package org.wso2.das.integration.tests.portal;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.carbon.automation.engine.exceptions.AutomationFrameworkException;
import org.wso2.das.integration.common.utils.DASIntegrationTest;

/* loaded from: input_file:org/wso2/das/integration/tests/portal/XSSSecurityTest.class */
public class XSSSecurityTest extends DASIntegrationTest {
    @BeforeClass(alwaysRun = true)
    public void init() throws Exception {
        super.init();
    }

    @Test(groups = {"wso2.bam"}, description = "Test the login page for possible XSS")
    public void testXSSOnLoginPage() throws AutomationFrameworkException, IOException {
        String str = "";
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new DefaultHttpClient().execute(new HttpGet("https://localhost:10143/portal/login?destination=%2Fportal%2F%22%3e%3c%73%43%72%49%70%54%3e%61%6c%65%72%74%28%38%35%32%38%31%29%3c%2f%73%43%72%49%70%54%3e")).getEntity().getContent()));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            } else if (readLine.contains("name=\"destination\"")) {
                str = readLine;
                break;
            }
        }
        Assert.assertTrue(str.contains("/portal/sCrIpTalert85281/sCrIpT"), "Login page is vulnerable to XSS");
    }
}
