package dk.brics.webflow;

import dk.brics.automaton.Automaton;
import dk.brics.html.AbstractParser;
import dk.brics.servletvalidator.AnalysisFactory;
import dk.brics.servletvalidator.AnalysisSettings;
import dk.brics.servletvalidator.JspAnalysisFactory;
import dk.brics.servletvalidator.ServletAnalysisFactory;
import dk.brics.servletvalidator.StrutsXMLFile;
import dk.brics.servletvalidator.WebXMLFile;
import dk.brics.servletvalidator.exceptions.AnalysisException;
import dk.brics.servletvalidator.grammar.AnyTerminal;
import dk.brics.servletvalidator.grammar.Grammar;
import dk.brics.servletvalidator.grammar.NonTerminal;
import dk.brics.servletvalidator.grammar.Production;
import dk.brics.servletvalidator.tagform.GrammarAnnotator;
import dk.brics.string.StringAnalysis;
import dk.brics.string.external.Resolver;
import dk.brics.webflow.struts.StrutsParameterSource;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.PrintStream;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServlet;
import org.apache.log4j.BasicConfigurator;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import soot.Scene;
import soot.SootClass;
import soot.SootMethod;
import soot.options.Options;

/* loaded from: input_file:dk/brics/webflow/AnalysisRunner.class */
public class AnalysisRunner {
    private dk.brics.servletvalidator.AnalysisSettings settings;
    private static Logger log = Logger.getLogger(AnalysisRunner.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dk/brics/webflow/AnalysisRunner$Data.class */
    public class Data {
        boolean passed;
        long time;

        private Data() {
        }
    }

    public AnalysisRunner(dk.brics.servletvalidator.AnalysisSettings analysisSettings) {
        this.settings = analysisSettings;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void main(String[] strArr) throws IOException, InterruptedException, ClassNotFoundException {
        Options.v().set_whole_program(true);
        Options.v().set_allow_phantom_refs(true);
        dk.brics.servletvalidator.AnalysisSettings analysisSettings = new dk.brics.servletvalidator.AnalysisSettings();
        BasicConfigurator.configure();
        Logger.getLogger("dk.brics.string").setLevel(Level.WARN);
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        boolean z = -1;
        for (String str5 : strArr) {
            if (str5.startsWith("basedir=")) {
                str = str5.substring("basedir=".length());
            }
            if (str5.startsWith("jspdir=")) {
                str2 = str5.substring("jspdir=".length());
            }
            if (str5.startsWith("webXML=")) {
                str3 = str5.substring("webXML=".length());
            }
            if (str5.startsWith("strutsXML=")) {
                str4 = str5.substring("strutsXML=".length());
            }
            if (str5.equals("phase=1")) {
                z = true;
            }
            if (str5.equals("phase=2")) {
                z = 2;
            }
        }
        if (str == null || str3 == null || z == -1) {
            log.error("Usage: java dk.brics.webflow.AnalysisRunner basedir=dir jspdir=dir webXML=file strutsXML=file phase={1,2}");
            return;
        }
        if (str4 != null) {
            analysisSettings.setStrutsXMLFile(new StrutsXMLFile(new File(str4)));
        }
        if (z) {
            AnalysisRunner analysisRunner = new AnalysisRunner(analysisSettings);
            Logger.getLogger(FlowGraphAnalysis.class).setLevel(Level.INFO);
            analysisRunner.testMany(str, str2, str3, AnalysisSettings.AnalysisType.flow, str4);
            PageGraph pageGraph = PageGraph.getInstance();
            Map<String, Set<Automaton>> hiddenFieldSummary = pageGraph.getHiddenFieldSummary();
            System.out.println(pageGraph.toDot());
            FileOutputStream fileOutputStream = new FileOutputStream("data.hparams");
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream);
            objectOutputStream.writeObject(hiddenFieldSummary);
            objectOutputStream.close();
            fileOutputStream.close();
            System.out.println("Wrote parameter information to data.hparams");
        }
        if (z == 2) {
            AnalysisRunner analysisRunner2 = new AnalysisRunner(analysisSettings);
            Scene.v().loadBasicClasses();
            Map<String, Set<Automaton>> loadHiddenFieldSummary = analysisRunner2.loadHiddenFieldSummary("data.hparams");
            InformationFlowFunctionTransfers informationFlowFunctionTransfers = new InformationFlowFunctionTransfers();
            GlobalStateResultFunctionTransfers globalStateResultFunctionTransfers = new GlobalStateResultFunctionTransfers();
            if (str4 != null) {
                analysisRunner2.testStruts(new StrutsXMLFile(new File(str4)), loadHiddenFieldSummary, informationFlowFunctionTransfers, globalStateResultFunctionTransfers);
            } else {
                analysisRunner2.analyseJSPs(loadHiddenFieldSummary, str, new InteractionResultStats(), new InformationFlowFunctionTransfers(), new GlobalStateResultFunctionTransfers());
            }
        }
    }

