChildren(node.getChildNodes(), i);
    }

    private void processChildren(NodeList nodeList, int i) throws ScanException {
        int i2 = 0;
        while (i2 < nodeList.getLength()) {
            Node item = nodeList.item(i2);
            recursiveValidateTag(item, i);
            if (item.getParentNode() == null) {
                i2--;
            }
            i2++;
        }
    }

    private void removePI(Node node) {
        addError(ErrorMessageUtil.ERROR_PI_FOUND, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getTextContent())});
        removeNode(node);
        node.getParentNode().removeChild(node);
    }

    private void stripCData(Node node) {
        addError(ErrorMessageUtil.ERROR_CDATA_FOUND, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getTextContent())});
        node.getParentNode().insertBefore(this.document.createTextNode(node.getTextContent()), node);
        node.getParentNode().removeChild(node);
    }

    private void processCommentNode(Node node) {
        if (!this.policy.isPreserveComments()) {
            node.getParentNode().removeChild(node);
            return;
        }
        String data = ((Comment) node).getData();
        if (data != null) {
            ((Comment) node).setData(conditionalDirectives.matcher(data).replaceAll(""));
        }
    }

    private boolean removeDisallowedEmpty(Node node) {
        if (isAllowedEmptyTag(node.getNodeName())) {
            return false;
        }
        addError(ErrorMessageUtil.ERROR_TAG_EMPTY, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getNodeName())});
        removeNode(node);
        return true;
    }

    private void removeNode(Node node) {
        Node parentNode = node.getParentNode();
        parentNode.removeChild(node);
        String nodeName = parentNode.getNodeName();
        if ((parentNode instanceof Element) && parentNode.getChildNodes().getLength() == 0 && !isAllowedEmptyTag(nodeName)) {
            removeNode(parentNode);
        }
    }

    private boolean isAllowedEmptyTag(String str) {
        return "head".equals(str) || this.policy.getAllowedEmptyTags().matches(str);
    }

    public static void main(String[] strArr) throws PolicyException {
    }

    private void promoteChildren(Element element) {
        promoteChildren(element, element.getChildNodes());
    }

    private void promoteChildren(Element element, NodeList nodeList) {
        Node parentNode = element.getParentNode();
        while (nodeList.getLength() > 0) {
            parentNode.insertBefore(element.removeChild(nodeList.item(0)), element);
        }
        if (parentNode != null) {
            removeNode(element);
        }
    }

    private String stripNonValidXMLCharacters(String str, Matcher matcher) {
        if (str == null || "".equals(str)) {
            return "";
        }
        matcher.reset(str);
        return matcher.matches() ? matcher.replaceAll("") : str;
    }

    private void encodeAndPromoteChildren(Element element) {
        Node parentNode = element.getParentNode();
        String tagName = element.getTagName();
        parentNode.insertBefore(parentNode.getOwnerDocument().createTextNode(toString(element)), element);
        if (element.hasChildNodes()) {
            parentNode.insertBefore(parentNode.getOwnerDocument().createTextNode("</" + tagName + ">"), element.getNextSibling());
        }
        promoteChildren(element);
    }

    private String toString(Element element) {
        StringBuilder sb = new StringBuilder("<" + element.getNodeName());
        NamedNodeMap attributes = element.getAttributes();
        for (int i = 0; i < attributes.getLength(); i++) {
            Node item = attributes.item(i);
            String nodeName = item.getNodeName();
            String nodeValue = item.getNodeValue();
            sb.append(" ");
            sb.append(HTMLEntityEncoder.htmlEntityEncode(nodeName));
            sb.append("=\"");
            sb.append(HTMLEntityEncoder.htmlEntityEncode(nodeValue));
            sb.append("\"");
        }
        if (element.hasChildNodes()) {
            sb.append(">");
        } else {
            sb.append("/>");
        }
        return sb.toString();
    }

    @Override // org.owasp.validator.html.scan.AbstractAntiSamyScanner
    public CleanResults getResults() {
        return this.results;
    }
}
