package com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.g;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.C;
import com.contrastsecurity.agent.plugins.rasp.EnumC0163y;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0103d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.aa;
import com.contrastsecurity.agent.plugins.rasp.rules.h;
import com.contrastsecurity.agent.plugins.rasp.rules.i;
import com.contrastsecurity.agent.plugins.rasp.rules.r;
import com.contrastsecurity.agent.util.C0204a;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;

/* compiled from: XsltResultRule.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/cve/struts/g/e.class */
public final class e extends com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.c implements h<CveDetailsDTM>, i<CveDetailsDTM, ContrastXsltResultDispatcher> {
    public static final String b = "cve-2016-3082";
    private final ApplicationManager f;
    private final InterfaceC0103d g;
    private final com.contrastsecurity.agent.instr.h<ContrastXsltResultDispatcher> h;
    private final RaspManager i;
    private final aa<CveDetailsDTM> j;
    private static final String l = "xslt.location";
    private static final String k = "org#apache#struts2#views#xslt#XSLTResult".replace("#", ConnectionFactory.DEFAULT_VHOST);
    private static final String[] m = {"2.0.0.jar", "2.0.1.jar", "2.0.2.jar", "2.0.3.jar", "2.0.4.jar", "2.0.5.jar", "2.0.6.jar", "2.0.7.jar", "2.0.8.jar", "2.0.9.jar", "2.0.10.jar", "2.0.11.jar", "2.0.11.1.jar", "2.0.11.2.jar", "2.0.12.jar", "2.0.13.jar", "2.0.14.jar", "2.1.0.jar", "2.1.1.jar", "2.1.2.jar", "2.1.3.jar", "2.1.4.jar", "2.1.5.jar", "2.1.6.jar", "2.1.8.jar", "2.1.8.1.jar", "2.2.1.jar", "2.2.1.1.jar", "2.2.3.jar", "2.2.3.1.jar", "2.3.1.jar", "2.3.1.1.jar", "2.3.1.2.jar", "2.3.3.jar", "2.3.4.jar", "2.3.4.1.jar", "2.3.7.jar", "2.3.8.jar", "2.3.12.jar", "2.3.14.jar", "2.3.14.1.jar", "2.3.14.2.jar", "2.3.14.3.jar", "2.3.15.jar", "2.3.15.1.jar", "2.3.15.2.jar", "2.3.15.3.jar", "2.3.16.jar", "2.3.16.1.jar", "2.3.16.2.jar", "2.3.16.3.jar", "2.3.20.jar", "2.3.20.1.jar", "2.3.24.jar", "2.3.24.1.jar", "2.3.28.jar"};
    public static final Logger e = LoggerFactory.getLogger(e.class);

    @Inject
    public e(ApplicationManager applicationManager, InterfaceC0103d interfaceC0103d, RaspManager raspManager, com.contrastsecurity.agent.instr.h<ContrastXsltResultDispatcher> hVar) {
        super(interfaceC0103d, raspManager);
        this.f = applicationManager;
        this.g = interfaceC0103d;
        this.h = hVar;
        this.i = raspManager;
        this.j = aa.a(b, CveDetailsDTM.class);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.f
    public aa<CveDetailsDTM> getRuleId() {
        return this.j;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastXsltResultDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.i.isSinksDisabled() && instrumentationContext.getCodeSource() != null && C0204a.b(instrumentationContext.getFlags()) && instrumentationContext.getInternalClassName().equals(k)) {
            classVisitor = new b(fVar, classVisitor, instrumentationContext);
            instrumentationContext.setRequiresTransforming(true);
            instrumentationContext.getChanger().addAdapter("XsltResultClassVisitor");
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public com.contrastsecurity.agent.instr.h<ContrastXsltResultDispatcher> getDispatcherRegistration() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public String[] getDeadzones() {
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.cve.struts.c
    protected String[] a() {
        return m;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        e.debug("Evaluating input {} {} {}", inputType.toString(), str, str2);
        C c = null;
        if (UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType) && l.equals(str)) {
            e.debug("Evaluating Input {} {}", str, str2);
            c = new C(EnumC0163y.MATCHED_ATTACK_SIGNATURE);
        }
        return c;
    }

    public boolean a(String str) {
        Application current;
        boolean z = false;
        if (StringUtils.isNotEmpty(str) && (current = this.f.current()) != null) {
            z = c(current);
            r vulnerabilityAnalysis = getVulnerabilityAnalysis(current);
            if (vulnerabilityAnalysis == null) {
                e.warn("Not analyzing request for {} because Contrast has not yet analyzed the application's libraries to see if the application is vulnerable", b);
                return false;
            }
            if (!vulnerabilityAnalysis.a()) {
                return false;
            }
            a(str, vulnerabilityAnalysis.c(), z);
        }
        return z;
    }

    private void a(String str, String str2, boolean z) {
        a(getRuleId().a(), l);
        this.g.a(this.j, new CveDetailsDTM(getRuleId().a(), str2), UserInputDTM.builder().name(l).value(str).type(UserInputDTM.InputType.PARAMETER_VALUE).build(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
    }
}
