package com.datadog.iast.sink;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.util.CookieSecurityParser;
import com.datadog.iast.util.HttpHeader;
import datadog.trace.api.iast.InstrumentationBridge;
import datadog.trace.api.iast.sink.HttpCookieModule;
import datadog.trace.api.iast.sink.HttpResponseHeaderModule;
import datadog.trace.api.iast.util.Cookie;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;

/* loaded from: input_file:iast/com/datadog/iast/sink/HttpResponseHeaderModuleImpl.classdata */
public class HttpResponseHeaderModuleImpl extends SinkModuleBase implements HttpResponseHeaderModule {
    @Override // datadog.trace.api.iast.sink.HttpResponseHeaderModule
    public void onHeader(@Nonnull String str, String str2) {
        IastRequestContext iastRequestContext;
        HttpHeader from = HttpHeader.from(str);
        if (from != null) {
            if ((from instanceof HttpHeader.ContextAwareHeader) && (iastRequestContext = IastRequestContext.get(AgentTracer.activeSpan())) != null) {
                ((HttpHeader.ContextAwareHeader) from).onHeader(iastRequestContext, str2);
            }
            if (from == HttpHeader.Values.SET_COOKIE) {
                onCookies(CookieSecurityParser.parse(str2));
            }
            if (null != InstrumentationBridge.UNVALIDATED_REDIRECT) {
                InstrumentationBridge.UNVALIDATED_REDIRECT.onHeader(str, str2);
            }
        }
    }

    @Override // datadog.trace.api.iast.sink.HttpResponseHeaderModule
    public void onCookie(@Nonnull Cookie cookie) {
        onCookies(Collections.singletonList(cookie));
    }

    private void onCookies(List<Cookie> list) {
        Map<VulnerabilityType, Cookie> findVulnerableCookies = findVulnerableCookies(list);
        if (findVulnerableCookies.isEmpty()) {
            return;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            Location forSpanAndStack = Location.forSpanAndStack(spanId(activeSpan), getCurrentStackTrace());
            for (Map.Entry<VulnerabilityType, Cookie> entry : findVulnerableCookies.entrySet()) {
                this.reporter.report(activeSpan, new Vulnerability(entry.getKey(), forSpanAndStack, new Evidence(entry.getValue().getCookieName())));
            }
        }
    }

    private static Map<VulnerabilityType, Cookie> findVulnerableCookies(List<Cookie> list) {
        List<HttpCookieModule<VulnerabilityType>> httpCookieModules = httpCookieModules();
        HashMap hashMap = new HashMap(httpCookieModules.size());
        for (Cookie cookie : list) {
            for (int size = httpCookieModules.size() - 1; size >= 0; size--) {
                HttpCookieModule<VulnerabilityType> httpCookieModule = httpCookieModules.get(size);
                if (httpCookieModule.isVulnerable(cookie)) {
                    hashMap.put(httpCookieModule.getType(), cookie);
                    httpCookieModules.remove(size);
                }
            }
            if (httpCookieModules.isEmpty()) {
                break;
            }
        }
        return hashMap;
    }

    private static List<HttpCookieModule<VulnerabilityType>> httpCookieModules() {
        ArrayList arrayList = new ArrayList();
        if (InstrumentationBridge.NO_HTTPONLY_COOKIE != null) {
            arrayList.add(InstrumentationBridge.NO_HTTPONLY_COOKIE);
        }
        if (InstrumentationBridge.INSECURE_COOKIE != null) {
            arrayList.add(InstrumentationBridge.INSECURE_COOKIE);
        }
        if (InstrumentationBridge.NO_SAMESITE_COOKIE != null) {
            arrayList.add(InstrumentationBridge.NO_SAMESITE_COOKIE);
        }
        return arrayList;
    }
}
