package com.contrastsecurity.agent.plugins.protect.rules.xxe;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.j.l;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.ExternalEntityWrapperDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.XMLMatchDTM;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.C0386w;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0327d;
import com.contrastsecurity.agent.plugins.protect.ProtectContext;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.R;
import com.contrastsecurity.agent.plugins.protect.rules.s;
import com.contrastsecurity.agent.reflection.Reflect;
import com.contrastsecurity.agent.t;
import com.contrastsecurity.agent.util.JVMUtils;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.jregex.MatchIterator;
import com.contrastsecurity.thirdparty.jregex.MatchResult;
import com.contrastsecurity.thirdparty.jregex.Pattern;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringEscapeUtils;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.InputStream;
import java.io.Reader;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import org.xml.sax.InputSource;

@Singleton
@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/xxe/XXEProtectRule.class */
public final class XXEProtectRule implements s {
    private final InterfaceC0327d attackEventPublisher;
    private final ProtectManager manager;
    private final R protectRuleMode;
    private static final String ERROR_XDPSTART = "xercesDocParsingStart";
    public static final int MAX_EVIDENCE_LENGTH = 2048;
    private static final String INPUT_NAME = "XML Prolog";

    @t
    static final Pattern EXTERNAL_ENTITY = new Pattern("(<!ENTITY(?:\\s+)[a-zA-Z0-f]+(?:\\s+)(?:SYSTEM|PUBLIC)(?:\\s+)(.*?)>)");

    @t
    static final Pattern XINCLUDE = new Pattern("(:include(?:\\s+)href=(?:['\"]((?:\\w:)*(?:\\/)*(?:[A-z0-9.-_+]+(?:\\/)*)+)['\"])(?:\\s*)(?:parse=)*)", 1);

    @t
    static final String WOODSTOX_KEY = ProtectRuleId.XXE.id() + "_woodstox";

    @t
    static final String XERCES_KEY = ProtectRuleId.XXE.id() + "_xerces";
    private static final String XERCES_STAX_KEY = ProtectRuleId.XXE.id() + "_xerces_stax";
    private static final String IBM_KEY = ProtectRuleId.XXE.id() + "_ibm_xlxp";
    private static final String[] PATH_UP_STRS = {"../", "..\\"};
    private static final String[] PATH_STRS = {ConnectionFactory.DEFAULT_VHOST, WildcardPattern.ANY_CHAR};
    private static final String[] SUSPICIOUS_CHARS = {"#", "?"};
    private static final Pattern WINDOWS_FILE_PATTERN = new Pattern("^[\\\\]*[a-zA-Z]{1,3}:.*");
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) XXEProtectRule.class);

    @Inject
    public XXEProtectRule(InterfaceC0327d interfaceC0327d, ProtectManager protectManager, com.contrastsecurity.agent.config.e eVar) {
        this.attackEventPublisher = interfaceC0327d;
        this.manager = protectManager;
        this.protectRuleMode = new C0386w(eVar, ConfigProperty.PROTECT_XXE_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.XXE;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public R getProtectRuleMode() {
        return this.protectRuleMode;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onXercesDocumentParsingStart(ProtectContext protectContext, Object obj) {
        try {
            _onXercesDocumentParsingStart(protectContext, (InputSource) obj);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            com.contrastsecurity.agent.logging.a.a(ERROR_XDPSTART, logger, "Problem handling Xerces document parsing start", (Throwable) this);
        }
    }

