package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.Reporter;
import com.datadog.iast.model.Evidence;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.Source;
import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.overhead.Operations;
import com.datadog.iast.overhead.OverheadController;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.TaintedObject;
import com.datadog.iast.taint.TaintedObjects;
import com.datadog.iast.util.ObjectVisitor;
import com.datadog.iast.util.RangeBuilder;
import datadog.trace.api.Config;
import datadog.trace.api.Pair;
import datadog.trace.api.iast.IastContext;
import datadog.trace.api.iast.Taintable;
import datadog.trace.api.iast.telemetry.IastMetric;
import datadog.trace.api.iast.telemetry.IastMetricCollector;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.instrumentation.iastinstrumenter.IastExclusionTrie;
import datadog.trace.instrumentation.iastinstrumenter.SourceMapperImpl;
import datadog.trace.util.stacktrace.StackWalker;
import java.util.Iterator;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.jetbrains.annotations.Contract;

/* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase.classdata */
public abstract class SinkModuleBase {
    private static final int MAX_EVIDENCE_LENGTH = Config.get().getIastTruncationMaxValueLength();
    protected final OverheadController overheadController;
    protected final Reporter reporter;
    protected final StackWalker stackWalker;

    /* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase$EvidenceBuilder.classdata */
    public interface EvidenceBuilder {
        void tainted(StringBuilder sb, RangeBuilder rangeBuilder, Object obj, Range[] rangeArr);

        default void nonTainted(StringBuilder sb, Object obj) {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase$InjectionVisitor.classdata */
    public class InjectionVisitor implements ObjectVisitor.Visitor {
        private final IastContext ctx;
        private final VulnerabilityType type;

        @Nullable
        private final EvidenceBuilder evidenceBuilder;

        @Nullable
        private final LocationSupplier locationSupplier;

        @Nullable
        private Evidence evidence;

        private InjectionVisitor(IastContext iastContext, VulnerabilityType vulnerabilityType, @Nullable EvidenceBuilder evidenceBuilder, @Nullable LocationSupplier locationSupplier) {
            this.ctx = iastContext;
            this.type = vulnerabilityType;
            this.evidenceBuilder = evidenceBuilder;
            this.locationSupplier = locationSupplier;
        }

        @Override // com.datadog.iast.util.ObjectVisitor.Visitor
        @Nonnull
        public ObjectVisitor.State visit(@Nonnull String str, @Nonnull Object obj) {
            this.evidence = SinkModuleBase.this.checkInjection(this.ctx, this.type, obj, this.evidenceBuilder, this.locationSupplier);
            return this.evidence != null ? ObjectVisitor.State.EXIT : ObjectVisitor.State.CONTINUE;
        }
    }

    /* loaded from: input_file:iast/com/datadog/iast/sink/SinkModuleBase$LocationSupplier.classdata */
    public interface LocationSupplier {
        Location build(@Nullable AgentSpan agentSpan);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SinkModuleBase(@Nonnull Dependencies dependencies) {
        this.overheadController = dependencies.getOverheadController();
        this.reporter = dependencies.getReporter();
        this.stackWalker = dependencies.getStackWalker();
    }

    protected void report(Vulnerability vulnerability) {
        report(AgentTracer.activeSpan(), vulnerability);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void report(@Nullable AgentSpan agentSpan, Vulnerability vulnerability) {
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, agentSpan)) {
            this.reporter.report(agentSpan, vulnerability);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void report(VulnerabilityType vulnerabilityType, Evidence evidence) {
        report(AgentTracer.activeSpan(), vulnerabilityType, evidence);
    }

    protected void report(@Nullable AgentSpan agentSpan, VulnerabilityType vulnerabilityType, Evidence evidence) {
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, agentSpan)) {
            this.reporter.report(agentSpan, new Vulnerability(vulnerabilityType, buildLocation(agentSpan, null), evidence));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final Evidence checkInjection(VulnerabilityType vulnerabilityType, Object obj) {
        return checkInjection(vulnerabilityType, obj, (EvidenceBuilder) null, (LocationSupplier) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final Evidence checkInjection(VulnerabilityType vulnerabilityType, Object obj, LocationSupplier locationSupplier) {
        return checkInjection(vulnerabilityType, obj, (EvidenceBuilder) null, locationSupplier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final Evidence checkInjection(VulnerabilityType vulnerabilityType, Object obj, EvidenceBuilder evidenceBuilder) {
        return checkInjection(vulnerabilityType, obj, evidenceBuilder, (LocationSupplier) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final Evidence checkInjection(VulnerabilityType vulnerabilityType, Object obj, @Nullable EvidenceBuilder evidenceBuilder, @Nullable LocationSupplier locationSupplier) {
        IastContext iastContext = IastContext.Provider.get();
        if (iastContext == null) {
            return null;
        }
        return checkInjection(iastContext, vulnerabilityType, obj, evidenceBuilder, locationSupplier);
    }

