package com.contrastsecurity.agent.plugins.protect.rules.b.a;

import com.contrastsecurity.agent.commons.Lists;
import com.contrastsecurity.agent.commons.NVP;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.MultipartItem;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CmdInjectionDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.CmdInjectionSemanticDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.protect.A;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.InterfaceC0327d;
import com.contrastsecurity.agent.plugins.protect.ProtectContext;
import com.contrastsecurity.agent.plugins.protect.ProtectManager;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.R;
import com.contrastsecurity.agent.plugins.protect.rules.b.f;
import com.contrastsecurity.agent.telemetry.metrics.Counter;
import com.contrastsecurity.agent.telemetry.metrics.TelemetryMetrics;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.agent.v.l;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;

/* compiled from: CmdInjectionSemanticProtectRule.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/rules/b/a/b.class */
final class b implements com.contrastsecurity.agent.plugins.protect.h.a {
    private final com.contrastsecurity.agent.config.e b;
    private final InterfaceC0327d c;
    private final ProtectManager d;
    private final R e;
    private final HttpManager f;
    private final com.contrastsecurity.agent.commons.b g;
    private final Counter h;
    private final Counter i;
    private final Counter j;
    private final Counter k;
    private final int l;
    private static final Pattern m = Pattern.compile("(?:^|\\\\|\\/)(?:sh|bash|zsh|ksh|tcsh|csh|fish|cmd)([-\\/].*)*[-\\/][a-zA-Z]*c");
    private static final String n = "cmdInjectionBackdoorAttackCount";
    private static final String o = "cmdInjectionChainAttackCount";
    private static final String p = "cmdInjectionDangerousPathAnalysisCount";
    private static final String q = "cmdInjectionDangerousPathAttackCount";

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public b(com.contrastsecurity.agent.config.e eVar, InterfaceC0327d interfaceC0327d, ProtectManager protectManager, f fVar, HttpManager httpManager, TelemetryMetrics telemetryMetrics, com.contrastsecurity.agent.commons.b bVar) {
        this.b = eVar;
        this.c = interfaceC0327d;
        this.d = protectManager;
        this.e = new A(eVar, fVar, Lists.of(ConfigProperty.PROTECT_CMDI_BACKDOORS, ConfigProperty.PROTECT_CMDI_CHAINS, ConfigProperty.PROTECT_CMDI_DANGEROUS_PATH_ARGS));
        this.f = httpManager;
        this.g = bVar;
        this.l = fVar.d() + 1;
        this.h = telemetryMetrics.newCounter(n, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("The number of times an attack was detected from semantic analysis with Finding Backdoor").register();
        this.i = telemetryMetrics.newCounter(o, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("The number of times an attack was detected from semantic analysis with Finding Chain").register();
        this.j = telemetryMetrics.newCounter(p, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("The number of times a command was analysed for being a dangerous path").register();
        this.k = telemetryMetrics.newCounter(q, TelemetryMetrics.TelemetryCategory.PROTECT).withDescription("The number of times a command was identified as an attack for a dangerous path").register();
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public int d() {
        return this.l;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.h.a
    public void a(ProtectContext protectContext, String str, String[] strArr, l lVar) {
        String join = StringUtils.join(strArr, " ");
        if (this.b.c(ConfigProperty.PROTECT_CMDI_BACKDOORS)) {
            String e = L.e(join);
            NVP a = a(e);
            if (a != null) {
                this.h.increment();
                a(UserInputDTM.builder().name(a.getName()).value(a.getValue()).type(UserInputDTM.InputType.PARAMETER_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, Lists.of(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                return;
            } else {
                NVP b = b(e);
                if (b != null) {
                    this.h.increment();
                    a(UserInputDTM.builder().name(b.getName()).value(b.getValue()).type(UserInputDTM.InputType.MULTIPART_VALUE).filters(Collections.emptySet()).time(System.currentTimeMillis()).build(), join, Lists.of(CmdInjectionSemanticDTM.Finding.BACKDOOR));
                    return;
                }
            }
        }
        if (this.b.c(ConfigProperty.PROTECT_CMDI_CHAINS)) {
            if (e.a(join) != -1) {
                this.i.increment();
                a(join, Lists.of(CmdInjectionSemanticDTM.Finding.CHAINING));
                return;
            }
        }
        if (this.b.c(ConfigProperty.PROTECT_CMDI_DANGEROUS_PATH_ARGS)) {
            this.j.increment();
            if (d.a(join)) {
                this.k.increment();
                a(join, Lists.of(CmdInjectionSemanticDTM.Finding.PATH_ARGUMENT));
            }
        }
    }

    private NVP a(String str) {
        HttpRequest currentRequest;
        if (this.f == null || (currentRequest = this.f.getCurrentRequest()) == null || !currentRequest.isParametersResolved()) {
            return null;
        }
        return a(str, currentRequest);
    }

    private NVP a(String str, HttpRequest httpRequest) {
        Map<String, String[]> parameters = httpRequest.getParameters();
        for (String str2 : parameters.keySet()) {
            String[] strArr = parameters.get(str2);
            if (strArr != null) {
                for (String str3 : strArr) {
                    String a = com.contrastsecurity.agent.plugins.protect.k.d.a(str3, UserInputDTM.InputType.PARAMETER_VALUE);
                    if (a(a, str)) {
                        return new NVP(str2, a);
                    }
                }
            }
        }
        return null;
    }

    private NVP b(String str) {
        HttpRequest currentRequest = this.f.getCurrentRequest();
        if (currentRequest == null || !currentRequest.isMultipartParametersResolved()) {
            return null;
        }
        return b(str, currentRequest);
    }

    private NVP b(String str, HttpRequest httpRequest) {
        for (MultipartItem multipartItem : httpRequest.getMultipartItems()) {
            String fieldName = multipartItem.getFieldName();
            String a = com.contrastsecurity.agent.plugins.protect.k.d.a(multipartItem.getValue(), UserInputDTM.InputType.MULTIPART_VALUE);
            if (a(a, str)) {
                return new NVP(fieldName, a);
            }
        }
        return null;
    }

    private static boolean a(String str, String str2) {
        if (str == null || str.length() < 2) {
            return false;
        }
        String e = L.e(str);
        return str2.equalsIgnoreCase(e) || (m.matcher(str2).find() && StringUtils.endsWithIgnoreCase(str2, e));
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public ProtectRuleId getRuleId() {
        return ProtectRuleId.CMD_INJECTION_SEMANTIC;
    }

    @Override // com.contrastsecurity.agent.plugins.protect.rules.s
    public R getProtectRuleMode() {
        return this.e;
    }

    private void a(String str, List<CmdInjectionSemanticDTM.Finding> list) {
        a(UserInputDTM.builder().type(UserInputDTM.InputType.UNKNOWN).value(str).time(this.g.now()).build(), str, list);
    }

    private void a(UserInputDTM userInputDTM, String str, List<CmdInjectionSemanticDTM.Finding> list) {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            sb.append(list.get(i));
            if (i < list.size() - 1) {
                sb.append(", ");
            }
        }
        a(userInputDTM, new CmdInjectionSemanticDTM(str, list), sb.toString());
    }

    private void a(UserInputDTM userInputDTM, CmdInjectionDTM cmdInjectionDTM, String str) {
        boolean canBlock = this.d.canBlock(this);
        this.c.a(getRuleId(), (ProtectRuleId) cmdInjectionDTM, userInputDTM, canBlock ? AttackResult.BLOCKED : AttackResult.SUSPICIOUS);
        if (canBlock) {
            throw new AttackBlockedException("Command injection detected: " + str);
        }
    }
}
