package com.contrastsecurity.agent.plugins.protect.rules.h;

import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.ah;
import com.contrastsecurity.agent.plugins.protect.rules.x;
import com.contrastsecurity.agent.plugins.protect.rules.y;
import com.contrastsecurity.agent.telemetry.b.g;
import com.contrastsecurity.agent.telemetry.b.n;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Optional;

/* compiled from: XSSEvaluator.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/h/c.class */
public class c extends x {
    final g.c<n> h;
    private static final String[] i = {"onfinish", "onstart", "onbounce", "onerror", "onload", "onafterprint", "onbeforeprint", "onbeforetoggle", "onbeforeunload", "onhashchange", "onmessage", "onoffline", "ononline", "onpagehide", "onpageshow", "onpopstate", "onresize", "onstorage", "onunload", "onblur", "onchange", "oncontextmenu", "onfocus", "oninput", "oninvalid", "onreset", "onsearch", "onselect", "onsubmit", "onkeydown", "onkeypress", "onkeyup", "onclick", "ondblclick", "ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "onmousedown", "onmousemove", "onmouseout", "onmouseup", "onmouseover", "onmousewheel", "onscroll", "onwheel", "oncopy", "onpaste", "oncut", "onabort", "oncanplay", "oncanplaythrough", "oncuechange", "ondurationchange", "onemptied", "onended", "onloadeddata", "onloadedmetadata", "onloadstart", "onpause", "onplay", "onplaying", "onprogress", "onratechange", "onseeked", "onseeking", "onstalled", "onsuspend", "ontimeupdate", "onvolumechange", "onwaiting", "onshow", "ontoggle"};
    private static final char[] j = {'\'', '\"', '=', '<', ';', '(', '`', '>', ':'};

    /* JADX INFO: Access modifiers changed from: package-private */
    public c(y yVar, g.c<n> cVar) {
        super(yVar);
        this.h = cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected String a() {
        return "XSS";
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected boolean a(String str, String str2, int i2) {
        return StringUtils.containsNone(str2, j);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.w
    public C a(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        if ((inputType.equals(UserInputDTM.InputType.HEADER) && !com.contrastsecurity.agent.plugins.b.c.HEADER_REFERER.a(str)) || ah.a(i2, 4) || ah.a(i2, 32)) {
            return null;
        }
        if (str3.length() >= 16 || c(str3)) {
            return b(str, str3, i2);
        }
        return null;
    }

    private boolean c(String str) {
        if (StringUtils.contains(str, "alert") || StringUtils.contains(str, "prompt") || StringUtils.contains(str, "confirm") || StringUtils.contains(str, "eval") || StringUtils.contains(str, "hash") || N.c(str, "<script") || N.c(str, "javascript:") || N.c(str, "vbscript:") || N.c(str, "data:") || N.c(str, "\\u") || StringUtils.contains(str, "Function")) {
            return true;
        }
        int length = str.length();
        for (String str2 : i) {
            if (str2.length() < length && N.c(str, str2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.x
    protected Optional<n> a(String str) {
        return this.h.get(com.contrastsecurity.agent.telemetry.b.a.b.a(str).name());
    }
}
