package com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.el;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.commons.s;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.ProtectManager;
import com.contrastsecurity.agent.plugins.rasp.R;
import com.contrastsecurity.agent.plugins.rasp.X;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: ContrastCve_2011_2730DispatcherImpl.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/spring/el/a.class */
public final class a implements ContrastCve_2011_2730Dispatcher {
    private final s<k> a;
    private final ProtectManager b;
    private static final Logger c = LoggerFactory.getLogger(a.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public a(final ProtectManager protectManager) {
        this(new s<k>() { // from class: com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.el.a.1
            @Override // com.contrastsecurity.agent.commons.s
            /* renamed from: b, reason: merged with bridge method [inline-methods] */
            public k a() {
                X<?> ruleById = ProtectManager.this.getRuleById(h.b);
                if (ruleById instanceof h) {
                    return (h) ruleById;
                }
                return null;
            }
        }, protectManager);
    }

    @A
    a(s<k> sVar, ProtectManager protectManager) {
        this.a = sVar;
        this.b = protectManager;
    }

    @Override // java.lang.ContrastCve_2011_2730Dispatcher
    public void onExpressionEvaluating(String str) {
        c.debug("Received expression evaluation event: {}", str);
        if (a(str) && this.b.shouldProcessSink()) {
            R currentContext = this.b.currentContext();
            k a = this.a.a();
            if (a != null && currentContext != null && a.a(str)) {
                throw new AttackBlockedException("Attack against CVE-2011-2730 detected");
            }
        }
    }

    private static boolean a(String str) {
        return str != null && (str.contains("${") || str.contains("%{"));
    }
}
