package com.datadog.iast;

import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.overhead.OverheadController;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.TaintedObject;
import com.datadog.iast.taint.TaintedObjects;
import datadog.trace.api.Config;
import datadog.trace.api.iast.IastModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
import datadog.trace.util.stacktrace.StackWalker;
import datadog.trace.util.stacktrace.StackWalkerFactory;
import java.io.File;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/IastModuleImpl.classdata */
public final class IastModuleImpl implements IastModule {
    private static final int NULL_STR_LENGTH = "null".length();
    private final Config config;
    private final Reporter reporter;
    private final OverheadController overheadController;
    private final StackWalker stackWalker = StackWalkerFactory.INSTANCE;

    public IastModuleImpl(Config config, Reporter reporter, OverheadController overheadController) {
        this.config = config;
        this.reporter = reporter;
        this.overheadController = overheadController;
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onCipherAlgorithm(@Nullable String str) {
        if (str == null) {
            return;
        }
        if (this.config.getIastWeakCipherAlgorithms().matcher(str.toUpperCase(Locale.ROOT)).matches()) {
            AgentSpan activeSpan = AgentTracer.activeSpan();
            if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
                this.reporter.report(activeSpan, new Vulnerability(VulnerabilityType.WEAK_CIPHER, Location.forSpanAndStack(activeSpan.getSpanId(), (StackTraceElement) this.stackWalker.walk(IastModuleImpl::findValidPackageForVulnerability)), new Evidence(str)));
            }
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onHashingAlgorithm(@Nullable String str) {
        if (str == null) {
            return;
        }
        if (this.config.getIastWeakHashAlgorithms().contains(str.toUpperCase(Locale.ROOT))) {
            AgentSpan activeSpan = AgentTracer.activeSpan();
            if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
                this.reporter.report(activeSpan, new Vulnerability(VulnerabilityType.WEAK_HASH, Location.forSpanAndStack(activeSpan.getSpanId(), (StackTraceElement) this.stackWalker.walk(IastModuleImpl::findValidPackageForVulnerability)), new Evidence(str)));
            }
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onParameterName(@Nullable String str) {
        IastRequestContext iastRequestContext;
        if (str == null || str.isEmpty() || (iastRequestContext = IastRequestContext.get()) == null) {
            return;
        }
        iastRequestContext.getTaintedObjects().taintInputString(str, new Source((byte) 1, str, null));
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onParameterValue(@Nullable String str, @Nullable String str2) {
        IastRequestContext iastRequestContext;
        if (str2 == null || str2.isEmpty() || (iastRequestContext = IastRequestContext.get()) == null) {
            return;
        }
        iastRequestContext.getTaintedObjects().taintInputString(str2, new Source((byte) 2, str, str2));
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onStringConcat(@Nonnull String str, @Nullable String str2, @Nonnull String str3) {
        IastRequestContext iastRequestContext;
        Range[] mergeRanges;
        if (canBeTainted(str3)) {
            if ((canBeTainted(str) || canBeTaintedNullSafe(str2)) && (iastRequestContext = IastRequestContext.get()) != null) {
                TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
                TaintedObject tainted = getTainted(taintedObjects, str);
                TaintedObject tainted2 = getTainted(taintedObjects, str2);
                if (tainted == null && tainted2 == null) {
                    return;
                }
                if (tainted2 == null) {
                    mergeRanges = tainted.getRanges();
                } else if (tainted == null) {
                    mergeRanges = new Range[tainted2.getRanges().length];
                    Ranges.copyShift(tainted2.getRanges(), mergeRanges, 0, str.length());
                } else {
                    mergeRanges = mergeRanges(str.length(), tainted.getRanges(), tainted2.getRanges());
                }
                taintedObjects.taint(str3, mergeRanges);
            }
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onStringBuilderInit(@Nonnull StringBuilder sb, @Nullable CharSequence charSequence) {
        IastRequestContext iastRequestContext;
        TaintedObjects taintedObjects;
        TaintedObject taintedObject;
        if (!canBeTaintedNullSafe(charSequence) || (iastRequestContext = IastRequestContext.get()) == null || (taintedObject = (taintedObjects = iastRequestContext.getTaintedObjects()).get(charSequence)) == null) {
            return;
        }
        taintedObjects.taint(sb, taintedObject.getRanges());
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onStringBuilderAppend(@Nonnull StringBuilder sb, @Nullable CharSequence charSequence) {
        IastRequestContext iastRequestContext;
        TaintedObjects taintedObjects;
        TaintedObject taintedObject;
        if (!canBeTainted(sb) || !canBeTaintedNullSafe(charSequence) || (iastRequestContext = IastRequestContext.get()) == null || (taintedObject = (taintedObjects = iastRequestContext.getTaintedObjects()).get(charSequence)) == null) {
            return;
        }
        TaintedObject taintedObject2 = taintedObjects.get(sb);
        int length = sb.length() - charSequence.length();
        if (taintedObject2 != null) {
            taintedObject2.setRanges(mergeRanges(length, taintedObject2.getRanges(), taintedObject.getRanges()));
            return;
        }
        Range[] ranges = taintedObject.getRanges();
        Range[] rangeArr = new Range[ranges.length];
        Ranges.copyShift(ranges, rangeArr, 0, length);
        taintedObjects.taint(sb, rangeArr);