    public Map<String, Set<Automaton>> loadHiddenFieldSummary(String str) throws IOException, ClassNotFoundException {
        Map<String, Set<Automaton>> map = (Map) new ObjectInputStream(new FileInputStream(str)).readObject();
        if (map != null) {
            int i = 0;
            HashSet hashSet = new HashSet();
            for (Set<Automaton> set : map.values()) {
                i += set.size();
                hashSet.addAll(set);
            }
            log.info(String.format("Hidden fields, names = %s, size = %s", Integer.valueOf(hashSet.size()), Integer.valueOf(i)));
        }
        return map;
    }

    public void testStruts(StrutsXMLFile strutsXMLFile, Map<String, Set<Automaton>> map) {
        testStruts(strutsXMLFile, map, new InformationFlowFunctionTransfers(), new GlobalStateResultFunctionTransfers());
    }

    public void testStruts(StrutsXMLFile strutsXMLFile, Map<String, Set<Automaton>> map, InformationFlowFunctionTransfers informationFlowFunctionTransfers, GlobalStateResultFunctionTransfers globalStateResultFunctionTransfers) {
        InteractionResultStats interactionResultStats = new InteractionResultStats();
        int i = 0;
        for (StrutsXMLFile.StrutsAction strutsAction : strutsXMLFile.getActions()) {
            InformationFlowResultAnalysis.resetReported();
            int i2 = i;
            i++;
            log.info(String.format("Analyzing %s (%s of %s)", strutsAction, Integer.valueOf(i2), Integer.valueOf(strutsXMLFile.getActions().size())));
            Class<?> actionClass = strutsAction.getActionClass();
            if (actionClass != null) {
                Scene.v().addBasicClass(actionClass.getName());
                SootClass loadClassAndSupport = Scene.v().loadClassAndSupport(actionClass.getName());
                this.settings.setStrutsXMLFile(strutsXMLFile);
                Set<Automaton> set = null;
                if (map != null) {
                    set = map.get(strutsAction.getActionName());
                    if (set == null) {
                        set = map.get(strutsAction.getActionPath());
                    }
                }
                if (set == null) {
                    log.warn(String.format("No client state parameter data known for action %s. Skipping.", strutsAction));
                } else if (informationFlowFunctionTransfers.getProtectedPages().contains(strutsAction.getActionName())) {
                    log.info("Page is marked as protected. Skipping");
                } else {
                    ClientStateSourceDefinition clientStateSourceDefinition = new ClientStateSourceDefinition(set, this.settings);
                    clientStateSourceDefinition.setParameterSource(new StrutsParameterSource(actionClass));
                    PointsToAnalysis pointsToAnalysis = new PointsToAnalysis(this.settings);
                    for (SootMethod sootMethod : loadClassAndSupport.getMethods()) {
                        if (strutsAction.mayExecute(sootMethod)) {
                            log.info("Analyzing method " + sootMethod);
                            InformationFlowAnalysis informationFlowAnalysis = new InformationFlowAnalysis(informationFlowFunctionTransfers, this.settings, clientStateSourceDefinition, pointsToAnalysis);
                            informationFlowAnalysis.analyze(sootMethod);
                            HeapReachabilityAnalysis heapReachabilityAnalysis = new HeapReachabilityAnalysis(this.settings, pointsToAnalysis);
                            heapReachabilityAnalysis.analyze();
                            new InterfaceInferencer().analyze(sootMethod);
                            DependenceAnalysis dependenceAnalysis = new DependenceAnalysis();
                            dependenceAnalysis.analyze(sootMethod);
                            InformationFlowResultAnalysis informationFlowResultAnalysis = new InformationFlowResultAnalysis(dependenceAnalysis, heapReachabilityAnalysis, informationFlowAnalysis, globalStateResultFunctionTransfers, this.settings, informationFlowFunctionTransfers, informationFlowAnalysis.getFieldValues());
                            informationFlowResultAnalysis.setStats(interactionResultStats);
                            informationFlowResultAnalysis.analyze(sootMethod);
                        }
                    }
                    Set<Automaton> safeParameterNames = clientStateSourceDefinition.getSafeParameterNames();
                    interactionResultStats.safeParameters += safeParameterNames.size();
                    HashSet hashSet = new HashSet(set);
                    hashSet.removeAll(safeParameterNames);
                    interactionResultStats.unSafeParameterNames.addAll(hashSet);
                    interactionResultStats.parameters += set.size();
                    interactionResultStats.parameterNames.addAll(set);
                }
            }
        }
        System.out.println(interactionResultStats);
    }

