package org.owasp.esapi.waf.rules;

import bsh.EvalError;
import bsh.Interpreter;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* loaded from: input_file:org/owasp/esapi/waf/rules/BeanShellRule.class */
public class BeanShellRule extends Rule {
    private Interpreter i = new Interpreter();
    private String script;
    private Pattern path;

    public BeanShellRule(String str, String str2, Pattern pattern) throws IOException, EvalError {
        this.i.set("logger", logger);
        this.script = getFileContents(ESAPI.securityConfiguration().getResourceFile(str));
        this.id = str2;
        this.path = pattern;
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        if (this.path != null && !this.path.matcher(httpServletRequest.getRequestURI()).matches()) {
            return new DoNothingAction();
        }
        try {
            this.i.set("action", (Object) null);
            this.i.set("request", httpServletRequest);
            if (interceptingHTTPServletResponse != null) {
                this.i.set("response", interceptingHTTPServletResponse);
            } else {
                this.i.set("response", httpServletResponse);
            }
            this.i.set("session", httpServletRequest.getSession());
            this.i.eval(this.script);
            Action action = (Action) this.i.get("action");
            if (action != null) {
                return action;
            }
        } catch (EvalError e) {
            log(httpServletRequest, "Error running custom beanshell rule (" + this.id + ") - " + e.getMessage());
        }
        return new DoNothingAction();
    }

    private String getFileContents(File file) throws IOException {
        FileReader fileReader = new FileReader(file);
        StringBuffer stringBuffer = new StringBuffer();
        BufferedReader bufferedReader = new BufferedReader(fileReader);
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return stringBuffer.toString();
            }
            stringBuffer.append(readLine + System.getProperty("line.separator"));
        }
    }
}
