package com.contrastsecurity.agent.plugins.protect.rules.c;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.e.e;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.OgnlInjectionDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.EnumC0250y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0182d;
import com.contrastsecurity.agent.plugins.protect.P;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.aj;
import com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0197a;
import com.contrastsecurity.agent.plugins.protect.rules.s;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* compiled from: OgnlInjectionProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/c/e.class */
public final class e extends s<OgnlInjectionDetailsDTM> implements InterfaceC0197a {
    private final com.contrastsecurity.agent.config.g c;
    private final InterfaceC0182d d;
    private final com.contrastsecurity.agent.commons.d e;
    private final ProtectManager f;
    private final V<OgnlInjectionDetailsDTM> g;
    private final com.contrastsecurity.agent.plugins.protect.g.c h;
    private final e.b<Boolean> i = e.b.a(Boolean.class);
    private static final int j = 50;
    private static final String l = "ognl";
    public static final String b = "ognl-injection";
    private static final int m = 6;
    private static final Set<String> k = Collections.singleton("ognl-detector");
    public static final Logger a = LoggerFactory.getLogger((Class<?>) e.class);

    @Inject
    public e(com.contrastsecurity.agent.config.g gVar, InterfaceC0182d interfaceC0182d, com.contrastsecurity.agent.commons.d dVar, ProtectManager protectManager, V<OgnlInjectionDetailsDTM> v, com.contrastsecurity.agent.plugins.protect.g.c cVar) {
        this.c = gVar;
        this.d = interfaceC0182d;
        this.e = dVar;
        this.f = protectManager;
        this.g = v;
        this.h = cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return !UserInputDTM.InputType.URI.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s, com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean shouldAlwaysBlockAtPerimeter(UserInputDTM.InputType inputType) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.T
    public void onRequestStart(Application application, HttpRequest httpRequest) {
        String uri = httpRequest.getUri();
        P currentContext = this.f.currentContext();
        com.contrastsecurity.agent.plugins.protect.b.b g = currentContext.g(uri);
        a(application, g != null ? g.c() : uri, currentContext);
    }

    private void a(Application application, String str, P p) {
        List<String> a2;
        if (str == null || str.length() < 6 || !g.d(str) || (a2 = g.a(str)) == null || a2.isEmpty()) {
            return;
        }
        for (String str2 : a2) {
            if (g.b(str2)) {
                UserInputDTM build = UserInputDTM.builder().value(str2).type(UserInputDTM.InputType.URI).filters(k).time(this.e.a()).build();
                boolean canBlock = this.f.canBlock(this);
                if (str2.length() > 50) {
                    a(build, str2, canBlock);
                    this.h.a(b, "URI", build.getName(), build.getValue());
                    if (canBlock) {
                        throw new AttackBlockedException("OGNL attack detected");
                    }
                } else {
                    p.a(this.c, application, this, new aj(build, true));
                    this.h.b(b, "URI", build.getName(), build.getValue());
                }
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        boolean b2 = g.b(str);
        boolean b3 = g.b(str3);
        if (!b2 && !b3) {
            return null;
        }
        a.debug("Found ognl input {} {}", str, str2);
        return new A(EnumC0250y.MATCHED_ATTACK_SIGNATURE);
    }

    private void a(UserInputDTM userInputDTM, String str, boolean z) {
        this.d.a(this.g, new OgnlInjectionDetailsDTM(0, str.length(), str), userInputDTM, z ? AttackResult.BLOCKED_AT_PERIMETER : AttackResult.EXPLOITED);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<OgnlInjectionDetailsDTM> getRuleId() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_OGNL_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0197a
    public boolean appliesToApplication(Application application) {
        return application != null && Boolean.TRUE.equals(application.context().a(this.i));
    }

    @Override // com.contrastsecurity.agent.plugins.protect.T
    public void onApplicationProfiled(Application application) {
        application.context().a((e.b<e.b<Boolean>>) this.i, (e.b<Boolean>) Boolean.valueOf(a(application)));
    }

    private boolean a(Application application) {
        Iterator<String> it = application.getLibraryFactNames().iterator();
        while (it.hasNext()) {
            if (it.next().contains(l)) {
                return true;
            }
        }
        return false;
    }
}