    public void analyseJSPs(final Map<String, Set<Automaton>> map, final String str, final InteractionResultStats interactionResultStats, final InformationFlowFunctionTransfers informationFlowFunctionTransfers, final GlobalStateResultFunctionTransfers globalStateResultFunctionTransfers) {
        Set<String> keySet = map.keySet();
        int i = 1;
        for (final String str2 : keySet) {
            InformationFlowResultAnalysis.resetReported();
            int i2 = i;
            i++;
            System.out.println(String.format("Analyzing file %s of %s", Integer.valueOf(i2), Integer.valueOf(keySet.size())));
            if (str2.endsWith(".jsp")) {
                Thread thread = new Thread() { // from class: dk.brics.webflow.AnalysisRunner.1
                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        try {
                            Set set = (Set) map.get(str2);
                            AnalysisRunner.log.info("Client state parameters: " + set);
                            if (set == null || set.isEmpty()) {
                                AnalysisRunner.log.info("Hidden field summary is null. Skipping " + str2);
                                return;
                            }
                            AnalysisRunner.log.info("Analyzing " + str2);
                            HashSet hashSet = new HashSet();
                            JspAnalysisFactory jspAnalysisFactory = new JspAnalysisFactory(str2);
                            jspAnalysisFactory.getSettings().setBaseDir(new File(str));
                            jspAnalysisFactory.loadJSPClass();
                            SootClass loadClassAndSupport = Scene.v().loadClassAndSupport(jspAnalysisFactory.getClassToAnalyse().getName());
                            Scene.v().loadClassAndSupport(Collection.class.getName());
                            Scene.v().loadClassAndSupport(Iterator.class.getName());
                            Options.v().set_allow_phantom_refs(true);
                            PointsToAnalysis pointsToAnalysis = new PointsToAnalysis(AnalysisRunner.this.settings);
                            SootMethod methodByName = loadClassAndSupport.getMethodByName(jspAnalysisFactory.getStartMethodName());
                            ClientStateSourceDefinition clientStateSourceDefinition = new ClientStateSourceDefinition(set, AnalysisRunner.this.settings);
                            InformationFlowAnalysis informationFlowAnalysis = new InformationFlowAnalysis(informationFlowFunctionTransfers, AnalysisRunner.this.settings, clientStateSourceDefinition, pointsToAnalysis);
                            informationFlowAnalysis.analyze(methodByName);
                            HeapReachabilityAnalysis heapReachabilityAnalysis = new HeapReachabilityAnalysis(AnalysisRunner.this.settings, pointsToAnalysis);
                            heapReachabilityAnalysis.analyze();
                            DependenceAnalysis dependenceAnalysis = new DependenceAnalysis();
                            dependenceAnalysis.analyze(methodByName);
                            InformationFlowResultAnalysis informationFlowResultAnalysis = new InformationFlowResultAnalysis(dependenceAnalysis, heapReachabilityAnalysis, informationFlowAnalysis, globalStateResultFunctionTransfers, AnalysisRunner.this.settings, informationFlowFunctionTransfers, informationFlowAnalysis.getFieldValues());
                            informationFlowResultAnalysis.setStats(interactionResultStats);
                            informationFlowResultAnalysis.analyze(methodByName);
                            Set<Automaton> safeParameterNames = clientStateSourceDefinition.getSafeParameterNames();
                            safeParameterNames.addAll(hashSet);
                            interactionResultStats.safeParameters += safeParameterNames.size();
                            HashSet hashSet2 = new HashSet(set);
                            hashSet2.removeAll(safeParameterNames);
                            interactionResultStats.unSafeParameterNames.addAll(hashSet2);
                            interactionResultStats.parameters += set.size();
                            interactionResultStats.parameterNames.addAll(set);
                            Scene.v().removeClass(loadClassAndSupport);
                        } catch (Exception e) {
                            AnalysisRunner.log.error(e);
                        }
                    }
                };
                thread.start();
                try {
                    thread.join(900000L);
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                if (thread.isAlive()) {
                    thread.stop();
                    log.warn("Stopped analysis of " + str2);
                }
            }
        }
    }

