package com.contrastsecurity.agent.plugins.protect.rules.pathtraversal;

import com.contrastsecurity.agent.commons.Sets;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.C;
import com.contrastsecurity.agent.plugins.protect.C0386w;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0327d;
import com.contrastsecurity.agent.plugins.protect.ProtectContext;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.R;
import com.contrastsecurity.agent.plugins.protect.ah;
import com.contrastsecurity.agent.plugins.protect.rules.pathtraversal.PathTraversalSemanticDTM;
import com.contrastsecurity.agent.t;
import com.contrastsecurity.agent.telemetry.metrics.Counter;
import com.contrastsecurity.agent.telemetry.metrics.TelemetryMetrics;
import com.contrastsecurity.agent.util.C0477g;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.agent.v.m;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.core.pattern.NotANumber;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.Collections;
import java.util.List;
import java.util.Set;

/* compiled from: PathTraversalProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/pathtraversal/o.class */
public final class o implements com.contrastsecurity.agent.plugins.protect.h.a, com.contrastsecurity.agent.plugins.protect.rules.j, com.contrastsecurity.agent.plugins.protect.rules.n {
    private final InterfaceC0327d d;
    private final com.contrastsecurity.agent.config.e e;
    private final com.contrastsecurity.agent.commons.b f;
    private final ProtectManager g;
    private final com.contrastsecurity.agent.v.m h;
    private final f i;
    private final f j;
    private final Counter k;
    private final Counter l;
    private final R m;

    @t
    static final String b = "pathTraversalSemanticAnalysisCount";

    @t
    static final String c = "pathTraversalSemanticAttackCount";
    private static final int H = 9;
    private static final com.contrastsecurity.agent.v.r n = new com.contrastsecurity.agent.v.k();
    private static final String v = "datadog.common.container.ContainerInfo.<clinit>";
    private static final String w = "com.timgroup.statsd.CgroupReader.<clinit>";
    private static final String x = "org.infinispan.commons.jdkspecific.ProcessorInfo.availableProcessors";
    private static final String o = "org.apache.logging.log4j.core.appender.rolling.AbstractRolloverStrategy.getEligibleFiles";
    private static final String y = "io.github.mweirauch.micrometer.jvm.extras.procfs.ProcfsReader.<clinit>";
    private static final String A = "io.netty.resolver.HostsFileParser.locateHostsFile";
    private static final String z = "io.netty.resolver.HostsFileEntriesProvider$ParserImpl.locateHostsFile";
    private static final String u = "com.newrelic.agent.utilization.DockerData.getDockerContainerId";
    private static final String p = "io.prometheus.client.hotspot.StandardExports.collectMemoryMetricsLinux";
    private static final String q = "io.prometheus.jmx.shaded.io.prometheus.client.hotspot.StandardExports.collectMemoryMetricsLinux";
    private static final String r = "io.prometheus.jmx.shaded.io.prometheus.client.hotspot.StandardExports$StatusReader.procSelfStatusReader";
    private static final String B = "org.springframework.web.servlet.resource.PathResourceResolver.getResource";
    private static final String s = "io.vertx.core.impl.cpu.CpuCoreSensor.determineProcessors";
    private static final String t = "org.wildfly.common.cpu.ProcessorInfo.determineProcessors";
    private static final String C = "org.xbill.DNS.Lookup.refreshDefault";
    private static final String D = "org.xbill.DNS.lookup.LookupSession$LookupSessionBuilder.defaultHostsFileParser";
    private static final Set<String> E = Sets.of("java.lang.SecurityManager.checkRead", "jdk.nashorn.api.scripting.NashornScriptEngine.compileImpl", v, w, x, o, y, A, z, u, p, q, r, B, s, t, C, D);
    private static final String[] F = {"::$DATA", "::$Index", NotANumber.VALUE};
    private static final String[] G = {"/proc/self", "etc/passwd", "etc/shadow", "etc/hosts", "etc/groups", "etc/gshadow", "ntuser.dat", "/Windows/win.ini", "/windows/system32/", "/windows/repair/", "\\proc\\self", "etc\\passwd", "etc\\shadow", "etc\\hosts", "etc\\groups", "etc\\gshadow", "\\Windows\\win.ini", "\\windows\\system32\\", "\\windows\\repair\\"};
    private static final Logger I = LoggerFactory.getLogger((Class<?>) o.class);

    @Inject
    public o(InterfaceC0327d interfaceC0327d, com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.commons.b bVar, ProtectManager protectManager, com.contrastsecurity.agent.v.m mVar, @e f fVar, @q f fVar2, TelemetryMetrics telemetryMetrics) {
        this.d = interfaceC0327d;
        this.e = eVar;
        this.f = bVar;
        this.g = protectManager;
        this.h = mVar;
        this.i = fVar;
        this.j = fVar2;
        this.m = new C0386w(eVar, ConfigProperty.PROTECT_PATH_TRAVERSAL_MODE);
        this.k = telemetryMetrics.newCounter(b, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("Count of how often semantic analysis is applied").register();
        this.l = telemetryMetrics.newCounter(c, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("Count of how often a semantic analysis attack is detected").register();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.PATH_TRAVERSAL;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public R getProtectRuleMode() {
        return this.m;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.HEADER != inputType;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        return (inputType == UserInputDTM.InputType.URI ? this.j : this.i).a(inputType, str, str2, str3, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(ProtectContext protectContext, String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        boolean z2 = false;
        boolean z3 = false;
        List<ah> inputs = protectContext.getInputs(ProtectRuleId.PATH_TRAVERSAL);
        if (inputs != null) {
            for (ah ahVar : inputs) {
                UserInputDTM b2 = ahVar.b(str);
                if (b2 != null) {
                    z2 = z2 || this.g.canBlock(this);
                    ahVar.c(true);
                    this.d.a(ProtectRuleId.PATH_TRAVERSAL, (ProtectRuleId) new PathTraversalInputTracingDTM(str), b2, z2 ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
                    z3 = true;
                }
            }
        }
        if (!z3) {
            List<PathTraversalSemanticDTM.Finding> a = a(str);
            if (!a.isEmpty()) {
                z2 = this.g.canBlock(this);
                this.d.a(ProtectRuleId.PATH_TRAVERSAL, (ProtectRuleId) new PathTraversalSemanticDTM(str, a), UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.f.now()).build(), z2 ? AttackResult.BLOCKED : AttackResult.SUSPICIOUS);
            }
        }
        return z2;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.h.a
    public void a(ProtectContext protectContext, String str, String[] strArr, com.contrastsecurity.agent.v.l lVar) {
        String join = StringUtils.join(strArr, " ");
        for (ah ahVar : protectContext != null ? protectContext.getInputs(ProtectRuleId.PATH_TRAVERSAL) : Collections.emptyList()) {
            for (String str2 : strArr) {
                if (ahVar.c(str2)) {
                    a(ahVar, strArr);
                    return;
                }
            }
            if (ahVar.c(join)) {
                a(ahVar, new String[]{join});
                return;
            }
        }
    }

    private void a(ah ahVar, String[] strArr) {
        ahVar.c(true);
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            sb.append(str);
        }
        a(ahVar.a(), new PathTraversalInputTracingDTM(sb.toString()));
    }

    private void a(UserInputDTM userInputDTM, PathTraversalDTM pathTraversalDTM) {
        boolean canBlock = this.g.canBlock(this);
        this.d.a(ProtectRuleId.PATH_TRAVERSAL, (ProtectRuleId) pathTraversalDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        if (canBlock) {
            throw new AttackBlockedException("path traversal detected: input tracing");
        }
    }

    @t
    List<PathTraversalSemanticDTM.Finding> a(String str) {
        this.k.increment();
        if (d(str)) {
            this.l.increment();
            I.warn("Blocking access to system file being accessed by custom code: {}", com.contrastsecurity.agent.f.c.a(I, str));
            return Collections.singletonList(PathTraversalSemanticDTM.Finding.CUSTOM_CODE_ACCESSING_SYSTEM_FILES);
        }
        if (!b(str)) {
            return Collections.emptyList();
        }
        this.l.increment();
        I.warn("Blocking access to file being accessed with exploit marker in it: {}", com.contrastsecurity.agent.f.c.a(I, str));
        return Collections.singletonList(PathTraversalSemanticDTM.Finding.COMMON_FILE_EXPLOITS);
    }

    @t
    boolean b(String str) {
        return this.e.c(ConfigProperty.PROTECT_PT_COMMON_EXPLOIT) && L.b(str, F);
    }

    private boolean d(String str) {
        return this.e.c(ConfigProperty.PROTECT_PT_CUSTOM_CODE_ACCESS) && c(str) && a(this.h.a(m.a.OTHER).a());
    }

    @t
    boolean c(String str) {
        return L.a(str, G);
    }

    @t
    boolean a(List<StackTraceElement> list) {
        int min = Math.min(list.size(), 9);
        for (int i = 0; i < min; i++) {
            if (C0477g.b(list.get(i).getClassName())) {
                return a(list, min);
            }
        }
        return false;
    }

    private boolean a(List<StackTraceElement> list, int i) {
        for (int i2 = 0; i2 < i; i2++) {
            if (n.test(list.get(i2))) {
                return false;
            }
        }
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.j
    /* renamed from: e, reason: merged with bridge method [inline-methods] */
    public Set<String> b() {
        return E;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public boolean g() {
        return true;
    }
}
