package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import datadog.slf4j.Logger;
import datadog.slf4j.LoggerFactory;
import datadog.trace.api.gateway.IGSpanInfo;
import datadog.trace.api.iast.sink.XContentTypeModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.bootstrap.instrumentation.api.Tags;
import java.util.Locale;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/XContentTypeModuleImpl.classdata */
public class XContentTypeModuleImpl extends SinkModuleBase implements XContentTypeModule {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) XContentTypeModuleImpl.class);

    public XContentTypeModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.HttpRequestEndModule
    public void onRequestEnd(Object obj, IGSpanInfo iGSpanInfo) {
        try {
            IastRequestContext iastRequestContext = (IastRequestContext) obj;
            if (!isNoSniffContentOptions(iastRequestContext.getxContentTypeOptions())) {
                if (!isHtmlResponse(iastRequestContext.getContentType()) || isIgnorableResponseCode((Integer) iGSpanInfo.getTags().get(Tags.HTTP_STATUS))) {
                    return;
                }
                AgentSpan activeSpan = AgentTracer.activeSpan();
                if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
                    this.reporter.report(activeSpan, new Vulnerability(VulnerabilityType.XCONTENTTYPE_HEADER_MISSING, Location.forSpan(activeSpan), null));
                }
            }
        } catch (Throwable th) {
            LOGGER.debug("Exception while checking for missing X Content type optios header", th);
        }
    }

    static boolean isNoSniffContentOptions(@Nullable String str) {
        if (str == null) {
            return false;
        }
        return str.toLowerCase(Locale.ROOT).contains("nosniff");
    }
}
