package com.datadog.iast.sink;

import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.TaintedObject;
import com.datadog.iast.taint.Tainteds;
import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import java.net.URI;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.classdata */
public class UnvalidatedRedirectModuleImpl extends SinkModuleBase implements UnvalidatedRedirectModule {
    private static final String LOCATION_HEADER = "Location";
    private static final String REFERER = "Referer";

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onRedirect(@Nullable String str) {
        if (Tainteds.canBeTainted(str)) {
            checkUnvalidatedRedirect(str);
        }
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onRedirect(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        if (Tainteds.canBeTainted(str)) {
            checkUnvalidatedRedirect(str, str2, str3);
        }
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onURIRedirect(@Nullable URI uri) {
        if (uri == null) {
            return;
        }
        checkUnvalidatedRedirect(uri);
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onHeader(@Nonnull String str, @Nullable String str2) {
        if (str2 == null || !LOCATION_HEADER.equalsIgnoreCase(str)) {
            return;
        }
        onRedirect(str2);
    }

    private void checkUnvalidatedRedirect(@Nonnull Object obj) {
        checkUnvalidatedRedirect(obj, null, null);
    }

    private void checkUnvalidatedRedirect(@Nonnull Object obj, @Nullable String str, @Nullable String str2) {
        TaintedObject taintedObject;
        Range[] notMarkedRanges;
        AgentSpan activeSpan = AgentTracer.activeSpan();
        IastRequestContext iastRequestContext = IastRequestContext.get(activeSpan);
        if (iastRequestContext == null || (taintedObject = iastRequestContext.getTaintedObjects().get(obj)) == null || isRefererHeader(taintedObject.getRanges()) || (notMarkedRanges = Ranges.getNotMarkedRanges(taintedObject.getRanges(), VulnerabilityType.UNVALIDATED_REDIRECT.mark())) == null || notMarkedRanges.length == 0 || !this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return;
        }
        Evidence evidence = new Evidence(obj.toString(), notMarkedRanges);
        if (str == null || str2 == null) {
            report(activeSpan, VulnerabilityType.UNVALIDATED_REDIRECT, evidence);
        } else {
            this.reporter.report(activeSpan, new Vulnerability(VulnerabilityType.UNVALIDATED_REDIRECT, Location.forSpanAndClassAndMethod(activeSpan, str, str2), evidence));
        }
    }

    private boolean isRefererHeader(Range[] rangeArr) {
        for (Range range : rangeArr) {
            if (range.getSource().getOrigin() != 3 || !REFERER.equalsIgnoreCase(range.getSource().getName())) {
                return false;
            }
        }
        return true;
    }
}
