package com.atlassian.jira.webtests.ztests.security;

import com.atlassian.jira.functest.framework.Administration;
import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import javax.inject.Inject;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@LoginAs(user = "admin")
@WebTest({Category.FUNC_TEST, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/security/TestWebResourceRetrievalDoesNotExposeProtectedResources.class */
public class TestWebResourceRetrievalDoesNotExposeProtectedResources extends BaseJiraFuncTest {

    @Inject
    private Administration administration;

    @Before
    public void setUpTest() {
        this.administration.restoreBlankInstance();
    }

    @Test
    public void testWebInfResourceCannotBeRetrieved() throws Exception {
        this.tester.getDialog().getWebClient().setExceptionsThrownOnErrorStatus(false);
        this.tester.gotoPage("s/1519/3/1.0/_/WEB-INF/classes/seraph-config.xml");
        Assert.assertEquals(this.tester.getDialog().getResponse().getResponseCode(), 404L);
        Assert.assertTrue(this.tester.getDialog().getResponse().getText().contains("dead link"));
        this.tester.getDialog().getWebClient().setExceptionsThrownOnErrorStatus(true);
    }

    @Test
    public void testWebInfResourceCannotBeRetrievedWithParentTransversal() throws Exception {
        this.tester.getDialog().getWebClient().setExceptionsThrownOnErrorStatus(false);
        this.tester.gotoPage("s/1519/3/1.0/_/WEB-INF/images/../classes/seraph-config.xml");
        Assert.assertEquals(this.tester.getDialog().getResponse().getResponseCode(), 404L);
        Assert.assertTrue(this.tester.getDialog().getResponse().getText().contains("dead link"));
        this.tester.getDialog().getWebClient().setExceptionsThrownOnErrorStatus(true);
    }
}
