package com.contrastsecurity.agent.plugins.protect.rules.methodtampering;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.Sets;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.config.e;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.C0378w;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0319d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.S;
import com.contrastsecurity.agent.plugins.protect.rules.l;
import com.contrastsecurity.agent.util.C0481r;
import com.contrastsecurity.thirdparty.io.opentelemetry.semconv.SemanticAttributes;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Set;

/* compiled from: HTTPMethodTamperingRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/methodtampering/b.class */
public final class b implements l {
    private final InterfaceC0319d b;
    private final ProtectManager c;
    private final S d;
    private static final Set<String> e = Sets.of("OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE", "TRACE", SemanticAttributes.HttpRequestMethodValues.CONNECT, "PROPFIND", "PROPPATCH", "MKCOL", "COPY", "MOVE", "LOCK", "UNLOCK", "VERSION-CONTROL", "REPORT", "CHECKOUT", "CHECKIN", "UNCHECKOUT", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY", "ORDERPATCH", "ACL", "SEARCH", "MKCALENDAR", "PATCH");
    private static final Set<String> f = Sets.of("UNARY", "SERVERSTREAM", "CLIENTSTREAM", "BIDISTREAM");
    private static final Logger g = LoggerFactory.getLogger((Class<?>) b.class);

    @Inject
    public b(InterfaceC0319d interfaceC0319d, ProtectManager protectManager, e eVar) {
        this.b = interfaceC0319d;
        this.c = protectManager;
        this.d = new C0378w(eVar, ConfigProperty.PROTECT_METHOD_TAMPERING_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.HTTP_METHOD_TAMPERING;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public S getProtectRuleMode() {
        return this.d;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public void a(Application application, HttpRequest httpRequest) {
        String method = httpRequest.getMethod();
        if (b(httpRequest) && this.c.canBlock(this)) {
            UserInputDTM a = a(method);
            this.b.a(ProtectRuleId.HTTP_METHOD_TAMPERING, (ProtectRuleId) new HTTPMethodTamperingDetailsDTM(method), a, AttackResult.BLOCKED);
            throw new AttackBlockedException("HTTP Method Tampering detected");
        }
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public void a(HttpRequest httpRequest, HttpResponse httpResponse) {
        if (httpRequest == null || httpResponse == null) {
            g.debug("Returning early - request or response is null. \n\tRequest: {}\n\tResponse: {}", httpRequest, httpResponse);
            return;
        }
        int status = httpResponse.getStatus();
        if (status == 501 || status == 405 || this.c.canBlock(this) || !b(httpRequest)) {
            return;
        }
        String method = httpRequest.getMethod();
        UserInputDTM a = a(method);
        this.b.a(ProtectRuleId.HTTP_METHOD_TAMPERING, (ProtectRuleId) new HTTPMethodTamperingDetailsDTM(method, status), a, AttackResult.EXPLOITED);
    }

    private boolean b(HttpRequest httpRequest) {
        String method = httpRequest.getMethod();
        return (method == null || e.contains(method) || C0481r.b(httpRequest) || f.contains(method)) ? false : true;
    }

    private UserInputDTM a(String str) {
        return UserInputDTM.builder().value(str).type(UserInputDTM.InputType.METHOD).build();
    }
}
