package com.contrastsecurity.agent.plugins.frameworks.u.a;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.exclusions.c;
import com.contrastsecurity.agent.apps.exclusions.g;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.i.a.C0172ac;
import com.contrastsecurity.agent.messages.app.settings.ExceptionInputTypeDTM;
import com.contrastsecurity.agent.plugins.frameworks.u.p;
import com.contrastsecurity.agent.plugins.security.I;
import com.contrastsecurity.agent.plugins.security.model.PropagationEvent;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.SourceNode;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.plugins.security.policy.y;
import com.contrastsecurity.agent.r;
import com.contrastsecurity.agent.reflection.Reflect;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

/* compiled from: NettyTraceListener.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/u/a/b.class */
public final class b implements I {
    private final C0172ac a;
    private Class<?> b;
    private Class<?> c;
    private static final String d = "netty.handler.codec.http.QueryStringDecoder";
    private static final String e = "parameters";
    private static final String f = "get";
    private static final Logger g = LoggerFactory.getLogger((Class<?>) p.class);

    @Inject
    public b(C0172ac c0172ac) {
        this.a = c0172ac;
    }

    @Override // com.contrastsecurity.agent.plugins.security.I
    public boolean b(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        if (aVar.b() == null || !aVar.b().contains("netty-content")) {
            return true;
        }
        if (this.b == null || this.c == null) {
            try {
                this.b = this.b == null ? r.a("io.netty.handler.codec.http.FullHttpRequest", false, aVar.k().getClassLoader()) : this.b;
                this.c = this.c == null ? r.a("io.netty.handler.codec.http.DefaultHttpContent", false, aVar.k().getClassLoader()) : this.c;
            } catch (ClassNotFoundException e2) {
                return false;
            }
        }
        if (this.b.isAssignableFrom(aVar.j().getClass()) || this.c.isAssignableFrom(aVar.j().getClass())) {
            return Reflect.reflect(aVar.c(), g).invoke("isReadable").asBoolean(true);
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.security.I
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        if (!com.contrastsecurity.agent.q.a.a(aVar.a(), this.a) || !aVar.b().contains("headers")) {
            return true;
        }
        Object m = aVar.m();
        if (!(m instanceof Map.Entry)) {
            aVar.v();
            return true;
        }
        Object key = ((Map.Entry) m).getKey();
        if (!(key instanceof String) || com.contrastsecurity.agent.plugins.b.c.HEADER_REFERER.a((String) key)) {
            return true;
        }
        aVar.s();
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.security.I
    public boolean a(Application application, Trace trace, Rule rule, SourceEvent sourceEvent, int i, HttpRequest httpRequest, g gVar) {
        SourceNode source = sourceEvent.getSource();
        if (!com.contrastsecurity.agent.q.a.a(source, this.a) || !source.hasSourceTypes()) {
            return false;
        }
        String id = rule.getId();
        if (source.isSourceType(y.QUERYSTRING) && gVar.hasParameterExclusions(c.a.ASSESS)) {
            return a(trace, httpRequest, gVar, id);
        }
        return false;
    }

    private boolean a(Trace trace, HttpRequest httpRequest, g gVar, String str) {
        HashSet hashSet = new HashSet();
        for (CodeEvent codeEvent : trace.getEvents()) {
            if (codeEvent instanceof PropagationEvent) {
                PropagationEvent propagationEvent = (PropagationEvent) codeEvent;
                if (a(propagationEvent)) {
                    hashSet.add(Integer.valueOf(propagationEvent.getRetHash()));
                } else if (a(propagationEvent, hashSet)) {
                    if (gVar.isInputExclusion(c.a.ASSESS, str, httpRequest.getUri(), ExceptionInputTypeDTM.PARAMETER, propagationEvent.getParameters()[0].b())) {
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }

    private boolean a(PropagationEvent propagationEvent) {
        return propagationEvent.getMethod().getDeclaringClassType().endsWith(d) && e.equals(propagationEvent.getMethod().getName());
    }

    private boolean a(PropagationEvent propagationEvent, Set<Integer> set) {
        Iterator<Integer> it = set.iterator();
        while (it.hasNext()) {
            if (propagationEvent.getObjHash() == it.next().intValue() && f.equals(propagationEvent.getMethod().getName())) {
                return true;
            }
        }
        return false;
    }
}
