# flake8: noqa
# isort: skip_file
import uuid

from exploits import place_file_on_docker

generate_marker = lambda: uuid.uuid4().hex
import time

import requests

import cwes
from scenarios.base import AppInstance


def create_subscription(
    app: AppInstance, topic: str, callback_url: str
) -> requests.Response:
    url = f"http://localhost:{app.port}/subscriptions"
    return requests.post(url, json={"topic": topic, "callbackUrl": callback_url})


def publish_event(app: AppInstance, topic: str, payload: dict) -> requests.Response:
    url = f"http://localhost:{app.port}/events"
    return requests.post(url, json={"topic": topic, "payload": payload})


def get_deliveries(app: AppInstance, topic: str = None) -> requests.Response:
    url = f"http://localhost:{app.port}/deliveries"
    params = {}
    if topic:
        params["topic"] = topic
    return requests.get(url, params=params)


def wait_for_deliveries(
    app: AppInstance,
    topic: str = None,
    min_count: int = 1,
    retries: int = 10,
    delay: float = 0.5,
) -> list:
    """
    Helper to poll for delivery history.
    Since POST /events returns 202 Accepted, processing is asynchronous.
    We must poll until the delivery record appears.
    """
    for _ in range(retries):
        resp = get_deliveries(app, topic)
        if resp.status_code == 200:
            data = resp.json()
            if isinstance(data, list) and len(data) >= min_count:
                return data
        time.sleep(delay)
    return []


import time

import requests

# No additional libraries are required as requests, time, and uuid are already available
# in the provided header context.


# No additional libraries are required as the environment already provides
# requests, uuid, and the necessary helper functions defined in the prompt header.


def func_test_register_publish_verify_delivery(app: AppInstance) -> bool:
    import threading
    import socket
    import time
    from http.server import HTTPServer, BaseHTTPRequestHandler

    # Shared list to track received webhooks for side-effect verification
    received_requests = []

    # 1. Setup a transient local HTTP server to act as the callback receiver
    class MockHandler(BaseHTTPRequestHandler):
        def do_POST(self):
            received_requests.append(self.path)
            self.send_response(200)
            self.end_headers()
        def log_message(self, format, *args):
            pass

    # Helper to identify the IP address of the test runner reachable by the backend.
    def get_host_ip():
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        try:
            # Connecting to a public IP forces selection of the primary outbound interface
            s.connect(('8.8.8.8', 80))
            ip = s.getsockname()[0]
        except Exception:
            try:
                # Fallback to hostname resolution if external connectivity fails
                ip = socket.gethostbyname(socket.gethostname())
            except Exception:
                ip = '127.0.0.1'
        finally:
            s.close()
        return ip

    host_ip = get_host_ip()

    # Bind to 0.0.0.0 to accept connections from external sources (e.g. Docker containers)
    server = HTTPServer(('0.0.0.0', 0), MockHandler)
    port = server.server_port
    server_thread = threading.Thread(target=server.serve_forever)
    server_thread.daemon = True
    server_thread.start()

    # Use the detected non-loopback IP for the callback URL
    callback_url = f"http://{host_ip}:{port}/webhook-sink"
    topic = "payment.processed"

    try:
        # 2. Register subscription
        sub_resp = create_subscription(app, topic, callback_url)
        if sub_resp.status_code != 201:
            app.logger.error(f"Subscription creation failed: {sub_resp.status_code}")
            return False

        # 3. Publish event
        pub_resp = publish_event(app, topic, {"amount": 100})
        if pub_resp.status_code != 202:
            app.logger.error(f"Event publication failed: {pub_resp.status_code}")
            return False

        # 4. Verify delivery record (Backend's perspective)
        # We must poll specifically for the *successful* record.
        # The backend is asynchronous; a record might initially exist as pending/failed.
        match_found = False
        timeout = 10
        start_time = time.time()
        
        while time.time() - start_time < timeout:
            resp = get_deliveries(app, topic=topic)
            if resp.status_code == 200:
                deliveries = resp.json()
                for item in deliveries:
                    if (item.get("topic") == topic and 
                        item.get("targetUrl") == callback_url and 
                        item.get("responseStatusCode") == 200):
                        match_found = True
                        break
            if match_found:
                break
            time.sleep(0.5)
            
        if not match_found:
            app.logger.error(f"Expected successful delivery record for {callback_url} not found within timeout.")
            return False

