package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.model.VulnerabilityType;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.sink.TrustBoundaryViolationModule;
import datadog.trace.util.ClassNameTrie;
import java.util.Map;
import javax.annotation.Nonnull;

/* loaded from: input_file:iast/com/datadog/iast/sink/TrustBoundaryViolationModuleImpl.classdata */
public class TrustBoundaryViolationModuleImpl extends SinkModuleBase implements TrustBoundaryViolationModule {
    private static final ClassNameTrie ALLOWED_COLLECTION_PKGS;

    public TrustBoundaryViolationModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.TrustBoundaryViolationModule
    public void onSessionValue(@Nonnull String str, Object obj) {
        if (IastContext.Provider.get() == null) {
            return;
        }
        checkInjection(VulnerabilityType.TRUST_BOUNDARY_VIOLATION, str);
        if (obj != null) {
            checkInjectionDeeply(VulnerabilityType.TRUST_BOUNDARY_VIOLATION, obj, TrustBoundaryViolationModuleImpl::visitClass);
        }
    }

    private static boolean visitClass(Class<?> cls) {
        if (Iterable.class.isAssignableFrom(cls) || Map.class.isAssignableFrom(cls)) {
            return ALLOWED_COLLECTION_PKGS.apply(cls.getName()) > 0;
        }
        return false;
    }

    static {
        ClassNameTrie.Builder builder = new ClassNameTrie.Builder();
        builder.put("java.util.*", 1);
        builder.put("org.apache.commons.collections*", 1);
        builder.put("com.google.common.collect*", 1);
        builder.put("org.springframework.web.servlet.FlashMap", 1);
        ALLOWED_COLLECTION_PKGS = builder.buildTrie();
    }
}
