package com.atlassian.jira.webtests.ztests.customfield;

import com.atlassian.jira.functest.framework.BaseJiraFuncTest;
import com.atlassian.jira.functest.framework.FunctTestConstants;
import com.atlassian.jira.functest.framework.LoginAs;
import com.atlassian.jira.functest.framework.RestoreBlankInstance;
import com.atlassian.jira.functest.framework.admin.CustomFields;
import com.atlassian.jira.functest.framework.suite.Category;
import com.atlassian.jira.functest.framework.suite.WebTest;
import com.atlassian.jira.issue.customfields.CustomFieldUtils;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

@LoginAs(user = "admin")
@RestoreBlankInstance
@WebTest({Category.FUNC_TEST, Category.CUSTOM_FIELDS, Category.FIELDS, Category.SECURITY})
/* loaded from: input_file:com/atlassian/jira/webtests/ztests/customfield/TestCustomFieldOptionsXss.class */
public class TestCustomFieldOptionsXss extends BaseJiraFuncTest {
    private static final String RAW_OPTION_TEMPLATE = "<div><b>%s</b></div>";
    private static final String HTML_OPTION_TEMPLATE = "<div><b>%s</b></div>";
    private static final String ESCAPED_OPTION_TEMPLATE = "&lt;div&gt;&lt;b&gt;%s&lt;/b&gt;&lt;/div&gt;";
    private static final Iterable<String> CUSTOM_FIELD_TYPES = ImmutableList.of(CustomFields.builtInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_SELECT), CustomFields.builtInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_RADIO), CustomFields.builtInCustomFieldKey("multicheckboxes"), CustomFields.builtInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_TYPE_MULTISELECT));
    private static final Map<String, List<String>> SEARCHERS = ImmutableMap.builder().put(CustomFields.builtInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_MULTI_SELECT_SEARCHER), toBuiltInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_SELECT, FunctTestConstants.CUSTOM_FIELD_TYPE_RADIO, "multicheckboxes")).put(CustomFields.builtInCustomFieldKey(FunctTestConstants.CUSTOM_FIELD_CASCADING_SELECT_SEARCHER), toBuiltInCustomFieldKeys(FunctTestConstants.CUSTOM_FIELD_TYPE_CASCADINGSELECT)).build();

    private static List<String> toBuiltInCustomFieldKeys(String... strArr) {
        return (List) Arrays.stream(strArr).map(CustomFields::builtInCustomFieldKey).collect(Collectors.toList());
    }

    private static String optionValue(String str) {
        return String.format("<div><b>%s</b></div>", str);
    }

    private static String optionValueHtml(String str) {
        return String.format("<div><b>%s</b></div>", str);
    }

    private static String optionValueEscaped(String str) {
        return String.format(ESCAPED_OPTION_TEMPLATE, str);
    }

    @Before
    public void setUp() throws Exception {
        this.backdoor.applicationProperties().setOption("jira.custom.field.html.enabled", true);
    }

    @Test
    public void testCustomFieldDescriptionsCanBeRenderedAsRawHtmlOrWikiMarkup() throws Exception {
        Iterator<String> it = CUSTOM_FIELD_TYPES.iterator();
        while (it.hasNext()) {
            testSingleCustomFieldDescriptionOnCustomFieldsScreen(it.next());
        }
    }

    @Test
    public void testCustomFieldDescriptionsCanBeRenderedAsRawHtmlOrWikiMarkUpInIssueNavigator() throws Exception {
        for (Map.Entry<String, List<String>> entry : SEARCHERS.entrySet()) {
            testSingleCustomFieldDescriptionOnIssueNavigatorScreen(entry.getValue(), entry.getKey());
        }
    }

    private void testSingleCustomFieldDescriptionOnIssueNavigatorScreen(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            testSingleCustomFieldDescriptionOnIssueNavigatorScreen(it.next(), str);
        }
    }

    private void testSingleCustomFieldDescriptionOnIssueNavigatorScreen(String str, String str2) {
        String createCustomField = this.backdoor.customFields().createCustomField(str + "-name", "description" + str, str, str2);
        this.backdoor.customFields().addOption(createCustomField, optionValue(str));
        this.backdoor.applicationProperties().setOption("jira.custom.field.html.enabled", true);
        this.tester.gotoPage("secure/QueryComponentRendererEdit!Default.jspa?fieldId=" + createCustomField + "&decorator=none&jqlContext=");
        Assert.assertTrue("HTML in Custom Fields is enabled so the options should be rendered as raw HTML for " + str2, getPageSource().contains(optionValueHtml(str)));
        this.backdoor.applicationProperties().setOption("jira.custom.field.html.enabled", false);
        this.tester.gotoPage("secure/QueryComponentRendererEdit!Default.jspa?fieldId=" + createCustomField + "&decorator=none&jqlContext=");
        Assert.assertTrue("HTML in Custom Fields is disabled so the optons should be escaped for " + str2, getPageSource().contains(optionValueEscaped(str)));
        Assert.assertFalse("HTML in Custom Fields is disabled so the optons should be escaped for " + str2, getPageSource().contains(optionValueHtml(str)));
        this.backdoor.customFields().deleteCustomField(createCustomField);
    }

    private void testSingleCustomFieldDescriptionOnCustomFieldsScreen(String str) {
        String createCustomField = this.backdoor.customFields().createCustomField(str + "-name", "description" + str, str, (String) null);
        this.backdoor.customFields().addOption(createCustomField, optionValue(str));
        this.backdoor.applicationProperties().setOption("jira.custom.field.html.enabled", true);
        goToConfigureCustomFields(createCustomField);
        Assert.assertTrue("HTML in Custom Fields is enabled so the options should be rendered as raw HTML for " + str, getPageSource().contains(optionValueHtml(str)));
        this.backdoor.applicationProperties().setOption("jira.custom.field.html.enabled", false);
        goToConfigureCustomFields(createCustomField);
        Assert.assertTrue("HTML in Custom Fields is disabled so the options should be escaped for " + str, getPageSource().contains(optionValueEscaped(str)));
        Assert.assertFalse("HTML in Custom Fields is disabled so the options should be escaped for " + str, getPageSource().contains(optionValueHtml(str)));
        this.backdoor.customFields().deleteCustomField(createCustomField);
    }

    private void goToConfigureCustomFields(String str) {
        this.tester.gotoPage("/secure/admin/ConfigureCustomField!default.jspa?customFieldId=" + CustomFieldUtils.getCustomFieldId(str));
    }

    private String getPageSource() {
        return this.tester.getDialog().getResponseText();
    }
}
