package com.contrastsecurity.agent.plugins.rasp.e;

import com.contrastsecurity.agent.B;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.exclusions.f;
import com.contrastsecurity.agent.apps.exclusions.h;
import com.contrastsecurity.agent.commons.l;
import com.contrastsecurity.agent.commons.r;
import com.contrastsecurity.agent.commons.s;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.messages.app.settings.ExceptionInputTypeDTM;
import com.contrastsecurity.agent.plugins.frameworks.C0117p;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.C0121a;
import com.contrastsecurity.agent.plugins.rasp.C0128h;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.agent.plugins.rasp.X;
import com.contrastsecurity.agent.plugins.rasp.al;
import com.contrastsecurity.agent.plugins.rasp.am;
import com.contrastsecurity.agent.plugins.rasp.d.w;
import com.contrastsecurity.agent.plugins.rasp.rules.i;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* compiled from: RaspRuleParameterListener.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/e/f.class */
public class f implements d {
    private final com.contrastsecurity.agent.config.g a;
    private final e b;
    private final w c;
    private final RaspManager d;
    private final Set<String> e;
    private final com.contrastsecurity.agent.plugins.rasp.g.c f;
    private static final Logger g = LoggerFactory.getLogger(f.class);

    public f(C0117p c0117p, RaspManager raspManager, w wVar, e eVar, com.contrastsecurity.agent.plugins.rasp.g.c cVar, com.contrastsecurity.agent.config.g gVar) {
        this.b = (e) l.a(eVar, "parameterScanner");
        this.c = (w) l.a(wVar, "documentScanner");
        this.e = a((C0117p) l.a(c0117p, "frameworkManager"));
        this.d = (RaspManager) l.a(raspManager, "manager");
        this.f = (com.contrastsecurity.agent.plugins.rasp.g.c) l.a(cVar, "logEnhancer");
        this.a = (com.contrastsecurity.agent.config.g) l.a(gVar, "config");
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.e.d
    public void a(C0128h c0128h, HttpRequest httpRequest, Application application, C0121a c0121a, Map<String, String[]> map) {
        S currentContext = this.d.currentContext();
        h exclusionProcessor = application.getExclusionProcessor();
        boolean hasParameterExclusions = exclusionProcessor.hasParameterExclusions(f.a.DEFEND);
        String uri = httpRequest.getUri();
        HashMap hashMap = new HashMap(map.size() * 2);
        HashSet hashSet = new HashSet(map.keySet());
        hashSet.removeAll(this.e);
        Set<String> a = a(map, hashSet, exclusionProcessor, hasParameterExclusions, uri);
        for (final String str : hashSet) {
            r a2 = s.a((r) new r<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.e.f.1
                @Override // com.contrastsecurity.agent.commons.r
                /* renamed from: b, reason: merged with bridge method [inline-methods] */
                public String a() {
                    return com.contrastsecurity.agent.plugins.rasp.k.d.a(str, UserInputDTM.InputType.PARAMETER_NAME);
                }
            });
            for (com.contrastsecurity.agent.plugins.rasp.rules.g gVar : this.d.getEnabledRules()) {
                String a3 = gVar.getRuleId().a();
                if (gVar instanceof i) {
                    i<?> iVar = (i) gVar;
                    if (iVar.appliesToInputType(UserInputDTM.InputType.PARAMETER_NAME) && !StringUtils.isEmpty(str) && (!hasParameterExclusions || !exclusionProcessor.isInputExclusion(f.a.DEFEND, a3, uri, ExceptionInputTypeDTM.PARAMETER, str))) {
                        String[] strArr = map.get(str);
                        String str2 = (strArr == null || strArr.length <= 0) ? "" : strArr[0];
                        try {
                            if (((Integer) hashMap.get(a2.a())) == null) {
                                hashMap.put(a2.a(), Integer.valueOf(al.a((String) a2.a())));
                            }
                            a(c0128h, application, iVar, (String) a2.a(), str2, currentContext);
                        } catch (AttackBlockedException e) {
                            throw e;
                        } catch (Exception e2) {
                            g.error("Problem scanning parameter name {}", str, e2);
                        }
                    }
                }
            }
            for (final String str3 : map.get(str)) {
                r a4 = s.a((r) new r<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.e.f.2
                    @Override // com.contrastsecurity.agent.commons.r
                    /* renamed from: b, reason: merged with bridge method [inline-methods] */
                    public String a() {
                        return com.contrastsecurity.agent.plugins.rasp.k.d.a(str3, UserInputDTM.InputType.PARAMETER_VALUE);
                    }
                });
                for (com.contrastsecurity.agent.plugins.rasp.rules.g gVar2 : this.d.getEnabledRules()) {
                    String a5 = gVar2.getRuleId().a();
                    if (gVar2 instanceof i) {
                        i<?> iVar2 = (i) gVar2;
                        if (iVar2.appliesToInputType(UserInputDTM.InputType.PARAMETER_VALUE) && !StringUtils.isEmpty(str3)) {
                            if (hasParameterExclusions && exclusionProcessor.isInputExclusion(f.a.DEFEND, a5, uri, ExceptionInputTypeDTM.PARAMETER, str)) {
                                g.debug("Not scanning parameter {} on {} due to parameter exception", str, uri);
                            } else {
                                try {
                                    int i = 0 + 1;
                                    boolean contains = a.contains(str + 0);
                                    if (!contains && this.a.e(ContrastProperties.INSPECT_PARAMETERS_AS_XML) && this.c.a(str3)) {
                                        a aVar = new a();
                                        aVar.a(UserInputDTM.InputDocumentType.XML);
                                        aVar.a(str);
                                        aVar.b(str3);
                                        aVar.a(UserInputDTM.InputType.PARAMETER_VALUE);
                                        contains = this.c.a(aVar, iVar2);
                                    }
                                    if (!contains) {
                                        Integer num = (Integer) hashMap.get(a4.a());
                                        if (num == null) {
                                            num = Integer.valueOf(al.a((String) a4.a()));
                                            hashMap.put(a4.a(), num);
                                        }
                                        this.b.a(c0128h, application, iVar2, (String) a2.a(), (String) a4.a(), UserInputDTM.InputDocumentType.NORMAL, null, currentContext, num.intValue());
                                    }
                                } catch (AttackBlockedException e3) {
                                    throw e3;
                                } catch (Exception e4) {
                                    g.error("Problem scanning parameter value {}", str, e4);
                                }
                            }
                        }
                    }
                }
            }
        }
        Iterator<X<?>> it = this.d.getEnabledRules().iterator();
        while (it.hasNext()) {
            it.next().onParametersResolved(httpRequest);
        }
    }

