package com.contrastsecurity.agent.plugins.rasp.rules.cve.mob;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.h;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.C;
import com.contrastsecurity.agent.plugins.rasp.EnumC0163y;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0103d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.T;
import com.contrastsecurity.agent.plugins.rasp.aa;
import com.contrastsecurity.agent.plugins.rasp.an;
import com.contrastsecurity.agent.plugins.rasp.rules.i;
import com.contrastsecurity.agent.plugins.rasp.rules.n;
import com.contrastsecurity.agent.util.G;
import com.contrastsecurity.agent.util.privileges.SystemAccessPermissions;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import java.util.List;

/* compiled from: MarkOfTheBeastRule.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/cve/mob/f.class */
public final class f extends n<MarkOfTheBeastDetailsDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.a, i<MarkOfTheBeastDetailsDTM, ContrastMarkOfTheBeastDispatcher> {
    public static final String b = "cve-2010-4476";
    private final InterfaceC0103d e;
    private final h<ContrastMarkOfTheBeastDispatcher> f;
    private final RaspManager g;
    private final aa<MarkOfTheBeastDetailsDTM> h = aa.a(b, MarkOfTheBeastDetailsDTM.class);
    static final int c = 25;
    static final int d = 20;
    private static final String i = "2225073858507201";
    private static final G j = G.a("1.4.2_29");
    private static final G k = G.a("1.5.0");
    private static final G l = G.a("1.5.0_27");
    private static final G m = G.a("1.6.0");
    private static final G n = G.a("1.6.0_23");
    private static final String[] o = {"(SR1)", "(SR2)", "(SR3)", "(SR4)", "(SR5)", "(SR6)", "(SR7)", "(SR8)", "(SR9)"};
    private static final String[] p = {"(SR1)", "(SR2)", "(SR3)", "(SR4)", "(SR5)", "(SR6)", "(SR7)", "(SR8)", "(SR9)", "(SR10)", "(SR11)", "(SR12)"};
    private static final String[] q = {"(SR1)", "(SR2)", "(SR3)", "(SR4)", "(SR5)", "(SR6)", "(SR7)", "(SR8)", "(SR9)", "(SR10)", "(SR11)", "(SR12)", "(SR13)"};

    @Inject
    public f(InterfaceC0103d interfaceC0103d, h<ContrastMarkOfTheBeastDispatcher> hVar, RaspManager raspManager) {
        this.e = interfaceC0103d;
        this.f = hVar;
        this.g = raspManager;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.f
    public aa<MarkOfTheBeastDetailsDTM> getRuleId() {
        return this.h;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i2) {
        if (str2 == null || i2 > 0 || str2.length() < 20 || str2.length() > 25 || !str2.replace(WildcardPattern.ANY_CHAR, "").contains(i)) {
            return null;
        }
        return new C(EnumC0163y.MATCHED_ATTACK_SIGNATURE);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.n, com.contrastsecurity.agent.plugins.rasp.Y
    public void onParametersResolved(HttpRequest httpRequest) {
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.h
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_VALUE.equals(inputType) || UserInputDTM.InputType.HEADER.equals(inputType) || UserInputDTM.InputType.QUERYSTRING.equals(inputType);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.a
    public boolean appliesToApplication(Application application) {
        String systemProperty = SystemAccessPermissions.getSystemProperty("java.vm.name");
        String systemProperty2 = SystemAccessPermissions.getSystemProperty("java.version");
        if (systemProperty == null || systemProperty.length() == 0) {
            return true;
        }
        if (!systemProperty.toLowerCase().contains("ibm")) {
            if (systemProperty2 == null || systemProperty2.length() == 0) {
                return true;
            }
            G a = G.a(systemProperty2);
            if (j.compareTo(a) >= 0) {
                return true;
            }
            if (l.compareTo(a) < 0 || k.compareTo(a) > 0) {
                return n.compareTo(a) >= 0 && m.compareTo(a) <= 0;
            }
            return true;
        }
        String systemProperty3 = SystemAccessPermissions.getSystemProperty("java.runtime.version");
        if (systemProperty3 == null || systemProperty3.length() == 0) {
            return true;
        }
        String lowerCase = systemProperty3.toLowerCase();
        if ("1.6.0".equals(systemProperty2)) {
            for (String str : o) {
                if (lowerCase.contains(str)) {
                    return true;
                }
            }
            return false;
        }
        if ("1.5.0".equals(systemProperty2)) {
            for (String str2 : p) {
                if (lowerCase.contains(str2)) {
                    return true;
                }
            }
            return false;
        }
        if (!"1.4.2".equals(systemProperty2)) {
            return "1.4.0".equals(systemProperty2) || "1.4.1.".equals(systemProperty2);
        }
        for (String str3 : q) {
            if (lowerCase.contains(str3)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastMarkOfTheBeastDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!this.g.isSinksDisabled() && "java.lang.Double".equals(instrumentationContext.getClassName())) {
            instrumentationContext.getChanger().addAdapter("DoubleVisitor");
            classVisitor = new b(fVar, instrumentationContext, classVisitor);
        }
        return classVisitor;
    }

    public boolean a(T t, String str) {
        boolean z = false;
        List<an> c2 = t.c(b);
        if (c2 != null) {
            String systemProperty = SystemAccessPermissions.getSystemProperty("java.vm.name");
            String systemProperty2 = SystemAccessPermissions.getSystemProperty("java.version");
            for (an anVar : c2) {
                if (anVar.c(str)) {
                    z = z || a(anVar, str, systemProperty, systemProperty2);
                }
            }
        }
        return z;
    }

    private boolean a(an anVar, String str, String str2, String str3) {
        boolean z = false;
        if (anVar.c()) {
            z = this.g.canBlock(this);
            anVar.c(true);
            this.e.a(this.h, new MarkOfTheBeastDetailsDTM(str, str2, str3), anVar.a(), z ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        }
        return z;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return Double.class.equals(cls);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public h<ContrastMarkOfTheBeastDispatcher> getDispatcherRegistration() {
        return this.f;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public String[] getDeadzones() {
        return null;
    }
}
