package com.contrastsecurity.agent.plugins.protect.rules.cve.struts.g;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.i;
import com.contrastsecurity.agent.instr.p;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.EnumC0250y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0182d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.rules.k;
import com.contrastsecurity.agent.plugins.protect.rules.l;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Modifier;

/* compiled from: XsltResultRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/cve/struts/g/e.class */
public final class e extends com.contrastsecurity.agent.plugins.protect.rules.cve.struts.c implements k<CveDetailsDTM>, l<CveDetailsDTM, ContrastXsltResultDispatcher> {
    public static final String a = "cve-2016-3082";
    private final ApplicationManager e;
    private final InterfaceC0182d f;
    private final p<ContrastXsltResultDispatcher> g;
    private final ProtectManager h;
    private final V<CveDetailsDTM> i;
    private static final String k = "xslt.location";
    private static final String j = "org#apache#struts2#views#xslt#XSLTResult".replace("#", ConnectionFactory.DEFAULT_VHOST);
    private static final String[] l = {"2.0.0.jar", "2.0.1.jar", "2.0.2.jar", "2.0.3.jar", "2.0.4.jar", "2.0.5.jar", "2.0.6.jar", "2.0.7.jar", "2.0.8.jar", "2.0.9.jar", "2.0.10.jar", "2.0.11.jar", "2.0.11.1.jar", "2.0.11.2.jar", "2.0.12.jar", "2.0.13.jar", "2.0.14.jar", "2.1.0.jar", "2.1.1.jar", "2.1.2.jar", "2.1.3.jar", "2.1.4.jar", "2.1.5.jar", "2.1.6.jar", "2.1.8.jar", "2.1.8.1.jar", "2.2.1.jar", "2.2.1.1.jar", "2.2.3.jar", "2.2.3.1.jar", "2.3.1.jar", "2.3.1.1.jar", "2.3.1.2.jar", "2.3.3.jar", "2.3.4.jar", "2.3.4.1.jar", "2.3.7.jar", "2.3.8.jar", "2.3.12.jar", "2.3.14.jar", "2.3.14.1.jar", "2.3.14.2.jar", "2.3.14.3.jar", "2.3.15.jar", "2.3.15.1.jar", "2.3.15.2.jar", "2.3.15.3.jar", "2.3.16.jar", "2.3.16.1.jar", "2.3.16.2.jar", "2.3.16.3.jar", "2.3.20.jar", "2.3.20.1.jar", "2.3.24.jar", "2.3.24.1.jar", "2.3.28.jar"};
    public static final Logger d = LoggerFactory.getLogger((Class<?>) e.class);

    @Inject
    public e(ApplicationManager applicationManager, InterfaceC0182d interfaceC0182d, ProtectManager protectManager, p<ContrastXsltResultDispatcher> pVar) {
        super(interfaceC0182d, protectManager);
        this.e = applicationManager;
        this.f = interfaceC0182d;
        this.g = pVar;
        this.h = protectManager;
        this.i = V.a(a, CveDetailsDTM.class);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<CveDetailsDTM> getRuleId() {
        return this.i;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_XSLT_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.m
    public ClassVisitor onInstrumentingClass(i<ContrastXsltResultDispatcher> iVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.h.isSinksDisabled() && instrumentationContext.getCodeSource() != null && !Modifier.isAbstract(instrumentationContext.getFlags()) && instrumentationContext.getInternalClassName().equals(j)) {
            classVisitor = new b(iVar, classVisitor, instrumentationContext);
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.instr.q
    public p<ContrastXsltResultDispatcher> dispatcherRegistration() {
        return this.g;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.cve.struts.c
    protected String[] d() {
        return l;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        d.debug("Evaluating input {} {} {}", inputType.toString(), str, str2);
        A a2 = null;
        if (UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType) && k.equals(str)) {
            d.debug("Evaluating Input {} {}", str, str2);
            a2 = new A(EnumC0250y.MATCHED_ATTACK_SIGNATURE);
        }
        return a2;
    }

    public boolean a(String str) {
        Application current = this.e.current();
        if (current == null) {
            return false;
        }
        boolean z = false;
        if (StringUtils.isNotEmpty(str)) {
            z = c(current);
            com.contrastsecurity.agent.plugins.protect.rules.A vulnerabilityAnalysis = getVulnerabilityAnalysis(current);
            if (vulnerabilityAnalysis == null) {
                d.warn("Not analyzing request for {} because Contrast has not yet analyzed the application's libraries to see if the application is vulnerable", a);
                return false;
            }
            if (!vulnerabilityAnalysis.a()) {
                return false;
            }
            a(str, vulnerabilityAnalysis.c(), z);
        }
        return z;
    }

    private void a(String str, String str2, boolean z) {
        a(getRuleId().a(), k);
        this.f.a(this.i, new CveDetailsDTM(getRuleId().a(), str2), UserInputDTM.builder().name(k).value(str).type(UserInputDTM.InputType.PARAMETER_VALUE).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
