package com.contrastsecurity.agent.plugins.rasp.rules.a;

import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.MultipartItem;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CmdInjectionDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CmdInjectionInputTracingDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CmdInjectionSemanticDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0124d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.al;
import com.contrastsecurity.agent.plugins.rasp.am;
import com.contrastsecurity.agent.plugins.rasp.rules.n;
import com.contrastsecurity.agent.plugins.rasp.rules.o;
import com.contrastsecurity.agent.util.C0234o;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;

/* compiled from: CmdInjectionRaspRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/a/h.class */
public final class h extends n<CmdInjectionDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.e {
    public static final String b = "cmd-injection";
    private final b d = b.a(getDefiniteAttackThreshold());
    private final Z<CmdInjectionDTM> e;
    private final InterfaceC0124d f;
    private final com.contrastsecurity.agent.commons.c g;
    private final HttpManager h;
    private final RaspManager i;
    private final com.contrastsecurity.agent.config.g j;
    private static final String k = "net.sourceforge.argparse4j.internal.TerminalWidth.getTerminalWidth2";
    private static final Pattern c = Pattern.compile("(?:^|\\\\|\\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)([-\\/].*)*[-\\/][a-zA-Z]*c");
    private static final String l = " org.apache.hadoop.security.Groups.getGroups".substring(1);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public h(com.contrastsecurity.agent.commons.c cVar, com.contrastsecurity.agent.config.g gVar, InterfaceC0124d interfaceC0124d, HttpManager httpManager, RaspManager raspManager, Z<CmdInjectionDTM> z) {
        this.g = cVar;
        this.j = gVar;
        this.f = interfaceC0124d;
        this.h = httpManager;
        this.i = raspManager;
        this.e = z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<CmdInjectionDTM> getRuleId() {
        return this.e;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType) || UserInputDTM.InputType.MULTIPART_VALUE.equals(inputType) || UserInputDTM.InputType.QUERYSTRING.equals(inputType) || UserInputDTM.InputType.BODY.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if (al.a(i, 4) || al.a(i, 32) || str2.length() < 7) {
            return null;
        }
        return a(str2);
    }

    private E a(String str) {
        E e = null;
        o b2 = this.d.b(str);
        if (b2 != null) {
            int f = b2.f();
            if (f >= getDefiniteAttackThreshold() && b2.b()) {
                e = new E(A.MATCHED_ATTACK_SIGNATURE);
                a(b2, e);
            } else if (f >= getWorthWatchingThreshold()) {
                e = new E(A.WORTH_WATCHING);
                a(b2, e);
            }
        }
        return e;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getWorthWatchingThreshold() {
        return 2;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getDefiniteAttackThreshold() {
        return 3;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n, com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresSavingInContext(HttpRequest httpRequest) {
        return !C0234o.a(httpRequest);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onCommandStarting(S s, String[] strArr, com.contrastsecurity.agent.o.i iVar) {
        String join = StringUtils.join(strArr, " ");
        List<am> c2 = s != null ? s.c(b) : Collections.emptyList();
        if (this.j.e(ContrastProperties.DEFEND_CMDI_PHASES) && !c2.isEmpty()) {
            for (am amVar : c2) {
                for (int i = 0; i < strArr.length; i++) {
                    UserInputDTM b2 = amVar.b(strArr[i]);
                    if (b2 != null) {
                        a(amVar, b2, strArr, i);
                        return;
                    }
                }
                UserInputDTM b3 = amVar.b(join);
                if (b3 != null) {
                    a(amVar, b3, new String[]{join}, 0);
                    return;
                }
            }
        }
        if (this.j.e(ContrastProperties.DEFEND_CMDI_BACKDOORS)) {
            String e = L.e(join);
            com.contrastsecurity.agent.b.e b4 = b(e);
            if (b4 != null) {
                a(UserInputDTM.builder().name(b4.a()).value(b4.b()).type(UserInputDTM.InputType.PARAMETER_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, com.contrastsecurity.agent.commons.g.a(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                return;
            }
            com.contrastsecurity.agent.b.e c3 = c(e);
            if (c3 != null) {
                a(UserInputDTM.builder().name(c3.a()).value(c3.b()).type(UserInputDTM.InputType.MULTIPART_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, com.contrastsecurity.agent.commons.g.a(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                return;
            }
        }
        if (this.j.e(ContrastProperties.DEFEND_CMDI_CHAINS) && k.a(join) != -1) {
            a(join, com.contrastsecurity.agent.commons.g.a(CmdInjectionSemanticDTM.Finding.CHAINING));
        } else if (this.j.e(ContrastProperties.DEFEND_CMDI_DANGEROUS_PATH_ARGS) && j.a(join)) {
            a(join, com.contrastsecurity.agent.commons.g.a(CmdInjectionSemanticDTM.Finding.PATH_ARGUMENT));
        }
    }

