package com.contrastsecurity.agent.plugins.rasp.rules.elinjection;

import com.contrastsecurity.agent.commons.l;
import com.contrastsecurity.agent.commons.m;
import com.contrastsecurity.agent.commons.o;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.C;
import com.contrastsecurity.agent.plugins.rasp.EnumC0163y;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0103d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.T;
import com.contrastsecurity.agent.plugins.rasp.aa;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.n;
import com.contrastsecurity.agent.util.W;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;

/* compiled from: ELInjectionRule.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/elinjection/d.class */
public class d extends n<ELDetailsDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.h<ELDetailsDTM>, com.contrastsecurity.agent.plugins.rasp.rules.i<ELDetailsDTM, ContrastELInjectionDispatcher> {
    private final InterfaceC0103d d;
    private final com.contrastsecurity.agent.instr.h<ContrastELInjectionDispatcher> e;
    private final RaspManager f;
    private final Set<UserInputDTM.InputType> g;
    private final m<StackTraceElement> h;
    private final m<String> i;
    private final Collection<com.contrastsecurity.agent.plugins.rasp.rules.j<ContrastELInjectionDispatcher>> j;
    private final aa<ELDetailsDTM> k;
    public static final String b = "expression-language-injection";
    static final int c = 40;
    private static final String[] l = {"getClassLoader", "getClass", "newInstance", "getURL", "param.", "applicationScope.", "java.lang.Runtime", "getRuntime", "java.lang.ProcessBuilder"};
    private static final String[] m = {"getClassLoader", "java.lang.Runtime", "getRuntime", "java.lang.ProcessBuilder"};
    private static final Pattern n = Pattern.compile(".*forName.*\\(\".*\"\\).*get((Methods|DeclaredMethods).*\\(\\)|Method.*\\(\".*\"\\)).*");
    private static final Logger o = LoggerFactory.getLogger(d.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public d(InterfaceC0103d interfaceC0103d, com.contrastsecurity.agent.instr.h<ContrastELInjectionDispatcher> hVar, RaspManager raspManager, Set<com.contrastsecurity.agent.plugins.rasp.rules.elinjection.a.a> set, aa<ELDetailsDTM> aaVar) {
        this.d = interfaceC0103d;
        this.e = hVar;
        this.f = raspManager;
        l.a((set == null || set.isEmpty()) ? false : true, "must provide at least one extension");
        this.g = o.b(UserInputDTM.InputType.HEADER, UserInputDTM.InputType.PARAMETER_NAME, UserInputDTM.InputType.PARAMETER_VALUE, UserInputDTM.InputType.MULTIPART_VALUE, UserInputDTM.InputType.MULTIPART_CONTENT_TYPE, UserInputDTM.InputType.BODY);
        ArrayList arrayList = new ArrayList(set.size());
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList(set.size());
        for (com.contrastsecurity.agent.plugins.rasp.rules.elinjection.a.a aVar : set) {
            arrayList.add(aVar.a());
            arrayList2.add(aVar.b());
            arrayList3.add(aVar.c());
        }
        this.h = com.contrastsecurity.agent.commons.n.a(arrayList);
        this.i = com.contrastsecurity.agent.commons.n.a(arrayList2);
        this.j = Collections.unmodifiableCollection(arrayList3);
        this.k = aaVar;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastELInjectionDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.f.isSinksDisabled()) {
            Iterator<com.contrastsecurity.agent.plugins.rasp.rules.j<ContrastELInjectionDispatcher>> it = this.j.iterator();
            while (it.hasNext()) {
                classVisitor = it.next().onInstrumentingClass(fVar, classVisitor, instrumentationContext);
            }
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return this.g.contains(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        C c2 = null;
        if (this.g.contains(inputType) && str2 != null && str2.length() > 40 && a(str2)) {
            c2 = new C(EnumC0163y.MATCHED_ATTACK_SIGNATURE);
        }
        return c2;
    }

    private boolean a(String str) {
        int indexOf;
        if (str == null) {
            return false;
        }
        for (String str2 : l) {
            if (str.contains(str2) && (indexOf = str.indexOf(str2)) > 0 && !Character.isLetterOrDigit(str.charAt(indexOf - 1))) {
                return true;
            }
        }
        return n.matcher(str).matches();
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public com.contrastsecurity.agent.instr.h<ContrastELInjectionDispatcher> getDispatcherRegistration() {
        return this.e;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public String[] getDeadzones() {
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.f
    public aa<ELDetailsDTM> getRuleId() {
        return this.k;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onCommandStarting(T t, String[] strArr, com.contrastsecurity.agent.n.i iVar) {
        if (iVar.a(this.h)) {
            String a = W.a(strArr, " ");
            boolean canBlock = this.f.canBlock(this);
            a(UserInputDTM.builder().value(a).type(UserInputDTM.InputType.UNKNOWN).build(), a, canBlock);
            if (canBlock) {
                throw new AttackBlockedException("Command halted during expression evaluation");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(k kVar) {
        boolean canBlock = this.f.canBlock(this);
        T c2 = kVar.c();
        boolean a = a(kVar.a(), c2 != null ? c2.c(b) : Collections.emptyList(), canBlock);
        if (!a) {
            a = a(kVar.a(), canBlock);
        }
        return canBlock && a;
    }

    private boolean a(String str, boolean z) {
        boolean z2 = W.a(str, m) || StringUtils.countMatches(str, "getClass()") > StringUtils.countMatches(str, "getClass().getSimpleName()");
        if (!z2) {
            z2 = this.i.a(str);
        }
        if (z2) {
            a(UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(System.currentTimeMillis()).build(), str, z);
        }
        return z2;
    }

    private boolean a(String str, List<an> list, boolean z) {
        boolean z2 = false;
        if (list != null) {
            for (an anVar : list) {
                if (anVar != null) {
                    String value = anVar.a().getValue();
                    UserInputDTM a = W.a(value) ? null : a(str, anVar);
                    if (a != null) {
                        anVar.c(true);
                        o.debug("Expression string contains user input {}", value);
                        z2 = true;
                        a(a, str, z);
                    }
                }
            }
        }
        return z2;
    }

    private void a(UserInputDTM userInputDTM, String str, boolean z) {
        this.d.a(this.k, new ELDetailsDTM(str), userInputDTM, z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }

    private UserInputDTM a(String str, an anVar) {
        boolean a = W.a(str, l);
        for (UserInputDTM userInputDTM : anVar.b()) {
            if (userInputDTM.getVector().contains(str)) {
                return userInputDTM;
            }
            if (a && userInputDTM.getValue().replace(ConnectionFactory.DEFAULT_VHOST, WildcardPattern.ANY_CHAR).contains(str)) {
                return userInputDTM;
            }
        }
        return null;
    }
}
