package com.contrastsecurity.agent.plugins.security;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.Lists;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.finding.FindingDTM;
import com.contrastsecurity.agent.messages.finding.trace.EventDTM;
import com.contrastsecurity.agent.messages.finding.trace.EventPropertyDTM;
import com.contrastsecurity.agent.messages.finding.trace.PropertyKey;
import com.contrastsecurity.agent.messages.routes.ObservedRoute;
import com.contrastsecurity.agent.plugins.route.RouteObservationProcessor;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.SourceNode;
import com.contrastsecurity.agent.services.ngreporting.ConfidenceLevel;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.agent.util.C0479p;
import com.contrastsecurity.agent.util.ObjectShare;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;

@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding.class */
public final class Finding extends com.contrastsecurity.agent.services.ngreporting.k {
    private final Application application;
    private final List<e> listeners;
    private final com.contrastsecurity.agent.config.e config;
    private final long hash;
    private HttpRequest request;
    private String ruleId;
    private Trace trace;
    private Map<PropertyKey, String> properties;
    private String preflightData;
    private static final String TRACE = "TRACE";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) Finding.class);
    public static final int SOURCE_AND_TARGET_TRACE_VERSION = 1;
    public static final int SOURCE_TYPES_TRACE_VERSION = 2;
    public static final int ROUTE_COVERAGE_TRACE_VERSION = 4;
    private static final int TRACE_VERSION = 4;

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$a.class */
    static class a implements e {
        private final com.contrastsecurity.agent.plugins.security.policy.a.a a;

        a(com.contrastsecurity.agent.plugins.security.policy.a.a aVar) {
            this.a = aVar;
        }

        @Override // com.contrastsecurity.agent.plugins.security.Finding.e
        public void a(Finding finding) {
            List<CodeEvent> events;
            Trace trace = finding.getTrace();
            if (trace == null || (events = trace.getEvents()) == null || events.isEmpty()) {
                return;
            }
            this.a.a(finding);
        }
    }

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$b.class */
    static class b implements e {
        b() {
        }

        @Override // com.contrastsecurity.agent.plugins.security.Finding.e
        public void a(Finding finding) {
            List<CodeEvent> events;
            Trace trace = finding.getTrace();
            if (trace == null || (events = trace.getEvents()) == null || events.isEmpty()) {
                return;
            }
            a(events);
        }

        void a(List<CodeEvent> list) {
            for (int i = 0; i < list.size(); i++) {
                list.get(i).prepareForReporting(list, i);
            }
        }
    }

    @Singleton
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$c.class */
    public static final class c implements d {
        private final com.contrastsecurity.agent.plugins.security.policy.a.a a;
        private final com.contrastsecurity.agent.config.e b;
        private final com.contrastsecurity.agent.o.e c;

        @Inject
        public c(com.contrastsecurity.agent.plugins.security.policy.a.a aVar, com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.o.e eVar2) {
            this.a = (com.contrastsecurity.agent.plugins.security.policy.a.a) Objects.requireNonNull(aVar);
            this.b = (com.contrastsecurity.agent.config.e) Objects.requireNonNull(eVar);
            this.c = (com.contrastsecurity.agent.o.e) Objects.requireNonNull(eVar2);
        }

        @Override // com.contrastsecurity.agent.plugins.security.Finding.d
        public Finding a(Application application, String str, Trace trace, long j) {
            return new Finding(this.b, this.a, application, this.c, str, trace, j);
        }
    }

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$d.class */
    public interface d {
        Finding a(Application application, String str, Trace trace, long j);
    }

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$e.class */
    interface e {
        void a(Finding finding);
    }

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/Finding$f.class */
    static class f implements e {
        private final com.contrastsecurity.agent.o.e a;

        f(com.contrastsecurity.agent.o.e eVar) {
            this.a = eVar;
        }

        @Override // com.contrastsecurity.agent.plugins.security.Finding.e
        public void a(Finding finding) {
            this.a.a(finding);
        }
    }

    private Finding(com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.plugins.security.policy.a.a aVar, Application application, com.contrastsecurity.agent.o.e eVar2, String str, Trace trace, long j) {
        this.config = eVar;
        this.application = application;
        this.ruleId = str;
        this.trace = trace;
        this.hash = j;
        this.listeners = Lists.of(new b(), new a(aVar), new f(eVar2));
        if (StringUtils.isEmpty(trace.getRuleId())) {
            trace.setRuleId(str);
        }
    }

    public HttpRequest getRequest() {
        return this.request;
    }

    public void setRequest(HttpRequest httpRequest) {
        this.request = httpRequest;
    }

    public String getRuleId() {
        return this.ruleId;
    }

    public void setRuleId(String str) {
        this.ruleId = str;
    }

    public Trace getTrace() {
        return this.trace;
    }

    public void setTrace(Trace trace) {
        this.trace = trace;
    }

    public Map<PropertyKey, String> getProperties() {
        return this.properties;
    }

    public void setProperties(Map<PropertyKey, String> map) {
        this.properties = map;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public long getHash() {
        return this.hash;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getPayload() {
        return C0479p.a(ObjectShare.GSON, toDTM());
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getMethod() {
        return "PUT";
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getURL() {
        return com.contrastsecurity.agent.d.f;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getShortDescription() {
        return "Trace " + this.ruleId + ": " + this.trace;
    }

