#!/usr/bin/env python3
"""
Misconfiguration Lab Tool

LAB ONLY | AUTHORIZED TARGETS ONLY
"""

from __future__ import annotations

import argparse
import sys
from pathlib import Path
from typing import Any, Dict, List
from urllib.parse import urljoin

import requests

SCRIPTS_DIR = Path(__file__).resolve().parents[3] / "scripts"
if str(SCRIPTS_DIR) not in sys.path:
    sys.path.insert(0, str(SCRIPTS_DIR))

from tool_contract import add_common_args, emit_report, ensure_authorized, make_report, parse_headers, write_evidence  # noqa: E402


DEFAULT_PATHS = [
    "/.env",
    "/server-status",
    "/actuator/health",
    "/swagger-ui.html",
    "/phpinfo.php",
    "/admin/",
    "/debug",
]


def probe(target: str, timeout: float, headers: Dict[str, str]) -> List[Dict[str, Any]]:
    results = []
    for path in DEFAULT_PATHS:
        url = urljoin(target if target.endswith("/") else target + "/", path.lstrip("/"))
        try:
            response = requests.get(url, timeout=timeout, headers=headers, verify=False)
            results.append(
                {
                    "path": path,
                    "url": url,
                    "status_code": response.status_code,
                    "server": response.headers.get("Server"),
                    "content_type": response.headers.get("Content-Type"),
                    "body_excerpt": response.text[:300],
                }
            )
        except Exception as exc:
            results.append({"path": path, "url": url, "error": str(exc)})
    return results


def main() -> int:
    parser = argparse.ArgumentParser(description="Misconfiguration Lab Tool")
    parser.add_argument("--target", required=True, help="目标 URL")
    parser.add_argument("--timeout", type=float, default=8.0, help="请求超时时间")
    add_common_args(parser)
    args = parser.parse_args()
    ensure_authorized(args, parser)

    headers = parse_headers(args.header)
    results = probe(args.target, args.timeout, headers)
    evidence_refs = []
    ref = write_evidence(args, "misconfig-lab.json", {"results": results})
    if ref:
        evidence_refs.append(ref)
    suspicious = [item for item in results if item.get("status_code") in {200, 401, 403}]
    report = make_report(
        tool="misconfig-lab",
        mode="misconfiguration-surface-check",
        target=args.target,
        status="verified" if suspicious else "needs-review",
        severity="medium" if suspicious else "info",
        payload_or_probe={"results": results, "suspicious": suspicious},
        request_summary={"timeout": args.timeout, "paths": DEFAULT_PATHS},
        evidence_refs=evidence_refs,
        destructive_risk="low",
        args=args,
    )
    text_lines = [
        "=" * 60,
        "Misconfiguration Lab Tool",
        "=" * 60,
        f"Target: {args.target}",
        f"Paths Checked: {len(DEFAULT_PATHS)}",
        f"Suspicious Responses: {len(suspicious)}",
    ]
    return emit_report(args, report, text_lines)


if __name__ == "__main__":
    raise SystemExit(main())