    @Nullable
    protected final Evidence checkInjection(IastContext iastContext, VulnerabilityType vulnerabilityType, Object obj, @Nullable EvidenceBuilder evidenceBuilder, @Nullable LocationSupplier locationSupplier) {
        Range[] notMarkedRanges;
        TaintedObjects taintedObjects = (TaintedObjects) iastContext.getTaintedObjects();
        if (obj instanceof Taintable) {
            Taintable taintable = (Taintable) obj;
            if (!taintable.$DD$isTainted()) {
                return null;
            }
            Object rawValue = ((Source) taintable.$$DD$getSource()).getRawValue();
            TaintedObject taintedObject = rawValue == null ? null : taintedObjects.get(rawValue);
            if (rawValue == null || taintedObject == null) {
                notMarkedRanges = Ranges.forObject((Source) taintable.$$DD$getSource(), vulnerabilityType.mark());
                obj = String.format("Tainted reference detected in " + obj.getClass(), new Object[0]);
            } else {
                notMarkedRanges = Ranges.getNotMarkedRanges(taintedObject.getRanges(), vulnerabilityType.mark());
                addSecurityControlMetrics(iastContext, notMarkedRanges, taintedObject.getRanges(), vulnerabilityType);
                obj = rawValue;
            }
        } else {
            TaintedObject taintedObject2 = taintedObjects.get(obj);
            if (taintedObject2 == null) {
                return null;
            }
            notMarkedRanges = Ranges.getNotMarkedRanges(taintedObject2.getRanges(), vulnerabilityType.mark());
            addSecurityControlMetrics(iastContext, notMarkedRanges, taintedObject2.getRanges(), vulnerabilityType);
        }
        if (notMarkedRanges == null || notMarkedRanges.length == 0) {
            return null;
        }
        Range[] excludeRangesBySource = !vulnerabilityType.excludedSources().isEmpty() ? Ranges.excludeRangesBySource(notMarkedRanges, vulnerabilityType.excludedSources()) : notMarkedRanges;
        if (excludeRangesBySource == null || excludeRangesBySource.length == 0) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        RangeBuilder rangeBuilder = new RangeBuilder();
        addToEvidence(vulnerabilityType, sb, rangeBuilder, obj, excludeRangesBySource, evidenceBuilder);
        if (rangeBuilder.isEmpty()) {
            return null;
        }
        AgentSpan activeSpan = AgentTracer.activeSpan();
        if (this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, activeSpan)) {
            return report(activeSpan, vulnerabilityType, sb, rangeBuilder, locationSupplier);
        }
        return null;
    }

    private void addSecurityControlMetrics(@Nonnull IastContext iastContext, @Nullable Range[] rangeArr, @Nonnull Range[] rangeArr2, @Nonnull VulnerabilityType vulnerabilityType) {
        if ((rangeArr == null || rangeArr.length == 0) && rangeArr2.length != 0) {
            Range[] notMarkedRanges = Ranges.getNotMarkedRanges(rangeArr2, 8192);
            if (notMarkedRanges == null || notMarkedRanges.length == 0) {
                IastMetricCollector.add(IastMetric.SUPPRESSED_VULNERABILITIES, vulnerabilityType.type(), 1, iastContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final Evidence checkInjection(VulnerabilityType vulnerabilityType, Iterator<?> it) {
        return checkInjection(vulnerabilityType, it, (EvidenceBuilder) null, (LocationSupplier) null);
    }

    @Nullable
    protected final Evidence checkInjection(VulnerabilityType vulnerabilityType, Iterator<?> it, LocationSupplier locationSupplier) {
        return checkInjection(vulnerabilityType, it, (EvidenceBuilder) null, locationSupplier);
    }

    @Nullable
    protected final Evidence checkInjection(VulnerabilityType vulnerabilityType, Iterator<?> it, EvidenceBuilder evidenceBuilder) {
        return checkInjection(vulnerabilityType, it, evidenceBuilder, (LocationSupplier) null);
    }

    @Nullable
    protected final Evidence checkInjection(VulnerabilityType vulnerabilityType, Iterator<?> it, @Nullable EvidenceBuilder evidenceBuilder, @Nullable LocationSupplier locationSupplier) {
        IastContext iastContext = IastContext.Provider.get();
        if (iastContext == null) {
            return null;
        }
        TaintedObjects taintedObjects = (TaintedObjects) iastContext.getTaintedObjects();
        StringBuilder sb = new StringBuilder();
        RangeBuilder rangeBuilder = new RangeBuilder();
        boolean z = false;
        AgentSpan agentSpan = null;
        while (it.hasNext()) {
            Object next = it.next();
            if (next != null) {
                TaintedObject taintedObject = taintedObjects.get(next);
                Range[] rangeArr = null;
                if (taintedObject != null) {
                    rangeArr = Ranges.getNotMarkedRanges(taintedObject.getRanges(), vulnerabilityType.mark());
                    addSecurityControlMetrics(iastContext, rangeArr, taintedObject.getRanges(), vulnerabilityType);
                }
                addToEvidence(vulnerabilityType, sb, rangeBuilder, next, rangeArr, evidenceBuilder);
                if (!z && rangeArr != null && rangeArr.length > 0) {
                    agentSpan = AgentTracer.activeSpan();
                    z = true;
                    if (!this.overheadController.consumeQuota(Operations.REPORT_VULNERABILITY, agentSpan)) {
                        return null;
                    }
                }
                if (rangeBuilder.isFull() || sb.length() >= MAX_EVIDENCE_LENGTH) {
                    break;
                }
            }
        }
        return report(agentSpan, vulnerabilityType, sb, rangeBuilder, locationSupplier);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public Evidence checkInjectionDeeply(VulnerabilityType vulnerabilityType, Object obj, Predicate<Class<?>> predicate) {
        return checkInjectionDeeply(vulnerabilityType, obj, predicate, null, null);
    }