    private boolean hasOnlyMultipartSources(Trace trace) {
        SourceNode source;
        int i = 0;
        int i2 = 0;
        List<CodeEvent> events = trace.getEvents();
        if (events == null) {
            return false;
        }
        for (int i3 = 0; i3 < events.size() && i2 == 0; i3++) {
            CodeEvent codeEvent = events.get(i3);
            if ((codeEvent instanceof SourceEvent) && (source = ((SourceEvent) codeEvent).getSource()) != null) {
                if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.MULTIPART)) {
                    i++;
                } else {
                    i2++;
                }
            }
        }
        return i > 0 && i2 == 0;
    }

    public FindingDTM toDTM() {
        FindingDTM.Builder events = FindingDTM.builder().setHash(getHash()).setRuleId(this.ruleId).setVersion(hasOnlyMultipartSources(this.trace) ? 1 : 4).setTags(this.config.b(this.application.context(), ConfigProperty.ASSESS_TAGS)).setSessionId(this.config.b(this.application.context(), ConfigProperty.SESSION_ID)).setEvidence(this.trace.getEvidence()).setEvents(getLatestEventDTMs());
        if (this.properties == null) {
            this.properties = new EnumMap(PropertyKey.class);
        }
        SourceEvent firstSourceEvent = this.trace.getFirstSourceEvent();
        if (firstSourceEvent != null) {
            String queue = firstSourceEvent.getQueue();
            if (queue != null) {
                this.properties.put(PropertyKey.QUEUE_NAME, queue);
            }
            if (this.request instanceof com.contrastsecurity.agent.plugins.frameworks.grpc.c.a.c) {
                com.contrastsecurity.agent.plugins.frameworks.grpc.c.a.c cVar = (com.contrastsecurity.agent.plugins.frameworks.grpc.c.a.c) this.request;
                this.properties.put(PropertyKey.PROCEDURE_NAME, cVar.a() + "(" + cVar.b() + ")");
            }
        }
        if (this.request != null) {
            events.setRequest(this.request.toHttpRequestDTM());
            com.contrastsecurity.agent.http.i frameworkInfo = this.request.getFrameworkInfo();
            if (frameworkInfo != null) {
                com.contrastsecurity.agent.v.l d2 = frameworkInfo.d();
                if (firstSourceEvent != null && d2 != null) {
                    firstSourceEvent.setStack(d2);
                }
                if (!StringUtils.isEmpty(frameworkInfo.c())) {
                    this.properties.put(PropertyKey.FRAMEWORK, frameworkInfo.c());
                }
                if (!StringUtils.isEmpty(frameworkInfo.b())) {
                    this.properties.put(PropertyKey.CONTROLLER, frameworkInfo.b());
                }
                if (!StringUtils.isEmpty(frameworkInfo.a())) {
                    this.properties.put(PropertyKey.METHOD, frameworkInfo.a());
                }
            }
            if (this.trace.hasProperties()) {
                for (EventPropertyDTM eventPropertyDTM : this.trace.getPropertiesIterable()) {
                    this.properties.put(eventPropertyDTM.getKey(), eventPropertyDTM.getValue());
                }
            }
            events.setObservedRoute((ObservedRoute) this.request.context().get(RouteObservationProcessor.CURRENT_OBSERVED_ROUTE));
        }
        events.setProperties(this.properties);
        return events.build();
    }

    public boolean hasEvents() {
        List<CodeEvent> events = this.trace.getEvents();
        return (events == null || events.isEmpty()) ? false : true;
    }

    private List<EventDTM> getLatestEventDTMs() {
        List<CodeEvent> events = this.trace.getEvents();
        ArrayList arrayList = new ArrayList(events.size());
        int lastTrigger = this.trace.getLastTrigger();
        for (int i = 0; i <= lastTrigger && i < events.size(); i++) {
            try {
                arrayList.add(events.get(i).toDtm());
            } catch (com.contrastsecurity.agent.services.ngreporting.o e2) {
                logger.error("Failed to convert CodeEvent to DTM.", (Throwable) e2);
            }
        }
        return arrayList;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public ConfidenceLevel getLevel() {
        return this.trace.level;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public Application getApplication() {
        return this.application;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getReportCode() {
        return "TRACE";
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public boolean requiresPreflight() {
        return true;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getPreflightData() {
        if (this.preflightData == null) {
            this.preflightData = this.ruleId + "," + getHash();
        }
        return this.preflightData;
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public String getContentType() {
        return com.contrastsecurity.agent.d.a.JSON.toString();
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public void onIgnoredAsAlreadyReported() {
        if (logger.isDebugEnabled()) {
            logger.debug("{}{}|LocalCacheHit|ruleId={}", com.contrastsecurity.agent.action.analyzelog.h.a, com.contrastsecurity.agent.action.analyzelog.h.e, this.ruleId);
        }
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public void onAcceptedIntoReportingQueue() {
        fetchAndCacheRequestBody();
        if (logger.isDebugEnabled()) {
            logger.debug("{}{}|NewFinding|ruleId={}", com.contrastsecurity.agent.action.analyzelog.h.a, com.contrastsecurity.agent.action.analyzelog.h.e, this.ruleId);
        }
        Iterator<e> it = this.listeners.iterator();
        while (it.hasNext()) {
            it.next().a(this);
        }
    }

    private void fetchAndCacheRequestBody() {
        HttpRequest request = getRequest();
        if (request != null) {
            request.cacheBody();
        }
    }

    @Override // com.contrastsecurity.agent.services.ngreporting.LegacyReport
    public void onRejectedByPreflight() {
        if (logger.isDebugEnabled()) {
            logger.trace("{}{}|Preflighted|ruleId={}", com.contrastsecurity.agent.action.analyzelog.h.a, com.contrastsecurity.agent.action.analyzelog.h.e, this.ruleId);
        }
    }
}