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onStringBuilderToString(@Nonnull StringBuilder sb, @Nonnull String str) {
        IastRequestContext iastRequestContext;
        TaintedObjects taintedObjects;
        TaintedObject taintedObject;
        if (!canBeTainted(sb) || !canBeTainted(str) || (iastRequestContext = IastRequestContext.get()) == null || (taintedObject = (taintedObjects = iastRequestContext.getTaintedObjects()).get(sb)) == null) {
            return;
        }
        taintedObjects.taint(str, taintedObject.getRanges());
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onStringConcatFactory(@Nullable String str, @Nullable String[] strArr, @Nullable String str2, @Nullable Object[] objArr, @Nonnull int[] iArr) {
        IastRequestContext iastRequestContext;
        int i;
        int toStringLength;
        if (canBeTaintedNullSafe(str) && canBeTaintedNullSafe(strArr) && (iastRequestContext = IastRequestContext.get()) != null) {
            TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
            HashMap hashMap = new HashMap();
            int i2 = 0;
            for (int i3 = 0; i3 < strArr.length; i3++) {
                TaintedObject tainted = getTainted(taintedObjects, strArr[i3]);
                if (tainted != null) {
                    Range[] ranges = tainted.getRanges();
                    hashMap.put(Integer.valueOf(i3), ranges);
                    i2 += ranges.length;
                }
            }
            if (i2 == 0) {
                return;
            }
            Range[] rangeArr = new Range[i2];
            int i4 = 0;
            int i5 = 0;
            for (int i6 : iArr) {
                if (i6 < 0) {
                    i = i4;
                    toStringLength = -i6;
                } else {
                    String str3 = strArr[i6];
                    Range[] rangeArr2 = (Range[]) hashMap.get(Integer.valueOf(i6));
                    if (rangeArr2 != null) {
                        Ranges.copyShift(rangeArr2, rangeArr, i5, i4);
                        i5 += rangeArr2.length;
                    }
                    i = i4;
                    toStringLength = getToStringLength(str3);
                }
                i4 = i + toStringLength;
            }
            taintedObjects.taint(str, rangeArr);
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onJdbcQuery(@Nonnull String str) {
        TaintedObject taintedObject;
        AgentSpan activeSpan = AgentTracer.activeSpan();
        IastRequestContext iastRequestContext = IastRequestContext.get(activeSpan);
        if (iastRequestContext == null || (taintedObject = iastRequestContext.getTaintedObjects().get(str)) == null || !this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return;
        }
        this.reporter.report(activeSpan, new Vulnerability(VulnerabilityType.SQL_INJECTION, Location.forSpanAndStack(activeSpan.getSpanId(), (StackTraceElement) this.stackWalker.walk(IastModuleImpl::findValidPackageForVulnerability)), new Evidence(str, taintedObject.getRanges())));
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onRuntimeExec(@Nonnull String... strArr) {
        IastRequestContext iastRequestContext;
        if (canBeTainted(strArr) && (iastRequestContext = IastRequestContext.get()) != null) {
            checkInjection(VulnerabilityType.COMMAND_INJECTION, Ranges.rangesProviderFor(iastRequestContext.getTaintedObjects(), (Object[]) strArr));
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onProcessBuilderStart(@Nonnull List<String> list) {
        IastRequestContext iastRequestContext;
        if (canBeTainted(list) && (iastRequestContext = IastRequestContext.get()) != null) {
            checkInjection(VulnerabilityType.COMMAND_INJECTION, Ranges.rangesProviderFor(iastRequestContext.getTaintedObjects(), (List) list));
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onPathTraversal(@Nonnull String str) {
        IastRequestContext iastRequestContext;
        if (canBeTainted(str) && (iastRequestContext = IastRequestContext.get()) != null) {
            checkInjection(VulnerabilityType.PATH_TRAVERSAL, Ranges.rangesProviderFor(iastRequestContext.getTaintedObjects(), str));
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onPathTraversal(@Nullable String str, @Nonnull String str2) {
        IastRequestContext iastRequestContext;
        if ((canBeTaintedNullSafe(str) || canBeTainted(str2)) && (iastRequestContext = IastRequestContext.get()) != null) {
            TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
            checkInjection(VulnerabilityType.PATH_TRAVERSAL, str == null ? Ranges.rangesProviderFor(taintedObjects, str2) : Ranges.rangesProviderFor(taintedObjects, Arrays.asList(str, str2)));
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onPathTraversal(@Nonnull String str, @Nonnull String[] strArr) {
        IastRequestContext iastRequestContext;
        Ranges.RangesProvider rangesProviderFor;
        if ((canBeTainted(str) || canBeTainted(strArr)) && (iastRequestContext = IastRequestContext.get()) != null) {
            TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
            if (strArr.length == 0) {
                rangesProviderFor = Ranges.rangesProviderFor(taintedObjects, str);
            } else {
                ArrayList arrayList = new ArrayList(strArr.length + 1);
                arrayList.add(str);
                Collections.addAll(arrayList, strArr);
                rangesProviderFor = Ranges.rangesProviderFor(taintedObjects, (List) arrayList);
            }
            checkInjection(VulnerabilityType.PATH_TRAVERSAL, rangesProviderFor);
        }
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onPathTraversal(@Nonnull URI uri) {
        IastRequestContext iastRequestContext = IastRequestContext.get();
        if (iastRequestContext == null) {
            return;
        }
        checkInjection(VulnerabilityType.PATH_TRAVERSAL, Ranges.rangesProviderFor(iastRequestContext.getTaintedObjects(), uri));
    }

