package com.contrastsecurity.agent.plugins.security.controller.trigger;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.plugins.security.policy.rules.Event;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* compiled from: XSSCheck.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/security/controller/trigger/q.class */
final class q implements a {
    private final HttpManager b;
    static final String a = "reflected-xss";
    private static final String[] c = {"/json", "/x-json", "/javascript", "/x-javascript", "/pdf"};
    private static final Logger d = LoggerFactory.getLogger(q.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public q(HttpManager httpManager) {
        this.b = httpManager;
    }

    @Override // com.contrastsecurity.agent.plugins.security.controller.trigger.a
    public boolean onAfterContextCreated(Application application, Rule rule, Event event, Object obj, Object[] objArr, Object obj2, com.contrastsecurity.agent.plugins.security.controller.p pVar) {
        HttpResponse currentResponse;
        if (!"reflected-xss".equals(rule.getId()) || pVar.b() == null || (currentResponse = this.b.currentResponse()) == null || currentResponse.getContentType() == null) {
            return true;
        }
        String lowerCase = currentResponse.getContentType().toLowerCase();
        if (StringUtils.indexOfAny(lowerCase, c) <= -1) {
            return true;
        }
        d.debug("Ignoring XSS vuln in JSON endpoint with Content-Type {}", lowerCase);
        return false;
    }
}