    private void _onXercesDocumentParsingStart(ProtectContext protectContext, InputSource inputSource) {
        if (logger.isDebugEnabled()) {
            logger.debug("Starting parsing context for input {} / {}", JVMUtils.getSafeToString(inputSource, true), inputSource.getClass().getName());
        }
        com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g gVar = new com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g();
        InputStream byteStream = inputSource.getByteStream();
        if (byteStream != null) {
            com.contrastsecurity.agent.plugins.protect.rules.xxe.d.a wrap = wrap(byteStream);
            inputSource.setByteStream(wrap);
            gVar.a(wrap);
            if (logger.isDebugEnabled()) {
                logger.debug("Created wrapper for bytestream {} for context {}", JVMUtils.getSafeToString(byteStream, true), JVMUtils.getSafeToString(gVar, true));
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("Bytestream was null -- no wrapper created for input {} for context {}", JVMUtils.getSafeToString(inputSource, true), JVMUtils.getSafeToString(gVar, true));
        }
        Reader characterStream = inputSource.getCharacterStream();
        if (characterStream != null) {
            com.contrastsecurity.agent.plugins.protect.rules.xxe.d.b wrap2 = wrap(characterStream);
            inputSource.setCharacterStream(wrap2);
            gVar.a(wrap2);
            if (logger.isDebugEnabled()) {
                logger.debug("Created wrapper for reader {} for context {}", JVMUtils.getSafeToString(characterStream, true), JVMUtils.getSafeToString(gVar, true));
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("reader was null -- no wrapper created for input {} for context {}", JVMUtils.getSafeToString(inputSource, true), JVMUtils.getSafeToString(gVar, true));
        }
        logger.debug("Saving the context {}", gVar);
        protectContext.put(XERCES_KEY, gVar);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onXercesDoctypeDeclarationFinished(ProtectContext protectContext) {
        try {
            _onXercesDoctypeDeclarationFinished(protectContext);
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            logger.error("Problem handling Xerces doctype declaration end", (Throwable) this);
        }
    }

    private void _onXercesDoctypeDeclarationFinished(ProtectContext protectContext) {
        com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g gVar = (com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g) protectContext.get(XERCES_KEY);
        logger.debug("Xerces doctype declaration finishing for context {}", protectContext);
        if (gVar == null) {
            logger.debug("No xerces parsing context when doctype declaration finished");
        } else {
            gVar.k();
            scanXml(gVar, EXTERNAL_ENTITY);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onXercesEntityResolved(ProtectContext protectContext, String str, Object obj, boolean z, boolean z2) {
        try {
            _onXercesEntityResolved(protectContext, str, obj, z, z2);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            logger.error("Problem handling Xerces entity resolution", (Throwable) this);
        }
    }

    private void _onXercesEntityResolved(ProtectContext protectContext, String str, Object obj, boolean z, boolean z2) {
        e eVar = (e) protectContext.get(XERCES_KEY);
        if (logger.isDebugEnabled()) {
            logger.debug("Entity {} name resolved for context {}", str, JVMUtils.getSafeToString(eVar, true));
        }
        boolean z3 = false;
        if (eVar == null) {
            eVar = (e) protectContext.get(XERCES_STAX_KEY);
            z3 = true;
        }
        if (eVar == null) {
            if (!z3) {
                logger.debug("No xerces parsing context when entity resolved");
                return;
            } else {
                eVar = new e();
                eVar.a(buildSpoofedEntity(str, obj));
            }
        }
        d dVar = new d(obj);
        if (!isExternalEntityId(dVar.a()) || eVar.h()) {
            return;
        }
        eVar.a(dVar);
        eVar.g();
        scanXml(eVar, EXTERNAL_ENTITY);
        sendReport(eVar);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onXercesDocumentParsingEnd(ProtectContext protectContext) {
        try {
            _onXercesDocumentParsingEnd(protectContext);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            logger.error("Problem handling Xerces document parsing end", (Throwable) this);
        }
    }

    private void _onXercesDocumentParsingEnd(ProtectContext protectContext) {
        com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g gVar = (com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g) protectContext.remove(XERCES_KEY);
        logger.debug("Xerces document parsing ends");
        if (gVar == null) {
            logger.debug("No xerces parsing context when document parsing ends");
            return;
        }
        List<d> d = gVar.d();
        List<XMLMatchDTM> c = gVar.c();
        if (d.isEmpty() || c.isEmpty() || gVar.h()) {
            return;
        }
        if (!gVar.e()) {
            scanXml(gVar, EXTERNAL_ENTITY);
        }
        sendReport(gVar);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onStAXEventRead(ProtectContext protectContext, Object obj, Object obj2) {
        try {
            _onStAXEventRead(protectContext, obj, obj2);
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            logger.error("Problem handling StAX event read", (Throwable) this);
        }
    }

    private void _onStAXEventRead(ProtectContext protectContext, Object obj, Object obj2) {
        logger.debug("Analyzing reader {} and event {}", obj, obj2);
        e eVar = (e) protectContext.get(XERCES_STAX_KEY);
        if (eVar == null) {
            eVar = new e();
            protectContext.put(XERCES_STAX_KEY, eVar);
        }
        String simpleName = obj2.getClass().getSimpleName();
        if ("DTDEvent".equals(simpleName)) {
            eVar.a(obj2.toString());
            scanXml(eVar, EXTERNAL_ENTITY);
        } else if ("EndDocumentEvent".equals(simpleName)) {
            protectContext.remove(XERCES_STAX_KEY);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onWoodstoxStAXEventRead(ProtectContext protectContext, Object obj) {
        try {
            _onWoodstoxStAXEventRead(protectContext, obj);
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            logger.error("Problem handling Woodstox/StAX event read", (Throwable) this);
        }
    }