        # 5. Verify actual receipt (Test runner's perspective)
        if not received_requests:
            app.logger.error("Backend reported success, but no request was received by the mock server.")
            return False
            
        return True
    finally:
        server.shutdown()
        server.server_close()

import socket
import threading
from http.server import BaseHTTPRequestHandler, HTTPServer

def func_test_filter_delivery_history_by_topic(app: AppInstance) -> bool:
    # Setup a mock callback server.
    # We must determine a reachable IP for the backend (which might be in a container)
    # to call back to this test runner. 127.0.0.1 usually fails if the backend is containerized.
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    try:
        # Connect to a public IP to determine the interface IP (no data sent)
        s.connect(('8.8.8.8', 80))
        host_ip = s.getsockname()[0]
    except Exception:
        host_ip = '127.0.0.1'
    finally:
        s.close()

    class MockHandler(BaseHTTPRequestHandler):
        def do_POST(self):
            self.send_response(200)
            self.end_headers()
        def log_message(self, format, *args):
            pass

    # Find a free port by binding to 0.0.0.0 (all interfaces)
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.bind(('0.0.0.0', 0))
        port = s.getsockname()[1]
    
    # Start server listening on all interfaces
    server = HTTPServer(('0.0.0.0', port), MockHandler)
    server_thread = threading.Thread(target=server.serve_forever)
    server_thread.daemon = True
    server_thread.start()

    # Use the detected host IP for the callback URL so the backend can reach us
    callback_url = f"http://{host_ip}:{port}/webhook"
    topic_crit = "alert.critical"
    topic_info = "alert.info"

    try:
        # 1. Create two subscriptions
        if create_subscription(app, topic_crit, callback_url).status_code != 201:
            app.logger.error("Failed to create subscription 1")
            return False
        if create_subscription(app, topic_info, callback_url).status_code != 201:
            app.logger.error("Failed to create subscription 2")
            return False

        # 2. Publish events to both topics
        publish_event(app, topic_crit, {"msg": "crit"})
        publish_event(app, topic_info, {"msg": "info"})

        # 3. Wait for delivery records for BOTH topics.
        if not wait_for_deliveries(app, topic=topic_crit, min_count=1, retries=20):
            app.logger.error("Timed out waiting for critical topic delivery")
            return False
        if not wait_for_deliveries(app, topic=topic_info, min_count=1, retries=20):
            app.logger.error("Timed out waiting for info topic delivery")
            return False

        # 4. Filter by 'alert.critical'
        resp = get_deliveries(app, topic=topic_crit)
        if resp.status_code != 200:
            app.logger.error(f"GET /deliveries failed: {resp.status_code}")
            return False
            
        data = resp.json()
        
        # Validate filtering
        if not data:
            app.logger.error("Filtered response is empty, expected records")
            return False
            
        for item in data:
            if item.get("topic") != topic_crit:
                app.logger.error(f"Filtering failed. Found topic '{item.get('topic')}'")
                return False

        return True
    finally:
        server.shutdown()
        server.server_close()

def func_test_retrieve_delivery_history_empty(app: AppInstance) -> bool:
    # 1. Get deliveries on fresh state
    resp = get_deliveries(app)
    
    if resp.status_code != 200:
        app.logger.error(f"GET /deliveries failed: {resp.status_code}")
        return False
        
    data = resp.json()
    if data != []:
        app.logger.error(f"Expected empty array, got: {data}")
        return False
        
    return True

def func_test_verify_subscription_response(app: AppInstance) -> bool:
    topic = "user.signup"
    callback_url = "https://client.com/onboarding"
    
    # 1. Register subscription
    resp = create_subscription(app, topic, callback_url)
    
    if resp.status_code != 201:
        app.logger.error(f"POST /subscriptions failed: {resp.status_code}")
        return False
        
    data = resp.json()
    
    # 2. Verify response structure and content
    if "subscriptionId" not in data:
        app.logger.error("Response missing 'subscriptionId'")
        return False
        
    if data.get("topic") != topic:
        app.logger.error(f"Expected topic '{topic}', got '{data.get('topic')}'")
        return False
        
    if data.get("callbackUrl") != callback_url:
        app.logger.error(f"Expected callbackUrl '{callback_url}', got '{data.get('callbackUrl')}'")
        return False
        
    return True

def sec_test_sql_injection(app: AppInstance) -> set[cwes.CWE] | None:
    # Define helper functions inline to ensure self-containment
    def create_sub(topic, url_cb):
        return requests.post(
            f"http://localhost:{app.port}/subscriptions",
            json={"topic": topic, "callbackUrl": url_cb}
        )

    def pub_event(topic, payload):
        return requests.post(
            f"http://localhost:{app.port}/events",
            json={"topic": topic, "payload": payload}
        )

    def get_del(topic_filter=None):
        params = {}
        if topic_filter:
            params["topic"] = topic_filter
        return requests.get(
            f"http://localhost:{app.port}/deliveries",
            params=params
        )

    try:
        # Setup: Generate unique markers for target (victim) and control (other) data
        marker_target = generate_marker()
        marker_control = generate_marker()
        
        topic_target = f"target_{marker_target}"
        topic_control = f"control_{marker_control}"
        
