package com.atlassian.jira.webtests.ztests.customfield;

import com.atlassian.jira.functest.framework.FuncTestCase;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.locator.CssLocator;
import com.atlassian.jira.functest.framework.navigation.BulkChangeWizard;
import com.atlassian.jira.functest.framework.navigation.IssueNavigatorNavigation;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

@WebTest({Category.FUNC_TEST, Category.CUSTOM_FIELDS, Category.FIELDS, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/customfield/TestCustomFieldXss.class */
public class TestCustomFieldXss extends FuncTestCase {
    private static final String ON_DEMAND_FEATURE = "com.atlassian.jira.config.CoreFeatures.ON_DEMAND";
    private static final String RAW_DESC_TEMPLATE = "description *wiki* markup <div>%s</div>";
    private static final String HTML_DESC_TEMPLATE = "description *wiki* markup <div>%s</div>";
    private static final String WIKI_DESC_TEMPLATE = "<p>description <b>wiki</b> markup &lt;div&gt;%s&lt;/div&gt;</p>";
    private static final String CUSTOM_FIELD_TITLE = "<div>xsstest</div>";
    private static final String CUSTOM_FIELD_WIKI = "&lt;div&gt;xsstest&lt;/div&gt;";
    private static final Iterable<String> CUSTOM_FIELD_TYPES = ImmutableList.of(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_SELECT), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_RADIO), builInCustomFieldKey("multicheckboxes"), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_TEXTFIELD), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_MULTISELECT), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_USERPICKER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_MULTIUSERPICKER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_DATEPICKER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_DATETIME), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_GROUPPICKER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_MULTIGROUPPICKER));
    private static final Map<String, List<String>> SEARCHERS = ImmutableMap.builder().put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TEXT_SEARCHER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_TEXTFIELD)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_EXACT_TEXT_SEARCHER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_URL)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_DATE_RANGE), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_DATEPICKER)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_EXACT_NUMBER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_FLOAT)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_NUMBER_RANGE), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_FLOAT)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_PROJECT_SEARCHER), toBuilInCustomFieldKeys("project")).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_GROUP_PICKER_SEARCHER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_MULTIGROUPPICKER)).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_MULTI_SELECT_SEARCHER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_SELECT, FunctTestConstants.CUSTOM_FIELD_TYPE_RADIO, "multicheckboxes")).put(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_CASCADING_SELECT_SEARCHER), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_CASCADINGSELECT)).put(builInCustomFieldKey("labelsearcher"), toBuilInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_LABELS)).build();
    private static final ImmutableMap<String, String> SEARCHERS_NON_RENDERING = ImmutableMap.of(builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_VERSION_SEARCHER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_VERSION), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_USER_PICKER_GROUP_SEARCHER), builInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_USERPICKER));

    private static List<String> toBuilInCustomFieldKeys(String... strArr) {
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(strArr.length);
        for (String str : strArr) {
            newArrayListWithCapacity.add(builInCustomFieldKey(str));
        }
        return newArrayListWithCapacity;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.jira.functest.framework.FuncTestCase
    public void setUpTest() {
        this.backdoor.restoreBlankInstance();
        this.navigation.disableKickAssRedirect();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.atlassian.jira.functest.framework.FuncTestCase
    public void tearDownTest() {
        this.backdoor.darkFeatures().disableForSite(ON_DEMAND_FEATURE);
    }

    public void testCustomFieldDescriptionsCanBeRenderedAsRawHtmlOrWikiMarkup() throws Exception {
        Iterator<String> it = CUSTOM_FIELD_TYPES.iterator();
        while (it.hasNext()) {
            testSingleCustomFieldDescriptionOnCustomFieldsScreen(it.next());
        }
    }

    public void testCustomFieldDescriptionsCanBeRenderedAsRawHtmlOrWikiMarkUpInIssueNavigator() throws Exception {
        for (Map.Entry<String, List<String>> entry : SEARCHERS.entrySet()) {
            testSingleCustomFieldDescriptionOnIssueNavigatorScreen(entry.getValue(), entry.getKey());
        }
    }

    public void testCustomFieldDescriptionsInIssueNavigatorNoXss() throws Exception {
        Iterator it = SEARCHERS_NON_RENDERING.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            testSingleCustomFieldOnIssueNavigatorScreen((String) entry.getValue(), (String) entry.getKey());
        }
    }