    public Set<File> getJSPFiles(File file) {
        HashSet hashSet = new HashSet();
        for (File file2 : file.listFiles()) {
            if (file2.isDirectory()) {
                hashSet.addAll(getJSPFiles(file2));
            }
            if (file2.isFile() && file2.getName().endsWith(".jsp")) {
                hashSet.add(file2);
            }
        }
        return hashSet;
    }

    public void testMany(String str, String str2, String str3, AnalysisSettings.AnalysisType analysisType) throws InterruptedException, IOException {
        testMany(str, str2, str3, analysisType, null);
    }

    public void testMany(String str, String str2, String str3, AnalysisSettings.AnalysisType analysisType, String str4) throws InterruptedException, IOException {
        File file;
        if (str3 != null) {
            file = new File(str, str3);
            File file2 = new File(str, "/WEB-INF/web.xml");
            if (!file2.getCanonicalPath().equals(file.getCanonicalPath())) {
                file2.getParentFile().mkdirs();
                file2.createNewFile();
                FileInputStream fileInputStream = new FileInputStream(file);
                FileOutputStream fileOutputStream = new FileOutputStream(file2);
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = fileInputStream.read(bArr);
                    if (read == -1) {
                        break;
                    } else {
                        fileOutputStream.write(bArr, 0, read);
                    }
                }
                fileInputStream.close();
                fileOutputStream.close();
            }
        } else {
            file = null;
        }
        AnyTerminal.num = 0;
        Logger.getRootLogger().setLevel(Level.ERROR);
        AbstractParser.time = 0L;
        File file3 = new File(str);
        File file4 = new File(file3, str2);
        if (!file4.exists()) {
            log.error("No such directory: " + file4.getCanonicalPath());
        }
        HashMap hashMap = new HashMap();
        long currentTimeMillis = System.currentTimeMillis();
        for (File file5 : getJSPFiles(file4)) {
            JspAnalysisFactory jspAnalysisFactory = new JspAnalysisFactory(file5.getCanonicalPath().substring(file3.getCanonicalPath().length()));
            jspAnalysisFactory.getSettings().setBaseDir(file3);
            jspAnalysisFactory.getSettings().setWebXML(str3);
            jspAnalysisFactory.getSettings().setHtml(true);
            jspAnalysisFactory.getSettings().setAnalysisType(analysisType);
            if (str4 != null) {
                jspAnalysisFactory.getSettings().setStrutsXMLFile(new StrutsXMLFile(new File(str, str4)));
            }
            analyze(jspAnalysisFactory, hashMap, file5.getPath());
        }
        for (Class<? extends HttpServlet> cls : new WebXMLFile(file).getServlets().values()) {
            ServletAnalysisFactory servletAnalysisFactory = new ServletAnalysisFactory(cls, new Class[0]);
            servletAnalysisFactory.getSettings().setBaseDir(file3);
            servletAnalysisFactory.getSettings().setWebXML(str3);
            servletAnalysisFactory.getSettings().setHtml(true);
            servletAnalysisFactory.getSettings().setAnalysisType(analysisType);
            Class<?> classToAnalyse = servletAnalysisFactory.getClassToAnalyse();
            if (classToAnalyse != null) {
                Method[] declaredMethods = classToAnalyse.getDeclaredMethods();
                int length = declaredMethods.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Method method = declaredMethods[i];
                    if (method.getName().equals("service")) {
                        servletAnalysisFactory.setStartMethodName("service");
                        break;
                    } else if (method.getName().equals("doPost")) {
                        servletAnalysisFactory.setStartMethodName("doPost");
                        break;
                    } else {
                        if (method.getName().equals("doGet")) {
                            servletAnalysisFactory.setStartMethodName("doGet");
                            break;
                        }
                        i++;
                    }
                }
                servletAnalysisFactory.getSettings().setIgnoreEmpty(true);
                analyze(servletAnalysisFactory, hashMap, cls.getCanonicalName());
            }
        }
        int i2 = 0;
        int i3 = 0;
        for (String str5 : hashMap.keySet()) {
            Data data = hashMap.get(str5);
            PrintStream printStream = System.out;
            Object[] objArr = new Object[3];
            objArr[0] = str5;
            objArr[1] = data.passed ? "passed" : "failed";
            objArr[2] = Long.valueOf(data.time);
            printStream.printf("%s : %s validation after %s milliseconds", objArr);
            System.out.println();
            if (data.passed) {
                i2++;
            } else {
                i3++;
            }
        }
        System.out.printf("Result: %s passed, %s failed", Integer.valueOf(i2), Integer.valueOf(i3));
        System.out.println();
        System.out.printf("Full analysis took %s ms, parser: %s", Long.valueOf(System.currentTimeMillis() - currentTimeMillis), Long.valueOf(AbstractParser.time));
        System.out.println("Any: " + AnyTerminal.num);
        System.out.println();
        System.out.println();
    }