    @Nullable
    protected Evidence checkInjectionDeeply(VulnerabilityType vulnerabilityType, Object obj, Predicate<Class<?>> predicate, @Nullable EvidenceBuilder evidenceBuilder) {
        return checkInjectionDeeply(vulnerabilityType, obj, predicate, evidenceBuilder, null);
    }

    @Nullable
    protected Evidence checkInjectionDeeply(VulnerabilityType vulnerabilityType, Object obj, Predicate<Class<?>> predicate, @Nullable LocationSupplier locationSupplier) {
        return checkInjectionDeeply(vulnerabilityType, obj, predicate, null, locationSupplier);
    }

    @Nullable
    protected Evidence checkInjectionDeeply(VulnerabilityType vulnerabilityType, Object obj, Predicate<Class<?>> predicate, @Nullable EvidenceBuilder evidenceBuilder, @Nullable LocationSupplier locationSupplier) {
        IastContext iastContext = IastContext.Provider.get();
        if (iastContext == null) {
            return null;
        }
        InjectionVisitor injectionVisitor = new InjectionVisitor(iastContext, vulnerabilityType, evidenceBuilder, locationSupplier);
        ObjectVisitor.visit(obj, injectionVisitor, predicate);
        return injectionVisitor.evidence;
    }

    @Nullable
    private Evidence report(@Nullable AgentSpan agentSpan, VulnerabilityType vulnerabilityType, StringBuilder sb, RangeBuilder rangeBuilder, @Nullable LocationSupplier locationSupplier) {
        if (rangeBuilder.isEmpty()) {
            return null;
        }
        Evidence evidence = new Evidence(sb.toString(), rangeBuilder.toArray());
        this.reporter.report(agentSpan, new Vulnerability(vulnerabilityType, buildLocation(agentSpan, locationSupplier), evidence));
        return evidence;
    }

    protected void addToEvidence(VulnerabilityType vulnerabilityType, StringBuilder sb, RangeBuilder rangeBuilder, Object obj, @Nullable Range[] rangeArr, @Nullable EvidenceBuilder evidenceBuilder) {
        if (evidenceBuilder != null) {
            if (isTainted(rangeArr)) {
                evidenceBuilder.tainted(sb, rangeBuilder, obj, rangeArr);
                return;
            } else {
                evidenceBuilder.nonTainted(sb, obj);
                return;
            }
        }
        int length = sb.length();
        if (length > 0) {
            sb.append(vulnerabilityType.separator());
            length++;
        }
        sb.append(obj);
        if (isTainted(rangeArr)) {
            Range findUnbound = Ranges.findUnbound(rangeArr);
            if (findUnbound == null) {
                rangeBuilder.add(rangeArr, length);
            } else {
                rangeBuilder.add(new Range(length, sb.length() - length, findUnbound.getSource(), findUnbound.getMarks()));
            }
        }
    }

    protected Location buildLocation(@Nullable AgentSpan agentSpan, @Nullable LocationSupplier locationSupplier) {
        return locationSupplier != null ? locationSupplier.build(agentSpan) : Location.forSpanAndStack(agentSpan, getCurrentStackTrace());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final StackTraceElement getCurrentStackTrace() {
        Pair<String, Integer> fileAndLine;
        StackTraceElement stackTraceElement = (StackTraceElement) this.stackWalker.walk(SinkModuleBase::findValidPackageForVulnerability);
        return (SourceMapperImpl.INSTANCE == null || (fileAndLine = SourceMapperImpl.INSTANCE.getFileAndLine(stackTraceElement.getClassName(), stackTraceElement.getLineNumber())) == null || fileAndLine.getLeft() == null || fileAndLine.getRight() == null) ? stackTraceElement : new StackTraceElement(fileAndLine.getLeft(), stackTraceElement.getMethodName(), fileAndLine.getLeft(), fileAndLine.getRight().intValue());
    }

    static StackTraceElement findValidPackageForVulnerability(@Nonnull Stream<StackTraceElement> stream) {
        StackTraceElement[] stackTraceElementArr = new StackTraceElement[1];
        return stream.filter(stackTraceElement -> {
            if (stackTraceElementArr[0] == null) {
                stackTraceElementArr[0] = stackTraceElement;
            }
            return IastExclusionTrie.apply(stackTraceElement.getClassName()) < 1;
        }).findFirst().orElse(stackTraceElementArr[0]);
    }

    @Contract("null -> false")
    private static boolean isTainted(@Nullable Range[] rangeArr) {
        return rangeArr != null && rangeArr.length > 0;
    }
}
