"""
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information
"""
import re
from json import loads

from faraday_plugins.plugins.plugin import PluginJsonFormat
from faraday_plugins.plugins.repo.zap_json.DTO import ZapJsonParser

__author__ = "Gonzalo Martinez"
__copyright__ = "Copyright (c) 2013, Infobyte LLC"
__credits__ = ["Gonzalo Martinez"]
__license__ = ""
__version__ = "1.0.0"
__maintainer__ = "Gonzalo Martinez"
__email__ = "[email protected]"
__status__ = "Development"


def split_and_strip_tags(data):
    """
    Split string using closing html tags
    then remove them
    @return list Stripped string
    """
    r = []
    split = re.compile('</.*?>')
    for i in re.split(split, data)[:-1]:
        r += [strip_tags(i)]
    return r


def strip_tags(data):
    """
    Remove html tags from a string
    @return Stripped string
    """
    clean = re.compile('<.*?>')
    return re.sub(clean, '', data)


class ZapJsonPlugin(PluginJsonFormat):

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.identifier_tag = "OWASPZAPReport"
        self.id = "Zap_Json"
        self.name = "Zap Json Output Plugin"
        self.plugin_version = "0.1"
        self.version = "2.11.1"
        self.framework_version = "1.0.0"
        self.options = None
        self._temp_file_extension = "json"
        self.json_keys = {'@version'}

    def parseOutputString(self, output):
        """
        This method will discard the output the shell sends, it will read it
        from the json where it expects it to be present.
        """

        parser = ZapJsonParser(loads(output))

        for site in parser.sites:
            ip = self.resolve_hostname(site.host)
            host = []
            if site.host != ip:
                host = [site.host]

            if site.ssl == "true":
                service = "https"
            else:
                service = "http"

            h_id = self.createAndAddHost(ip, hostnames=host)

            s_id = self.createAndAddServiceToHost(h_id, service, "tcp", ports=[site.port], status='open')

            for item in site.alerts:
                for instance in item.instances:
                    data = f"URL:\n {instance.uri.uri}\n"
                    if instance.evidence:
                        data += f" Parameter:\n {instance.param}\n Evidence:\n {instance.evidence}"
                    elif instance.attack and instance.param:
                        data += f" Payload:\n {instance.param} = {instance.attack}"
                    elif instance.param:
                        data += f" Parameter:\n {instance.param}"

                    ref = []
                    cwe = []
                    if item.reference:
                        ref += split_and_strip_tags(item.reference)
                    if item.cwe:
                        cwe += [f"CWE-{item.cwe}"]
                    if item.wasc:
                        ref += [f"WASC:{item.wasc}"]

                    self.createAndAddVulnWebToService(
                        h_id,
                        s_id,
                        item.name,
                        strip_tags(item.desc),
                        website=site.name,
                        query=instance.uri.query,
                        severity=item.riskcode,
                        path=instance.uri.path,
                        params=', '.join(instance.uri.params),
                        method=instance.method,
                        ref=ref,
                        resolution=strip_tags(item.solution),
                        data=data,
                        pname=instance.param,
                        external_id="ZAP-" + str(item.plugin_id),
                        cwe=cwe
                    )

        del parser


def createPlugin(*args, **kwargs):
    return ZapJsonPlugin(*args, **kwargs)