package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.TaintedObject;
import com.datadog.iast.util.HttpHeader;
import datadog.trace.api.iast.sink.HeaderInjectionModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/HeaderInjectionModuleImpl.classdata */
public class HeaderInjectionModuleImpl extends SinkModuleBase implements HeaderInjectionModule {
    private static final Set<HttpHeader> headerInjectionExclusions = new HashSet(Arrays.asList(HttpHeader.Values.SEC_WEBSOCKET_LOCATION, HttpHeader.Values.SEC_WEBSOCKET_ACCEPT, HttpHeader.Values.UPGRADE, HttpHeader.Values.CONNECTION, HttpHeader.Values.LOCATION));

    public HeaderInjectionModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.HeaderInjectionModule
    public void onHeader(@Nonnull String str, @Nullable String str2) {
        AgentSpan activeSpan;
        IastRequestContext iastRequestContext;
        TaintedObject taintedObject;
        Range[] notMarkedRanges;
        if (null == str2) {
            return;
        }
        HttpHeader from = HttpHeader.from(str);
        if (headerInjectionExclusions.contains(from) || (iastRequestContext = IastRequestContext.get((activeSpan = AgentTracer.activeSpan()))) == null || null == (taintedObject = iastRequestContext.getTaintedObjects().get(str2)) || (notMarkedRanges = Ranges.getNotMarkedRanges(taintedObject.getRanges(), VulnerabilityType.HEADER_INJECTION.mark())) == null || notMarkedRanges.length == 0) {
            return;
        }
        if (from == HttpHeader.Values.ACCESS_CONTROL_ALLOW_ORIGIN) {
            boolean z = true;
            for (Range range : notMarkedRanges) {
                if (null != range.getSource().getName() && range.getSource().getOrigin() == 3 && !range.getSource().getName().equalsIgnoreCase("origin")) {
                    z = false;
                }
            }
            if (z) {
                return;
            }
        }
        if (from == HttpHeader.Values.SET_COOKIE) {
            boolean z2 = true;
            for (Range range2 : notMarkedRanges) {
                if (null != range2.getSource().getName() && range2.getSource().getOrigin() == 3 && !range2.getSource().getName().equalsIgnoreCase("Set-Cookie")) {
                    z2 = false;
                }
            }
            if (z2) {
                return;
            }
        }
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            String str3 = str + ": " + str2;
            Range[] rangeArr = new Range[notMarkedRanges.length];
            for (int i = 0; i < notMarkedRanges.length; i++) {
                rangeArr[i] = notMarkedRanges[i].shift(str.length() + 2);
            }
            report(activeSpan, VulnerabilityType.HEADER_INJECTION, new Evidence(str3, rangeArr));
        }
    }
}
