package com.contrastsecurity.agent.plugins.rasp.rules.b;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.d.f;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.OgnlInjectionDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0094d;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.R;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a;
import com.contrastsecurity.agent.plugins.rasp.rules.r;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* compiled from: OgnlInjectionRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/b/e.class */
public final class e extends r<OgnlInjectionDetailsDTM> implements InterfaceC0109a {
    private final com.contrastsecurity.agent.config.g d;
    private final InterfaceC0094d e;
    private final com.contrastsecurity.agent.commons.d f;
    private final ProtectManager g;
    private final Z<OgnlInjectionDetailsDTM> h;
    private final f.a<Boolean> i = f.a.a(Boolean.class);
    private static final int j = 50;
    private static final String l = "ognl";
    public static final String c = "ognl-injection";
    private static final int m = 6;
    private static final Set<String> k = Collections.singleton("ognl-detector");
    public static final Logger b = LoggerFactory.getLogger(e.class);

    @Inject
    public e(com.contrastsecurity.agent.config.g gVar, InterfaceC0094d interfaceC0094d, com.contrastsecurity.agent.commons.d dVar, ProtectManager protectManager, Z<OgnlInjectionDetailsDTM> z) {
        this.d = gVar;
        this.e = interfaceC0094d;
        this.f = dVar;
        this.g = protectManager;
        this.h = z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return !UserInputDTM.InputType.URI.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.r, com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean shouldAlwaysBlockAtPerimeter(UserInputDTM.InputType inputType) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onRequestStart(Application application, HttpRequest httpRequest) {
        String uri = httpRequest.getUri();
        R currentContext = this.g.currentContext();
        com.contrastsecurity.agent.plugins.rasp.b.b g = currentContext.g(uri);
        a(application, g != null ? g.c() : uri, currentContext);
    }

    private void a(Application application, String str, R r) {
        List<String> a;
        if (str == null || str.length() < 6 || !g.d(str) || (a = g.a(str)) == null || a.isEmpty()) {
            return;
        }
        for (String str2 : a) {
            boolean z = str2.length() > 50 && g.b(str2);
            UserInputDTM build = UserInputDTM.builder().value(str2).type(UserInputDTM.InputType.URI).filters(k).time(this.f.a()).build();
            r.a(this.d, application, this, new an(build, true));
            boolean canBlock = this.g.canBlock(this);
            if (z) {
                a(build, str2, canBlock);
                if (canBlock) {
                    throw new AttackBlockedException("OGNL attack detected");
                }
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        boolean b2 = g.b(str);
        boolean b3 = g.b(str3);
        if (!b2 && !b3) {
            return null;
        }
        b.debug("Found ognl input {} {}", str, str2);
        return new E(A.MATCHED_ATTACK_SIGNATURE);
    }

    private void a(UserInputDTM userInputDTM, String str, boolean z) {
        this.e.a(this.h, new OgnlInjectionDetailsDTM(0, str.length(), str), userInputDTM, z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public Z<OgnlInjectionDetailsDTM> getRuleId() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_OGNL_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a
    public boolean appliesToApplication(Application application) {
        return application != null && Boolean.TRUE.equals(application.context().a(this.i));
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onApplicationProfiled(Application application) {
        application.context().a((f.a<f.a<Boolean>>) this.i, (f.a<Boolean>) Boolean.valueOf(a(application)));
    }

    private boolean a(Application application) {
        Iterator<String> it = application.getLibraryFactNames().iterator();
        while (it.hasNext()) {
            if (it.next().contains(l)) {
                return true;
            }
        }
        return false;
    }
}
