package com.contrastsecurity.agent.plugins.protect.rules.f.a;

import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.EnumC0380y;
import com.contrastsecurity.agent.plugins.protect.ah;
import com.contrastsecurity.agent.telemetry.b.g;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Optional;
import java.util.regex.Pattern;

/* compiled from: SQLInjectionEvaluator.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/f/a/o.class */
public final class o extends com.contrastsecurity.agent.plugins.protect.rules.x {
    final g.c<com.contrastsecurity.agent.telemetry.b.n> h;
    private static final String i = "AUTH-BYPASS-1";
    private static final int j = 2;
    private static final Pattern k = Pattern.compile("^[a-zA-Z@\\.-]+(\\s)*('|\")(\\s*)(\\-\\-|#|/\\*)(\\s*)$", 2);
    private static final Pattern l = Pattern.compile("(\\s+)or(\\s+)", 2);
    private static final char[] m = {'\'', '\"', '=', '<', ';', '(', '`', '>', ':', '-', '#', '/', '*'};

    public o(com.contrastsecurity.agent.plugins.protect.rules.y yVar, g.c<com.contrastsecurity.agent.telemetry.b.n> cVar) {
        super(yVar);
        this.h = cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected String a() {
        return "SQL Injection";
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected boolean a(String str, String str2, int i2) {
        return StringUtils.containsNone(str2, m);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.w
    public com.contrastsecurity.agent.plugins.protect.C a(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        int length;
        if (str3 == null || a(inputType, str, str3) || "$WSXCTCONTEXTID".equals(str) || d(str3) || (length = str3.length()) < 3 || ah.a(i2, 4)) {
            return null;
        }
        if (length == 3 && str3.indexOf(35) == -1) {
            return null;
        }
        if (length < 8) {
            if (g(str3) || c(str3)) {
                return new com.contrastsecurity.agent.plugins.protect.C(EnumC0380y.WORTH_WATCHING);
            }
            return null;
        }
        if (length < 15 && ah.a(i2, 32) && !f(str3)) {
            return null;
        }
        com.contrastsecurity.agent.plugins.protect.C b = b(str, str3, i2);
        if (b == null && e(str3)) {
            b = new com.contrastsecurity.agent.plugins.protect.C(EnumC0380y.WORTH_WATCHING);
            b.a(i, 2);
        }
        if (b == null && h(str3)) {
            b = new com.contrastsecurity.agent.plugins.protect.C(EnumC0380y.WORTH_WATCHING);
        }
        return b;
    }

    private boolean d(String str) {
        return str.length() == 7 && str.charAt(0) == '#' && N.b(str, 1);
    }

    private boolean a(UserInputDTM.InputType inputType, String str, String str2) {
        return UserInputDTM.InputType.HEADER == inputType && "Content-Type".equalsIgnoreCase(str) && str2.startsWith("multipart/form-data;");
    }

    private boolean e(String str) {
        return k.matcher(str).matches();
    }

    private boolean f(String str) {
        return (StringUtils.indexOfIgnoreCase(str, "true") == -1 && StringUtils.indexOfIgnoreCase(str, "false") == -1) ? false : true;
    }

    private boolean g(String str) {
        return str.indexOf(35) != -1 || str.contains("//") || str.contains("--") || str.contains("/*");
    }

    boolean c(String str) {
        return l.matcher(str).find();
    }

    private static boolean h(String str) {
        if (str == null || str.length() < 10) {
            return false;
        }
        int i2 = 0;
        int i3 = 0;
        boolean z = false;
        int i4 = 0;
        while (i4 < str.length()) {
            char charAt = str.charAt(i4);
            int i5 = i4 + 1;
            if (charAt == '/') {
                if (i5 >= str.length() || str.charAt(i5) != '*') {
                    i4++;
                } else {
                    i2++;
                    z = true;
                    i4 += 2;
                }
            } else if (charAt == '*') {
                if (i5 >= str.length() || str.charAt(i5) != '/') {
                    i4++;
                } else {
                    if (z) {
                        return true;
                    }
                    i2++;
                    i4 += 2;
                }
            } else if (a(charAt)) {
                i2++;
                i4++;
            } else if (Character.isWhitespace(charAt)) {
                i3++;
                i4++;
            } else {
                i4++;
            }
            if (i2 >= 2 && i3 >= 1) {
                return true;
            }
        }
        return false;
    }

    private static boolean a(char c) {
        for (int i2 = 0; i2 < "\"'`;-%,()|{}".length(); i2++) {
            if ("\"'`;-%,()|{}".charAt(i2) == c) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected Optional<com.contrastsecurity.agent.telemetry.b.n> a(String str) {
        return this.h.get(com.contrastsecurity.agent.telemetry.b.a.b.a(str).name());
    }
}
