package com.contrastsecurity.agent.plugins.protect.rules.g;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.c.n;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.rules.q;
import com.contrastsecurity.agent.plugins.protect.rules.s;
import com.contrastsecurity.agent.util.C0313q;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Objects;

/* compiled from: XSSProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/g/g.class */
public final class g extends s<Object> {
    public static final String a = "reflected-xss";
    private final V<Object> b;
    private final b c;
    private static final String[] d = {"onfinish", "onstart", "onbounce", "onerror", "onload", "onafterprint", "onbeforeprint", "onbeforeunload", "onhashchange", "onmessage", "onoffline", "ononline", "onpagehide", "onpageshow", "onpopstate", "onresize", "onstorage", "onunload", "onblur", "onchange", "oncontextmenu", "onfocus", "oninput", "oninvalid", "onreset", "onsearch", "onselect", "onsubmit", "onkeydown", "onkeypress", "onkeyup", "onclick", "ondblclick", "ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", "ondragstart", "onmousedown", "onmousemove", "onmouseout", "onmouseup", "onmouseover", "onmousewheel", "onscroll", "onwheel", "oncopy", "onpaste", "oncut", "onabort", "oncanplay", "oncanplaythrough", "oncuechange", "ondurationchange", "onemptied", "onended", "onloadeddata", "onloadedmetadata", "onloadstart", "onpause", "onplay", "onplaying", "onprogress", "onratechange", "onseeked", "onseeking", "onstalled", "onsuspend", "ontimeupdate", "onvolumechange", "onwaiting", "onshow", "ontoggle"};

    @Inject
    public g(b bVar, @h q qVar) {
        super(qVar);
        this.b = V.a(a, Object.class);
        this.c = (b) Objects.requireNonNull(bVar);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<Object> getRuleId() {
        return this.b;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_XSS_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public AttackResult b() {
        return AttackResult.SUSPICIOUS;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return (inputType == UserInputDTM.InputType.COOKIE_NAME || inputType == UserInputDTM.InputType.COOKIE_VALUE) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s, com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean shouldAlwaysBlockAtPerimeter(UserInputDTM.InputType inputType) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if ((inputType.equals(UserInputDTM.InputType.HEADER) && !n.HEADER_REFERER.a(str)) || ai.a(i, 4) || ai.a(i, 32)) {
            return null;
        }
        if (str3.length() >= 16 || a(str3)) {
            return a(this.c, str, str3, i);
        }
        return null;
    }

    private boolean a(String str) {
        if (StringUtils.contains(str, "alert") || StringUtils.contains(str, "prompt") || StringUtils.contains(str, "confirm") || StringUtils.contains(str, "eval") || StringUtils.contains(str, "hash") || N.c(str, "<script") || N.c(str, "javascript:") || N.c(str, "vbscript:") || N.c(str, "data:") || N.c(str, "\\u") || StringUtils.contains(str, "Function")) {
            return true;
        }
        int length = str.length();
        for (String str2 : d) {
            if (str2.length() < length && N.c(str, str2)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s, com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean requiresSavingInContext(HttpRequest httpRequest) {
        return !C0313q.a(httpRequest);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.T
    public void onRequestEnd(HttpRequest httpRequest, HttpResponse httpResponse) {
    }
}
