package com.datadog.iast;

import com.datadog.iast.IastTag;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityBatch;
import com.datadog.iast.taint.TaintedObjects;
import datadog.slf4j.Logger;
import datadog.slf4j.LoggerFactory;
import datadog.trace.api.Config;
import datadog.trace.api.gateway.RequestContext;
import datadog.trace.api.gateway.RequestContextSlot;
import datadog.trace.api.internal.TraceSegment;
import datadog.trace.api.telemetry.LogCollector;
import datadog.trace.bootstrap.instrumentation.api.AgentScope;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
import datadog.trace.bootstrap.instrumentation.api.ScopeSource;
import datadog.trace.bootstrap.instrumentation.api.TagContext;
import datadog.trace.bootstrap.instrumentation.api.Tags;
import datadog.trace.util.AgentTaskScheduler;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/Reporter.classdata */
public class Reporter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) Reporter.class);
    private static final String IAST_TAG = "iast";
    private static final String VULNERABILITY_SPAN_NAME = "vulnerability";
    private final Predicate<Vulnerability> duplicated;

    /* loaded from: input_file:iast/com/datadog/iast/Reporter$HashBasedDeduplication.classdata */
    protected static class HashBasedDeduplication implements Predicate<Vulnerability> {
        private static final int DEFAULT_MAX_SIZE = 1000;
        private final int maxSize;
        private final Set<Long> hashes;

        public HashBasedDeduplication(@Nullable AgentTaskScheduler agentTaskScheduler) {
            this(1000, agentTaskScheduler);
        }

        HashBasedDeduplication(int i, @Nullable AgentTaskScheduler agentTaskScheduler) {
            this.maxSize = i;
            this.hashes = ConcurrentHashMap.newKeySet(i);
            if (agentTaskScheduler != null) {
                Set<Long> set = this.hashes;
                Objects.requireNonNull(set);
                agentTaskScheduler.scheduleAtFixedRate(set::clear, 1L, 1L, TimeUnit.HOURS);
            }
        }

        @Override // java.util.function.Predicate
        public boolean test(Vulnerability vulnerability) {
            if (!vulnerability.getType().isDeduplicable()) {
                return false;
            }
            boolean add = this.hashes.add(Long.valueOf(vulnerability.getHash()));
            if (add && this.hashes.size() > this.maxSize) {
                this.hashes.clear();
                this.hashes.add(Long.valueOf(vulnerability.getHash()));
            }
            return !add;
        }
    }

    Reporter() {
        this(Config.get(), null);
    }

    public Reporter(Config config, @Nullable AgentTaskScheduler agentTaskScheduler) {
        this(config.isIastDeduplicationEnabled() ? new HashBasedDeduplication(agentTaskScheduler) : vulnerability -> {
            return false;
        });
    }

    Reporter(Predicate<Vulnerability> predicate) {
        this.duplicated = predicate;
    }

    public void report(@Nullable AgentSpan agentSpan, @Nonnull Vulnerability vulnerability) {
        if (this.duplicated.test(vulnerability)) {
            return;
        }
        if (agentSpan != null) {
            reportVulnerability(agentSpan, vulnerability);
            return;
        }
        AgentSpan startNewSpan = startNewSpan();
        try {
            AgentScope activateSpan = tracer().activateSpan(startNewSpan, ScopeSource.MANUAL);
            try {
                vulnerability.updateSpan(startNewSpan);
                reportVulnerability(startNewSpan, vulnerability);
                if (activateSpan != null) {
                    activateSpan.close();
                }
            } finally {
            }
        } finally {
            startNewSpan.finish();
        }
    }

    private void reportVulnerability(@Nonnull AgentSpan agentSpan, @Nonnull Vulnerability vulnerability) {
        VulnerabilityBatch orCreateVulnerabilityBatch = getOrCreateVulnerabilityBatch(agentSpan);
        if (orCreateVulnerabilityBatch != null) {
            orCreateVulnerabilityBatch.add(vulnerability);
        }
    }

    @Nullable
    private VulnerabilityBatch getOrCreateVulnerabilityBatch(AgentSpan agentSpan) {
        VulnerabilityBatch vulnerabilityBatch;
        RequestContext requestContext = agentSpan.getRequestContext();
        if (requestContext == null) {
            return null;
        }
        TraceSegment traceSegment = requestContext.getTraceSegment();
        Object dataTop = traceSegment.getDataTop(IAST_TAG);
        if (dataTop instanceof VulnerabilityBatch) {
            return (VulnerabilityBatch) dataTop;
        }
        if (dataTop != null) {
            LOG.debug(LogCollector.SEND_TELEMETRY, "Cannot attach vulnerability to span, current={}", dataTop);
            return null;
        }
        IastRequestContext iastRequestContext = (IastRequestContext) requestContext.getData(RequestContextSlot.IAST);
        if (iastRequestContext != null) {
            vulnerabilityBatch = iastRequestContext.getVulnerabilityBatch();
        } else {
            vulnerabilityBatch = new VulnerabilityBatch();
            IastTag.Enabled.ANALYZED.setTagTop(traceSegment);
        }
        traceSegment.setDataTop(IAST_TAG, vulnerabilityBatch);
        traceSegment.setTagTop(Tags.ASM_KEEP, true);
        traceSegment.setTagTop(Tags.PROPAGATED_APPSEC, true);
        return vulnerabilityBatch;
    }

    private AgentSpan startNewSpan() {
        AgentSpan spanType = tracer().startSpan(IAST_TAG, "vulnerability", new TagContext().withRequestContextDataIast(new IastRequestContext(TaintedObjects.NoOp.INSTANCE))).setSpanType((CharSequence) InternalSpanTypes.VULNERABILITY);
        IastTag.Enabled.ANALYZED.setTag(spanType);
        return spanType;
    }

    protected AgentTracer.TracerAPI tracer() {
        return AgentTracer.get();
    }
}
