package com.contrastsecurity.agent.plugins.protect.rules.pathtraversal;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.EnumC0250y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0182d;
import com.contrastsecurity.agent.plugins.protect.P;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.V;
import com.contrastsecurity.agent.plugins.protect.ai;
import com.contrastsecurity.agent.plugins.protect.aj;
import com.contrastsecurity.agent.plugins.protect.rules.pathtraversal.PathTraversalSemanticDTM;
import com.contrastsecurity.agent.telemetry.b.i;
import com.contrastsecurity.agent.util.C0301e;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.agent.z;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.core.pattern.NotANumber;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.File;
import java.lang.reflect.Modifier;
import java.util.Collections;
import java.util.List;
import java.util.Objects;

/* compiled from: PathTraversalProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/pathtraversal/o.class */
public final class o extends com.contrastsecurity.agent.plugins.protect.rules.s<PathTraversalDTM> implements com.contrastsecurity.agent.plugins.protect.h.a<PathTraversalDTM>, com.contrastsecurity.agent.plugins.protect.rules.g, com.contrastsecurity.agent.plugins.protect.rules.l<PathTraversalDTM, ContrastPathTraversalDispatcher> {
    public static final String a = "path-traversal";
    private final V<PathTraversalDTM> d;
    private final InterfaceC0182d e;
    private final com.contrastsecurity.agent.config.g f;
    private final com.contrastsecurity.agent.commons.d g;
    private final com.contrastsecurity.agent.instr.p<ContrastPathTraversalDispatcher> h;
    private final ProtectManager i;
    private final com.contrastsecurity.agent.p.k j;
    private final e k;
    private final e l;
    private final String m;
    private final com.contrastsecurity.agent.telemetry.b.a n;
    private final com.contrastsecurity.agent.telemetry.b.a o;
    private final boolean p;

    @z
    static final String b = "pathTraversalSemanticAnalysisCount";

    @z
    static final String c = "pathTraversalSemanticAttackCount";
    private static final String s = "io.prometheus.client.hotspot.StandardExports.collectMemoryMetricsLinux";
    private static final String t = "io.prometheus.jmx.shaded.io.prometheus.client.hotspot.StandardExports.collectMemoryMetricsLinux";
    private static final String u = "io.prometheus.jmx.shaded.io.prometheus.client.hotspot.StandardExports$StatusReader.procSelfStatusReader";
    private static final String v = "io.vertx.core.impl.cpu.CpuCoreSensor.determineProcessors";
    private static final String w = "org.wildfly.common.cpu.ProcessorInfo.determineProcessors";
    private static final String x = "com.newrelic.agent.utilization.DockerData.getDockerContainerId";
    private static final String y = "datadog.common.container.ContainerInfo.<clinit>";
    private static final String z = "com.timgroup.statsd.CgroupReader.<clinit>";
    private static final String A = "org.infinispan.commons.jdkspecific.ProcessorInfo.availableProcessors";
    private static final int D = 9;
    private static final String F = "java/io/File";
    private static final int I = 8;
    private static final com.contrastsecurity.agent.p.o q = new com.contrastsecurity.agent.p.i();
    private static final String r = " org.apache.logging.log4j.core.appender.rolling.AbstractRolloverStrategy.getEligibleFiles".substring(1);
    private static final String[] B = {"::$DATA", "::$Index", NotANumber.VALUE};
    private static final String[] C = {"/proc/self", "etc/passwd", "etc/shadow", "etc/hosts", "etc/groups", "etc/gshadow", "ntuser.dat", "/Windows/win.ini", "/windows/system32/", "/windows/repair/", "\\proc\\self", "etc\\passwd", "etc\\shadow", "etc\\hosts", "etc\\groups", "etc\\gshadow", "\\Windows\\win.ini", "\\windows\\system32\\", "\\windows\\repair\\"};
    private static final String[] E = {"pass", "pwd"};
    private static final String G = "java/nio/file/Paths";
    private static final String H = G.replaceAll(ConnectionFactory.DEFAULT_VHOST, WildcardPattern.ANY_CHAR);
    private static final Logger J = LoggerFactory.getLogger((Class<?>) o.class);

    @Inject
    public o(InterfaceC0182d interfaceC0182d, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.commons.d dVar, com.contrastsecurity.agent.instr.p<ContrastPathTraversalDispatcher> pVar, ProtectManager protectManager, com.contrastsecurity.agent.p.k kVar, V<PathTraversalDTM> v2, @d e eVar, @r e eVar2, @p com.contrastsecurity.agent.plugins.protect.rules.q qVar, com.contrastsecurity.agent.telemetry.b.i iVar) {
        super(qVar);
        this.e = interfaceC0182d;
        this.f = gVar;
        this.g = dVar;
        this.h = pVar;
        this.i = protectManager;
        this.j = kVar;
        this.k = eVar;
        this.l = eVar2;
        this.d = v2;
        this.m = gVar.c(ConfigProperty.PROTECT_TELEMETRY_DIR);
        this.p = StringUtils.isEmpty(this.m);
        Objects.requireNonNull(iVar);
        this.n = iVar.a(b, i.a.PROTECT).a("Count of how often semantic analysis is applied").f();
        this.o = iVar.a(c, i.a.PROTECT).a("Count of how often a semantic analysis attack is detected").f();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public V<PathTraversalDTM> getRuleId() {
        return this.d;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.i
    public ConfigProperty getModeOverrideKey() {
        return ConfigProperty.PROTECT_PATH_TRAVERSAL_MODE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return !UserInputDTM.InputType.HEADER.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.k
    public A evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if (ai.a(i, 4) || str2.length() < 8 || d(str)) {
            return null;
        }
        A a2 = a(a(inputType == UserInputDTM.InputType.URI ? this.l : this.k, str, str2, i));
        if (a2 != null) {
            return a2;
        }
        if (str2.lastIndexOf(0) == str2.length() - 1) {
            return new A(EnumC0250y.WORTH_WATCHING);
        }
        return null;
    }

