package com.contrastsecurity.agent.plugins.rasp.rules.d;

import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.SQLInjectionDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.SQLInjectionInputTracingDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0124d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.al;
import com.contrastsecurity.agent.util.EnumC0226g;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.regex.Pattern;

/* compiled from: SQLInjectionRaspRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/d/x.class */
public final class x extends com.contrastsecurity.agent.plugins.rasp.rules.n<SQLInjectionDTM> {
    public static final String b = "sql-injection";
    private static final int c = 4;
    private final m d;
    private final r e;
    private final ApplicationManager f;
    private final InterfaceC0124d g;
    private final RaspManager h;
    private final Z<SQLInjectionDTM> i;
    private final com.contrastsecurity.agent.plugins.rasp.rules.d.a.v j;
    private static final String k = "AUTH-BYPASS-1";
    private static final int l = 2;
    private static final Pattern m = Pattern.compile("^[a-zA-Z@\\.-]+(\\s)*('|\")(\\s*)(\\-\\-|#|/\\*)(\\s*)$", 2);
    private static final Pattern n = Pattern.compile("(\\s+)or(\\s+)", 2);
    private static final Logger o = LoggerFactory.getLogger(x.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public x(ApplicationManager applicationManager, InterfaceC0124d interfaceC0124d, com.contrastsecurity.agent.config.g gVar, RaspManager raspManager, Z<SQLInjectionDTM> z, m mVar, com.contrastsecurity.agent.plugins.rasp.rules.d.a.v vVar) {
        this.i = z;
        this.f = applicationManager;
        this.g = interfaceC0124d;
        this.h = raspManager;
        this.d = mVar;
        this.j = vVar;
        this.e = r.a(getDefiniteAttackThreshold(), gVar);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<SQLInjectionDTM> getRuleId() {
        return this.i;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return (UserInputDTM.InputType.PARAMETER_NAME.equals(inputType) || UserInputDTM.InputType.URI.equals(inputType)) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getWorthWatchingThreshold() {
        return 2;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getDefiniteAttackThreshold() {
        return 4;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public com.contrastsecurity.agent.plugins.rasp.E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        int length;
        int c2;
        if (str3 == null || a(inputType, str, str3) || "$WSXCTCONTEXTID".equals(str) || b(str3) || (length = str3.length()) < 3 || al.a(i, 4)) {
            return null;
        }
        if (length == 3 && str3.indexOf(35) == -1) {
            return null;
        }
        if (length < 8) {
            if (f(str3) || a(str3)) {
                return new com.contrastsecurity.agent.plugins.rasp.E(com.contrastsecurity.agent.plugins.rasp.A.WORTH_WATCHING);
            }
            return null;
        }
        if (length < 15 && al.a(i, 32) && !e(str3)) {
            return null;
        }
        com.contrastsecurity.agent.plugins.rasp.E c3 = c(str3);
        if (c3 == null && d(str3)) {
            c3 = new com.contrastsecurity.agent.plugins.rasp.E(com.contrastsecurity.agent.plugins.rasp.A.WORTH_WATCHING);
            c3.a(k, 2);
        }
        if (c3 != null && ((UserInputDTM.InputType.COOKIE_VALUE.equals(inputType) || UserInputDTM.InputType.COOKIE_NAME.equals(inputType)) && (c2 = c3.c()) < 4)) {
            o.debug("{} ticket scored {} but did not elevated requirement for cookies of {}", inputType, Integer.valueOf(c2), 4);
            c3 = null;
        }
        if (c3 == null && g(str3)) {
            c3 = new com.contrastsecurity.agent.plugins.rasp.E(com.contrastsecurity.agent.plugins.rasp.A.WORTH_WATCHING);
        }
        return c3;
    }

    private boolean b(String str) {
        if (str.length() == 7 && str.charAt(0) == '#') {
            return L.a(str, 1);
        }
        return false;
    }

    private boolean a(UserInputDTM.InputType inputType, String str, String str2) {
        if (UserInputDTM.InputType.HEADER == inputType && "Content-Type".equalsIgnoreCase(str)) {
            return str2.startsWith("multipart/form-data;");
        }
        return false;
    }

    private com.contrastsecurity.agent.plugins.rasp.E c(String str) {
        com.contrastsecurity.agent.plugins.rasp.E e = null;
        com.contrastsecurity.agent.plugins.rasp.rules.o b2 = this.e.b(str);
        if (b2 != null) {
            int f = b2.f();
            if (f >= getDefiniteAttackThreshold() && b2.b()) {
                e = new com.contrastsecurity.agent.plugins.rasp.E(com.contrastsecurity.agent.plugins.rasp.A.MATCHED_ATTACK_SIGNATURE);
                a(b2, e);
            } else if (f >= getWorthWatchingThreshold()) {
                e = new com.contrastsecurity.agent.plugins.rasp.E(com.contrastsecurity.agent.plugins.rasp.A.WORTH_WATCHING);
                a(b2, e);
            }
        }
        return e;
    }

    private boolean d(String str) {
        return m.matcher(str).matches();
    }

    private boolean e(String str) {
        return (StringUtils.indexOfIgnoreCase(str, "true") == -1 && StringUtils.indexOfIgnoreCase(str, "false") == -1) ? false : true;
    }

    boolean a(String str) {
        return n.matcher(str).find();
    }

    private boolean f(String str) {
        return str.indexOf(35) != -1 || str.contains("//") || str.contains("--") || str.contains("/*");
    }

    private static boolean g(String str) {
        if (str == null || str.length() < 10) {
            return false;
        }
        int i = 0;
        int i2 = 0;
        boolean z = false;
        int i3 = 0;
        while (i3 < str.length()) {
            char charAt = str.charAt(i3);
            int i4 = i3 + 1;
            if (charAt == '/') {
                if (i4 >= str.length() || str.charAt(i4) != '*') {
                    i3++;
                } else {
                    i++;
                    z = true;
                    i3 += 2;
                }
            } else if (charAt == '*') {
                if (i4 >= str.length() || str.charAt(i4) != '/') {
                    i3++;
                } else {
                    if (z) {
                        return true;
                    }
                    i++;
                    i3 += 2;
                }
            } else if (a(charAt)) {
                i++;
                i3++;
            } else if (Character.isWhitespace(charAt)) {
                i2++;
                i3++;
            } else {
                i3++;
            }
            if (i >= 2 && i2 >= 1) {
                return true;
            }
        }
        return false;
    }

    private static boolean a(char c2) {
        for (int i = 0; i < "\"'`;-%,()|".length(); i++) {
            if ("\"'`;-%,()|".charAt(i) == c2) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onDatabaseQueryAction(S s, EnumC0226g enumC0226g, String str) {
        this.d.a(new p(enumC0226g, str, this.h, s, this.f.current(), this.h.canBlock(this), this));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(SQLInjectionDTM sQLInjectionDTM, boolean z) {
        com.contrastsecurity.agent.plugins.rasp.rules.d.a.s e = this.j.e();
        if (e != null && e.a()) {
            e.d();
        }
        this.g.a(this.i, sQLInjectionDTM, sQLInjectionDTM instanceof SQLInjectionInputTracingDTM ? ((SQLInjectionInputTracingDTM) sQLInjectionDTM).getInput() : UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(sQLInjectionDTM.getQuery()).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (z) {
            throw new AttackBlockedException("SQL injection detected");
        }
    }
}
