package com.contrastsecurity.agent.plugins.protect.rules.cve.spring.el;

import com.contrastsecurity.agent.commons.r;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.P;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.T;
import com.contrastsecurity.agent.z;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: ContrastCve_2011_2730DispatcherImpl.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/cve/spring/el/a.class */
public final class a implements ContrastCve_2011_2730Dispatcher {
    private final r<k> a;
    private final ProtectManager b;
    private static final Logger c = LoggerFactory.getLogger((Class<?>) a.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public a(ProtectManager protectManager) {
        this(() -> {
            T<?> ruleById = protectManager.getRuleById(h.a);
            if (ruleById instanceof h) {
                return (h) ruleById;
            }
            return null;
        }, protectManager);
    }

    @z
    a(r<k> rVar, ProtectManager protectManager) {
        this.a = rVar;
        this.b = protectManager;
    }

    @Override // java.lang.ContrastCve_2011_2730Dispatcher
    public void onExpressionEvaluating(String str) {
        c.debug("Received expression evaluation event: {}", str);
        if (a(str) && this.b.shouldProcessSink()) {
            P currentContext = this.b.currentContext();
            k kVar = this.a.get();
            if (kVar != null && currentContext != null && kVar.a(str)) {
                throw new AttackBlockedException("Attack against CVE-2011-2730 detected");
            }
        }
    }

    private static boolean a(String str) {
        return str != null && (str.contains("${") || str.contains("%{"));
    }
}
