package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.verbtampering;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.plugins.security.u;
import com.contrastsecurity.agent.util.F;
import com.contrastsecurity.agent.util.Y;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Iterator;

/* compiled from: VerbAnalyzer.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/verbtampering/a.class */
final class a extends ApplicationAnalyzer {
    private final ProviderUtil a;
    private static final String b = "verb-tampering";
    private static final Logger c = LoggerFactory.getLogger(a.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public a(ProviderUtil providerUtil) {
        this.a = providerUtil;
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer
    public void onApplicationResolution(Application application, String str) {
        c.debug("Starting WEB-INF analysis for verb tampering for {}", application.getResolvedPath());
        try {
            if (str != null) {
                a(str);
            } else {
                c.debug("No web.xml to analyze for verb tampering weakness");
            }
        } catch (Throwable th) {
            c.warn("Unknown error searching web.xml looking for verb tampering vulnerabilities", th);
        }
    }

    @A
    boolean a(String str) {
        Iterator<F> it = Y.b(str, "security-constraint", "http-method", 5).iterator();
        int i = 0;
        boolean z = false;
        while (it.hasNext()) {
            z = true;
            int i2 = i;
            i++;
            a(it.next(), i2);
        }
        return z;
    }

    private void a(F f, int i) {
        this.a.reportFinding(b, f.b(), u.g.a(b, i), null, false, null);
    }
}
