package com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.b;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.d.e;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0124d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.am;
import com.contrastsecurity.agent.plugins.rasp.rules.n;
import com.contrastsecurity.agent.plugins.rasp.rules.s;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import java.util.Collections;

/* compiled from: SpringHeaderInjectionRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/cve/spring/b/c.class */
public final class c extends n<CveDetailsDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.a {
    public static final String b = "cve-2011-2732";
    private final ApplicationManager c;
    private final InterfaceC0124d d;
    private final RaspManager e;
    private final Z<CveDetailsDTM> f = Z.a(b, CveDetailsDTM.class);
    private final e.a<s> g = e.a.a(s.class);
    private static final String h = "spring-security-core";
    private static final String[] i = {"3.0.5.release.jar", "3.0.4.release.jar", "3.0.2.release.jar", "3.0.1.release.jar", "3.0.0.release.jar", "2.0.6.release.jar", "2.0.5.release.jar", "2.0.4.jar", "2.0.3.jar", "2.0.2.jar", "2.0.1.jar", "2.0.0.jar"};
    private static final String j = "spring-security-redirect";

    @Inject
    public c(ApplicationManager applicationManager, RaspManager raspManager, InterfaceC0124d interfaceC0124d) {
        this.c = applicationManager;
        this.e = raspManager;
        this.d = interfaceC0124d;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<CveDetailsDTM> getRuleId() {
        return this.f;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n, com.contrastsecurity.agent.plugins.rasp.X
    public void onParametersResolved(HttpRequest httpRequest) {
        String[] strArr = httpRequest.getParameters().get(j);
        boolean z = false;
        if (strArr != null && strArr.length > 0) {
            z = a(strArr);
        }
        if (z) {
            throw new AttackBlockedException("CVE-2011-2732 attack detected");
        }
    }

    private boolean a(String[] strArr) {
        boolean z = false;
        Application current = this.c.current();
        for (String str : strArr) {
            if (a(str)) {
                am amVar = new am(UserInputDTM.builder().name(j).value(str).type(UserInputDTM.InputType.PARAMETER_VALUE).filters(Collections.emptySet()).build(), true);
                if (appliesToApplication(current)) {
                    z = z || this.e.canBlock(this);
                    a(amVar, z);
                } else {
                    this.e.currentContext().a(current, this, amVar);
                }
            }
        }
        return z;
    }

    private boolean a(String str) {
        return str != null && (str.indexOf(10) >= 0 || str.indexOf(13) >= 0);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.a
    public boolean appliesToApplication(Application application) {
        s sVar;
        return (application == null || (sVar = (s) application.context().a(this.g)) == null || !sVar.a()) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onApplicationProfiled(Application application) {
        application.context().a((e.a<e.a<s>>) this.g, (e.a<s>) a(application));
    }

    private s a(Application application) {
        for (String str : application.getLibraryFactNames()) {
            if (str != null && str.contains(h)) {
                for (String str2 : i) {
                    if (str.endsWith(str2)) {
                        return s.a(str, str2);
                    }
                }
            }
        }
        return s.d();
    }

    private void a(am amVar, boolean z) {
        amVar.c(true);
        s sVar = (s) this.c.current().context().a(this.g);
        if (sVar == null || !sVar.a()) {
            throw new IllegalStateException("Attempting to report a vulnerability for cve-2011-2732 but no vulnerable library detected");
        }
        this.d.a(this.f, new CveDetailsDTM(b, sVar.c()), amVar.a(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
