package edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.validators;

import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.MultiValueEditSubmission;
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.fields.FieldVTwo;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.junit.Assert;
import org.junit.Test;
import stubs.javax.servlet.http.HttpServletRequestStub;

/* loaded from: input_file:edu/cornell/mannlib/vitro/webapp/edit/n3editing/configuration/validators/AntiXssValidationTest.class */
public class AntiXssValidationTest extends AbstractTestClass {
    @Test
    public void testLiteral() {
        AntiXssValidation antiXssValidation = new AntiXssValidation();
        EditConfigurationVTwo editConfigurationVTwo = new EditConfigurationVTwo();
        editConfigurationVTwo.setEditKey("fakeEditKey");
        editConfigurationVTwo.addField(new FieldVTwo().setName("X"));
        editConfigurationVTwo.setLiteralsOnForm(Arrays.asList("X"));
        HashMap hashMap = new HashMap();
        hashMap.put("X", new String[]{"some sort of string"});
        Assert.assertEquals((Object) null, antiXssValidation.validate(editConfigurationVTwo, new MultiValueEditSubmission(createRequestWithParameters(hashMap), editConfigurationVTwo)));
    }

    @Test
    public void testAllURI() {
        AntiXssValidation antiXssValidation = new AntiXssValidation();
        EditConfigurationVTwo editConfigurationVTwo = new EditConfigurationVTwo();
        editConfigurationVTwo.setEditKey("fakeEditKey");
        editConfigurationVTwo.setUrisOnform(Arrays.asList("X", "Y", "Z"));
        HashMap hashMap = new HashMap();
        hashMap.put("X", new String[]{"no problem 0"});
        hashMap.put("Y", new String[]{"no problem 1"});
        hashMap.put("Z", new String[]{"no problem 2"});
        Assert.assertNull(antiXssValidation.validate(editConfigurationVTwo, new MultiValueEditSubmission(createRequestWithParameters(hashMap), editConfigurationVTwo)));
    }

    protected Map<String, String> testURI(String... strArr) {
        AntiXssValidation antiXssValidation = new AntiXssValidation(Arrays.asList("X"));
        EditConfigurationVTwo editConfigurationVTwo = new EditConfigurationVTwo();
        editConfigurationVTwo.setEditKey("fakeEditKey");
        editConfigurationVTwo.setUrisOnform(Arrays.asList("X"));
        HashMap hashMap = new HashMap();
        hashMap.put("X", strArr);
        return antiXssValidation.validate(editConfigurationVTwo, new MultiValueEditSubmission(createRequestWithParameters(hashMap), editConfigurationVTwo));
    }

    @Test
    public void testURIValidation() {
        Assert.assertNull(testURI("http://this.should.be.fine.com/xyz#lskd?junk=a&bkeck=%23"));
    }

    @Test
    public void testURIValidationWithScriptTagLevel1() {
        Assert.assertNotNull(testURI("http:<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=JaVaScRiPt:alert('XSS')>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=javascript:alert('XSS')>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=javascript:alert(&quot;XSS&quot;)>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=\"jav\tascript:alert('XSS');\">//bad.news.com"));
    }

    @Test
    public void testURIValidationWithScriptTagLevel2() {
        Assert.assertNotNull(testURI("http:<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<<SCRIPT>alert(\"XSS\");//<</SCRIPT>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>//bad.news.com"));
        Assert.assertNotNull(testURI("http:<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>//bad.news.com"));
    }

    private VitroRequest createRequestWithParameters(Map<String, String[]> map) {
        HttpServletRequestStub httpServletRequestStub = new HttpServletRequestStub();
        for (String str : map.keySet()) {
            for (String str2 : map.get(str)) {
                httpServletRequestStub.addParameter(str, str2);
            }
        }
        return new VitroRequest(httpServletRequestStub);
    }
}