    private void _onWoodstoxStAXEventRead(ProtectContext protectContext, Object obj) {
        logger.debug("Analyzing reader {}", obj);
        e eVar = (e) protectContext.get(WOODSTOX_KEY);
        if (eVar == null) {
            eVar = new e();
            protectContext.put(WOODSTOX_KEY, eVar);
        }
        com.contrastsecurity.agent.plugins.protect.rules.xxe.c.d dVar = new com.contrastsecurity.agent.plugins.protect.rules.xxe.c.d(obj);
        int a = dVar.a();
        if (11 == a) {
            eVar.a(com.contrastsecurity.agent.plugins.protect.rules.xxe.c.a.a + dVar.b());
            scanXml(eVar, EXTERNAL_ENTITY);
        } else if (8 == a) {
            protectContext.remove(WOODSTOX_KEY);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onWoodstoxEntityResolved(ProtectContext protectContext, Object obj) {
        try {
            _onWoodstoxEntityResolved(protectContext, obj);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            logger.error("Problem handling Woodtstox entity resolution", (Throwable) this);
        }
    }

    private void _onWoodstoxEntityResolved(ProtectContext protectContext, Object obj) {
        e eVar = (e) protectContext.get(WOODSTOX_KEY);
        if (eVar == null) {
            logger.debug("No woodstox parsing context when entity resolved");
            return;
        }
        d dVar = new d(obj);
        if (isExternalEntityId(dVar.a())) {
            eVar.a(dVar);
            sendReport(eVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void onIbmXlxpDoctypeParsingEnd(ProtectContext protectContext, Object obj) {
        try {
            _onIbmXlxpDoctypeParsingEnd(protectContext, obj);
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            logger.error("Problem handling IBM XLMP doctype parsing", (Throwable) this);
        }
    }

    private void _onIbmXlxpDoctypeParsingEnd(ProtectContext protectContext, Object obj) throws NoSuchMethodException {
        Object asNullable = Reflect.reflect(obj, logger).field("fDoctypeString").asNullable(Object.class);
        if (asNullable == null) {
            logger.debug("Null xml body received by Contrast IBM XLXP listener");
            return;
        }
        String obj2 = asNullable.toString();
        if (obj2.contains("DTDScanner")) {
            throw new NoSuchMethodException("toString is implemented on the Object rather than StAXDTDScanner and thus dont return the string representation we want");
        }
        e eVar = (e) protectContext.get(IBM_KEY);
        if (eVar == null) {
            eVar = new e();
            protectContext.put(IBM_KEY, eVar);
        }
        eVar.a(obj2);
        scanXml(eVar, EXTERNAL_ENTITY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void onIbmXlxpExternalEntityResolved(ProtectContext protectContext, Object obj, Object obj2) {
        try {
            _onIbmXlxpExternalEntityResolved(protectContext, obj, obj2);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            logger.error("Problem handling IBM XLMP entity resolution", (Throwable) this);
        }
    }

    private void _onIbmXlxpExternalEntityResolved(ProtectContext protectContext, Object obj, Object obj2) {
        String obj3 = obj != null ? obj.toString() : null;
        String obj4 = obj2.toString();
        e eVar = (e) protectContext.get(IBM_KEY);
        if (eVar == null) {
            eVar = new e();
            protectContext.put(IBM_KEY, eVar);
        }
        if (isExternalEntityId(obj4)) {
            eVar.a(new d(obj4, obj3));
            sendReport(eVar);
        }
    }

    boolean isExternalEntityId(String str) {
        if (str == null) {
            return false;
        }
        if ((StringUtils.endsWithIgnoreCase(str, ".dtd") || StringUtils.endsWithIgnoreCase(str, ".xsd") || StringUtils.endsWithIgnoreCase(str, ".ent")) && !containsSuspiciousChars(str)) {
            return false;
        }
        if (StringUtils.startsWithIgnoreCase(str, "http:") || StringUtils.startsWithIgnoreCase(str, "https:") || StringUtils.startsWithIgnoreCase(str, l.a) || StringUtils.startsWithIgnoreCase(str, "ftp:") || StringUtils.startsWithIgnoreCase(str, "jar:") || StringUtils.startsWithIgnoreCase(str, "gopher:") || StringUtils.startsWithAny(str, PATH_STRS)) {
            return true;
        }
        String decode = URLDecoder.decode(str);
        for (String str2 : PATH_UP_STRS) {
            if (decode.contains(str2)) {
                return true;
            }
        }
        return WINDOWS_FILE_PATTERN.matches(str);
    }