    private void analyze(final AnalysisFactory analysisFactory, final Map<String, Data> map, final String str) throws InterruptedException, IOException {
        Iterator<Resolver> it = this.settings.getResolvers().iterator();
        while (it.hasNext()) {
            StringAnalysis.addResolver(it.next());
        }
        final Data data = new Data();
        long currentTimeMillis = System.currentTimeMillis();
        Thread thread = new Thread(new Runnable() { // from class: dk.brics.webflow.AnalysisRunner.2
            @Override // java.lang.Runnable
            public void run() {
                System.out.println("Analyzing " + str);
                map.put(str, data);
                long currentTimeMillis2 = System.currentTimeMillis();
                Grammar grammar = null;
                try {
                    boolean z = false;
                    while (!z) {
                        try {
                            try {
                                grammar = analysisFactory.analyze();
                                z = true;
                            } catch (GrammarAnnotator.FailedToAnnotateException e) {
                            }
                        } catch (AnalysisException e2) {
                            AnalysisRunner.log.error(e2.getMessage());
                            if (grammar != null) {
                                Map<NonTerminal, Collection<Production>> p = grammar.getP();
                                int i = 0;
                                Iterator<NonTerminal> it2 = p.keySet().iterator();
                                while (it2.hasNext()) {
                                    i += p.get(it2.next()).size();
                                }
                            }
                            System.out.println(String.format("Analyzed %s in %s milliseconds", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis2)));
                            return;
                        } catch (Exception e3) {
                            e3.printStackTrace();
                            map.remove(str);
                            if (grammar != null) {
                                Map<NonTerminal, Collection<Production>> p2 = grammar.getP();
                                int i2 = 0;
                                Iterator<NonTerminal> it3 = p2.keySet().iterator();
                                while (it3.hasNext()) {
                                    i2 += p2.get(it3.next()).size();
                                }
                            }
                            System.out.println(String.format("Analyzed %s in %s milliseconds", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis2)));
                            return;
                        }
                    }
                    data.passed = true;
                    if (grammar != null) {
                        Map<NonTerminal, Collection<Production>> p3 = grammar.getP();
                        int i3 = 0;
                        Iterator<NonTerminal> it4 = p3.keySet().iterator();
                        while (it4.hasNext()) {
                            i3 += p3.get(it4.next()).size();
                        }
                    }
                    System.out.println(String.format("Analyzed %s in %s milliseconds", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis2)));
                } catch (Throwable th) {
                    if (grammar != null) {
                        Map<NonTerminal, Collection<Production>> p4 = grammar.getP();
                        int i4 = 0;
                        Iterator<NonTerminal> it5 = p4.keySet().iterator();
                        while (it5.hasNext()) {
                            i4 += p4.get(it5.next()).size();
                        }
                    }
                    System.out.println(String.format("Analyzed %s in %s milliseconds", str, Long.valueOf(System.currentTimeMillis() - currentTimeMillis2)));
                    throw th;
                }
            }
        });
        thread.start();
        thread.join(1500000L);
        if (thread.isAlive()) {
            thread.stop();
            System.out.println("Stopped analysis of " + str);
        }
        data.time = System.currentTimeMillis() - currentTimeMillis;
    }
}
