package com.contrastsecurity.agent.plugins.protect.j;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.i;
import com.contrastsecurity.agent.instr.p;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.EnumC0250y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0182d;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.T;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.aj;
import com.contrastsecurity.agent.plugins.protect.rules.k;
import com.contrastsecurity.agent.plugins.protect.rules.l;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpGet;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpHead;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Modifier;

/* compiled from: Cve_2017_12616Rule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/j/e.class */
public class e extends T<CveDetailsDTM> implements k<CveDetailsDTM>, l<CveDetailsDTM, ContrastSourceDisclosureDispatcher> {
    private static final Logger b = LoggerFactory.getLogger((Class<?>) e.class);
    private static final String[] c = {"7.0", "7.0.0", "7.0.1", "7.0.2", "7.0.3", "7.0.4", "7.0.5", "7.0.6", "7.0.7", "7.0.8", "7.0.9", "7.0.10", "7.0.11", "7.0.12", "7.0.13", "7.0.14", "7.0.15", "7.0.16", "7.0.17", "7.0.18", "7.0.19", "7.0.20", "7.0.21", "7.0.22", "7.0.23", "7.0.24", "7.0.25", "7.0.26", "7.0.27", "7.0.28", "7.0.29", "7.0.30", "7.0.31", "7.0.32", "7.0.33", "7.0.34", "7.0.35", "7.0.36", "7.0.37", "7.0.38", "7.0.39", "7.0.40", "7.0.41", "7.0.42", "7.0.43", "7.0.44", "7.0.45", "7.0.46", "7.0.47", "7.0.48", "7.0.49", "7.0.50", "7.0.51", "7.0.52", "7.0.53", "7.0.54", "7.0.55", "7.0.56", "7.0.57", "7.0.58", "7.0.59", "7.0.60", "7.0.61", "7.0.62", "7.0.63", "7.0.64", "7.0.65", "7.0.66", "7.0.67", "7.0.68", "7.0.69", "7.0.70", "7.0.71", "7.0.72", "7.0.73", "7.0.74", "7.0.75", "7.0.76", "7.0.77", "7.0.78", "7.0.79", "7.0.80"};
    private static final String[] d = {".jsp.", ".jsp%2e", ".jsp ", ".jsp%20", ".jsp+"};
    private static final String[] e = {".jsp::$"};
    private static final String f = " org.apache.catalina.servlets.DefaultServlet".substring(1);
    public static final String a = "cve-2017-12616";
    private final InterfaceC0182d g;
    private final p<ContrastSourceDisclosureDispatcher> h;
    private final HttpManager i;
    private final ProtectManager j;
    private final V<CveDetailsDTM> k = V.a(a, CveDetailsDTM.class);
    private boolean l;
    private boolean m;

    @Inject
    public e(InterfaceC0182d interfaceC0182d, p<ContrastSourceDisclosureDispatcher> pVar, HttpManager httpManager, ProtectManager protectManager) {
        this.g = interfaceC0182d;
        this.h = pVar;
        this.i = httpManager;
        this.j = protectManager;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<CveDetailsDTM> getRuleId() {
        return this.k;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_CVE_2017_12616_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.m
    public ClassVisitor onInstrumentingClass(i<ContrastSourceDisclosureDispatcher> iVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.j.isSinksDisabled() && !Modifier.isAbstract(instrumentationContext.getFlags()) && f.equals(instrumentationContext.getClassName())) {
            classVisitor = new g(classVisitor, instrumentationContext, iVar);
        }
        return classVisitor;
    }

    public final boolean a(HttpRequest httpRequest) {
        if (HttpHead.METHOD_NAME.equals(httpRequest.getMethod())) {
            return false;
        }
        aj f2 = this.j.currentContext().f(a);
        if (f2 == null) {
            b.debug("Didn't observe attack against DefaultServlet");
            return false;
        }
        UserInputDTM a2 = f2.a();
        b.debug("DefaultServlet attack observed {}", a2.getVector());
        f2.c(this.l);
        f2.b(true);
        if (!this.m) {
            this.l = a(httpRequest.getServerVersionInfo());
            this.m = true;
        }
        if (!this.l) {
            return false;
        }
        boolean canBlock = this.j.canBlock(this);
        this.g.a(this.k, new CveDetailsDTM(a, httpRequest.getServerVersionInfo()), a2, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        return canBlock;
    }

    private boolean a(String str) {
        b.debug("DefaultServlet vulnerable Tomcat check shows version is {}", str);
        if (str == null) {
            return false;
        }
        String trim = str.trim();
        if (!trim.contains("/7.")) {
            return false;
        }
        for (String str2 : c) {
            if (trim.endsWith(str2)) {
                b.debug("Confirmed vulnerable");
                return true;
            }
        }
        return false;
    }

    private boolean b(String str) {
        return StringUtils.indexOfAny(str.toLowerCase(), e) != -1;
    }

    private boolean c(String str) {
        return StringUtils.indexOfAny(str.toLowerCase(), d) != -1;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return f.equals(cls.getName());
    }

    @Override // com.contrastsecurity.agent.instr.q
    public p<ContrastSourceDisclosureDispatcher> dispatcherRegistration() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.URI.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean shouldAlwaysBlockAtPerimeter(UserInputDTM.InputType inputType) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean requiresSavingInContext(HttpRequest httpRequest) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        A a2 = null;
        HttpRequest currentRequest = this.i.getCurrentRequest();
        if (HttpGet.METHOD_NAME.equalsIgnoreCase(currentRequest.getMethod())) {
            String normalizedUri = currentRequest.getNormalizedUri();
            if (b(normalizedUri)) {
                b.debug("Observed seemingly definite attack against CVE-2017-12616: {}", normalizedUri);
                a2 = new A(EnumC0250y.MATCHED_ATTACK_SIGNATURE);
            } else if (c(normalizedUri)) {
                b.debug("Observed possible definite attack against CVE-2017-12616: {}", normalizedUri);
                a2 = new A(EnumC0250y.WORTH_WATCHING);
            } else {
                b.debug("URI doesn't appear to be attack against CVE-2017-12616");
            }
        }
        return a2;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public int getMinimumAttackInputLength() {
        return 5;
    }
}