    private com.contrastsecurity.agent.b.e b(String str) {
        HttpRequest currentRequest;
        if (this.h == null || (currentRequest = this.h.getCurrentRequest()) == null || !currentRequest.isParametersResolved()) {
            return null;
        }
        return a(str, currentRequest);
    }

    private com.contrastsecurity.agent.b.e a(String str, HttpRequest httpRequest) {
        Map<String, String[]> parameters = httpRequest.getParameters();
        for (String str2 : parameters.keySet()) {
            String[] strArr = parameters.get(str2);
            if (strArr != null) {
                for (String str3 : strArr) {
                    String a = com.contrastsecurity.agent.plugins.rasp.k.d.a(str3, UserInputDTM.InputType.PARAMETER_VALUE);
                    if (a(a, str)) {
                        return new com.contrastsecurity.agent.b.e(str2, a);
                    }
                }
            }
        }
        return null;
    }

    private com.contrastsecurity.agent.b.e c(String str) {
        HttpRequest currentRequest = this.h.getCurrentRequest();
        if (currentRequest == null || !currentRequest.isMultipartParametersResolved()) {
            return null;
        }
        return b(str, currentRequest);
    }

    private com.contrastsecurity.agent.b.e b(String str, HttpRequest httpRequest) {
        for (MultipartItem multipartItem : httpRequest.getMultipartItems()) {
            String fieldName = multipartItem.getFieldName();
            String a = com.contrastsecurity.agent.plugins.rasp.k.d.a(multipartItem.getValue(), UserInputDTM.InputType.MULTIPART_VALUE);
            if (a(a, str)) {
                return new com.contrastsecurity.agent.b.e(fieldName, a);
            }
        }
        return null;
    }

    private static boolean a(String str, String str2) {
        if (str == null || str.length() < 2) {
            return false;
        }
        String e = L.e(str);
        return str2.equalsIgnoreCase(e) || (c.matcher(str2).find() && StringUtils.endsWithIgnoreCase(str2, e));
    }

    private CmdInjectionInputTracingDTM a(String[] strArr, int i, int i2, int i3) {
        int i4 = 0;
        int i5 = 0;
        StringBuilder sb = new StringBuilder();
        for (int i6 = 0; i6 < strArr.length; i6++) {
            if (i6 == i) {
                int length = sb.length();
                i4 = length + i2;
                i5 = length + i3;
            }
            sb.append(strArr[i6]);
        }
        return new CmdInjectionInputTracingDTM(sb.toString(), i4, i5);
    }

    private void a(am amVar, UserInputDTM userInputDTM, String[] strArr, int i) {
        amVar.c(true);
        int indexOf = strArr[i].indexOf(userInputDTM.getValue());
        a(userInputDTM, a(strArr, i, indexOf, indexOf + userInputDTM.getValue().length()), "input tracing");
    }

    private void a(UserInputDTM userInputDTM, String str, List<CmdInjectionSemanticDTM.Finding> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i < list.size() - 1) {
                sb.append(", ");
            }
        }
        a(userInputDTM == null ? UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.g.a()).build() : userInputDTM, new CmdInjectionSemanticDTM(str, list), sb.toString());
    }

    private void a(String str, List<CmdInjectionSemanticDTM.Finding> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i < list.size() - 1) {
                sb.append(", ");
            }
        }
        a(UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.g.a()).build(), new CmdInjectionSemanticDTM(str, list), sb.toString());
    }

    private void a(UserInputDTM userInputDTM, CmdInjectionDTM cmdInjectionDTM, String str) {
        boolean canBlock = this.i.canBlock(this);
        this.f.a(this.e, cmdInjectionDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("Command injection detected: " + str);
        }
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.e
    public String[] a() {
        return new String[]{k, l};
    }
}
