package com.contrastsecurity.agent.plugins.rasp.rules.pathtraversal;

import com.contrastsecurity.agent.Contrast;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.C0131k;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0124d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.al;
import com.contrastsecurity.agent.plugins.rasp.am;
import com.contrastsecurity.agent.plugins.rasp.rules.pathtraversal.PathTraversalSemanticDTM;
import com.contrastsecurity.agent.util.C0220a;
import com.contrastsecurity.agent.util.C0224e;
import com.contrastsecurity.agent.util.C0231l;
import com.contrastsecurity.agent.util.C0238s;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.ArrayUtils;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.File;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.List;

/* compiled from: PathTraversalRaspRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/pathtraversal/k.class */
public final class k extends com.contrastsecurity.agent.plugins.rasp.rules.n<PathTraversalDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.e, com.contrastsecurity.agent.plugins.rasp.rules.j<PathTraversalDTM, ContrastPathTraversalDispatcher> {
    public static final String b = "path-traversal";
    private final Z<PathTraversalDTM> c;
    private final InterfaceC0124d d;
    private final com.contrastsecurity.agent.config.g e;
    private final com.contrastsecurity.agent.commons.c f;
    private final com.contrastsecurity.agent.instr.h<ContrastPathTraversalDispatcher> g;
    private final RaspManager h;
    private final com.contrastsecurity.agent.o.j i;
    private final String[] j = {"12", "3000"};
    private static final String k = "io.vertx.core.impl.cpu.CpuCoreSensor.determineProcessors";
    private static final String l = "org.wildfly.common.cpu.ProcessorInfo.determineProcessors";
    private static final String m = "com.newrelic.agent.utilization.DockerData.getDockerContainerId";
    private static final String n = "datadog.common.container.ContainerInfo.<clinit>";
    private static final String[] o = {"::$DATA", "::$Index", "��"};
    private static final String[] p = {"/proc/self", "etc/passwd", "etc/shadow", "etc/hosts", "etc/groups", "etc/gshadow", "ntuser.dat", "/Windows/win.ini", "/windows/system32/", "/windows/repair/"};
    private static final int q;
    private static final String[] r;
    private static final String s = "java/io/File";
    private static final String t = "java/nio/file/Paths";
    private static final String u;
    private static final int v = 8;
    private static final String w;
    private static final Logger x;

    @Inject
    public k(InterfaceC0124d interfaceC0124d, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.commons.c cVar, com.contrastsecurity.agent.instr.h<ContrastPathTraversalDispatcher> hVar, RaspManager raspManager, com.contrastsecurity.agent.o.j jVar, Z<PathTraversalDTM> z) {
        this.d = interfaceC0124d;
        this.e = gVar;
        this.f = cVar;
        this.g = hVar;
        this.h = raspManager;
        this.i = jVar;
        this.c = z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<PathTraversalDTM> getRuleId() {
        return this.c;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return !UserInputDTM.InputType.HEADER.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if (al.a(i, 4) || str2.length() < 8 || d(str)) {
            return null;
        }
        E a = a(inputType == UserInputDTM.InputType.URI ? a(str2, this.j) : a(str2, (String[]) null));
        if (a != null) {
            return a;
        }
        if (str2.indexOf(0) != -1) {
            return new E(A.WORTH_WATCHING);
        }
        return null;
    }

    private E a(String str, String[] strArr) {
        E e = null;
        for (int i = 0; i < this.a.size(); i++) {
            C0131k c0131k = this.a.get(i);
            if ((strArr == null || ArrayUtils.contains(strArr, c0131k.c())) && c0131k.b().matcher(str).find()) {
                e = a(e, c0131k.c(), c0131k.a());
            }
        }
        return e;
    }

