package com.contrastsecurity.agent.plugins.rasp.rules.methodtampering;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.o;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0103d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.Y;
import com.contrastsecurity.agent.plugins.rasp.aa;
import com.contrastsecurity.agent.util.C0226w;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpDelete;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpGet;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpHead;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpOptions;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpPatch;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpPost;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpPut;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpTrace;
import java.util.Set;

/* compiled from: HTTPMethodTamperingRule.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/methodtampering/c.class */
public final class c extends Y<HTTPMethodTamperingDetailsDTM> {
    public static final String b = "method-tampering";
    private final InterfaceC0103d c;
    private final RaspManager d;
    private final aa<HTTPMethodTamperingDetailsDTM> e = aa.a(b, HTTPMethodTamperingDetailsDTM.class);
    private static final Set<String> f = o.b(HttpOptions.METHOD_NAME, HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpPost.METHOD_NAME, HttpPut.METHOD_NAME, HttpDelete.METHOD_NAME, HttpTrace.METHOD_NAME, "CONNECT", "PROPFIND", "PROPPATCH", "MKCOL", "COPY", "MOVE", "LOCK", "UNLOCK", "VERSION-CONTROL", "REPORT", "CHECKOUT", "CHECKIN", "UNCHECKOUT", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY", "ORDERPATCH", "ACL", "SEARCH", "MKCALENDAR", HttpPatch.METHOD_NAME);

    @Inject
    public c(InterfaceC0103d interfaceC0103d, RaspManager raspManager) {
        this.c = interfaceC0103d;
        this.d = raspManager;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.f
    public aa<HTTPMethodTamperingDetailsDTM> getRuleId() {
        return this.e;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onRequestStart(Application application, HttpRequest httpRequest) {
        String method = httpRequest.getMethod();
        if (a(httpRequest) && this.d.canBlock(this)) {
            UserInputDTM a = a(method);
            this.c.a(this.e, new HTTPMethodTamperingDetailsDTM(method), a, AttackResult.BLOCKED);
            throw new AttackBlockedException("HTTP Method Tampering detected");
        }
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onRequestEnd(Application application, HttpRequest httpRequest, HttpResponse httpResponse) {
        int status = httpResponse.getStatus();
        if (status == 501 || status == 405 || this.d.canBlock(this) || !a(httpRequest)) {
            return;
        }
        String method = httpRequest.getMethod();
        UserInputDTM a = a(method);
        this.c.a(this.e, new HTTPMethodTamperingDetailsDTM(method, status), a, AttackResult.EXPLOITED);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onParametersResolved(HttpRequest httpRequest) {
    }

    private boolean a(HttpRequest httpRequest) {
        String method = httpRequest.getMethod();
        return (method == null || f.contains(method) || C0226w.b(httpRequest)) ? false : true;
    }

    private UserInputDTM a(String str) {
        return UserInputDTM.builder().value(str).type(UserInputDTM.InputType.METHOD).build();
    }
}