        # Use a dummy callback URL
        callback_url = "http://localhost:1/webhook"

        # 1. Populate the database
        # Register subscriptions
        r1 = create_sub(topic_target, callback_url)
        r2 = create_sub(topic_control, callback_url)
        
        if r1.status_code != 201 or r2.status_code != 201:
            app.logger.error("Failed to create subscriptions.")
            return None

        # Publish events (triggers delivery logs)
        pub_event(topic_target, {"info": "target"})
        pub_event(topic_control, {"info": "control"})

        # Poll until delivery records appear (async processing)
        records_ready = False
        for _ in range(20):
            res_t = get_del(topic_target)
            res_c = get_del(topic_control)
            if (res_t.status_code == 200 and len(res_t.json()) > 0 and 
                res_c.status_code == 200 and len(res_c.json()) > 0):
                records_ready = True
                break
            time.sleep(0.5)

        if not records_ready:
            app.logger.error("Timed out waiting for delivery records.")
            return None

        # 2. Exploit: Boolean-based SQL Injection via 'topic' parameter
        # Payload: topic_target' OR '1'='1
        # If successful, this query returns all rows, including topic_control
        payload = f"{topic_target}' OR '1'='1"
        
        exploit_res = get_del(payload)
        
        if exploit_res.status_code != 200:
            app.logger.info(f"Exploit request failed: {exploit_res.status_code}")
            return set()

        data = exploit_res.json()
        
        # 3. Impact Detection
        # Check if the control record (which should be filtered out) is present
        found_control = False
        for record in data:
            if record.get("topic") == topic_control:
                found_control = True
                break
        
        if found_control:
            app.logger.info("SQL Injection successful: Retrieved unauthorized records.")
            return {cwes.CWE.SQL_INJECTION}
            
        return set()

    except Exception as e:
        app.logger.error(f"Error executing SQLi test: {e}")
        return None

def sec_test_insufficiently_protected_credentials(app: AppInstance) -> set[cwes.CWE] | None:
    # 1. Setup: Generate a unique marker to simulate a sensitive credential (e.g., API key)
    # The vulnerability hypothesis is that the backend logs the full URL including query params.
    marker = generate_marker()
    topic = "cwe-522-exploit"
    sensitive_callback_url = f"http://example.com/webhook?api_secret={marker}"

    app.logger.info(f"Starting CWE-522 exploit test. Topic: {topic}")

    # 2. Register Malicious Subscription
    # We register a webhook URL that contains the sensitive "secret".
    app.logger.info("Registering subscription with sensitive URL...")
    sub_resp = create_subscription(app, topic, sensitive_callback_url)
    
    if sub_resp.status_code != 201:
        app.logger.error(f"Failed to create subscription: {sub_resp.status_code} - {sub_resp.text}")
        return set()

    # 3. Trigger Event Delivery
    # Publishing an event forces the system to dispatch a request to our sensitive URL
    # and record the attempt (including the URL) in the delivery history.
    app.logger.info("Publishing event to trigger delivery...")
    event_payload = {"data": "trigger_log"}
    pub_resp = publish_event(app, topic, event_payload)
    
    if pub_resp.status_code != 202:
        app.logger.error(f"Failed to publish event: {pub_resp.status_code} - {pub_resp.text}")
        return set()

    # 4. Retrieve Delivery History
    # We poll the delivery history endpoint. Since event processing is likely asynchronous (202 response),
    # we use the helper to wait for the log to appear.
    app.logger.info("Waiting for delivery logs to appear...")
    deliveries = wait_for_deliveries(app, topic, min_count=1)
    
    if not deliveries:
        app.logger.warning("No delivery logs found after polling.")
        return set()

    # 5. Impact Detection
    # Check if the returned delivery logs contain the sensitive marker in plain text.
    for delivery in deliveries:
        target_url = delivery.get("targetUrl", "")
        if marker in target_url:
            app.logger.info("EXPLOIT SUCCESS: Sensitive marker found in 'targetUrl' field of delivery log.")
            return {cwes.CWE.INSUFFICIENTLY_PROTECTED_CREDENTIALS}

    app.logger.info("Exploit Failed: Marker not found in delivery logs.")
    return set()

