package com.contrastsecurity.agent.plugins.rasp.rules.f;

import com.contrastsecurity.agent.Contrast;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.http.i;
import com.contrastsecurity.agent.plugins.rasp.A;
import com.contrastsecurity.agent.plugins.rasp.C0131k;
import com.contrastsecurity.agent.plugins.rasp.E;
import com.contrastsecurity.agent.plugins.rasp.Z;
import com.contrastsecurity.agent.plugins.rasp.al;
import com.contrastsecurity.agent.plugins.rasp.rules.n;
import com.contrastsecurity.agent.plugins.rasp.rules.o;
import com.contrastsecurity.agent.util.C0234o;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;

/* compiled from: XSSRaspRule.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/rules/f/e.class */
public final class e extends n<Object> {
    public static final String b = "reflected-xss";
    private final b c = b.a(getDefiniteAttackThreshold());
    private final Z<Object> d = Z.a(b, Object.class);
    private static final String[] e = {"onfinish", "onstart", "onbounce", "onerror", "onload", "onafterprint", "onbeforeprint", "onbeforeunload", "onhashchange", "onmessage", "onoffline", "ononline", "onpagehide", "onpageshow", "onpopstate", "onresize", "onstorage", "onunload", "onblur", "onchange", "oncontextmenu", "onfocus", "oninput", "oninvalid", "onreset", "onsearch", "onselect", "onsubmit", "onkeydown", "onkeypress", "onkeyup", "onclick", "ondblclick", "ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "onmousedown", "onmousemove", "onmouseout", "onmouseup", "onmouseover", "onmousewheel", "onscroll", "onwheel", "oncopy", "onpaste", "oncut", "onabort", "oncanplay", "oncanplaythrough", "oncuechange", "ondurationchange", "onemptied", "onended", "onloadeddata", "onloadedmetadata", "onloadstart", "onpause", "onplay", "onplaying", "onprogress", "onratechange", "onseeked", "onseeking", "onstalled", "onsuspend", "ontimeupdate", "onvolumechange", "onwaiting", "onshow", "ontoggle"};
    private static final boolean f = Contrast.config().e(ContrastProperties.XSS_PIDS);

    @Inject
    public e() {
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.g
    public Z<Object> getRuleId() {
        return this.d;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return (inputType == UserInputDTM.InputType.COOKIE_NAME || inputType == UserInputDTM.InputType.COOKIE_VALUE) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n, com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean shouldAlwaysBlockAtPerimeter(UserInputDTM.InputType inputType) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public E evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if ((inputType.equals(UserInputDTM.InputType.HEADER) && !i.HEADER_REFERER.a(str)) || al.a(i, 4) || al.a(i, 32)) {
            return null;
        }
        if (str3.length() >= 16 || c(str3)) {
            return f ? b(str3) : a(str3);
        }
        return null;
    }

    private E a(String str) {
        E e2 = null;
        o b2 = this.c.b(str);
        if (b2 != null) {
            int f2 = b2.f();
            if (f2 >= getDefiniteAttackThreshold() && b2.b()) {
                e2 = new E(A.MATCHED_ATTACK_SIGNATURE);
                a(b2, e2);
            } else if (f2 >= getWorthWatchingThreshold()) {
                e2 = new E(A.WORTH_WATCHING);
                a(b2, e2);
            }
        }
        return e2;
    }

    private E b(String str) {
        E e2 = null;
        for (int i = 0; i < this.a.size(); i++) {
            C0131k c0131k = this.a.get(i);
            if (c0131k.b().matcher(str).find()) {
                e2 = a(e2, c0131k.c(), c0131k.a());
            }
        }
        return a(e2);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getWorthWatchingThreshold() {
        return 3;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n
    public int getDefiniteAttackThreshold() {
        return 4;
    }

    private boolean c(String str) {
        if (StringUtils.contains(str, "alert") || StringUtils.contains(str, "prompt") || StringUtils.contains(str, "confirm") || StringUtils.contains(str, "eval") || StringUtils.contains(str, "hash") || L.c(str, "<script") || L.c(str, "javascript:") || L.c(str, "vbscript:") || L.c(str, "data:") || L.c(str, "\\u") || StringUtils.contains(str, "Function")) {
            return true;
        }
        int length = str.length();
        for (String str2 : e) {
            if (str2.length() < length && L.c(str, str2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n, com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresSavingInContext(HttpRequest httpRequest) {
        return !C0234o.a(httpRequest);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.X
    public void onRequestEnd(Application application, HttpRequest httpRequest, HttpResponse httpResponse) {
    }
}