    @Override // datadog.trace.api.iast.IastModule
    public void onPathTraversal(@Nullable File file, @Nonnull String str) {
        IastRequestContext iastRequestContext;
        if (canBeTainted(str) && (iastRequestContext = IastRequestContext.get()) != null) {
            TaintedObjects taintedObjects = iastRequestContext.getTaintedObjects();
            checkInjection(VulnerabilityType.PATH_TRAVERSAL, file == null ? Ranges.rangesProviderFor(taintedObjects, str) : Ranges.rangesProviderFor(taintedObjects, Arrays.asList(file, str)));
        }
    }

    private <E> void checkInjection(@Nonnull VulnerabilityType.InjectionType injectionType, @Nonnull Ranges.RangesProvider<E> rangesProvider) {
        int rangeCount = rangesProvider.rangeCount();
        if (rangeCount == 0) {
            return;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            StringBuilder sb = new StringBuilder();
            Range[] rangeArr = new Range[rangeCount];
            int i = 0;
            for (int i2 = 0; i2 < rangesProvider.size(); i2++) {
                E value = rangesProvider.value(i2);
                if (value != null) {
                    if (sb.length() > 0) {
                        sb.append(injectionType.evidenceSeparator());
                    }
                    Range[] ranges = rangesProvider.ranges(value);
                    if (ranges != null) {
                        Ranges.copyShift(ranges, rangeArr, i, sb.length());
                        i += ranges.length;
                    }
                    sb.append(value);
                }
            }
            this.reporter.report(activeSpan, new Vulnerability(injectionType, Location.forSpanAndStack(activeSpan.getSpanId(), (StackTraceElement) this.stackWalker.walk(IastModuleImpl::findValidPackageForVulnerability)), new Evidence(sb.toString(), rangeArr)));
        }
    }

    static StackTraceElement findValidPackageForVulnerability(Stream<StackTraceElement> stream) {
        StackTraceElement[] stackTraceElementArr = new StackTraceElement[1];
        return stream.filter(stackTraceElement -> {
            if (stackTraceElementArr[0] == null) {
                stackTraceElementArr[0] = stackTraceElement;
            }
            return IastExclusionTrie.apply(stackTraceElement.getClassName()) < 1;
        }).findFirst().orElse(stackTraceElementArr[0]);
    }

    private static TaintedObject getTainted(TaintedObjects taintedObjects, Object obj) {
        if (obj == null) {
            return null;
        }
        return taintedObjects.get(obj);
    }

    private static boolean canBeTainted(@Nonnull CharSequence charSequence) {
        return charSequence.length() > 0;
    }

    private static boolean canBeTaintedNullSafe(@Nullable CharSequence charSequence) {
        return charSequence != null && canBeTainted(charSequence);
    }

    private static boolean canBeTaintedNullSafe(@Nullable CharSequence[] charSequenceArr) {
        if (charSequenceArr == null) {
            return false;
        }
        return canBeTainted(charSequenceArr);
    }

    private static boolean canBeTainted(@Nonnull CharSequence[] charSequenceArr) {
        if (charSequenceArr.length == 0) {
            return false;
        }
        for (CharSequence charSequence : charSequenceArr) {
            if (canBeTaintedNullSafe(charSequence)) {
                return true;
            }
        }
        return false;
    }

    private static boolean canBeTainted(@Nonnull List<? extends CharSequence> list) {
        if (list.size() == 0) {
            return false;
        }
        Iterator<? extends CharSequence> it = list.iterator();
        while (it.hasNext()) {
            if (canBeTaintedNullSafe(it.next())) {
                return true;
            }
        }
        return false;
    }

    private static int getToStringLength(@Nullable String str) {
        return str == null ? NULL_STR_LENGTH : str.length();
    }

    private static Range[] mergeRanges(int i, @Nonnull Range[] rangeArr, @Nonnull Range[] rangeArr2) {
        Range[] rangeArr3 = new Range[rangeArr.length + rangeArr2.length];
        if (rangeArr.length > 0) {
            System.arraycopy(rangeArr, 0, rangeArr3, 0, rangeArr.length);
        }
        if (rangeArr2.length > 0) {
            Ranges.copyShift(rangeArr2, rangeArr3, rangeArr.length, i);
        }
        return rangeArr3;
    }
}
