package com.contrastsecurity.agent.plugins.protect.rules.d;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.context.ExecutionContext;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.OgnlInjectionDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.C0378w;
import com.contrastsecurity.agent.plugins.protect.EnumC0380y;
import com.contrastsecurity.agent.plugins.protect.H;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0319d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.S;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0334a;
import com.contrastsecurity.agent.plugins.protect.rules.l;
import com.contrastsecurity.agent.plugins.protect.rules.n;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* compiled from: OgnlInjectionProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/d/d.class */
public final class d implements InterfaceC0334a, l, n {
    private final com.contrastsecurity.agent.config.e c;
    private final InterfaceC0319d d;
    private final com.contrastsecurity.agent.commons.c e;
    private final ProtectManager f;
    private final com.contrastsecurity.agent.plugins.protect.g.c g;
    private final ExecutionContext.b<Boolean> h = ExecutionContext.b.a(Boolean.class);
    private final S i;
    private static final int j = 50;
    private static final String l = "ognl";
    private static final int m = 6;
    private static final Set<String> k = Collections.singleton("ognl-detector");
    public static final Logger b = LoggerFactory.getLogger((Class<?>) d.class);

    @Inject
    public d(com.contrastsecurity.agent.config.e eVar, InterfaceC0319d interfaceC0319d, com.contrastsecurity.agent.commons.c cVar, ProtectManager protectManager, com.contrastsecurity.agent.plugins.protect.g.c cVar2) {
        this.c = eVar;
        this.d = interfaceC0319d;
        this.e = cVar;
        this.f = protectManager;
        this.g = cVar2;
        this.i = new C0378w(eVar, ConfigProperty.PROTECT_OGNL_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.URI != inputType;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean a(UserInputDTM.InputType inputType) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public void a(Application application, HttpRequest httpRequest) {
        String uri = httpRequest.getUri();
        H currentContext = this.f.currentContext();
        com.contrastsecurity.agent.plugins.protect.b.b c = currentContext.c(uri);
        a(application, c != null ? c.c() : uri, currentContext);
    }

    private void a(Application application, String str, H h) {
        List<String> a;
        if (str == null || str.length() < 6 || !f.d(str) || (a = f.a(str)) == null) {
            return;
        }
        for (String str2 : a) {
            if (f.b(str2)) {
                a(application, h, str2);
            }
        }
    }

    private void a(Application application, H h, String str) {
        UserInputDTM build = UserInputDTM.builder().value(str).type(UserInputDTM.InputType.URI).filters(k).time(this.e.a()).build();
        boolean canBlock = this.f.canBlock(this);
        if (str.length() <= 50) {
            h.a(this.c, application, this, new ai(build, true));
            this.g.b(ProtectRuleId.OGNL_INJECTION, "URI", build.getName(), build.getValue());
        } else {
            a(build, str, canBlock);
            this.g.a(ProtectRuleId.OGNL_INJECTION, "URI", build.getName(), build.getValue());
            if (canBlock) {
                throw new AttackBlockedException("OGNL attack detected");
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        boolean b2 = f.b(str);
        boolean b3 = f.b(str3);
        if (!b2 && !b3) {
            return null;
        }
        b.debug("Found ognl input {} {}", str, str2);
        return new C(EnumC0380y.MATCHED_ATTACK_SIGNATURE);
    }

    private void a(UserInputDTM userInputDTM, String str, boolean z) {
        this.d.a(ProtectRuleId.OGNL_INJECTION, (ProtectRuleId) new OgnlInjectionDetailsDTM(0, str.length(), str), userInputDTM, z ? AttackResult.BLOCKED_AT_PERIMETER : AttackResult.EXPLOITED);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.OGNL_INJECTION;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public S getProtectRuleMode() {
        return this.i;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToApplication(Application application) {
        return application != null && Boolean.TRUE.equals(application.context().get(this.h));
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0334a
    public void onApplicationProfiled(Application application) {
        application.context().put(this.h, Boolean.valueOf(a(application)));
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public boolean g() {
        return true;
    }

    private boolean a(Application application) {
        Iterator<String> it = application.getLibraryFactNames().iterator();
        while (it.hasNext()) {
            if (it.next().contains(l)) {
                return true;
            }
        }
        return false;
    }
}