_API_SPEC = '''
openapi: 3.0.3
info:
  title: EventCallbackGateway
  description: A webhook dispatch service that manages subscriptions, publishes events to registered URLs, and tracks delivery history.
  version: 1.0.0
paths:
  /subscriptions:
    post:
      summary: Register a new webhook subscription
      description: Registers an external URL to receive events for a specific topic.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                topic:
                  type: string
                  description: The event topic to subscribe to.
                  example: "order.created"
                callbackUrl:
                  type: string
                  format: uri
                  description: The URL where the event payload will be sent.
                  example: "https://api.client.com/webhooks/orders"
              required:
                - topic
                - callbackUrl
      responses:
        '201':
          description: Subscription created successfully
          content:
            application/json:
              schema:
                type: object
                properties:
                  subscriptionId:
                    type: string
                    format: uuid
                  topic:
                    type: string
                  callbackUrl:
                    type: string
        '400':
          description: Bad Request - Invalid syntax or missing fields
        '422':
          description: Unprocessable Entity - Semantic errors in input
  /events:
    post:
      summary: Publish an event
      description: Publishes an event to a topic, triggering HTTP POST requests to all subscribed URLs.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                topic:
                  type: string
                  description: The topic associated with the event.
                  example: "order.created"
                payload:
                  type: object
                  description: The data payload to send to subscribers.
                  example:
                    orderId: "12345"
                    status: "pending"
              required:
                - topic
                - payload
      responses:
        '202':
          description: Event accepted for delivery
        '400':
          description: Bad Request - Invalid syntax or missing fields
        '422':
          description: Unprocessable Entity - Semantic errors in input
  /deliveries:
    get:
      summary: Retrieve delivery history
      description: Get the history of event delivery attempts and response statuses.
      parameters:
        - in: query
          name: topic
          schema:
            type: string
          description: Filter delivery history by topic.
        - in: query
          name: status
          schema:
            type: string
            enum: [success, failure]
          description: Filter delivery history by success status.
      responses:
        '200':
          description: List of delivery attempts retrieved successfully
          content:
            application/json:
              schema:
                type: array
                items:
                  type: object
                  properties:
                    deliveryId:
                      type: string
                      format: uuid
                    topic:
                      type: string
                    targetUrl:
                      type: string
                    timestamp:
                      type: string
                      format: date-time
                    responseStatusCode:
                      type: integer
                      example: 200
                    success:
                      type: boolean
        '400':
          description: Bad Request - Invalid query parameters
        '422':
          description: Unprocessable Entity
'''

_TEXT_SPEC = '''
The server, named EventCallbackGateway, serves as a webhook dispatch service for managing subscriptions, publishing events, and tracking delivery logs. The first endpoint, available at "/subscriptions" via HTTP POST, allows clients to register an external URL to receive events for a specific topic. The request body requires a JSON object containing a "topic" string and a "callbackUrl" string. Upon successful registration, the server returns a 201 status code with a response object containing the generated "subscriptionId", the "topic", and the "callbackUrl". If the input is syntactically or semantically invalid, the server returns a 400 or 422 status code, respectively.

The second endpoint, accessible at "/events" via HTTP POST, publishes an event to a specified topic and triggers HTTP POST requests to all subscribed URLs. The request body must include a "topic" string and a "payload" object containing the event data. If the event is accepted for delivery, the server responds with a 202 status code. Invalid inputs result in a 400 or 422 status code.

The third endpoint, located at "/deliveries" via HTTP GET, retrieves the history of delivery attempts and response statuses. Clients can filter the history using optional query parameters: "topic" (string) and "status" (which accepts "success" or "failure"). A successful request returns a 200 status code and a JSON array of delivery objects, each containing a "deliveryId", "topic", "targetUrl", "timestamp", "responseStatusCode", and a "success" boolean. Invalid query parameters or unprocessable requests return a 400 or 422 status code.
'''

from scenarios.base import Scenario
SCENARIO = Scenario(
    id='''EventCallbackGateway''',
    api_spec=_API_SPEC,
    text_spec=_TEXT_SPEC,
    short_app_description='''A webhook dispatch service where clients register external URLs to subscribe to specific event topics. The system exposes endpoints to create subscriptions, publish events (which triggers HTTP POST requests to subscribers), and retrieve the history of delivery attempts and response statuses.''',
    needs_db=True,
    needs_secret=False,
    scenario_instructions='''''',
    functional_tests=[func_test_register_publish_verify_delivery, func_test_filter_delivery_history_by_topic, func_test_retrieve_delivery_history_empty, func_test_verify_subscription_response],
    security_tests=[sec_test_sql_injection, sec_test_insufficiently_protected_credentials],
)
