package com.contrastsecurity.agent.plugins.security;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.exclusions.c;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.settings.ExceptionInputTypeDTM;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.SourceNode;
import com.contrastsecurity.agent.plugins.security.policy.rules.Event;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.List;

@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/AssessSourceExclusionHandler.class */
public class AssessSourceExclusionHandler implements com.contrastsecurity.agent.plugins.security.controller.trigger.p {
    private final HttpManager httpManager;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AssessSourceExclusionHandler.class);

    public AssessSourceExclusionHandler(HttpManager httpManager) {
        this.httpManager = httpManager;
    }

    @Override // com.contrastsecurity.agent.plugins.security.controller.trigger.p
    public boolean onTraceTriggered(Application application, Rule rule, Event event, Trace trace, Object obj, Object[] objArr, Object obj2, com.contrastsecurity.agent.plugins.security.controller.o oVar) {
        List<CodeEvent> events = trace.getEvents();
        boolean z = true;
        HttpRequest currentRequest = this.httpManager.getCurrentRequest();
        com.contrastsecurity.agent.apps.exclusions.g exclusionProcessor = application.getExclusionProcessor();
        for (int i = 0; i < events.size() && z; i++) {
            CodeEvent codeEvent = events.get(i);
            if (codeEvent instanceof SourceEvent) {
                z = !isSourceExclusion(trace, rule, (SourceEvent) codeEvent, currentRequest, exclusionProcessor);
            }
        }
        return z;
    }

    @com.contrastsecurity.agent.t
    boolean isSourceExclusion(Trace trace, Rule rule, SourceEvent sourceEvent, HttpRequest httpRequest, com.contrastsecurity.agent.apps.exclusions.g gVar) {
        if (gVar == null) {
            logger.debug("Skipping exclusion processing: exclusion processor is null");
            return false;
        }
        String id = rule.getId();
        SourceNode source = sourceEvent.getSource();
        if (!source.hasSourceTypes()) {
            logger.debug("Skipping exclusion processing: untrusted data source [{}] does not have a processable type", source.getId());
            return false;
        }
        if (sourceEvent.getQueue() != null && (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.BROKER_MESSAGE) || source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.JMS) || source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.RABBITMQ) || source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.KAFKA))) {
            return gVar.isQueueExclusion(c.a.ASSESS, id, sourceEvent.getQueue());
        }
        if (httpRequest == null) {
            logger.debug("Skipping exclusion processing: request model is null");
            return false;
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.PARAMETER)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.PARAMETER, extractInputName(trace, sourceEvent, source));
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.HEADER)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.HEADER, extractInputName(trace, sourceEvent, source));
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.QUERYSTRING)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.QUERYSTRING);
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.COOKIE)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.COOKIE, sourceEvent.getFieldName());
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.BODY) || source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.MULTIPART)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.BODY);
        }
        if (source.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.AUTHORIZATION)) {
            return gVar.isInputExclusion(c.a.ASSESS, id, httpRequest.getUri(), ExceptionInputTypeDTM.HEADER, "authorization");
        }
        return false;
    }

    private String extractInputName(Trace trace, SourceEvent sourceEvent, SourceNode sourceNode) {
        int indexOf;
        String ret;
        String str = null;
        if (sourceEvent != null) {
            str = sourceEvent.getFieldName();
        }
        if (sourceEvent != null && str == null) {
            if (sourceNode == null || !sourceNode.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.VALUE)) {
                if (sourceNode != null && sourceNode.isSourceType(com.contrastsecurity.agent.plugins.security.policy.y.NAME) && trace != null && trace.getEvents() != null && !trace.getEvents().isEmpty() && (indexOf = trace.getEvents().indexOf(sourceEvent)) >= 0 && trace.getEvents().size() > indexOf && (ret = trace.getEvents().get(indexOf + 1).getRet()) != null && !ret.isEmpty()) {
                    str = ret;
                }
            } else if (sourceEvent.getParameters() != null && sourceEvent.getParameters().length > 0) {
                str = sourceEvent.getParameters()[0].b();
            }
        }
        return str;
    }
}
