package com.contrastsecurity.agent.plugins.protect.rules.cve.c.a;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.C0378w;
import com.contrastsecurity.agent.plugins.protect.EnumC0380y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0319d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.S;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.rules.n;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.List;

/* compiled from: Cve_2017_12617Rule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/cve/c/a/f.class */
public final class f implements n {
    private final InterfaceC0319d c;
    private final HttpManager d;
    private final ProtectManager e;
    private Boolean f;
    private final S g;
    public static final Logger b = LoggerFactory.getLogger((Class<?>) f.class);
    private static final String[] h = {"7.0", "7.0.0", "7.0.1", "7.0.2", "7.0.3", "7.0.4", "7.0.5", "7.0.6", "7.0.7", "7.0.8", "7.0.9", "7.0.10", "7.0.11", "7.0.12", "7.0.13", "7.0.14", "7.0.15", "7.0.16", "7.0.17", "7.0.18", "7.0.19", "7.0.20", "7.0.21", "7.0.22", "7.0.23", "7.0.24", "7.0.25", "7.0.26", "7.0.27", "7.0.28", "7.0.29", "7.0.30", "7.0.31", "7.0.32", "7.0.33", "7.0.34", "7.0.35", "7.0.36", "7.0.37", "7.0.38", "7.0.39", "7.0.40", "7.0.41", "7.0.42", "7.0.43", "7.0.44", "7.0.45", "7.0.46", "7.0.47", "7.0.48", "7.0.49", "7.0.50", "7.0.51", "7.0.52", "7.0.53", "7.0.54", "7.0.55", "7.0.56", "7.0.57", "7.0.58", "7.0.59", "7.0.60", "7.0.61", "7.0.62", "7.0.63", "7.0.64", "7.0.65", "7.0.66", "7.0.67", "7.0.68", "7.0.69", "7.0.70", "7.0.71", "7.0.72", "7.0.73", "7.0.74", "7.0.75", "7.0.76", "7.0.77", "7.0.78", "7.0.79", "7.0.80", "7.0.81"};

    @Inject
    public f(InterfaceC0319d interfaceC0319d, HttpManager httpManager, ProtectManager protectManager, com.contrastsecurity.agent.config.e eVar) {
        this.c = interfaceC0319d;
        this.d = httpManager;
        this.e = protectManager;
        this.g = new C0378w(eVar, ConfigProperty.PROTECT_CVE_2017_12617_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.URI == inputType;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        C c = null;
        if (UserInputDTM.InputType.URI.equals(inputType) && a(str2)) {
            b.debug("Marking input as CVE-2017-12617 attack match {}", str2);
            c = new C(EnumC0380y.WORTH_WATCHING);
        }
        return c;
    }

    private boolean a(String str) {
        return N.c(str, ".jsp");
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.CVE_2017_12617;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public S getProtectRuleMode() {
        return this.g;
    }

    public boolean a(String str, boolean z) {
        List<ai> d;
        if (StringUtils.isEmpty(str) || z || (d = this.e.currentContext().d(ProtectRuleId.CVE_2017_12617)) == null || d.isEmpty()) {
            return false;
        }
        boolean z2 = false;
        boolean f = f();
        for (ai aiVar : d) {
            if (aiVar != null) {
                String value = aiVar.a().getValue();
                if (!StringUtils.isEmpty(value) && a(str) && aiVar.a(str)) {
                    b.debug("Uri contains jsp from user {}", value);
                    z2 = z2 || f;
                    a(aiVar, z2);
                }
            }
        }
        return z2;
    }

    private boolean e() {
        boolean z = false;
        if (this.f != null) {
            z = this.f.booleanValue();
        } else {
            String h2 = h();
            if (h2 != null) {
                String[] strArr = h;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (h2.endsWith(strArr[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                this.f = Boolean.valueOf(z);
            }
        }
        return z;
    }

    private boolean f() {
        return e() && this.e.canBlock(this);
    }

    private String h() {
        String str = null;
        HttpRequest currentRequest = this.d.getCurrentRequest();
        if (currentRequest != null) {
            str = currentRequest.getServerVersionInfo();
        }
        return str;
    }

    private void a(ai aiVar, boolean z) {
        aiVar.c(true);
        this.c.a(ProtectRuleId.CVE_2017_12617, (ProtectRuleId) new CveDetailsDTM(getRuleId().id(), null), aiVar.a(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