    private boolean d(String str) {
        return N.a(str, E);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.m
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.i<ContrastPathTraversalDispatcher> iVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.i.isSinksDisabled()) {
            if (instrumentationContext.getCodeSource() != null) {
                if (!Modifier.isAbstract(instrumentationContext.getFlags()) && (instrumentationContext.getAncestors().contains(com.contrastsecurity.agent.plugins.frameworks.z.b.m) || instrumentationContext.getAncestors().contains(com.contrastsecurity.agent.plugins.frameworks.z.b.n))) {
                    classVisitor = new t(iVar, instrumentationContext, classVisitor);
                }
            } else if (F.equals(instrumentationContext.getInternalClassName())) {
                classVisitor = new c(iVar, instrumentationContext, classVisitor);
            } else if (G.equals(instrumentationContext.getInternalClassName())) {
                classVisitor = new s(iVar, instrumentationContext, classVisitor);
            }
        }
        return classVisitor;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(P p, String str) {
        if ((!this.p && this.m.equals(str)) || StringUtils.isEmpty(str)) {
            return false;
        }
        boolean z2 = false;
        boolean z3 = false;
        List<aj> c2 = p.c(a);
        if (c2 != null) {
            for (aj ajVar : c2) {
                UserInputDTM b2 = ajVar.b(str);
                if (b2 != null) {
                    z2 = z2 || this.i.canBlock(this);
                    ajVar.c(true);
                    this.e.a(this.d, new PathTraversalInputTracingDTM(str), b2, z2 ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
                    z3 = true;
                }
            }
        }
        if (!z3) {
            List<PathTraversalSemanticDTM.Finding> a2 = a(str);
            if (!a2.isEmpty()) {
                z2 = this.i.canBlock(this);
                this.e.a(this.d, new PathTraversalSemanticDTM(str, a2), UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.g.a()).build(), z2 ? AttackResult.BLOCKED : AttackResult.SUSPICIOUS);
            }
        }
        return z2;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.h.a
    public void a(P p, String[] strArr, com.contrastsecurity.agent.p.j jVar) {
        String join = StringUtils.join(strArr, " ");
        for (aj ajVar : p != null ? p.c(a) : Collections.emptyList()) {
            for (String str : strArr) {
                if (ajVar.c(str)) {
                    a(ajVar, strArr);
                    return;
                }
            }
            if (ajVar.c(join)) {
                a(ajVar, new String[]{join});
                return;
            }
        }
    }

    private void a(aj ajVar, String[] strArr) {
        ajVar.c(true);
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str);
        }
        a(ajVar.a(), new PathTraversalInputTracingDTM(sb.toString()));
    }

    private void a(UserInputDTM userInputDTM, PathTraversalDTM pathTraversalDTM) {
        boolean canBlock = this.i.canBlock(this);
        this.e.a(this.d, pathTraversalDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("path traversal detected: input tracing");
        }
    }

    List<PathTraversalSemanticDTM.Finding> a(String str) {
        this.n.a();
        if (e(str)) {
            this.o.a();
            J.warn("Blocking access to system file being accessed by custom code: {}", com.contrastsecurity.agent.f.c.a(J, str));
            return Collections.singletonList(PathTraversalSemanticDTM.Finding.CUSTOM_CODE_ACCESSING_SYSTEM_FILES);
        }
        if (!b(str)) {
            return Collections.emptyList();
        }
        this.o.a();
        J.warn("Blocking access to file being accessed with exploit marker in it: {}", com.contrastsecurity.agent.f.c.a(J, str));
        return Collections.singletonList(PathTraversalSemanticDTM.Finding.COMMON_FILE_EXPLOITS);
    }

    boolean b(String str) {
        return this.f.f(ConfigProperty.PROTECT_PT_COMMON_EXPLOIT) && N.b(str, B);
    }

    private boolean e(String str) {
        return this.f.f(ConfigProperty.PROTECT_PT_CUSTOM_CODE_ACCESS) && c(str) && a(this.j.a().a());
    }

    boolean c(String str) {
        return N.a(str, C);
    }

    boolean a(List<StackTraceElement> list) {
        int min = Math.min(list.size(), 9);
        for (int i = 0; i < min; i++) {
            if (C0301e.b(list.get(i).getClassName())) {
                return a(list, min);
            }
        }
        return false;
    }

    private boolean a(List<StackTraceElement> list, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            if (q.test(list.get(i2))) {
                return false;
            }
        }
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.l
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return File.class.equals(cls) || H.equals(cls.getName()) || SecurityManager.class.equals(cls);
    }

    @Override // com.contrastsecurity.agent.instr.q
    public com.contrastsecurity.agent.instr.p<ContrastPathTraversalDispatcher> dispatcherRegistration() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.g
    public String[] a() {
        return new String[]{"java.lang.SecurityManager.checkRead", "jdk.nashorn.api.scripting.NashornScriptEngine.compileImpl", v, w, x, y, z, A, s, t, u, r};
    }
}
