package org.owasp.esapi.waf.rules;

import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/waf/rules/SimpleVirtualPatchRule.class */
public class SimpleVirtualPatchRule extends Rule {
    private static final String REQUEST_PARAMETERS = "request.parameters.";
    private static final String REQUEST_HEADERS = "request.headers.";
    private Pattern path;
    private String variable;
    private Pattern valid;
    private String message;

    public SimpleVirtualPatchRule(String str, Pattern pattern, String str2, Pattern pattern2, String str3) {
        setId(str);
        this.path = pattern;
        this.variable = str2;
        this.valid = pattern2;
        this.message = str3;
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        String substring;
        Enumeration<String> headerNames;
        InterceptingHTTPServletRequest interceptingHTTPServletRequest = (InterceptingHTTPServletRequest) httpServletRequest;
        if (!this.path.matcher(interceptingHTTPServletRequest.getRequestURI()).matches()) {
            return new DoNothingAction();
        }
        boolean z = true;
        if (this.variable.startsWith(REQUEST_PARAMETERS)) {
            substring = this.variable.substring(REQUEST_PARAMETERS.length());
            headerNames = interceptingHTTPServletRequest.getParameterNames();
        } else {
            if (!this.variable.startsWith(REQUEST_HEADERS)) {
                log(interceptingHTTPServletRequest, "Patch failed (improperly configured variable '" + this.variable + "')");
                return new DefaultAction();
            }
            z = false;
            substring = this.variable.substring(REQUEST_HEADERS.length());
            headerNames = interceptingHTTPServletRequest.getHeaderNames();
        }
        if (substring.contains("*") || substring.contains(LocationInfo.NA)) {
            Pattern compile = Pattern.compile(substring.replaceAll("\\*", ".*"));
            while (headerNames.hasMoreElements()) {
                String nextElement = headerNames.nextElement();
                if (compile.matcher(nextElement).matches()) {
                    String dictionaryParameter = z ? interceptingHTTPServletRequest.getDictionaryParameter(nextElement) : interceptingHTTPServletRequest.getHeader(nextElement);
                    if (dictionaryParameter != null && !this.valid.matcher(dictionaryParameter).matches()) {
                        log(interceptingHTTPServletRequest, "Virtual patch tripped on variable '" + this.variable + "' (specifically '" + nextElement + "'). User input was '" + dictionaryParameter + "' and legal pattern was '" + this.valid.pattern() + "': " + this.message);
                        return new DefaultAction();
                    }
                }
            }
            return new DoNothingAction();
        }
        if (z) {
            String dictionaryParameter2 = interceptingHTTPServletRequest.getDictionaryParameter(substring);
            if (dictionaryParameter2 == null || this.valid.matcher(dictionaryParameter2).matches()) {
                return new DoNothingAction();
            }
            log(interceptingHTTPServletRequest, "Virtual patch tripped on parameter '" + substring + "'. User input was '" + dictionaryParameter2 + "' and legal pattern was '" + this.valid.pattern() + "': " + this.message);
            return new DefaultAction();
        }
        String header = interceptingHTTPServletRequest.getHeader(substring);
        if (header == null || this.valid.matcher(header).matches()) {
            return new DoNothingAction();
        }
        log(interceptingHTTPServletRequest, "Virtual patch tripped on header '" + substring + "'. User input was '" + header + "' and legal pattern was '" + this.valid.pattern() + "': " + this.message);
        return new DefaultAction();
    }
}
