package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.IastRequestContext;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.VulnerabilityType;
import datadog.trace.api.gateway.IGSpanInfo;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.sink.InsecureAuthProtocolModule;
import datadog.trace.bootstrap.instrumentation.api.Tags;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/InsecureAuthProtocolModuleImpl.classdata */
public class InsecureAuthProtocolModuleImpl extends SinkModuleBase implements InsecureAuthProtocolModule {
    private static final String BASIC = "Basic";
    private static final String DIGEST = "Digest";

    public InsecureAuthProtocolModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.HttpRequestEndModule
    public void onRequestEnd(IastContext iastContext, IGSpanInfo iGSpanInfo) {
        String authorization;
        if (!(iastContext instanceof IastRequestContext) || (authorization = ((IastRequestContext) iastContext).getAuthorization()) == null || isIgnorableResponseCode((Integer) iGSpanInfo.getTags().get(Tags.HTTP_STATUS))) {
            return;
        }
        String str = authorization.startsWith(BASIC) ? BASIC : authorization.startsWith(DIGEST) ? DIGEST : null;
        if (str == null) {
            return;
        }
        report(VulnerabilityType.INSECURE_AUTH_PROTOCOL, new Evidence(String.format("Authorization : %s", str)));
    }

    @Override // datadog.trace.api.iast.sink.HttpRequestEndModule
    public boolean isIgnorableResponseCode(@Nullable Integer num) {
        return num != null && num.intValue() >= 400;
    }
}