    @B
    Set<String> a(Map<String, String[]> map, Set<String> set, h hVar, boolean z, String str) {
        if (!this.a.e(ContrastProperties.INSPECT_PARAMETERS_AS_JSON)) {
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        c cVar = new c(UserInputDTM.InputType.PARAMETER_VALUE, z, hVar, str);
        Iterable<i<?>> inputAwareRules = this.d.getInputAwareRules(cVar);
        a aVar = new a();
        aVar.a(UserInputDTM.InputDocumentType.JSON);
        aVar.a(UserInputDTM.InputType.PARAMETER_VALUE);
        for (String str2 : set) {
            int i = 0;
            aVar.a(str2);
            cVar.a(str2);
            for (String str3 : map.get(str2)) {
                if (b.a(str3)) {
                    aVar.b(str3);
                    if (this.c.b(aVar, inputAwareRules)) {
                        int i2 = i;
                        i++;
                        hashSet.add(str2 + i2);
                    }
                }
            }
        }
        return hashSet;
    }

    private static Set<String> a(C0117p c0117p) {
        HashSet hashSet = new HashSet();
        Iterator<com.contrastsecurity.agent.plugins.frameworks.S> it = c0117p.j().iterator();
        while (it.hasNext()) {
            List<String> viewstateParameterNames = it.next().getViewstateParameterNames();
            if (viewstateParameterNames != null) {
                hashSet.addAll(viewstateParameterNames);
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    void a(C0128h c0128h, Application application, i<?> iVar, String str, String str2, S s) {
        E a = c0128h.a(application, UserInputDTM.InputType.PARAMETER_NAME, str, str, iVar, s);
        if (a == null || A.DONT_CARE.equals(a.a())) {
            this.f.c(iVar.getRuleId().a(), "Parameter", str, str2);
            return;
        }
        if (A.MATCHED_ATTACK_SIGNATURE.equals(a.a())) {
            this.f.a(iVar.getRuleId().a(), "Parameter", str, str2);
            c0128h.a(application, iVar, new am(a(str, str2).filters(a.b()).build(), true));
        } else if (A.WORTH_WATCHING.equals(a.a())) {
            this.f.b(iVar.getRuleId().a(), "Parameter", str, str2);
            c0128h.a(application, iVar, new am(a(str, str2).filters(a.b()).build()));
        }
    }

    private static UserInputDTM.Builder a(String str, String str2) {
        return UserInputDTM.builder().name(str).value(str2).type(UserInputDTM.InputType.PARAMETER_NAME);
    }
}
