package com.datadog.iast.sink;

import com.datadog.iast.Dependencies;
import com.datadog.iast.model.Location;
import com.datadog.iast.model.Range;
import com.datadog.iast.model.VulnerabilityType;
import com.datadog.iast.sink.SinkModuleBase;
import com.datadog.iast.taint.Ranges;
import com.datadog.iast.taint.Tainteds;
import com.datadog.iast.util.HttpHeader;
import com.datadog.iast.util.RangeBuilder;
import datadog.trace.api.iast.sink.UnvalidatedRedirectModule;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import java.net.URI;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl.classdata */
public class UnvalidatedRedirectModuleImpl extends SinkModuleBase implements UnvalidatedRedirectModule {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:iast/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl$UnvalidatedRedirectEvidenceBuilder.classdata */
    public static class UnvalidatedRedirectEvidenceBuilder implements SinkModuleBase.EvidenceBuilder {
        private UnvalidatedRedirectEvidenceBuilder() {
        }

        @Override // com.datadog.iast.sink.SinkModuleBase.EvidenceBuilder
        public void tainted(StringBuilder sb, RangeBuilder rangeBuilder, Object obj, Range[] rangeArr) {
            if (Ranges.allRangesFromHeader(HttpHeader.REFERER, rangeArr)) {
                return;
            }
            sb.append(obj);
            rangeBuilder.add(rangeArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:iast/com/datadog/iast/sink/UnvalidatedRedirectModuleImpl$UnvalidatedRedirectLocationSupplier.classdata */
    public class UnvalidatedRedirectLocationSupplier implements SinkModuleBase.LocationSupplier {

        @Nullable
        private final String clazz;

        @Nullable
        private final String method;

        private UnvalidatedRedirectLocationSupplier(@Nullable String str, @Nullable String str2) {
            this.clazz = str;
            this.method = str2;
        }

        @Override // com.datadog.iast.sink.SinkModuleBase.LocationSupplier
        public Location build(@Nullable AgentSpan agentSpan) {
            return (this.clazz == null || this.method == null) ? Location.forSpanAndStack(agentSpan, UnvalidatedRedirectModuleImpl.this.getCurrentStackTrace()) : Location.forSpanAndClassAndMethod(agentSpan, this.clazz, this.method);
        }
    }

    public UnvalidatedRedirectModuleImpl(Dependencies dependencies) {
        super(dependencies);
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onRedirect(@Nullable String str) {
        if (Tainteds.canBeTainted(str)) {
            checkUnvalidatedRedirect(str);
        }
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onRedirect(@Nonnull String str, @Nonnull String str2, @Nonnull String str3) {
        if (Tainteds.canBeTainted(str)) {
            checkUnvalidatedRedirect(str, str2, str3);
        }
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onURIRedirect(@Nullable URI uri) {
        if (uri == null) {
            return;
        }
        checkUnvalidatedRedirect(uri);
    }

    @Override // datadog.trace.api.iast.sink.UnvalidatedRedirectModule
    public void onHeader(@Nonnull String str, @Nullable String str2) {
        if (str2 == null || !HttpHeader.LOCATION.matches(str)) {
            return;
        }
        onRedirect(str2);
    }

    private void checkUnvalidatedRedirect(@Nonnull Object obj) {
        checkUnvalidatedRedirect(obj, null, null);
    }

    private void checkUnvalidatedRedirect(@Nonnull Object obj, @Nullable String str, @Nullable String str2) {
        checkInjection(VulnerabilityType.UNVALIDATED_REDIRECT, obj, new UnvalidatedRedirectEvidenceBuilder(), new UnvalidatedRedirectLocationSupplier(str, str2));
    }
}
