package com.contrastsecurity.agent.plugins.protect.rules.b;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.MultipartItem;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CmdInjectionDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CmdInjectionInputTracingDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CmdInjectionSemanticDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0182d;
import com.contrastsecurity.agent.plugins.protect.P;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.aj;
import com.contrastsecurity.agent.plugins.protect.rules.q;
import com.contrastsecurity.agent.plugins.protect.rules.s;
import com.contrastsecurity.agent.telemetry.b.i;
import com.contrastsecurity.agent.util.C0313q;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.agent.z;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Pattern;

/* compiled from: CmdInjectionProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/b/j.class */
public final class j extends s<CmdInjectionDTM> implements com.contrastsecurity.agent.plugins.protect.h.a<CmdInjectionDTM>, com.contrastsecurity.agent.plugins.protect.rules.g {
    public static final String a = "cmd-injection";
    private final b i;
    private final V<CmdInjectionDTM> j;
    private final InterfaceC0182d k;
    private final com.contrastsecurity.agent.commons.d l;
    private final HttpManager m;
    private final ProtectManager n;
    private final com.contrastsecurity.agent.config.g o;
    private final com.contrastsecurity.agent.telemetry.b.a p;
    private final com.contrastsecurity.agent.telemetry.b.a q;
    private final com.contrastsecurity.agent.telemetry.b.a r;
    private final com.contrastsecurity.agent.telemetry.b.a s;
    private final com.contrastsecurity.agent.telemetry.b.a t;
    private final com.contrastsecurity.agent.telemetry.b.a u;
    private static final String v = "net.sourceforge.argparse4j.internal.TerminalWidth.getTerminalWidth2";

    @z
    static final String b = "cmdInjectionDangerousPathAnalysisCount";

    @z
    static final String c = "cmdInjectionDangerousPathAttackCount";

    @z
    static final String d = "cmdInjectionOnCmdStartCount";

    @z
    static final String e = "cmdInjectionInputAttackCount";

    @z
    static final String f = "cmdInjectionBackdoorAttackCount";

    @z
    static final String g = "cmdInjectionChainAttackCount";
    private static final Pattern h = Pattern.compile("(?:^|\\\\|\\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)([-\\/].*)*[-\\/][a-zA-Z]*c");
    private static final String w = " org.apache.hadoop.security.Groups.getGroups".substring(1);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public j(com.contrastsecurity.agent.commons.d dVar, com.contrastsecurity.agent.config.g gVar, InterfaceC0182d interfaceC0182d, HttpManager httpManager, ProtectManager protectManager, V<CmdInjectionDTM> v2, b bVar, @d q qVar, com.contrastsecurity.agent.telemetry.b.i iVar) {
        super(qVar);
        this.l = dVar;
        this.o = gVar;
        this.k = interfaceC0182d;
        this.m = httpManager;
        this.n = protectManager;
        this.i = bVar;
        this.j = v2;
        Objects.requireNonNull(iVar);
        this.q = iVar.a(b, i.a.PROTECT).a("The number of times a command was analysed for being a dangerous path").f();
        this.r = iVar.a(c, i.a.PROTECT).a("The number of times a command was identified as an attack for a dangerous path").f();
        this.p = iVar.a(d, i.a.PROTECT).a("The number of times onCommandStarting() was called").f();
        this.s = iVar.a(e, i.a.PROTECT).a("The number of times the attack came from an input").f();
        this.t = iVar.a(f, i.a.PROTECT).a("The number of times an attack was detected from semantic analysis with Finding Backdoor").f();
        this.u = iVar.a(g, i.a.PROTECT).a("The number of times an attack was detected from semantic analysis with Finding Chain").f();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<CmdInjectionDTM> getRuleId() {
        return this.j;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_CMDI_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType) || UserInputDTM.InputType.MULTIPART_VALUE.equals(inputType) || UserInputDTM.InputType.QUERYSTRING.equals(inputType) || UserInputDTM.InputType.BODY.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if (ai.a(i, 4) || ai.a(i, 32) || str2.length() < 7) {
            return null;
        }
        return a(this.i, str, str2, i);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s, com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean requiresSavingInContext(HttpRequest httpRequest) {
        return !C0313q.a(httpRequest);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.h.a
    public void a(P p, String[] strArr, com.contrastsecurity.agent.p.j jVar) {
        String join = StringUtils.join(strArr, " ");
        List<aj> c2 = p != null ? p.c(a) : Collections.emptyList();
        this.p.a();
        if (this.o.f(ConfigProperty.PROTECT_CMDI_PHASES) && !c2.isEmpty()) {
            for (aj ajVar : c2) {
                for (int i = 0; i < strArr.length; i++) {
                    UserInputDTM b2 = ajVar.b(strArr[i]);
                    if (b2 != null) {
                        this.s.a();
                        a(ajVar, b2, strArr, i);
                        return;
                    }
                }
                UserInputDTM b3 = ajVar.b(join);
                if (b3 != null) {
                    this.s.a();
                    a(ajVar, b3, new String[]{join}, 0);
                    return;
                }
            }
        }
        if (this.o.f(ConfigProperty.PROTECT_CMDI_BACKDOORS)) {
            String e2 = N.e(join);
            com.contrastsecurity.agent.b.d a2 = a(e2);
            if (a2 != null) {
                this.t.a();
                a(UserInputDTM.builder().name(a2.a()).value(a2.b()).type(UserInputDTM.InputType.PARAMETER_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, com.contrastsecurity.agent.commons.h.a(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                return;
            } else {
                com.contrastsecurity.agent.b.d b4 = b(e2);
                if (b4 != null) {
                    this.t.a();
                    a(UserInputDTM.builder().name(b4.a()).value(b4.b()).type(UserInputDTM.InputType.MULTIPART_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, com.contrastsecurity.agent.commons.h.a(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                    return;
                }
            }
        }
        if (this.o.f(ConfigProperty.PROTECT_CMDI_CHAINS)) {
            if (m.a(join) != -1) {
                this.u.a();
                a(join, com.contrastsecurity.agent.commons.h.a(CmdInjectionSemanticDTM.Finding.CHAINING));
                return;
            }
        }
        if (this.o.f(ConfigProperty.PROTECT_CMDI_DANGEROUS_PATH_ARGS)) {
            this.q.a();
            if (l.a(join)) {
                this.r.a();
                a(join, com.contrastsecurity.agent.commons.h.a(CmdInjectionSemanticDTM.Finding.PATH_ARGUMENT));
            }
        }
    }

