package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.Reporter;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.overhead.OverheadController;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.TaintedObject;
import com.datadog.iast.taint.TaintedObjects;
import com.datadog.iast.util.ObjectVisitor;
import datadog.trace.api.iast.IastContext;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
import datadog.trace.util.stacktrace.StackWalker;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase.classdata */
public abstract class SinkModuleBase {
    protected final OverheadController overheadController;
    protected final Reporter reporter;
    protected final StackWalker stackWalker;

    /* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase$InjectionVisitor.classdata */
    private class InjectionVisitor implements ObjectVisitor.Visitor {
        private final IastContext ctx;
        private final VulnerabilityType.InjectionType type;

        @Nullable
        private Evidence evidence;

        private InjectionVisitor(IastContext iastContext, VulnerabilityType.InjectionType injectionType) {
            this.ctx = iastContext;
            this.type = injectionType;
        }

        @Override // com.datadog.iast.util.ObjectVisitor.Visitor
        @Nonnull
        public ObjectVisitor.State visit(@Nonnull String str, @Nonnull Object obj) {
            this.evidence = SinkModuleBase.this.checkInjection(this.ctx, this.type, obj);
            return this.evidence != null ? ObjectVisitor.State.EXIT : ObjectVisitor.State.CONTINUE;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SinkModuleBase(@Nonnull Dependencies dependencies) {
        this.overheadController = dependencies.getOverheadController();
        this.reporter = dependencies.getReporter();
        this.stackWalker = dependencies.getStackWalker();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final <E> Evidence checkInjection(@Nonnull IastContext iastContext, @Nonnull VulnerabilityType.InjectionType injectionType, @Nonnull E e) {
        Range[] notMarkedRanges;
        TaintedObject taintedObject = ((TaintedObjects) iastContext.getTaintedObjects()).get(e);
        if (taintedObject == null || (notMarkedRanges = Ranges.getNotMarkedRanges(taintedObject.getRanges(), injectionType.mark())) == null || notMarkedRanges.length == 0) {
            return null;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (!this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return null;
        }
        Evidence buildEvidence = buildEvidence(e, notMarkedRanges);
        report(activeSpan, injectionType, buildEvidence);
        return buildEvidence;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final <E> Evidence checkInjectionDeeply(@Nonnull IastContext iastContext, @Nonnull VulnerabilityType.InjectionType injectionType, @Nonnull E e) {
        InjectionVisitor injectionVisitor = new InjectionVisitor(iastContext, injectionType);
        ObjectVisitor.visit(e, injectionVisitor);
        return injectionVisitor.evidence;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final <E> Evidence checkInjection(@Nonnull VulnerabilityType.InjectionType injectionType, @Nonnull Ranges.RangesProvider<E> rangesProvider) {
        Range[] rangeArr;
        String sb;
        int rangeCount = rangesProvider.rangeCount();
        if (rangeCount == 0) {
            return null;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (!this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return null;
        }
        if (rangesProvider.size() == 1) {
            E value = rangesProvider.value(0);
            if (value == null) {
                return null;
            }
            sb = value.toString();
            rangeArr = rangesProvider.ranges(value);
        } else {
            StringBuilder sb2 = new StringBuilder();
            rangeArr = new Range[rangeCount];
            int i = 0;
            for (int i2 = 0; i2 < rangesProvider.size(); i2++) {
                E value2 = rangesProvider.value(i2);
                if (value2 != null) {
                    if (sb2.length() > 0) {
                        sb2.append(injectionType.evidenceSeparator());
                    }
                    Range[] ranges = rangesProvider.ranges(value2);
                    if (ranges != null) {
                        Ranges.copyShift(ranges, rangeArr, i, sb2.length());
                        i += ranges.length;
                    }
                    sb2.append(value2);
                }
            }
            sb = sb2.toString();
        }
        Range[] notMarkedRanges = Ranges.getNotMarkedRanges(rangeArr, injectionType.mark());
        if (notMarkedRanges == null || notMarkedRanges.length == 0) {
            return null;
        }
        Evidence buildEvidence = buildEvidence(sb, notMarkedRanges);
        report(activeSpan, injectionType, buildEvidence);
        return buildEvidence;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final <E> Evidence checkInjection(@Nonnull VulnerabilityType.InjectionType injectionType, @Nonnull Ranges.RangesProvider<E>... rangesProviderArr) {
        int i = 0;
        for (Ranges.RangesProvider<E> rangesProvider : rangesProviderArr) {
            i += rangesProvider.rangeCount();
        }
        if (i == 0) {
            return null;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (!this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Range[] rangeArr = new Range[i];
        int i2 = 0;
        for (Ranges.RangesProvider<E> rangesProvider2 : rangesProviderArr) {
            for (int i3 = 0; i3 < rangesProvider2.size(); i3++) {
                E value = rangesProvider2.value(i3);
                if (value != null) {
                    if (sb.length() > 0) {
                        sb.append(injectionType.evidenceSeparator());
                    }
                    Range[] ranges = rangesProvider2.ranges(value);
                    if (ranges != null) {
                        Ranges.copyShift(ranges, rangeArr, i2, sb.length());
                        i2 += ranges.length;
                    }
                    sb.append(value);
                }
            }
        }
        Range[] notMarkedRanges = Ranges.getNotMarkedRanges(rangeArr, injectionType.mark());
        if (notMarkedRanges == null || notMarkedRanges.length == 0) {
            return null;
        }
        Evidence buildEvidence = buildEvidence(sb, notMarkedRanges);
        report(activeSpan, injectionType, buildEvidence);
        return buildEvidence;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void report(@Nullable AgentSpan agentSpan, @Nonnull VulnerabilityType vulnerabilityType, @Nonnull Evidence evidence) {
        this.reporter.report(agentSpan, new Vulnerability(vulnerabilityType, Location.forSpanAndStack(agentSpan, getCurrentStackTrace()), evidence));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public StackTraceElement getCurrentStackTrace() {
        return (StackTraceElement) this.stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability);
    }

    protected Evidence buildEvidence(Object obj, Range[] rangeArr) {
        Source source;
        String value;
        String obj2;
        int indexOf;
        Range findUnbound = Ranges.findUnbound(rangeArr);
        if (findUnbound == null || (source = findUnbound.getSource()) == null || source.getValue() == null || (indexOf = (obj2 = obj.toString()).indexOf((value = source.getValue()))) < 0) {
            return new Evidence(obj instanceof String ? (String) obj : obj.toString(), rangeArr);
        }
        return new Evidence(obj2, new Range[]{new Range(indexOf, value.length(), source, findUnbound.getMarks())});
    }

    static StackTraceElement findValidPackageForVulnerability(@Nonnull Stream<StackTraceElement> stream) {
        StackTraceElement[] stackTraceElementArr = new StackTraceElement[1];
        return stream.filter(stackTraceElement -> {
            if (stackTraceElementArr[0] == null) {
                stackTraceElementArr[0] = stackTraceElement;
            }
            return IastExclusionTrie.apply(stackTraceElement.getClassName()) < 1;
        }).findFirst().orElse(stackTraceElementArr[0]);
    }
}
