package com.contrastsecurity.agent.plugins.security.controller.trigger;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.plugins.security.policy.rules.Event;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* compiled from: XSSCheck.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/controller/trigger/v.class */
final class v implements a {
    private final HttpManager b;
    static final String a = "reflected-xss";
    private static final String[] c = {"/json", "/x-json", "/javascript", "/x-javascript", "/pdf", "/vnd.oai.openapito"};
    private static final Logger d = LoggerFactory.getLogger((Class<?>) v.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public v(HttpManager httpManager) {
        this.b = httpManager;
    }

    @Override // com.contrastsecurity.agent.plugins.security.controller.trigger.a
    public boolean onAfterContextCreated(Application application, Rule rule, Event event, Object obj, Object[] objArr, Object obj2, com.contrastsecurity.agent.plugins.security.controller.o oVar) {
        HttpResponse currentResponse;
        String contentType;
        if (!a.equals(rule.getId()) || oVar.b() == null || (currentResponse = this.b.getCurrentResponse()) == null || (contentType = currentResponse.getContentType()) == null || StringUtils.indexOfAny(contentType.toLowerCase(), c) <= -1) {
            return true;
        }
        d.debug("Ignoring XSS vuln in JSON endpoint with Content-Type {}", contentType);
        return false;
    }
}
