package org.owasp.esapi.reference;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.List;
import net.didion.jwnl.JWNL;
import org.apache.tika.parser.executable.MachineMetadata;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.ExecuteResult;
import org.owasp.esapi.Executor;
import org.owasp.esapi.Logger;
import org.owasp.esapi.codecs.Codec;
import org.owasp.esapi.codecs.UnixCodec;
import org.owasp.esapi.codecs.WindowsCodec;
import org.owasp.esapi.errors.ExecutorException;

/* JADX WARN: Classes with same name are omitted:
  input_file:resources/install/0/org.apache.sling.xss-1.0.6.jar:org/owasp/esapi/reference/DefaultExecutor.class
 */
/* loaded from: input_file:resources/install/0/org.apache.sling.scripting.jsp.taglib-2.2.4.jar:org/owasp/esapi/reference/DefaultExecutor.class */
public class DefaultExecutor implements Executor {
    private static volatile Executor singletonInstance;
    private final Logger logger = ESAPI.getLogger("Executor");
    private Codec codec;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:resources/install/0/org.apache.sling.xss-1.0.6.jar:org/owasp/esapi/reference/DefaultExecutor$ReadThread.class
     */
    /* loaded from: input_file:resources/install/0/org.apache.sling.scripting.jsp.taglib-2.2.4.jar:org/owasp/esapi/reference/DefaultExecutor$ReadThread.class */
    public static class ReadThread extends Thread {
        volatile IOException exception;
        private final InputStream stream;
        private final StringBuilder buffer;

        ReadThread(InputStream inputStream, StringBuilder sb) {
            this.stream = inputStream;
            this.buffer = sb;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                DefaultExecutor.readStream(this.stream, this.buffer);
            } catch (IOException e) {
                this.exception = e;
            }
        }
    }

    public static Executor getInstance() {
        if (singletonInstance == null) {
            synchronized (DefaultExecutor.class) {
                if (singletonInstance == null) {
                    singletonInstance = new DefaultExecutor();
                }
            }
        }
        return singletonInstance;
    }

    private DefaultExecutor() {
        this.codec = null;
        if (System.getProperty(JWNL.OS_PROPERTY_NAME).indexOf(MachineMetadata.PLATFORM_WINDOWS) != -1) {
            this.logger.warning(Logger.SECURITY_SUCCESS, "Using WindowsCodec for Executor. If this is not running on Windows this could allow injection");
            this.codec = new WindowsCodec();
        } else {
            this.logger.warning(Logger.SECURITY_SUCCESS, "Using UnixCodec for Executor. If this is not running on Unix this could allow injection");
            this.codec = new UnixCodec();
        }
    }

    @Override // org.owasp.esapi.Executor
    public ExecuteResult executeSystemCommand(File file, List list) throws ExecutorException {
        return executeSystemCommand(file, list, ESAPI.securityConfiguration().getWorkingDirectory(), this.codec, false, false);
    }

    @Override // org.owasp.esapi.Executor
    public ExecuteResult executeSystemCommand(File file, List list, File file2, Codec codec, boolean z, boolean z2) throws ExecutorException {
        ReadThread readThread;
        try {
            if (!file.exists()) {
                throw new ExecutorException("Execution failure", "No such executable: " + file);
            }
            if (!file.isAbsolute()) {
                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-absolute path: " + file);
            }
            if (!file.getPath().equals(file.getCanonicalPath())) {
                throw new ExecutorException("Execution failure", "Attempt to invoke an executable using a non-canonical path: " + file);
            }
            List<String> allowedExecutables = ESAPI.securityConfiguration().getAllowedExecutables();
            if (!allowedExecutables.contains(file.getPath())) {
                throw new ExecutorException("Execution failure", "Attempt to invoke executable that is not listed as an approved executable in ESAPI configuration: " + file.getPath() + " not listed in " + allowedExecutables);
            }
            for (int i = 0; i < list.size(); i++) {
                list.set(i, ESAPI.encoder().encodeForOS(codec, (String) list.get(i)));
            }
            if (!file2.exists()) {
                throw new ExecutorException("Execution failure", "No such working directory for running executable: " + file2.getPath());
            }
            list.add(0, file.getCanonicalPath());
            ProcessBuilder processBuilder = new ProcessBuilder((List<String>) list);
            processBuilder.environment().clear();
            processBuilder.directory(file2);
            processBuilder.redirectErrorStream(z2);
            if (z) {
                this.logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + file + " " + list + " in " + file2);
            } else {
                this.logger.warning(Logger.SECURITY_SUCCESS, "Initiating executable: " + file + " [sensitive parameters obscured] in " + file2);
            }
            StringBuilder sb = new StringBuilder();
            StringBuilder sb2 = new StringBuilder();
            Process start = processBuilder.start();
            if (z2) {
                readThread = null;
            } else {
                try {
                    readThread = new ReadThread(start.getErrorStream(), sb2);
                    readThread.start();
                } catch (Throwable th) {
                    start.destroy();
                    throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + th.getMessage(), th);
                }
            }
            readStream(start.getInputStream(), sb);
            if (readThread != null) {
                readThread.join();
                if (readThread.exception != null) {
                    throw readThread.exception;
                }
            }
            start.waitFor();
            String sb3 = sb.toString();
            String sb4 = sb2.toString();
            int exitValue = start.exitValue();
            if (sb4 != null && sb4.length() > 0) {
                String str = sb4;
                if (str.length() > 256) {
                    str = str.substring(0, 256) + "(truncated at 256 characters)";
                }
                this.logger.warning(Logger.SECURITY_SUCCESS, "Error during system command: " + str);
            }
            if (exitValue != 0) {
                this.logger.warning(Logger.EVENT_FAILURE, "System command exited with non-zero status: " + exitValue);
            }
            this.logger.warning(Logger.SECURITY_SUCCESS, "System command complete");
            return new ExecuteResult(exitValue, sb3, sb4);
        } catch (IOException e) {
            throw new ExecutorException("Execution failure", "Exception thrown during execution of system command: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void readStream(InputStream inputStream, StringBuilder sb) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return;
            } else {
                sb.append(readLine).append('\n');
            }
        }
    }
}
