package com.contrastsecurity.agent.plugins.security.controller.trigger;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.Maps;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.plugins.security.AssessmentContext;
import com.contrastsecurity.agent.plugins.security.AssessmentManager;
import com.contrastsecurity.agent.plugins.security.Finding;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.SourceNode;
import com.contrastsecurity.agent.plugins.security.policy.rules.Event;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.plugins.security.y;
import com.contrastsecurity.agent.reloadable.AgentChannelHub;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.MethodDescription;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.List;

@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/controller/trigger/QueueFindingListener.class */
public final class QueueFindingListener implements p {
    private final AssessmentManager assessmentManager;
    private final HttpManager httpManager;
    private final Finding.d findingFactory;
    private final com.contrastsecurity.agent.config.e config;
    private final com.contrastsecurity.agent.services.ngreporting.h legacyReportingService;
    private final y.c cryptographicHasher;
    private final y.d dataflowHasher;
    private final com.contrastsecurity.agent.plugins.security.n disabledRulesFilter;
    private static final String INVALID_DATA_FLOW_ERROR = "dataflow.invalid.notenough";
    private static final String RULE_HASH_CHANNEL = "assess.rule-and-hash";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) QueueFindingListener.class);

    public QueueFindingListener(AssessmentManager assessmentManager, HttpManager httpManager, com.contrastsecurity.agent.config.e eVar, Finding.d dVar, com.contrastsecurity.agent.services.ngreporting.h hVar, y yVar, com.contrastsecurity.agent.plugins.security.n nVar) {
        this.assessmentManager = assessmentManager;
        this.httpManager = httpManager;
        this.findingFactory = dVar;
        this.config = eVar;
        this.legacyReportingService = hVar;
        this.cryptographicHasher = yVar.c();
        this.dataflowHasher = yVar.e();
        this.disabledRulesFilter = nVar;
    }

    @Override // com.contrastsecurity.agent.plugins.security.controller.trigger.p
    public boolean onTraceTriggered(Application application, Rule rule, Event event, Trace trace, Object obj, Object[] objArr, Object obj2, com.contrastsecurity.agent.plugins.security.controller.o oVar) {
        long a;
        String id = rule.getId();
        if (shouldUpdateIdToStoredXSS(id, trace)) {
            id = "stored-xss";
        }
        if (this.disabledRulesFilter.a(application).test(id)) {
            logger.debug("Suppressed trace {} in {} for the disabled rule {}", Long.valueOf(trace.getId()), application, id);
            return false;
        }
        if (isInvalidDataFlow(rule, trace)) {
            com.contrastsecurity.agent.logging.a.a(INVALID_DATA_FLOW_ERROR, logger, "Not enough data flow events for trace {}", null, new Object[]{com.contrastsecurity.agent.f.c.a(logger, String.valueOf(trace))});
            logger.debug("Suppressed trace {} w/o enough events {}", Long.valueOf(trace.getId()), trace);
            return false;
        }
        if ("crypto-bad-ciphers".equals(id) || "crypto-bad-mac".equals(id)) {
            a = this.cryptographicHasher.a(rule.getId(), this.httpManager.getCurrentRequest(), objArr.length == 0 ? getCryptoHashArgument(trace) : (String) objArr[0]);
        } else {
            a = this.dataflowHasher.a(rule.getId(), this.httpManager.getCurrentRequest(), trace);
        }
        Finding a2 = this.findingFactory.a(application, id, trace, a);
        a2.setRequest(this.httpManager.cloneCurrentRequest());
        logger.info("Added finding for rule ID: {} (hash={})", id, Long.valueOf(a2.getHash()));
        broadcastToLegacyChannel(id, a2);
        this.legacyReportingService.a(a2);
        AssessmentContext currentContext = this.assessmentManager.currentContext();
        if (currentContext == null || !a2.hasEvents()) {
            return true;
        }
        currentContext.onFindingOccurred(id, a2.getHash());
        return true;
    }

    private static String getCryptoHashArgument(Trace trace) {
        CodeEvent lastEvent;
        MethodDescription method;
        String signature;
        return (trace == null || (lastEvent = trace.getLastEvent()) == null || (method = lastEvent.getMethod()) == null || (signature = method.getSignature()) == null) ? "" : signature;
    }

    private void broadcastToLegacyChannel(String str, Finding finding) {
        AgentChannelHub orNull = AgentChannelHub.getOrNull(this.config);
        if (orNull != null && orNull.hasSubscribers(RULE_HASH_CHANNEL)) {
            orNull.broadcast(RULE_HASH_CHANNEL, Maps.builder().add(str, Long.valueOf(finding.getHash())).build());
        }
    }

    private boolean isInvalidDataFlow(Rule rule, Trace trace) {
        List<CodeEvent> events;
        return rule.requiresDataFlow() && trace != null && (events = trace.getEvents()) != null && events.size() <= 1;
    }

    private boolean shouldUpdateIdToStoredXSS(String str, Trace trace) {
        List<CodeEvent> events;
        SourceNode source;
        if (!"reflected-xss".equals(str) || trace == null || (events = trace.getEvents()) == null || events.isEmpty()) {
            return false;
        }
        for (CodeEvent codeEvent : events) {
            if ((codeEvent instanceof SourceEvent) && (source = ((SourceEvent) codeEvent).getSource()) != null && source.hasSourceTypes() && (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.TAINTED_DATABASE) || source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.CANARY))) {
                return true;
            }
        }
        return false;
    }
}