    private boolean d(String str) {
        return L.a(str, r);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.k
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastPathTraversalDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.h.isSinksDisabled()) {
            if (instrumentationContext.getCodeSource() != null) {
                if (C0220a.b(instrumentationContext.getFlags()) && instrumentationContext.getAncestors().contains("javax/servlet/http/HttpServletRequest")) {
                    instrumentationContext.getChanger().addAdapter("RequestDispatcherClassVisitor");
                    instrumentationContext.setRequiresTransforming(true);
                    classVisitor = new n(fVar, instrumentationContext, classVisitor);
                }
            } else if (s.equals(instrumentationContext.getInternalClassName())) {
                instrumentationContext.getChanger().addAdapter("FileStreamClassVisitor");
                instrumentationContext.setRequiresTransforming(true);
                classVisitor = new c(fVar, instrumentationContext, classVisitor);
            } else if (t.equals(instrumentationContext.getInternalClassName())) {
                instrumentationContext.getChanger().addAdapter("PathsClassVisitor");
                instrumentationContext.setRequiresTransforming(true);
                classVisitor = new m(fVar, instrumentationContext, classVisitor);
            }
        }
        return classVisitor;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(S s2, String str) {
        if ((!StringUtils.isEmpty(w) && w.equals(str)) || str.isEmpty()) {
            return false;
        }
        boolean z = false;
        boolean z2 = false;
        List<am> c = s2.c(b);
        if (c != null) {
            for (int i = 0; i < c.size(); i++) {
                am amVar = c.get(i);
                UserInputDTM b2 = amVar.b(str);
                if (b2 != null && !this.h.isDisabledByCodeExclusion(this)) {
                    z = z || this.h.canBlock(this);
                    amVar.c(true);
                    this.d.a(this.c, new PathTraversalInputTracingDTM(str), b2, z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
                    z2 = true;
                }
            }
        }
        if (!z2) {
            List<PathTraversalSemanticDTM.Finding> a = a(str);
            if (!a.isEmpty() && !this.h.isDisabledByCodeExclusion(this)) {
                z = this.h.canBlock(this);
                this.d.a(this.c, new PathTraversalSemanticDTM(str, a), UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.f.a()).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
            }
        }
        return z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onCommandStarting(S s2, String[] strArr, com.contrastsecurity.agent.o.i iVar) {
        String join = StringUtils.join(strArr, " ");
        for (am amVar : s2 != null ? s2.c(b) : Collections.emptyList()) {
            for (String str : strArr) {
                if (amVar.c(str)) {
                    a(amVar, strArr);
                    return;
                }
            }
            if (amVar.c(join)) {
                a(amVar, new String[]{join});
                return;
            }
        }
    }

    private void a(am amVar, String[] strArr) {
        amVar.c(true);
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str);
        }
        a(amVar.a(), new PathTraversalInputTracingDTM(sb.toString()), "input tracing");
    }

    private void a(UserInputDTM userInputDTM, PathTraversalDTM pathTraversalDTM, String str) {
        boolean canBlock = this.h.canBlock(this);
        this.d.a(this.c, pathTraversalDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("path traversal detected: " + str);
        }
    }

    List<PathTraversalSemanticDTM.Finding> a(String str) {
        if (e(str)) {
            x.warn("Blocking access to system file being accessed by custom code: {}", com.contrastsecurity.agent.e.c.a(x, str));
            return Collections.singletonList(PathTraversalSemanticDTM.Finding.CUSTOM_CODE_ACCESSING_SYSTEM_FILES);
        }
        if (!b(str)) {
            return Collections.emptyList();
        }
        x.warn("Blocking access to file being accessed with exploit marker in it: {}", com.contrastsecurity.agent.e.c.a(x, str));
        return Collections.singletonList(PathTraversalSemanticDTM.Finding.COMMON_FILE_EXPLOITS);
    }

    boolean b(String str) {
        return this.e.e(ContrastProperties.DEFEND_PT_COMMON_EXPLOIT) && L.b(str, o);
    }

    private boolean e(String str) {
        return this.e.e(ContrastProperties.DEFEND_PT_CUSTOM_CODE_ACCESS) && c(str) && b();
    }

    boolean c(String str) {
        try {
            String replace = str.replace('\\', '/');
            if (replace.contains(" ")) {
                replace = C0231l.a(replace);
            }
            str = new URI(replace).normalize().getPath();
            return L.a(str, p);
        } catch (URISyntaxException e) {
            x.debug("Problem getting canonical path for {}", str, e);
            return false;
        }
    }

    private boolean b() {
        return a(this.i.a());
    }

    boolean a(com.contrastsecurity.agent.o.i iVar) {
        List<StackTraceElement> a = iVar.a();
        int min = Math.min(a.size(), q);
        for (int i = 0; i < min; i++) {
            if (C0224e.b(a.get(i).getClassName())) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public boolean isCodeExclusionSpecialCase() {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return File.class.equals(cls) || u.equals(cls.getName()) || SecurityManager.class.equals(cls);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public com.contrastsecurity.agent.instr.h<ContrastPathTraversalDispatcher> getDispatcherRegistration() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.e
    public String[] a() {
        return new String[]{"java.lang.SecurityManager.checkRead", "jdk.nashorn.api.scripting.NashornScriptEngine.compileImpl", k, l, m, n};
    }

    static {
        q = C0238s.a() ? 9 : 7;
        r = new String[]{"pass", "pwd"};
        u = t.replaceAll(ConnectionFactory.DEFAULT_VHOST, WildcardPattern.ANY_CHAR);
        w = Contrast.config().b(ContrastProperties.DEFEND_TELEMETRY_DIR);
        x = LoggerFactory.getLogger(k.class);
    }
}
