package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.sink.SinkModuleBase;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.util.HttpHeader;
import com.datadog.iast.util.RangeBuilder;
import datadog.trace.api.iast.sink.HeaderInjectionModule;
import java.util.EnumSet;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/HeaderInjectionModuleImpl.classdata */
public class HeaderInjectionModuleImpl extends SinkModuleBase implements HeaderInjectionModule {
    private static final Set<HttpHeader> headerInjectionExclusions = EnumSet.of(HttpHeader.SEC_WEBSOCKET_LOCATION, HttpHeader.SEC_WEBSOCKET_ACCEPT, HttpHeader.UPGRADE, HttpHeader.CONNECTION, HttpHeader.LOCATION);
    private static final String ACCESS_CONTROL_ALLOW_PREFIX = "ACCESS-CONTROL-ALLOW-";

    /* loaded from: input_file:iast/com/datadog/iast/sink/HeaderInjectionModuleImpl$HeaderInjectionEvidenceBuilder.classdata */
    private static class HeaderInjectionEvidenceBuilder implements SinkModuleBase.EvidenceBuilder {
        private final String name;

        @Nullable
        private final HttpHeader header;

        private HeaderInjectionEvidenceBuilder(String str, @Nullable HttpHeader httpHeader) {
            this.name = str;
            this.header = httpHeader;
        }

        @Override // com.datadog.iast.sink.SinkModuleBase.EvidenceBuilder
        public void tainted(StringBuilder sb, RangeBuilder rangeBuilder, Object obj, Range[] rangeArr) {
            if (this.name.regionMatches(true, 0, HeaderInjectionModuleImpl.ACCESS_CONTROL_ALLOW_PREFIX, 0, HeaderInjectionModuleImpl.ACCESS_CONTROL_ALLOW_PREFIX.length()) && Ranges.allRangesFromAnyHeader(rangeArr)) {
                return;
            }
            if (this.header == HttpHeader.SET_COOKIE && Ranges.allRangesFromHeader(HttpHeader.COOKIE, rangeArr)) {
                return;
            }
            if (rangeArr.length == 1 && Ranges.rangeFromHeader(this.name, rangeArr[0])) {
                return;
            }
            sb.append(this.name).append(": ").append(obj);
            rangeBuilder.add(rangeArr, this.name.length() + 2);
        }
    }

    public HeaderInjectionModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.HeaderInjectionModule
    public void onHeader(@Nonnull String str, @Nullable String str2) {
        if (null == str2) {
            return;
        }
        HttpHeader from = HttpHeader.from(str);
        if (headerInjectionExclusions.contains(from)) {
            return;
        }
        checkInjection(VulnerabilityType.HEADER_INJECTION, str2, new HeaderInjectionEvidenceBuilder(str, from));
    }
}