    private boolean containsSuspiciousChars(String str) {
        String decode = URLDecoder.decode(str);
        for (String str2 : SUSPICIOUS_CHARS) {
            if (str.contains(str2) || decode.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    private void sendReport(e eVar) {
        String b = eVar.b();
        ArrayList arrayList = new ArrayList(eVar.d());
        boolean canBlock = this.manager.canBlock(this);
        this.attackEventPublisher.a(ProtectRuleId.XXE, (ProtectRuleId) buildXXEDetailsDTM(eVar.c(), arrayList, b), UserInputDTM.builder().value(b).name(INPUT_NAME).type(UserInputDTM.InputType.UNKNOWN).time(eVar.a()).build(), canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("XXE attack detected");
        }
    }

    private XXEDetailsDTM buildXXEDetailsDTM(List<XMLMatchDTM> list, List<d> list2, String str) {
        HashSet hashSet = new HashSet();
        LinkedList linkedList = new LinkedList();
        if (list2 != null) {
            for (d dVar : list2) {
                String a = dVar.a();
                String b = dVar.b();
                String str2 = a + b;
                if (!hashSet.contains(str2)) {
                    hashSet.add(str2);
                    linkedList.add(new ExternalEntityWrapperDTM(a, b));
                }
            }
        }
        return new XXEDetailsDTM(str, list, linkedList);
    }

    private void scanXml(e eVar, Pattern pattern) {
        String b = eVar.b();
        if (b != null) {
            MatchIterator findAll = pattern.matcher(StringEscapeUtils.unescapeHtml(b)).findAll();
            while (findAll.hasMore()) {
                MatchResult nextMatch = findAll.nextMatch();
                eVar.a(new XMLMatchDTM(nextMatch.start(2), nextMatch.end(2)));
            }
        }
        if (pattern.equals(EXTERNAL_ENTITY)) {
            eVar.f();
        }
    }

    private String buildSpoofedEntity(String str, Object obj) {
        String str2 = (String) Reflect.reflect(obj, logger).field("fSystemId").asNullable(String.class, (aVar, th, logger2) -> {
            logger2.error("Problem inspecting XML input source during external entity resolution: {}", aVar, th);
        });
        StringBuilder sb = new StringBuilder();
        sb.append("...[<!ENTITY ");
        sb.append(str);
        if (str2 != null) {
            sb.append(" SYSTEM ");
            sb.append(str2);
        } else {
            sb.append(" ... ");
        }
        sb.append(">]...");
        return sb.toString();
    }

    private com.contrastsecurity.agent.plugins.protect.rules.xxe.d.b wrap(Reader reader) {
        return new com.contrastsecurity.agent.plugins.protect.rules.xxe.d.b(reader);
    }

    private com.contrastsecurity.agent.plugins.protect.rules.xxe.d.a wrap(InputStream inputStream) {
        return new com.contrastsecurity.agent.plugins.protect.rules.xxe.d.a(inputStream);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void onXercesXIncludeGetReaderCallResolved(ProtectContext protectContext, Object obj) {
        try {
            _onXercesXIncludeGetReaderCallResolved(protectContext, obj);
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            logger.error("Problem handling XInclude getReader call resolved", (Throwable) this);
        }
    }

    private void _onXercesXIncludeGetReaderCallResolved(ProtectContext protectContext, Object obj) {
        com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g gVar = (com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g) protectContext.get(XERCES_KEY);
        if (gVar == null) {
            gVar = new com.contrastsecurity.agent.plugins.protect.rules.xxe.d.g();
            protectContext.put(XERCES_KEY, gVar);
        }
        d dVar = new d(obj);
        if (!isExternalEntityId(dVar.a()) || gVar.h()) {
            return;
        }
        gVar.a(dVar);
        gVar.g();
        gVar.k();
        scanXml(gVar, XINCLUDE);
        sendReport(gVar);
    }
}
