package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.sessiontimeout;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.config.g;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.plugins.security.u;
import com.contrastsecurity.agent.util.F;
import com.contrastsecurity.agent.util.Y;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.File;

/* compiled from: TimeoutAnalyzer.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/sessiontimeout/a.class */
final class a extends ApplicationAnalyzer {
    private final g a;
    private final ProviderUtil b;
    private static final String c = "session-timeout";
    private static final Logger d = LoggerFactory.getLogger(a.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public a(g gVar, ProviderUtil providerUtil) {
        this.a = gVar;
        this.b = providerUtil;
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer
    public void onApplicationResolution(Application application, String str) {
        d.debug("Starting WEB-INF analysis for session timeout for {} at {}", application.getDisplayName(), application.getResolvedPath());
        try {
            if (str != null) {
                a(application, str);
            } else {
                d.debug("No web.xml to scan for timeouts");
            }
        } catch (Throwable th) {
            d.debug("Unknown error searching web.xml looking for long session timeout", th);
        }
    }

    @A
    boolean a(Application application, String str) {
        F a = Y.a(str, "<session-timeout>", "</session-timeout>", 5);
        String a2 = a.a();
        if (a2 == null) {
            d.debug("web.xml has no <session-timeout> setting");
            return false;
        }
        int parseInt = Integer.parseInt(a2);
        if (parseInt <= this.a.c(ContrastProperties.WEB_SESSION_TIMEOUT) && parseInt != -1) {
            d.debug("Found safe timeout value {} safe for {}", Integer.valueOf(parseInt), application.getDisplayName());
            return false;
        }
        d.debug("Found vulnerable timeout value {} for {}", Integer.valueOf(parseInt), application.getDisplayName());
        b(application, a.b());
        return true;
    }

    private void b(Application application, String str) {
        this.b.reportFinding(c, str, u.b.a(c, application.getResolvedPath() + File.separatorChar + "WEB-INF" + File.separatorChar + "web.xml"), null, false, null);
    }
}
