package com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.b;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.config.g;
import com.contrastsecurity.agent.d.f;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0094d;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.A;
import com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a;
import com.contrastsecurity.agent.plugins.rasp.rules.r;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import java.util.Collections;

/* compiled from: SpringHeaderInjectionRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/spring/b/c.class */
public final class c extends r<CveDetailsDTM> implements InterfaceC0109a {
    public static final String b = "cve-2011-2732";
    private final g c;
    private final ApplicationManager d;
    private final InterfaceC0094d e;
    private final ProtectManager f;
    private final Z<CveDetailsDTM> g = Z.a(b, CveDetailsDTM.class);
    private final f.a<A> h = f.a.a(A.class);
    private static final String i = "spring-security-core";
    private static final String[] j = {"3.0.5.release.jar", "3.0.4.release.jar", "3.0.2.release.jar", "3.0.1.release.jar", "3.0.0.release.jar", "2.0.6.release.jar", "2.0.5.release.jar", "2.0.4.jar", "2.0.3.jar", "2.0.2.jar", "2.0.1.jar", "2.0.0.jar"};
    private static final String k = "spring-security-redirect";

    @Inject
    public c(g gVar, ApplicationManager applicationManager, ProtectManager protectManager, InterfaceC0094d interfaceC0094d) {
        this.c = gVar;
        this.d = applicationManager;
        this.f = protectManager;
        this.e = interfaceC0094d;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public Z<CveDetailsDTM> getRuleId() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_CVE_2011_2730_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.r, com.contrastsecurity.agent.plugins.rasp.X
    public void onParametersResolved(HttpRequest httpRequest) {
        String[] strArr = httpRequest.getParameters().get(k);
        boolean z = false;
        if (strArr != null && strArr.length > 0) {
            z = a(strArr);
        }
        if (z) {
            throw new AttackBlockedException("CVE-2011-2732 attack detected");
        }
    }

    private boolean a(String[] strArr) {
        boolean z = false;
        Application current = this.d.current();
        for (String str : strArr) {
            if (a(str)) {
                an anVar = new an(UserInputDTM.builder().name(k).value(str).type(UserInputDTM.InputType.PARAMETER_VALUE).filters(Collections.emptySet()).build(), true);
                if (appliesToApplication(current)) {
                    z = z || this.f.canBlock(this);
                    a(anVar, z);
                } else {
                    this.f.currentContext().a(this.c, current, this, anVar);
                }
            }
        }
        return z;
    }

    private boolean a(String str) {
        return str != null && (str.indexOf(10) >= 0 || str.indexOf(13) >= 0);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.InterfaceC0109a
    public boolean appliesToApplication(Application application) {
        A a;
        return (application == null || (a = (A) application.context().a(this.h)) == null || !a.a()) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onApplicationProfiled(Application application) {
        application.context().a((f.a<f.a<A>>) this.h, (f.a<A>) a(application));
    }

    private A a(Application application) {
        for (String str : application.getLibraryFactNames()) {
            if (str != null && str.contains(i)) {
                for (String str2 : j) {
                    if (str.endsWith(str2)) {
                        return A.a(str, str2);
                    }
                }
            }
        }
        return A.d();
    }

    private void a(an anVar, boolean z) {
        anVar.c(true);
        A a = (A) this.d.current().context().a(this.h);
        if (a == null || !a.a()) {
            throw new IllegalStateException("Attempting to report a vulnerability for cve-2011-2732 but no vulnerable library detected");
        }
        this.e.a(this.g, new CveDetailsDTM(b, a.c()), anVar.a(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
