package com.contrastsecurity.agent.plugins.protect.rules.cve.struts.b;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.C0378w;
import com.contrastsecurity.agent.plugins.protect.EnumC0380y;
import com.contrastsecurity.agent.plugins.protect.H;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0319d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.S;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.rules.s;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;

/* compiled from: DefaultActionInvocationRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/cve/struts/b/g.class */
public final class g extends com.contrastsecurity.agent.plugins.protect.rules.cve.struts.c implements s {
    private final ApplicationManager b;
    private final ProtectManager c;
    private final S d;
    private static final String[] e = {"2.3.20.jar", "2.3.20.1.jar", "2.3.20.3.jar", "2.3.24.jar", "2.3.24.1.jar", "2.3.24.3.jar", "2.3.28.jar", "2.3.28.1.jar"};
    private static final String f = ProtectRuleId.DEFAULT_ACTION_INVOCATION.id() + "-user-input";
    private static final Logger g = LoggerFactory.getLogger((Class<?>) com.contrastsecurity.agent.plugins.protect.rules.cve.struts.c.g.class);

    @Inject
    public g(ApplicationManager applicationManager, ProtectManager protectManager, InterfaceC0319d interfaceC0319d, com.contrastsecurity.agent.config.e eVar) {
        super(interfaceC0319d, protectManager);
        this.b = applicationManager;
        this.c = protectManager;
        this.d = new C0378w(eVar, ConfigProperty.PROTECT_CVE_2016_4438_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.URI == inputType;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        g.debug("Evaluating input {} {}", inputType, str2);
        C c = null;
        if (UserInputDTM.InputType.URI.equals(inputType)) {
            try {
                String decode = URLDecoder.decode(str2, "UTF-8");
                if (com.contrastsecurity.agent.plugins.protect.rules.d.f.c(decode)) {
                    this.c.currentContext().a(f, decode);
                    g.debug("Evaluating input {}", str2);
                    c = new C(EnumC0380y.MATCHED_ATTACK_SIGNATURE);
                }
            } catch (UnsupportedEncodingException | IllegalArgumentException e2) {
                g.error("Error decoding value {}", com.contrastsecurity.agent.f.c.a(g, str2), e2);
            }
        }
        return c;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.DEFAULT_ACTION_INVOCATION;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public S getProtectRuleMode() {
        return this.d;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.cve.struts.c
    protected String[] getVulnVersions() {
        return e;
    }

    public boolean a(String str) {
        boolean z = false;
        Application current = this.b.current();
        if (current == null) {
            return false;
        }
        boolean canAppBlock = canAppBlock(current);
        com.contrastsecurity.agent.plugins.protect.rules.C vulnerabilityAnalysis = getVulnerabilityAnalysis(current);
        if (vulnerabilityAnalysis == null) {
            g.warn("Not analyzing request for {} because Contrast has not yet analyzed the application's libraries to see if the application is vulnerable", ProtectRuleId.DEFAULT_ACTION_INVOCATION.id());
            return false;
        }
        if (!vulnerabilityAnalysis.a()) {
            return false;
        }
        String c = vulnerabilityAnalysis.c();
        if (StringUtils.isNotEmpty(c)) {
            z = a(str, c, canAppBlock);
        }
        return z && canAppBlock;
    }

    private boolean a(String str, String str2, boolean z) {
        boolean z2 = false;
        String str3 = str;
        if (str.endsWith("()")) {
            str3 = str.substring(0, str.lastIndexOf("()"));
        }
        ai e2 = this.c.currentContext().e(ProtectRuleId.DEFAULT_ACTION_INVOCATION);
        if (e2 != null) {
            String value = e2.a().getValue();
            if (!StringUtils.isEmpty(value)) {
                String str4 = "";
                try {
                    H currentContext = this.c.currentContext();
                    if (currentContext != null) {
                        Object a = currentContext.a(f);
                        if (a instanceof String) {
                            str4 = (String) a;
                        }
                    }
                    if (StringUtils.isEmpty(str4)) {
                        str4 = URLDecoder.decode(value, "UTF-8");
                    }
                    if (str4.contains(str) || str4.contains(str3) || value.contains(str) || value.contains(str3)) {
                        z2 = true;
                        issueReportToApp(e2, str2, z);
                    }
                } catch (UnsupportedEncodingException e3) {
                    g.error("Error decoding {}", com.contrastsecurity.agent.f.c.a(g, value), e3);
                }
            }
        }
        return z2;
    }
}