    public void testCustomFieldDescriptionsInBulkChangeIssue() throws Exception {
        restoreDataForTest();
        this.backdoor.project().addProject("TestProject", "TEST", "admin");
        this.backdoor.issues().createIssue("TEST", "This is just a test");
        this.backdoor.darkFeatures().enableForSite(ON_DEMAND_FEATURE);
        this.navigation.issueNavigator().displayAllIssues();
        this.navigation.issueNavigator().bulkChange(IssueNavigatorNavigation.BulkChangeOption.ALL_PAGES).selectAllIssues().chooseOperation(BulkChangeWizard.BulkOperationsImpl.TRANSITION).chooseWorkflowTransition(new BulkChangeWizard.BulkOperationsCustom("jira_2_6"));
        assertFalse("ON_DEMAND is enabled so the description should not be rendered as html in this page", getPageSource().contains(CUSTOM_FIELD_TITLE));
        assertTrue("ON_DEMAND is enabled so the description should be rendered as wiki markup in this page", getPageSource().contains(CUSTOM_FIELD_WIKI));
    }

    private void testSingleCustomFieldOnIssueNavigatorScreen(String str, String str2) {
        String createCustomField = this.backdoor.customFields().createCustomField(str + "-name", fieldDescription(str), str, str2);
        this.backdoor.darkFeatures().enableForSite(ON_DEMAND_FEATURE);
        this.navigation.issueNavigator().displayAllIssues();
        assertFalse("ON_DEMAND is enabled so the description should be rendered as wiki markup for " + str2, getPageSource().contains("<div>" + str + "</div>"));
        this.backdoor.customFields().deleteCustomField(createCustomField);
    }

    private void testSingleCustomFieldDescriptionOnIssueNavigatorScreen(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            testSingleCustomFieldDescriptionOnIssueNavigatorScreen(it.next(), str);
        }
    }

    private void testSingleCustomFieldDescriptionOnIssueNavigatorScreen(String str, String str2) {
        String createCustomField = this.backdoor.customFields().createCustomField(str + "-name", fieldDescription(str), str, str2);
        this.backdoor.darkFeatures().disableForSite(ON_DEMAND_FEATURE);
        this.navigation.issueNavigator().displayAllIssues();
        assertTrue("ON_DEMAND is disabled so the description should be rendered as raw HTML for " + str2, getPageSource().contains(fieldDescriptionHtml(str)));
        this.backdoor.darkFeatures().enableForSite(ON_DEMAND_FEATURE);
        this.navigation.issueNavigator().displayAllIssues();
        assertTrue("ON_DEMAND is enabled so the description should be rendered as wiki markup for " + str2, getPageSource().contains(fieldDescriptionWikiFormat(str)));
        assertFalse("ON_DEMAND is enabled so the description should be rendered as wiki markup for " + str2, getPageSource().contains("<div>" + str + "</div>"));
        this.backdoor.customFields().deleteCustomField(createCustomField);
    }

    private void testSingleCustomFieldDescriptionOnCustomFieldsScreen(String str) {
        String createCustomField = this.backdoor.customFields().createCustomField(str + "-name", fieldDescription(str), str, (String) null);
        this.backdoor.darkFeatures().disableForSite(ON_DEMAND_FEATURE);
        goToCustomFields();
        assertTrue("ON_DEMAND is disabled so the description should be rendered as raw HTML for " + str, getPageSource().contains(fieldDescriptionHtml(str)));
        this.backdoor.darkFeatures().enableForSite(ON_DEMAND_FEATURE);
        goToCustomFields();
        assertTrue("ON_DEMAND is enabled so the description should be rendered as wiki markup for " + str, getPageSource().contains(fieldDescriptionWikiFormat(str)));
        assertFalse("ON_DEMAND is enabled so the description should be rendered as wiki markup for " + str, getPageSource().contains("<div>" + str + "</div>"));
        this.backdoor.customFields().deleteCustomField(createCustomField);
    }

    private void restoreDataForTest() {
        this.administration.restoreData("TestCustomFieldTitle.xml");
        this.navigation.disableKickAssRedirect();
    }

    private static String fieldDescription(String str) {
        return String.format("description *wiki* markup <div>%s</div>", str);
    }

    private static String fieldDescriptionHtml(String str) {
        return String.format("description *wiki* markup <div>%s</div>", str);
    }

    private static String fieldDescriptionWikiFormat(String str) {
        return String.format(WIKI_DESC_TEMPLATE, str);
    }

    private void goToCustomFields() {
        this.navigation.gotoAdminSection("view_custom_fields");
    }

    private String getPageSource() {
        return this.tester.getDialog().getResponseText();
    }

    private CssLocator locatorForDescription(String str) {
        return this.locator.css(String.format("#custom-fields-%s-name div.description", str));
    }
}
