package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import datadog.slf4j.Logger;
import datadog.slf4j.LoggerFactory;
import datadog.trace.api.gateway.IGSpanInfo;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.sink.HstsMissingHeaderModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.bootstrap.instrumentation.api.Tags;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/HstsMissingHeaderModuleImpl.classdata */
public class HstsMissingHeaderModuleImpl extends SinkModuleBase implements HstsMissingHeaderModule {
    private static final Pattern MAX_AGE = Pattern.compile("max-age=(\\d+)", 2);
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) HstsMissingHeaderModuleImpl.class);

    public HstsMissingHeaderModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.HttpRequestEndModule
    public void onRequestEnd(IastContext iastContext, IGSpanInfo iGSpanInfo) {
        if (iastContext instanceof IastRequestContext) {
            IastRequestContext iastRequestContext = (IastRequestContext) iastContext;
            if (isValidMaxAge(iastRequestContext.getStrictTransportSecurity())) {
                return;
            }
            try {
                Map<String, Object> tags = iGSpanInfo.getTags();
                String str = (String) tags.get(Tags.HTTP_URL);
                if (!isIgnorableResponseCode((Integer) tags.get(Tags.HTTP_STATUS)) && isHtmlResponse(iastRequestContext.getContentType()) && isHttps(str, iastRequestContext.getxForwardedProto())) {
                    AgentSpan activeSpan = AgentTracer.activeSpan();
                    report(activeSpan, new Vulnerability(VulnerabilityType.HSTS_HEADER_MISSING, Location.forSpan(activeSpan)));
                }
            } catch (Throwable th) {
                LOGGER.debug("Exception while checking for missing HSTS headers vulnerability", th);
            }
        }
    }

    static boolean isValidMaxAge(@Nullable String str) {
        if (str == null) {
            return false;
        }
        Matcher matcher = MAX_AGE.matcher(str);
        return matcher.find() && Integer.parseInt(matcher.group(1)) > 0;
    }

    static boolean isHttps(@Nullable String str, @Nullable String str2) {
        if (str == null) {
            return false;
        }
        if (str.toLowerCase(Locale.ROOT).startsWith("https://")) {
            return true;
        }
        if (str2 == null) {
            return false;
        }
        return str2.toLowerCase(Locale.ROOT).contains("https");
    }
}
