package org.apache.nifi.security.xml;

import java.io.BufferedReader;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.regex.Pattern;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.components.Validator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.11.0.jar:org/apache/nifi/security/xml/XXEValidator.class */
public class XXEValidator implements Validator {
    private static final Logger logger = LoggerFactory.getLogger(XXEValidator.class);
    private final Pattern xxePattern = Pattern.compile("(?i)<\\s*!\\s*E\\s*N\\s*T\\s*I\\s*T\\s*Y");

    public ValidationResult validate(String str, String str2, ValidationContext validationContext) {
        Path path = Paths.get(str2, new String[0]);
        boolean z = false;
        String path2 = path.toString();
        logger.info("Validating {} for XXE attack", path2);
        if (!Files.exists(path, new LinkOption[0])) {
            return new ValidationResult.Builder().subject(str).input(str2).valid(false).explanation("File not found: " + str2 + " could not be found.").build();
        }
        try {
            BufferedReader newBufferedReader = Files.newBufferedReader(path);
            Throwable th = null;
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = newBufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    if (this.xxePattern.matcher(readLine).find()) {
                        z = true;
                        logger.warn("Detected XXE attack in {}", path2);
                        break;
                    }
                    sb.append(readLine).append("\n");
                }
                if (!z) {
                    logger.debug("No XXE attack detected in {} line-by-line; checking concatenated document", path2);
                    z = this.xxePattern.matcher(sb.toString()).find();
                    if (z) {
                        logger.warn("Detected multiline XXE attack in {}", path2);
                    } else {
                        logger.debug("No XXE attack detected in full file {}", path2);
                    }
                }
                if (z) {
                    ValidationResult build = new ValidationResult.Builder().subject(str).input(str2).valid(false).explanation("XML file " + str2 + " contained an external entity. To prevent XXE vulnerabilities, NiFi has external entity processing disabled.").build();
                    if (newBufferedReader != null) {
                        if (0 != 0) {
                            try {
                                newBufferedReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newBufferedReader.close();
                        }
                    }
                    return build;
                }
                ValidationResult build2 = new ValidationResult.Builder().subject(str).input(str2).valid(true).explanation("No XXE attack detected.").build();
                if (newBufferedReader != null) {
                    if (0 != 0) {
                        try {
                            newBufferedReader.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        newBufferedReader.close();
                    }
                }
                return build2;
            } finally {
            }
        } catch (IOException e) {
            return new ValidationResult.Builder().subject(str).input(str2).valid(false).explanation(str2 + " is not valid because: " + e.getLocalizedMessage()).build();
        }
        return new ValidationResult.Builder().subject(str).input(str2).valid(false).explanation(str2 + " is not valid because: " + e.getLocalizedMessage()).build();
    }
}
