package com.contrastsecurity.agent.plugins.rasp.rules.cve.b.a;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0094d;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.R;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a;
import com.contrastsecurity.agent.plugins.rasp.rules.l;
import com.contrastsecurity.agent.plugins.rasp.rules.r;
import com.contrastsecurity.agent.util.C0203a;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.List;

/* compiled from: Cve_2017_12617Rule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/b/a/g.class */
public final class g extends r<CveDetailsDTM> implements InterfaceC0109a, l<CveDetailsDTM, ContrastCve_2017_12617Dispatcher> {
    private final ApplicationManager d;
    private final InterfaceC0094d e;
    private final com.contrastsecurity.agent.instr.h<ContrastCve_2017_12617Dispatcher> f;
    private final HttpManager g;
    private final ProtectManager h;
    private final Z<CveDetailsDTM> i = Z.a(b, CveDetailsDTM.class);
    private Boolean j;
    public static final String b = "cve-2017-12617";
    public static final Logger c = LoggerFactory.getLogger(g.class);
    private static final String k = " org/apache/catalina/servlets/DefaultServlet".substring(1);
    private static final String[] l = {"7.0", "7.0.0", "7.0.1", "7.0.2", "7.0.3", "7.0.4", "7.0.5", "7.0.6", "7.0.7", "7.0.8", "7.0.9", "7.0.10", "7.0.11", "7.0.12", "7.0.13", "7.0.14", "7.0.15", "7.0.16", "7.0.17", "7.0.18", "7.0.19", "7.0.20", "7.0.21", "7.0.22", "7.0.23", "7.0.24", "7.0.25", "7.0.26", "7.0.27", "7.0.28", "7.0.29", "7.0.30", "7.0.31", "7.0.32", "7.0.33", "7.0.34", "7.0.35", "7.0.36", "7.0.37", "7.0.38", "7.0.39", "7.0.40", "7.0.41", "7.0.42", "7.0.43", "7.0.44", "7.0.45", "7.0.46", "7.0.47", "7.0.48", "7.0.49", "7.0.50", "7.0.51", "7.0.52", "7.0.53", "7.0.54", "7.0.55", "7.0.56", "7.0.57", "7.0.58", "7.0.59", "7.0.60", "7.0.61", "7.0.62", "7.0.63", "7.0.64", "7.0.65", "7.0.66", "7.0.67", "7.0.68", "7.0.69", "7.0.70", "7.0.71", "7.0.72", "7.0.73", "7.0.74", "7.0.75", "7.0.76", "7.0.77", "7.0.78", "7.0.79", "7.0.80", "7.0.81"};

    @Inject
    public g(ApplicationManager applicationManager, InterfaceC0094d interfaceC0094d, com.contrastsecurity.agent.instr.h<ContrastCve_2017_12617Dispatcher> hVar, HttpManager httpManager, ProtectManager protectManager) {
        this.d = applicationManager;
        this.e = interfaceC0094d;
        this.f = hVar;
        this.g = httpManager;
        this.h = protectManager;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a
    public boolean appliesToApplication(Application application) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.m
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastCve_2017_12617Dispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.h.isSinksDisabled() && instrumentationContext.getCodeSource() != null && C0203a.b(instrumentationContext.getFlags()) && k.equals(instrumentationContext.getInternalClassName())) {
            classVisitor = new c(classVisitor, instrumentationContext, fVar);
            instrumentationContext.setRequiresTransforming(true);
            instrumentationContext.getChanger().addAdapter("Cve_2017_12617ClassVisitor");
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.URI.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        E e = null;
        if (UserInputDTM.InputType.URI.equals(inputType) && a(str2)) {
            c.debug("Marking input as CVE-2017-12617 attack match {}", str2);
            e = new E(A.WORTH_WATCHING);
        }
        return e;
    }

    private boolean a(String str) {
        return L.c(str, ".jsp");
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.l
    public com.contrastsecurity.agent.instr.h<ContrastCve_2017_12617Dispatcher> getDispatcherRegistration() {
        return this.f;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public Z<CveDetailsDTM> getRuleId() {
        return this.i;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_CVE_2017_12617_MODE;
    }

    public boolean a(String str, Boolean bool) {
        List<an> c2;
        boolean z = false;
        if (!StringUtils.isEmpty(str) && bool != null && !bool.booleanValue()) {
            Application current = this.d.current();
            R currentContext = this.h.currentContext();
            if (current != null && currentContext != null && (c2 = currentContext.c(b)) != null && !c2.isEmpty()) {
                boolean a = a(current);
                for (int i = 0; i < c2.size(); i++) {
                    an anVar = c2.get(i);
                    if (anVar != null) {
                        String value = anVar.a().getValue();
                        if (!StringUtils.isEmpty(value) && a(str) && anVar.a(str)) {
                            c.debug("Uri contains jsp from user {}", value);
                            z = z || a;
                            a(anVar, z);
                        }
                    }
                }
            }
        }
        return z;
    }

    private boolean a() {
        boolean z = false;
        if (this.j != null) {
            z = this.j.booleanValue();
        } else {
            String b2 = b();
            if (b2 != null) {
                String[] strArr = l;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (b2.endsWith(strArr[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                this.j = Boolean.valueOf(z);
            }
        }
        return z;
    }

    private boolean a(Application application) {
        return a() && this.h.canBlock(this);
    }

    private String b() {
        String str = null;
        HttpRequest currentRequest = this.g.getCurrentRequest();
        if (currentRequest != null) {
            str = currentRequest.getServerVersionInfo();
        }
        return str;
    }

    private void a(an anVar, boolean z) {
        anVar.c(true);
        this.e.a(this.i, new CveDetailsDTM(getRuleId().a(), null), anVar.a(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
