package com.contrastsecurity.agent.plugins.protect.rules.elinjection;

import com.contrastsecurity.agent.commons.Preconditions;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.C0378w;
import com.contrastsecurity.agent.plugins.protect.EnumC0380y;
import com.contrastsecurity.agent.plugins.protect.H;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0319d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.S;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.rules.n;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Pattern;

/* compiled from: ELInjectionRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/elinjection/k.class */
public class k implements com.contrastsecurity.agent.plugins.protect.h.a, n {
    private final InterfaceC0319d d;
    private final ProtectManager e;
    private final Predicate<StackTraceElement> f;
    private final Predicate<String> g;
    private final S h;
    static final int c = 40;
    private static final String[] i = {"getClassLoader", "getClass", "newInstance", "getURL", "param.", "applicationScope.", "java.lang.Runtime", "getRuntime", "java.lang.ProcessBuilder"};
    private static final String[] j = {"getClassLoader", "java.lang.Runtime", "java.lang.ProcessBuilder"};
    static final String[] b = {"name", "getName()", "simpleName", "getSimpleName()", "canonicalName", "getCanonicalName()", "typeName", "getTypeName()", "packageName", "getPackageName()", "isAssignableFrom()", "isInterface()", "isArray()", "isPrimitive()", "isAnnotation()", "isSynthetic()", "isAnonymousClass()", "isLocalClass()", "isMemberClass()"};
    private static final Pattern k = Pattern.compile(".*forName.*\\(\".*\"\\).*get((Methods|DeclaredMethods).*\\(\\)|Method.*\\(\".*\"\\)).*");
    private static final Set<UserInputDTM.InputType> l = EnumSet.of(UserInputDTM.InputType.HEADER, UserInputDTM.InputType.PARAMETER_NAME, UserInputDTM.InputType.PARAMETER_VALUE, UserInputDTM.InputType.MULTIPART_VALUE, UserInputDTM.InputType.MULTIPART_CONTENT_TYPE, UserInputDTM.InputType.BODY);
    private static final Logger m = LoggerFactory.getLogger((Class<?>) k.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public k(InterfaceC0319d interfaceC0319d, ProtectManager protectManager, Set<d> set, com.contrastsecurity.agent.config.e eVar) {
        Preconditions.check((set == null || set.isEmpty()) ? false : true, "must provide at least one extension");
        this.d = interfaceC0319d;
        this.e = protectManager;
        ArrayList arrayList = new ArrayList(set.size());
        ArrayList arrayList2 = new ArrayList();
        for (d dVar : set) {
            arrayList.add(dVar.a());
            arrayList2.add(dVar.b());
        }
        this.f = com.contrastsecurity.agent.commons.m.a(arrayList);
        this.g = com.contrastsecurity.agent.commons.m.a(arrayList2);
        this.h = new C0378w(eVar, ConfigProperty.PROTECT_EL_INJECTION_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return l.contains(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        C c2 = null;
        if (l.contains(inputType) && str2 != null && str2.length() > 40 && a(str2)) {
            c2 = new C(EnumC0380y.MATCHED_ATTACK_SIGNATURE);
        }
        return c2;
    }

    private boolean a(String str) {
        int indexOf;
        if (str == null) {
            return false;
        }
        for (String str2 : i) {
            if (str.contains(str2) && (indexOf = str.indexOf(str2)) > 0 && !Character.isLetterOrDigit(str.charAt(indexOf - 1))) {
                return true;
            }
        }
        return k.matcher(str).matches();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.EL_INJECTION;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public S getProtectRuleMode() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.h.a
    public void a(H h, String str, String[] strArr, com.contrastsecurity.agent.v.l lVar) {
        if (lVar.a(this.f)) {
            String a = N.a(strArr, " ");
            boolean canBlock = this.e.canBlock(this);
            a(UserInputDTM.builder().value(a).type(UserInputDTM.InputType.UNKNOWN).build(), a, canBlock);
            if (canBlock) {
                throw new AttackBlockedException("Command halted during expression evaluation");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(m mVar) {
        boolean canBlock = this.e.canBlock(this);
        H b2 = mVar.b();
        boolean a = a(mVar.a(), b2 != null ? b2.d(ProtectRuleId.EL_INJECTION) : Collections.emptyList(), canBlock);
        if (!a) {
            a = a(mVar.a(), canBlock);
        }
        return canBlock && a;
    }

    private boolean a(String str, boolean z) {
        int countMatches = StringUtils.countMatches(str, "getClass()");
        int i2 = 0;
        for (String str2 : b) {
            i2 += StringUtils.countMatches(str, "getClass()." + str2);
        }
        boolean z2 = N.a(str, j) || countMatches > i2 || StringUtils.countMatches(str, "getRuntime") > StringUtils.countMatches(str, "getRuntimeMXBean");
        if (!z2) {
            z2 = this.g.test(str);
        }
        if (z2) {
            a(UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(System.currentTimeMillis()).build(), str, z);
        }
        return z2;
    }

    private boolean a(String str, List<ai> list, boolean z) {
        boolean z2 = false;
        if (list != null) {
            for (ai aiVar : list) {
                if (aiVar != null) {
                    String value = aiVar.a().getValue();
                    UserInputDTM a = StringUtils.isEmpty(value) ? null : a(str, aiVar);
                    if (a != null) {
                        aiVar.c(true);
                        m.debug("Expression string contains user input {}", value);
                        z2 = true;
                        a(a, str, z);
                    }
                }
            }
        }
        return z2;
    }

    private void a(UserInputDTM userInputDTM, String str, boolean z) {
        this.d.a(ProtectRuleId.EL_INJECTION, (ProtectRuleId) new ELDetailsDTM(str), userInputDTM, z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }

    private UserInputDTM a(String str, ai aiVar) {
        boolean a = N.a(str, i);
        for (UserInputDTM userInputDTM : aiVar.b()) {
            if (userInputDTM.getVector().contains(str)) {
                return userInputDTM;
            }
            if (a && userInputDTM.getValue().replace(ConnectionFactory.DEFAULT_VHOST, WildcardPattern.ANY_CHAR).contains(str)) {
                return userInputDTM;
            }
            if (a && c.a(userInputDTM.getValue(), str)) {
                return userInputDTM;
            }
        }
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public boolean g() {
        return true;
    }
}
