package com.h3xstream.findsecbugs.xss;

import com.h3xstream.findsecbugs.FindSecBugsGlobalConfig;
import com.h3xstream.findsecbugs.common.InterfaceUtils;
import com.h3xstream.findsecbugs.injection.BasicInjectionDetector;
import com.h3xstream.findsecbugs.taintanalysis.Taint;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.ClassContext;
import org.apache.bcel.generic.ConstantPoolGen;

/* loaded from: classes3.dex */
public class XssServletDetector extends BasicInjectionDetector {
    private static final String i = "XSS_SERVLET";
    private static final String[] j = {"Ljavax/servlet/http/ServletResponse;", "Ljavax/servlet/http/ServletResponseWrapper;", "Ljavax/servlet/http/HttpServletResponse;", "Ljavax/servlet/http/HttpServletResponseWrapper;", "Lorg/apache/jetspeed/portlet/PortletResponse;", "Lorg/apache/jetspeed/portlet/PortletResponseWrapper;", "Ljavax/portlet/RenderResponse;", "Ljavax/portlet/MimeResponse;", "Ljavax/portlet/filter/RenderResponseWrapper;", "Ljavax/portlet/PortletResponse;", "Ljavax/portlet/ActionResponseWrapper;", "Ljavax/portlet/EventResponseWrapper;", "Ljavax/portlet/PortletResponseWrapper;", "Ljavax/portlet/RenderResponseWrapper;", "Ljavax/portlet/ResourceResponseWrapper;"};

    public XssServletDetector(BugReporter bugReporter) {
        super(bugReporter);
        a("xss-servlet.txt", i);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    public int a(Taint taint) {
        if (!taint.s() && taint.b(Taint.Tag.XSS_SAFE)) {
            return FindSecBugsGlobalConfig.j().g() ? 3 : 5;
        }
        if (taint.s() || !((taint.b(Taint.Tag.QUOTE_ENCODED) || taint.b(Taint.Tag.APOSTROPHE_ENCODED)) && taint.b(Taint.Tag.LT_ENCODED))) {
            return super.a(taint);
        }
        return 3;
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    public boolean a(ClassContext classContext) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        for (String str : j) {
            if (constantPoolGen.lookupUtf8(str) != -1) {
                return !InterfaceUtils.a(classContext.getClassDescriptor().getDottedClassName(), XssJspDetector.j);
            }
        }
        return false;
    }
}
