package com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.el;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.commons.r;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.T;
import com.contrastsecurity.agent.plugins.rasp.Y;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: ContrastCve_2011_2730DispatcherImpl.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/cve/spring/el/a.class */
public final class a implements ContrastCve_2011_2730Dispatcher {
    private final r<k> a;
    private final RaspManager b;
    private static final Logger c = LoggerFactory.getLogger(a.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public a(final RaspManager raspManager) {
        this(new r<k>() { // from class: com.contrastsecurity.agent.plugins.rasp.rules.cve.spring.el.a.1
            @Override // com.contrastsecurity.agent.commons.r
            /* renamed from: b, reason: merged with bridge method [inline-methods] */
            public k a() {
                Y<?> ruleById = RaspManager.this.getRuleById(h.b);
                if (ruleById instanceof h) {
                    return (h) ruleById;
                }
                return null;
            }
        }, raspManager);
    }

    @A
    a(r<k> rVar, RaspManager raspManager) {
        this.a = rVar;
        this.b = raspManager;
    }

    @Override // java.lang.ContrastCve_2011_2730Dispatcher
    public void onExpressionEvaluating(String str) {
        c.debug("Received expression evaluation event: {}", str);
        if (a(str) && this.b.shouldProcessSink()) {
            T currentContext = this.b.currentContext();
            k a = this.a.a();
            if (a != null && currentContext != null && a.a(str)) {
                throw new AttackBlockedException("Attack against CVE-2011-2730 detected");
            }
        }
    }

    private static boolean a(String str) {
        return str != null && (str.contains("${") || str.contains("%{"));
    }
}
