package com.h3xstream.findsecbugs.xss;

import com.h3xstream.findsecbugs.FindSecBugsGlobalConfig;
import com.h3xstream.findsecbugs.common.InterfaceUtils;
import com.h3xstream.findsecbugs.injection.BasicInjectionDetector;
import com.h3xstream.findsecbugs.taintanalysis.Taint;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.ClassContext;
import org.apache.bcel.generic.ConstantPoolGen;

/* loaded from: input_file:com/h3xstream/findsecbugs/xss/XssServletDetector.class */
public class XssServletDetector extends BasicInjectionDetector {
    private static final String XSS_SERVLET_TYPE = "XSS_SERVLET";
    private static final String[] REQUIRED_CLASSES = {"Ljavax/servlet/http/ServletResponse;", "Ljavax/servlet/http/ServletResponseWrapper;", "Ljavax/servlet/http/HttpServletResponse;", "Ljavax/servlet/http/HttpServletResponseWrapper;"};

    public XssServletDetector(BugReporter bugReporter) {
        super(bugReporter);
        loadConfiguredSinks("xss-servlet.txt", XSS_SERVLET_TYPE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    public int getPriority(Taint taint) {
        if (!taint.isSafe() && taint.hasTag(Taint.Tag.XSS_SAFE)) {
            return FindSecBugsGlobalConfig.getInstance().isReportPotentialXssWrongContext() ? 3 : 5;
        }
        if (taint.isSafe() || !((taint.hasTag(Taint.Tag.QUOTE_ENCODED) || taint.hasTag(Taint.Tag.APOSTROPHE_ENCODED)) && taint.hasTag(Taint.Tag.LT_ENCODED))) {
            return super.getPriority(taint);
        }
        return 3;
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    public boolean shouldAnalyzeClass(ClassContext classContext) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        for (String str : REQUIRED_CLASSES) {
            if (constantPoolGen.lookupUtf8(str) != -1) {
                return !InterfaceUtils.isSubtype(classContext.getClassDescriptor().getDottedClassName(), XssJspDetector.JSP_PARENT_CLASSES);
            }
        }
        return false;
    }
}
