package org.owasp.esapi.waf.rules;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* loaded from: input_file:esapi-2.0.1.jar:org/owasp/esapi/waf/rules/HTTPMethodRule.class */
public class HTTPMethodRule extends Rule {
    private Pattern allowedMethods;
    private Pattern deniedMethods;
    private Pattern path;

    public HTTPMethodRule(String str, Pattern pattern, Pattern pattern2, Pattern pattern3) {
        this.allowedMethods = pattern;
        this.deniedMethods = pattern2;
        this.path = pattern3;
        setId(str);
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        if (this.path == null || this.path.matcher(requestURI).matches()) {
            if (this.allowedMethods != null && this.allowedMethods.matcher(method).matches()) {
                return new DoNothingAction();
            }
            if (this.allowedMethods != null) {
                log(httpServletRequest, "Disallowed HTTP method '" + httpServletRequest.getMethod() + "' found for URL: " + ((Object) httpServletRequest.getRequestURL()));
                return new DefaultAction();
            }
            if (this.deniedMethods != null && this.deniedMethods.matcher(method).matches()) {
                log(httpServletRequest, "Disallowed HTTP method '" + httpServletRequest.getMethod() + "' found for URL: " + ((Object) httpServletRequest.getRequestURL()));
                return new DefaultAction();
            }
        }
        return new DoNothingAction();
    }
}