    private com.contrastsecurity.agent.b.d a(String str) {
        HttpRequest currentRequest;
        if (this.m == null || (currentRequest = this.m.getCurrentRequest()) == null || !currentRequest.isParametersResolved()) {
            return null;
        }
        return a(str, currentRequest);
    }

    private com.contrastsecurity.agent.b.d a(String str, HttpRequest httpRequest) {
        Map<String, String[]> parameters = httpRequest.getParameters();
        for (String str2 : parameters.keySet()) {
            String[] strArr = parameters.get(str2);
            if (strArr != null) {
                for (String str3 : strArr) {
                    String a2 = com.contrastsecurity.agent.plugins.protect.k.d.a(str3, UserInputDTM.InputType.PARAMETER_VALUE);
                    if (a(a2, str)) {
                        return new com.contrastsecurity.agent.b.d(str2, a2);
                    }
                }
            }
        }
        return null;
    }

    private com.contrastsecurity.agent.b.d b(String str) {
        HttpRequest currentRequest = this.m.getCurrentRequest();
        if (currentRequest == null || !currentRequest.isMultipartParametersResolved()) {
            return null;
        }
        return b(str, currentRequest);
    }

    private com.contrastsecurity.agent.b.d b(String str, HttpRequest httpRequest) {
        for (MultipartItem multipartItem : httpRequest.getMultipartItems()) {
            String fieldName = multipartItem.getFieldName();
            String a2 = com.contrastsecurity.agent.plugins.protect.k.d.a(multipartItem.getValue(), UserInputDTM.InputType.MULTIPART_VALUE);
            if (a(a2, str)) {
                return new com.contrastsecurity.agent.b.d(fieldName, a2);
            }
        }
        return null;
    }

    private static boolean a(String str, String str2) {
        if (str == null || str.length() < 2) {
            return false;
        }
        String e2 = N.e(str);
        return str2.equalsIgnoreCase(e2) || (h.matcher(str2).find() && StringUtils.endsWithIgnoreCase(str2, e2));
    }

    private CmdInjectionInputTracingDTM a(String[] strArr, int i, int i2, int i3) {
        int i4 = 0;
        int i5 = 0;
        StringBuilder sb = new StringBuilder();
        for (int i6 = 0; i6 < strArr.length; i6++) {
            if (i6 == i) {
                int length = sb.length();
                i4 = length + i2;
                i5 = length + i3;
            }
            sb.append(strArr[i6]);
        }
        return new CmdInjectionInputTracingDTM(sb.toString(), i4, i5);
    }

    private void a(aj ajVar, UserInputDTM userInputDTM, String[] strArr, int i) {
        ajVar.c(true);
        int indexOf = strArr[i].indexOf(userInputDTM.getValue());
        a(userInputDTM, a(strArr, i, indexOf, indexOf + userInputDTM.getValue().length()), "input tracing");
    }

    private void a(UserInputDTM userInputDTM, String str, List<CmdInjectionSemanticDTM.Finding> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i < list.size() - 1) {
                sb.append(", ");
            }
        }
        a(userInputDTM == null ? UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.l.a()).build() : userInputDTM, new CmdInjectionSemanticDTM(str, list), sb.toString());
    }

    private void a(String str, List<CmdInjectionSemanticDTM.Finding> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i < list.size() - 1) {
                sb.append(", ");
            }
        }
        a(UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.l.a()).build(), new CmdInjectionSemanticDTM(str, list), sb.toString());
    }

    private void a(UserInputDTM userInputDTM, CmdInjectionDTM cmdInjectionDTM, String str) {
        boolean canBlock = this.n.canBlock(this);
        this.k.a(this.j, cmdInjectionDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("Command injection detected: " + str);
        }
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.g
    public String[] a() {
        return new String[]{v, w};
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public int c() {
        return 1;
    }
}
