package com.contrastsecurity.agent.plugins.protect.rules.cve.spring.a;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.context.ExecutionContext;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CveDetailsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.C0386w;
import com.contrastsecurity.agent.plugins.protect.EnumC0388y;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0327d;
import com.contrastsecurity.agent.plugins.protect.ProtectContext;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.R;
import com.contrastsecurity.agent.plugins.protect.ag;
import com.contrastsecurity.agent.plugins.protect.ah;
import com.contrastsecurity.agent.plugins.protect.rules.C;
import com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0342a;
import com.contrastsecurity.agent.plugins.protect.rules.n;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import java.beans.PropertyDescriptor;
import java.util.Iterator;
import java.util.List;

/* compiled from: BeanIntrospectionRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/cve/spring/a/e.class */
public final class e implements InterfaceC0342a, n {
    private final InterfaceC0327d b;
    private final ProtectManager c;
    private final R d;
    private static final String e = "spring-web";
    private static final String[] f = {"3.0.2.release.jar", "3.0.1.release.jar", "3.0.0.release.jar", "2.5.7.release.jar", "2.5.6.jar", "2.5.6.sec03.jar", "2.5.6.sec02.jar", "2.5.6.sec01.jar", "2.5.5.jar", "2.5.4.jar", "2.5.3.jar", "2.5.2.jar", "2.5.1.jar", "2.5.0.jar"};
    private static final String[] g = {"class.classLoader.URLs"};
    private static final ExecutionContext.b<C> h = ExecutionContext.b.a(C.class);

    @Inject
    public e(InterfaceC0327d interfaceC0327d, ProtectManager protectManager, com.contrastsecurity.agent.config.e eVar) {
        this.b = interfaceC0327d;
        this.c = protectManager;
        this.d = new C0386w(eVar, ConfigProperty.PROTECT_BEAN_INTROSPECTION_MODE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.BEAN_INTROSPECTION;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public R getProtectRuleMode() {
        return this.d;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public com.contrastsecurity.agent.plugins.protect.C evaluateInput(UserInputDTM.InputType inputType, String str, String str2, String str3, int i) {
        if (str2 == null || ag.a(i, 4) || str2.length() <= 22 || !L.a(str2, g)) {
            return null;
        }
        return new com.contrastsecurity.agent.plugins.protect.C(EnumC0388y.MATCHED_ATTACK_SIGNATURE);
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToInputType(UserInputDTM.InputType inputType) {
        return UserInputDTM.InputType.PARAMETER_NAME == inputType;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0342a
    public void onApplicationProfiled(Application application) {
        application.context().put(h, a(application));
    }

    private C a(Application application) {
        for (String str : application.getLibraryFactNames()) {
            if (str != null && str.contains(e)) {
                for (String str2 : f) {
                    if (str.endsWith(str2)) {
                        return C.a(str, str2);
                    }
                }
            }
        }
        return C.d();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.n
    public boolean appliesToApplication(Application application) {
        C c;
        return (application == null || (c = (C) application.context().get(h)) == null || !c.a()) ? false : true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [com.contrastsecurity.agent.plugins.m, java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    public boolean a(Application application, Class<?> cls, PropertyDescriptor[] propertyDescriptorArr) {
        ProtectContext currentContext = this.c.currentContext();
        ?? startAspectTiming = currentContext.startAspectTiming(com.contrastsecurity.agent.telemetry.metrics.a.c.SINK_ANALYSIS);
        try {
            if (!a(cls, propertyDescriptorArr) || !appliesToApplication(application)) {
                if (startAspectTiming != 0) {
                    startAspectTiming.close();
                }
                return false;
            }
            List<ah> inputs = currentContext.getInputs(ProtectRuleId.BEAN_INTROSPECTION);
            if (inputs == null || inputs.isEmpty()) {
                if (startAspectTiming != 0) {
                    startAspectTiming.close();
                }
                return false;
            }
            boolean canBlock = this.c.canBlock(this);
            a(application, inputs, canBlock);
            if (startAspectTiming != 0) {
                startAspectTiming.close();
            }
            return canBlock;
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            AutoCloseable autoCloseable = startAspectTiming;
            if (autoCloseable != null) {
                try {
                    autoCloseable = startAspectTiming;
                    autoCloseable.close();
                } catch (Throwable th2) {
                    Throwables.throwIfCritical(th2);
                    startAspectTiming.addSuppressed(autoCloseable);
                }
            }
            throw startAspectTiming;
        }
    }

    private boolean a(Class<?> cls, PropertyDescriptor[] propertyDescriptorArr) {
        for (PropertyDescriptor propertyDescriptor : propertyDescriptorArr) {
            if (Class.class.equals(cls) && propertyDescriptor != null && "classLoader".equals(propertyDescriptor.getName())) {
                return true;
            }
        }
        return false;
    }

    private void a(Application application, List<ah> list, boolean z) {
        C c = (C) application.context().get(h);
        if (c == null || !c.a()) {
            throw new IllegalStateException("Attempting to report a vulnerability for " + ProtectRuleId.BEAN_INTROSPECTION.id() + " but we have not detected vulnerable library");
        }
        CveDetailsDTM cveDetailsDTM = new CveDetailsDTM(ProtectRuleId.BEAN_INTROSPECTION.id(), c.c());
        AttackResult attackResult = z ? AttackResult.BLOCKED : AttackResult.EXPLOITED;
        Iterator<ah> it = list.iterator();
        while (it.hasNext()) {
            this.b.a(ProtectRuleId.BEAN_INTROSPECTION, (ProtectRuleId) cveDetailsDTM, it.next().a(), attackResult);
        }
    }
}
