package org.owasp.appsensor;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.owasp.appsensor.errors.AppSensorException;

/* loaded from: input_file:org/owasp/appsensor/AttackDetectorUtils.class */
public class AttackDetectorUtils {
    public static final String GET = "GET";
    public static final String POST = "POST";
    public static final String ENCODED_NULL_BYTE = "%00";
    public static final String ENCODED_CARRIAGE_RETURN = "%0D";
    public static final String ENCODED_LINE_FEED = "%0A";
    private static AppSensorSecurityConfiguration assc = new AppSensorSecurityConfiguration();

    public static boolean verifyValidRequestMethod(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("HTTP Request cannot be null");
        }
        List<String> allHttpMethods = assc.getAllHttpMethods();
        List<String> validHttpMethods = assc.getValidHttpMethods();
        boolean z = true;
        if (str == null || !(str.equalsIgnoreCase(GET) || str.equalsIgnoreCase(POST))) {
            throw new IllegalArgumentException("Method only allows GET and POST as valid expected methods.");
        }
        if (!validHttpMethods.contains(httpServletRequest.getMethod())) {
            new AppSensorException("RE1", "AppSensorUser Message RE1", "Attacker is sending an invalid (valid, but not supported) command (" + httpServletRequest.getMethod() + ") to the application");
            z = false;
        }
        if (!allHttpMethods.contains(httpServletRequest.getMethod())) {
            new AppSensorException("RE2", "AppSensorUser Message RE2", "Attacker is sending an invalid (invalid, does not exist) method (" + httpServletRequest.getMethod() + ") to the application");
            z = false;
        }
        if (!httpServletRequest.getMethod().equalsIgnoreCase(str)) {
            if (str.equalsIgnoreCase(POST)) {
                new AppSensorException("RE3", "AppSensorUser Message RE3", "Attacker is sending a non-POST request (" + httpServletRequest.getMethod() + ") to page designed for only POST");
            } else if (str.equalsIgnoreCase(GET)) {
                new AppSensorException("RE4", "AppSensorUser Message RE4", "Attacker is sending a non-GET request (" + httpServletRequest.getMethod() + ") to page designed for only GET");
            }
            z = false;
        }
        return z;
    }

    public static boolean verifyXSSAttack(String str) {
        boolean z = false;
        for (String str2 : assc.getXSSAttackPatternsList()) {
            if (str != null && regexFind(str, str2)) {
                new AppSensorException("IE1", "AppSensorUser Message IE1", "Attacker is sending a likely XSS attempt (" + str + ").");
                z = true;
            }
        }
        return z;
    }

    public static boolean verifySQLInjectionAttack(String str) {
        new ArrayList();
        boolean z = false;
        for (String str2 : assc.getSQLInjectionAttackPatternsList()) {
            if (str != null && regexFind(str, str2)) {
                new AppSensorException("CIE1", "AppSensorUser Message CIE1", "Attacker is sending a likely SQL Injection attempt (" + str + ").");
                z = true;
            }
        }
        return z;
    }

    public static boolean verifyCookiesPresent(HttpServletRequest httpServletRequest, Collection<String> collection) {
        if (httpServletRequest == null) {
            throw new IllegalArgumentException("HTTP Request cannot be null");
        }
        if (collection == null) {
            throw new IllegalArgumentException("Expected cookie names cannot be null");
        }
        boolean z = true;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            cookies = new Cookie[0];
        }
        ArrayList arrayList = new ArrayList();
        for (Cookie cookie : cookies) {
            arrayList.add(cookie.getName());
        }
        for (String str : collection) {
            if (arrayList.contains(str)) {
                arrayList.remove(str);
            } else {
                new AppSensorException("SE3", "AppSensorUser Message SE3", "Attacker has deleted an expected cookie named: " + str);
                z = false;
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            new AppSensorException("SE4", "AppSensorUser Message SE4", "Attacker has added an un-expected cookie named: " + ((String) it.next()));
            z = false;
        }
        return z;
    }

    public static boolean verifyNullByteDoesNotExist(String str) {
        if (str == null || str.trim().equals("")) {
            return true;
        }
        boolean contains = str.contains(ENCODED_NULL_BYTE);
        if (contains) {
            new AppSensorException("CIE3", "AppSensorUser Message CIE3", "String contains a Null Byte: " + str);
        }
        return !contains;
    }

    public static boolean verifyCarriageReturnOrLineFeedDoesNotExist(String str) {
        if (str == null || str.trim().equals("")) {
            return true;
        }
        boolean contains = str.contains(ENCODED_CARRIAGE_RETURN);
        boolean contains2 = str.contains(ENCODED_LINE_FEED);
        if (contains && contains2) {
            new AppSensorException("CIE4", "AppSensorUser Message CIE4", "String contains both a carriage return and line feed: " + str);
            return false;
        }
        if (contains) {
            new AppSensorException("CIE4", "AppSensorUser Message CIE4", "String contains a carriage return: " + str);
            return false;
        }
        if (!contains2) {
            return true;
        }
        new AppSensorException("CIE4", "AppSensorUser Message CIE4", "String contains a line feed: " + str);
        return false;
    }

    private static boolean regexFind(String str, String str2) {
        if (str == null) {
            return false;
        }
        return Pattern.compile(str2, 66).matcher(str).find();
    }
}
