package com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.a;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.d.f;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0094d;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.am;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.A;
import com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a;
import com.contrastsecurity.agent.plugins.rasp.rules.l;
import com.contrastsecurity.agent.plugins.rasp.rules.r;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import java.beans.PropertyDescriptor;
import java.util.Iterator;
import java.util.List;

/* compiled from: BeanIntrospectionRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/spring/a/d.class */
public final class d extends r<CveDetailsDTM> implements InterfaceC0109a, l<CveDetailsDTM, ContrastBeanIntrospectionDispatcher> {
    public static final String b = "cve-2010-1622";
    private final InterfaceC0094d d;
    private final com.contrastsecurity.agent.instr.h<ContrastBeanIntrospectionDispatcher> e;
    private final ProtectManager f;
    private final Z<CveDetailsDTM> g = Z.a(b, CveDetailsDTM.class);
    private final f.a<A> h = f.a.a(A.class);
    private static final String i = "spring-web";
    private static final String[] c = {"class.classLoader.URLs"};
    private static final String[] j = {"3.0.2.release.jar", "3.0.1.release.jar", "3.0.0.release.jar", "2.5.7.release.jar", "2.5.6.jar", "2.5.6.sec03.jar", "2.5.6.sec02.jar", "2.5.6.sec01.jar", "2.5.5.jar", "2.5.4.jar", "2.5.3.jar", "2.5.2.jar", "2.5.1.jar", "2.5.0.jar"};

    @Inject
    public d(InterfaceC0094d interfaceC0094d, com.contrastsecurity.agent.instr.h<ContrastBeanIntrospectionDispatcher> hVar, ProtectManager protectManager) {
        this.d = interfaceC0094d;
        this.e = hVar;
        this.f = protectManager;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public Z<CveDetailsDTM> getRuleId() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_BEAN_INTROSPECTION_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        if (str2 == null || am.a(i2, 4) || str2.length() <= 22 || !L.a(str2, c)) {
            return null;
        }
        return new E(com.contrastsecurity.agent.plugins.rasp.A.MATCHED_ATTACK_SIGNATURE);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_NAME.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onApplicationProfiled(Application application) {
        application.context().a((f.a<f.a<A>>) this.h, (f.a<A>) a(application));
    }

    private A a(Application application) {
        for (String str : application.getLibraryFactNames()) {
            if (str != null && str.contains(i)) {
                for (String str2 : j) {
                    if (str.endsWith(str2)) {
                        return A.a(str, str2);
                    }
                }
            }
        }
        return A.d();
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a
    public boolean appliesToApplication(Application application) {
        A a;
        return (application == null || (a = (A) application.context().a(this.h)) == null || !a.a()) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.m
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastBeanIntrospectionDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.f.isSinksDisabled() && "org.springframework.beans.CachedIntrospectionResults".equals(instrumentationContext.getClassName())) {
            classVisitor = new f(fVar, classVisitor, instrumentationContext);
            instrumentationContext.getChanger().addAdapter("CachedIntrospectionVisitor");
            instrumentationContext.setRequiresTransforming(true);
        }
        return classVisitor;
    }

    public boolean a(Application application, Class<?> cls, PropertyDescriptor[] propertyDescriptorArr) {
        if (!a(cls, propertyDescriptorArr) || !appliesToApplication(application)) {
            return false;
        }
        boolean z = false;
        List<an> c2 = this.f.currentContext().c(b);
        if (c2 != null && !c2.isEmpty()) {
            z = this.f.canBlock(this);
            a(application, c2, z);
        }
        return z;
    }

    private boolean a(Class<?> cls, PropertyDescriptor[] propertyDescriptorArr) {
        for (PropertyDescriptor propertyDescriptor : propertyDescriptorArr) {
            if (Class.class.equals(cls) && propertyDescriptor != null && "classLoader".equals(propertyDescriptor.getName())) {
                return true;
            }
        }
        return false;
    }

    private void a(Application application, List<an> list, boolean z) {
        A a = (A) application.context().a(this.h);
        if (a == null || !a.a()) {
            throw new IllegalStateException("Attempting to report a vulnerability for cve-2010-1622 but we have not detected vulnerable library");
        }
        CveDetailsDTM cveDetailsDTM = new CveDetailsDTM(b, a.c());
        AttackResult attackResult = z ? AttackResult.BLOCKED : AttackResult.EXPLOITED;
        Iterator<an> it = list.iterator();
        while (it.hasNext()) {
            this.d.a(this.g, cveDetailsDTM, it.next().a(), attackResult);
        }
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public com.contrastsecurity.agent.instr.h<ContrastBeanIntrospectionDispatcher> getDispatcherRegistration() {
        return this.e;
    }
}
