package com.contrastsecurity.agent.plugins.security.a;

import com.contrastsecurity.agent.RealCodeClassVisitor;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.commons.Sets;
import com.contrastsecurity.agent.context.ExecutionContext;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.assessment.PossibleSecurityControlDTM;
import com.contrastsecurity.agent.messages.app.activity.assessment.PossibleSecurityControlTypeDTM;
import com.contrastsecurity.agent.services.ngreporting.h;
import com.contrastsecurity.agent.t;
import com.contrastsecurity.agent.u;
import com.contrastsecurity.agent.util.C0464a;
import com.contrastsecurity.agent.util.C0469f;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.core.Filter;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.objectweb.asm.MethodVisitor;
import com.contrastsecurity.thirdparty.org.objectweb.asm.Type;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Modifier;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/* compiled from: SecurityControlDetectionVisitor.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/a/b.class */
public final class b extends RealCodeClassVisitor {
    private final ApplicationManager a;
    private final h b;
    private static final int h = 32;
    private static final int i = 60;
    private static final int j = 20;
    private static final int k = 22;
    private static final int l = 10;
    private static final int m = 10;
    private static final String[] c = {"encode", "strip", "replace", Filter.ELEMENT_TYPE, "escape"};
    private static final String[] d = {"js", "javascript", "html", "xml", "xss", "tags"};
    private static final String[] e = {"validate", "check"};
    private static final String[] f = {"xss"};
    private static final Set<String> g = Sets.of("org.apache.jasper.runtime.JspRuntimeLibrary.escapeQueryString(java.lang.String)", "org.apache.tomcat.util.IntrospectionUtils.replaceProperties(java.lang.String,java.util.Hashtable,org.apache.tomcat.util.IntrospectionUtils$PropertySource[])", "org.apache.activemq.filter.ConstantExpression.encodeString(java.lang.String)", "org.apache.catalina.deploy.WebXml.escapeXml(java.lang.String)", "nu.xom.Text.escapeLineBreaksAndTruncate(java.lang.String)", "nu.xom.Element.escape(java.lang.String)", "org.jsoup.parser.TokenQueue.unescape(java.lang.String)", "org.springframework.cglib.core.TypeUtils.escapeType(java.lang.String)");
    private static final Logger n = LoggerFactory.getLogger((Class<?>) b.class);

    /* compiled from: SecurityControlDetectionVisitor.java */
    @u
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/a/b$a.class */
    static final class a extends MethodVisitor {
        private final InstrumentationContext a;
        private int b;
        private int c;
        private boolean d;
        private final String e;
        private final ApplicationManager f;
        private final h g;
        private final String h;
        private static final String[] i = {"java.lang.String", "String"};

        /* JADX INFO: Access modifiers changed from: package-private */
        /* compiled from: SecurityControlDetectionVisitor.java */
        @u
        /* renamed from: com.contrastsecurity.agent.plugins.security.a.b$a$a, reason: collision with other inner class name */
        /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/a/b$a$a.class */
        public static final class C0041a {
            static final ExecutionContext.b<C0041a> a = ExecutionContext.b.a(C0041a.class);
            final Set<PossibleSecurityControlDTM> b = Collections.synchronizedSet(new HashSet());

            C0041a() {
            }
        }

        a(MethodVisitor methodVisitor, String str, String str2, InstrumentationContext instrumentationContext, int i2, int i3, ApplicationManager applicationManager, h hVar) {
            super(C0464a.a(), methodVisitor);
            this.b = i3;
            this.c = i2;
            this.a = instrumentationContext;
            this.e = str;
            this.f = applicationManager;
            this.d = false;
            this.g = hVar;
            this.h = str2;
        }

        @Override // com.contrastsecurity.thirdparty.org.objectweb.asm.MethodVisitor
        public void visitMethodInsn(int i2, String str, String str2, String str3, boolean z) {
            if (!this.d && (("charAt".equals(str2) || "toCharArray".equals(str2)) && "java/lang/String".equals(str))) {
                this.d = true;
            }
            super.visitMethodInsn(i2, str, str2, str3, z);
        }

        @Override // com.contrastsecurity.thirdparty.org.objectweb.asm.MethodVisitor
        public void visitEnd() {
            super.visitEnd();
            if (this.d) {
                this.b += 32;
                this.c += 32;
            }
            Application current = this.f.current();
            if (current == null) {
                return;
            }
            if (this.b >= 60) {
                a(current, PossibleSecurityControlTypeDTM.SANITIZER);
            }
            if (this.c >= 60) {
                a(current, PossibleSecurityControlTypeDTM.VALIDATOR);
            }
        }

        void a(Application application, PossibleSecurityControlTypeDTM possibleSecurityControlTypeDTM) {
            StringBuilder sb = new StringBuilder(128);
            sb.append(this.a.getClassName());
            sb.append('.');
            sb.append(this.e);
            sb.append('(');
            boolean z = false;
            Type[] argumentTypes = Type.getArgumentTypes(this.h);
            for (int i2 = 0; i2 < argumentTypes.length; i2++) {
                String className = argumentTypes[i2].getClassName();
                sb.append(className);
                if (!z && N.b(i, className)) {
                    sb.append("*");
                    z = true;
                }
                if (i2 != argumentTypes.length - 1) {
                    sb.append(',');
                }
            }
            sb.append(')');
            String sb2 = sb.toString();
            PossibleSecurityControlDTM possibleSecurityControlDTM = new PossibleSecurityControlDTM(sb2, this.a.getFlags(), possibleSecurityControlTypeDTM);
            if (!z) {
                b.n.debug("Never added * for security control {}", sb2);
            }
            if (a(application).add(possibleSecurityControlDTM)) {
                b.n.debug("Added {} {} to security controls for {}", possibleSecurityControlTypeDTM, sb2, application);
                this.g.a(new com.contrastsecurity.agent.plugins.security.a.a(possibleSecurityControlDTM, application));
            }
        }

        private Set<PossibleSecurityControlDTM> a(Application application) {
            return ((C0041a) application.context().getOrComputeIfAbsent(C0041a.a, C0041a::new)).b;
        }
    }

    public b(ApplicationManager applicationManager, h hVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        super(classVisitor, instrumentationContext, t.NOT_REQUIRED);
        this.a = applicationManager;
        this.b = hVar;
    }

    @Override // com.contrastsecurity.agent.RealCodeClassVisitor
    public MethodVisitor visitRealCodeMethod(MethodVisitor methodVisitor, int i2, String str, String str2, String str3, String[] strArr) {
        Type[] argumentTypes = Type.getArgumentTypes(str2);
        int a2 = a(str, argumentTypes);
        int b = b(str, str2, argumentTypes);
        if (Math.max(a2, b) <= 20 || a(this.context.getClassName(), str, argumentTypes)) {
            return methodVisitor;
        }
        n.debug("Further inspecting {}.{}{}", this.context.getClassName(), str, str2);
        return new a(methodVisitor, str, str2, this.context, a2, b, this.a, this.b);
    }

    @Override // com.contrastsecurity.agent.RealCodeClassVisitor
    public String adapterName() {
        return "SecurityControlDetectionVisitor";
    }

    public static boolean a(InstrumentationContext instrumentationContext, ClassLoader classLoader) {
        ClassLoader loader = instrumentationContext.getLoader();
        if (loader == null || loader == classLoader) {
            return false;
        }
        int flags = instrumentationContext.getFlags();
        if (Modifier.isAbstract(flags) || !Modifier.isPublic(flags) || instrumentationContext.getLoader() == null || !C0469f.b(instrumentationContext.getClassName())) {
            return false;
        }
        Set<String> ancestors = instrumentationContext.getAncestors();
        return ancestors == null || ancestors.size() < 3;
    }

    private static int a(String str, Type[] typeArr) {
        int i2 = 0;
        if (a(typeArr)) {
            if (b(str)) {
                i2 = 0 + 22;
            }
            if (c(str)) {
                i2 += 10;
            }
        }
        return i2;
    }

    private static int b(String str, String str2, Type[] typeArr) {
        int i2 = 0;
        if (a(typeArr)) {
            if (d(str)) {
                i2 = 0 + 22;
            }
            if (e(str)) {
                i2 += 10;
            }
            if (a(str2)) {
                i2 += 10;
            }
        }
        return i2;
    }

    private static boolean a(String str) {
        return str.endsWith(")Ljava/lang/String;");
    }

    private static boolean b(String str) {
        for (String str2 : e) {
            if (str.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean c(String str) {
        String lowerCase = str.toLowerCase();
        for (String str2 : f) {
            if (lowerCase.toLowerCase().contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean d(String str) {
        for (String str2 : c) {
            if (str.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean e(String str) {
        String lowerCase = str.toLowerCase();
        for (String str2 : d) {
            if (lowerCase.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean a(Type[] typeArr) {
        for (Type type : typeArr) {
            if ("Ljava/lang/String;".equals(type.getDescriptor())) {
                return true;
            }
        }
        return false;
    }

    @u
    static boolean a(String str, String str2, Type[] typeArr) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        sb.append(WildcardPattern.ANY_CHAR);
        sb.append(str2);
        sb.append("(");
        for (int i2 = 0; i2 < typeArr.length; i2++) {
            sb.append(typeArr[i2].getClassName());
            if (i2 != typeArr.length - 1) {
                sb.append(",");
            }
        }
        sb.append(")");
        return g.contains(sb.toString());
    }
}
