package com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.c;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.h;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0094d;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.k;
import com.contrastsecurity.agent.plugins.rasp.rules.l;
import com.contrastsecurity.agent.util.C0203a;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.List;
import java.util.regex.Pattern;

/* compiled from: DefaultActionMapperRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/struts/c/e.class */
public final class e extends com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.c implements k<CveDetailsDTM>, l<CveDetailsDTM, ContrastDefaultActionMapperDispatcher> {
    public static final String e = "cve-2016-3081";
    private static final String h = "method:";
    private final ApplicationManager j;
    private final h<ContrastDefaultActionMapperDispatcher> k;
    private final ProtectManager l;
    private final Z<CveDetailsDTM> m;
    public static final Logger b = LoggerFactory.getLogger(e.class);
    private static final String f = "org#apache#struts2#dispatcher#mapper#DefaultActionMapper$1$1".replace("#", ConnectionFactory.DEFAULT_VHOST);
    private static final String g = "org#apache#struts2#dispatcher#mapper#DefaultActionMapper$2$1".replace("#", ConnectionFactory.DEFAULT_VHOST);
    private static final Pattern i = Pattern.compile("[a-zA-Z0-9._!/\\-]*");
    private static final String[] n = {"2.0.0.jar", "2.0.1.jar", "2.0.2.jar", "2.0.3.jar", "2.0.4.jar", "2.0.5.jar", "2.0.6.jar", "2.0.7.jar", "2.0.8.jar", "2.0.9.jar", "2.0.10.jar", "2.0.11.jar", "2.0.11.1.jar", "2.0.11.2.jar", "2.0.12.jar", "2.0.13.jar", "2.0.14.jar", "2.1.0.jar", "2.1.1.jar", "2.1.2.jar", "2.1.3.jar", "2.1.4.jar", "2.1.5.jar", "2.1.6.jar", "2.1.8.jar", "2.1.8.1.jar", "2.2.1.jar", "2.2.1.1.jar", "2.2.3.jar", "2.2.3.1.jar", "2.3.1.jar", "2.3.1.1.jar", "2.3.1.2.jar", "2.3.3.jar", "2.3.4.jar", "2.3.4.1.jar", "2.3.7.jar", "2.3.8.jar", "2.3.12.jar", "2.3.14.jar", "2.3.14.1.jar", "2.3.14.2.jar", "2.3.14.3.jar", "2.3.15.jar", "2.3.15.1.jar", "2.3.15.2.jar", "2.3.15.3.jar", "2.3.16.jar", "2.3.16.1.jar", "2.3.16.2.jar", "2.3.16.3.jar", "2.3.20.jar", "2.3.20.1.jar", "2.3.24.jar", "2.3.24.1.jar", "2.3.28.jar"};

    @Inject
    public e(ApplicationManager applicationManager, ProtectManager protectManager, InterfaceC0094d interfaceC0094d, h<ContrastDefaultActionMapperDispatcher> hVar) {
        super(interfaceC0094d, protectManager);
        this.j = applicationManager;
        this.k = hVar;
        this.l = protectManager;
        this.m = Z.a(e, CveDetailsDTM.class);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.m
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastDefaultActionMapperDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.l.isSinksDisabled() && instrumentationContext.getCodeSource() != null && C0203a.b(instrumentationContext.getFlags()) && (instrumentationContext.getInternalClassName().equals(g) || instrumentationContext.getInternalClassName().equals(f))) {
            classVisitor = new g(classVisitor, instrumentationContext, fVar);
            instrumentationContext.setRequiresTransforming(true);
            instrumentationContext.getChanger().addAdapter("DefaultActionMapperVisitor");
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public h<ContrastDefaultActionMapperDispatcher> getDispatcherRegistration() {
        return this.k;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_NAME.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        b.debug("Evaluating input {} {} {}", inputType.toString(), str, str2);
        E e2 = null;
        if (UserInputDTM.InputType.PARAMETER_NAME.equals(inputType) && str.startsWith(h) && com.contrastsecurity.agent.plugins.rasp.rules.b.g.e(str)) {
            b.debug("Evaluating input {} {}", str, str2);
            e2 = new E(A.MATCHED_ATTACK_SIGNATURE);
        }
        return e2;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public Z<CveDetailsDTM> getRuleId() {
        return this.m;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_CVE_2016_3081_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.c
    protected String[] a() {
        return n;
    }

    public boolean a(String str) {
        List<an> c;
        Application current;
        boolean z = false;
        if (!i.matcher(str).matches() && (c = this.l.currentContext().c(e)) != null) {
            for (an anVar : c) {
                if (anVar.a(str) && (current = this.j.current()) != null) {
                    z = z || c(current);
                    com.contrastsecurity.agent.plugins.rasp.rules.A vulnerabilityAnalysis = getVulnerabilityAnalysis(current);
                    a(anVar, (vulnerabilityAnalysis == null || !vulnerabilityAnalysis.a()) ? null : vulnerabilityAnalysis.c(), z);
                }
            }
        }
        return z;
    }
}
