package com.contrastsecurity.agent.plugins.rasp.rules.untrusteddeserialization;

import com.contrastsecurity.agent.B;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0124d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.agent.plugins.rasp.X;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.rules.untrusteddeserialization.UntrustedDeserializationDetailsDTM;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* compiled from: UntrustedDeserializationRaspRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/untrusteddeserialization/n.class */
public class n extends X<UntrustedDeserializationDetailsDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.j<UntrustedDeserializationDetailsDTM, ContrastUntrustedDeserializationDispatcher> {
    public static final String b = "untrusted-deserialization";
    private final InterfaceC0124d d;
    private final com.contrastsecurity.agent.instr.h<ContrastUntrustedDeserializationDispatcher> e;
    private final RaspManager f;
    private final Z<UntrustedDeserializationDetailsDTM> g;
    private static final Set<String> j = com.contrastsecurity.agent.commons.o.b("int", "java.lang.String", "java.util.HashMap");

    @B
    static final List<String> c = com.contrastsecurity.agent.commons.g.b(" org.apache.myfaces.view.facelets.el.ValueExpressionMethodExpression".substring(1), " org.apache.commons.beanutils.BeanComparator".substring(1), " org.apache.commons.collections.functors.ChainedTransformer".substring(1), " org.apache.commons.collections.functors.ConstantTransformer".substring(1), " org.apache.commons.collections.functors.InvokerTransformer".substring(1), " org.apache.commons.collections.functors.InstantiateTransformer".substring(1), " org.apache.commons.collections4.functors.InvokerTransformer".substring(1), " org.apache.commons.collections4.functors.InstantiateTransformer".substring(1), " org.apache.commons.fileupload.disk.DiskFileItem".substring(1), " org.apache.xalan.internal.xsltc.trax.TemplatesImpl".substring(1), " org.apache.xalan.xsltc.trax.TemplatesImpl".substring(1), " org.apache.wicket.util.upload.DiskFileItem".substring(1), "clojure.inspector.proxy$javax.swing.table.AbstractTableModel$ff19274a", "org.codehaus.groovy.runtime.ConvertedClosure", "org.codehaus.groovy.runtime.MethodClosure", "groovy.util.Expando", "org.python.core.PyFunction", "org.python.core.PyBytecode", "mozilla.javascript.internal.NativeError", "mozilla.javascript.ScriptableObject$Slot", "mozilla.javascript.ScriptableObject$GetterSlot", "mozilla.javascript.ScriptableObject$RelinkedSlot", "bsh.XThis", "org.jboss.weld.interceptor.reader.DefaultMethodMetadata", "org.springframework.beans.factory.ObjectFactory", "org.springframework.beans.factory.ObjectFactory", "org.springframework.beans.factory.config.PropertyPathFactoryBean", "org.springframework.aop.framework.AdvisedSupport", "coldfusion.syndication.FeedDateParser", "org.jpedal.io.ObjectStore", "com.xuggle.ferry.AtomicInteger", "com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data", "com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter", "com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl", "com.sun.jna.Memory", "com.sun.jna.Function", "com.sun.medialib.codec.jpeg.Encoder", "com.sun.medialib.codec.png.Decoder", "com.sun.syndication.feed.impl.ObjectBean", "com.sun.rowset.JdbcRowSetImpl", "com.sun.jndi.rmi.registry.BindingEnumeration", "com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl", "sun.rmi.server.UnicastRef", "sun.rmi.transport.DGCClient$EndpointEntry", "java.util.logging.FileHandler", "java.rmi.server.UnicastRemoteObject", "java.util.ServiceLoader$LazyIterator", "java.net.PlainDatagramSocketImpl", "javax.imageio.ImageIO$ContainsFilter", "javax.management.BadAttributeValueExpException", "com.mchange.v2.c3p0.impl.PoolBackedDataSourceBase", "com.mchange.v2.naming.ReferenceIndirector$ReferenceSerialized", "com.mchange.v2.c3p0.JndiRefForwardingDataSource", "com.mchange.v2.c3p0.WrapperConnectionPoolDataSource", "java.lang.ProcessBuilder", "ch.qos.logback.core.db.DriverManagerConnectionSource");
    private static final String k = "blocked.xstream";
    private static final String l = "java.io.ObjectInputStream";
    private static final String m = "com.sun.beans.decoder.ObjectElementHandler";
    private static final String n = "com.sun.beans.ObjectHandler";
    private static final String o = "com/fasterxml/jackson/databind/deser/BeanDeserializerFactory";
    private static final String p = "org/codehaus/jackson/map/deser/BeanDeserializerFactory";
    private static final String q = "com/thoughtworks/xstream/converters/ConverterLookup";
    private static final String r = "com/esotericsoftware/kryo/Serializer";
    private final com.contrastsecurity.agent.commons.m<StackTraceElement> i = new com.contrastsecurity.agent.commons.m<StackTraceElement>() { // from class: com.contrastsecurity.agent.plugins.rasp.rules.untrusteddeserialization.n.1
        @Override // com.contrastsecurity.agent.commons.m
        public boolean a(StackTraceElement stackTraceElement) {
            String methodName = stackTraceElement.getMethodName();
            return "readObject".equals(methodName) || "fromXML".equals(methodName);
        }
    };
    private final com.contrastsecurity.agent.plugins.frameworks.jackson.b h = new com.contrastsecurity.agent.plugins.frameworks.jackson.b();

    @Inject
    public n(InterfaceC0124d interfaceC0124d, com.contrastsecurity.agent.instr.h<ContrastUntrustedDeserializationDispatcher> hVar, RaspManager raspManager, Z<UntrustedDeserializationDetailsDTM> z) {
        this.d = interfaceC0124d;
        this.e = hVar;
        this.f = raspManager;
        this.g = z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<UntrustedDeserializationDetailsDTM> getRuleId() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public boolean isCodeExclusionSpecialCase() {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return cls.equals(ObjectInputStream.class) || cls.equals(Runtime.class) || m.equals(cls.getName()) || n.equals(cls.getName());
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public com.contrastsecurity.agent.instr.h<ContrastUntrustedDeserializationDispatcher> getDispatcherRegistration() {
        return this.e;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onCommandStarting(S s, String[] strArr, com.contrastsecurity.agent.o.i iVar) {
        if (iVar.a(this.i)) {
            boolean canBlock = this.f.canBlock(this);
            a(canBlock, strArr);
            if (canBlock) {
                throw new AttackBlockedException("System command call during deserialization detected");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(ObjectStreamClass objectStreamClass, S s) {
        if (objectStreamClass != null) {
            a(UntrustedDeserializationDetailsDTM.Deserializer.OBJECT_STREAM, objectStreamClass.getName(), s);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Class<?> cls, S s) {
        if (cls != null) {
            a(UntrustedDeserializationDetailsDTM.Deserializer.XSTREAM, cls.getCanonicalName(), s);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Object obj, S s) {
        String d = this.h.d(obj);
        if (d != null) {
            a(UntrustedDeserializationDetailsDTM.Deserializer.JACKSON, d, s);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(Class<?> cls, S s) {
        if (cls != null) {
            a(UntrustedDeserializationDetailsDTM.Deserializer.KRYO, cls.getCanonicalName(), s);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(String str, S s) {
        a(UntrustedDeserializationDetailsDTM.Deserializer.XML_DECODER, str, s);
    }

    @B
    void a(UntrustedDeserializationDetailsDTM.Deserializer deserializer, String str, S s) {
        String str2;
        if (a(str)) {
            boolean canBlock = this.f.canBlock(this);
            if (this.f.isDisabledByCodeExclusion(this)) {
                return;
            }
            boolean z = true;
            if (UntrustedDeserializationDetailsDTM.Deserializer.XSTREAM == deserializer) {
                s.a(k, str);
            } else if (UntrustedDeserializationDetailsDTM.Deserializer.OBJECT_STREAM == deserializer && (str2 = (String) s.d(k)) != null && str2.equals(str)) {
                z = false;
            }
            if (z) {
                a(canBlock, deserializer, str);
            }
            if (canBlock) {
                throw new AttackBlockedException("Deserialization attack detected");
            }
        }
    }

    private boolean a(String str) {
        if (j.contains(str)) {
            return false;
        }
        Iterator<String> it = c.iterator();
        while (it.hasNext()) {
            if (str.endsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    private void a(boolean z, UntrustedDeserializationDetailsDTM.Deserializer deserializer, String str) {
        this.d.a(this.g, new UntrustedDeserializationDetailsDTM.UntrustedDeserializationGadgetDTM(deserializer), UserInputDTM.builder().value(str).type(UserInputDTM.InputType.UNKNOWN).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }

    private void a(boolean z, String[] strArr) {
        String join = StringUtils.join(strArr, " ");
        this.d.a(this.g, new UntrustedDeserializationDetailsDTM.UntrustedDeserializationCommandDTM(join), UserInputDTM.builder().value(join).type(UserInputDTM.InputType.UNKNOWN).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onParametersResolved(HttpRequest httpRequest) {
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastUntrustedDeserializationDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (this.f.isSinksDisabled()) {
            return classVisitor;
        }
        if (m.equals(instrumentationContext.getClassName())) {
            instrumentationContext.getChanger().addAdapter("XMLDecoderObjectHandlerVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new q(fVar, instrumentationContext, classVisitor);
        } else if (n.equals(instrumentationContext.getClassName())) {
            instrumentationContext.getChanger().addAdapter("XMLDecoderJDK6ObjectHandlerVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new p(fVar, instrumentationContext, classVisitor);
        } else if (l.equals(instrumentationContext.getClassName())) {
            instrumentationContext.getChanger().addAdapter("ResolveClassDetectionVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new g(fVar, instrumentationContext, classVisitor);
        } else if (q.equals(instrumentationContext.getInternalClassName()) || instrumentationContext.getAncestors().contains(q)) {
            instrumentationContext.getChanger().addAdapter("XStreamDeserializationVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new r(fVar, instrumentationContext, classVisitor);
        } else if (r.equals(instrumentationContext.getInternalClassName()) || instrumentationContext.getAncestors().contains(r)) {
            instrumentationContext.getChanger().addAdapter("KryoDeserializationVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new f(fVar, instrumentationContext, classVisitor);
        } else if (o.equals(instrumentationContext.getInternalClassName())) {
            instrumentationContext.getChanger().addAdapter("BeanDeserializerFactoryVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new d(fVar, instrumentationContext, classVisitor);
        } else if (p.equals(instrumentationContext.getInternalClassName())) {
            instrumentationContext.getChanger().addAdapter("BeanDeserializerFactoryVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new a(fVar, instrumentationContext, classVisitor);
        }
        return classVisitor;
    }
}
