package com.datadog.iast;

import com.datadog.iast.model.Vulnerability;
import com.datadog.iast.model.VulnerabilityBatch;
import com.datadog.iast.taint.TaintedObjects;
import datadog.trace.api.Config;
import datadog.trace.api.DDTags;
import datadog.trace.api.gateway.RequestContext;
import datadog.trace.api.gateway.RequestContextSlot;
import datadog.trace.api.internal.TraceSegment;
import datadog.trace.bootstrap.instrumentation.api.AgentScope;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.bootstrap.instrumentation.api.InternalSpanTypes;
import datadog.trace.bootstrap.instrumentation.api.ScopeSource;
import datadog.trace.bootstrap.instrumentation.api.TagContext;
import datadog.trace.util.AgentTaskScheduler;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:iast/com/datadog/iast/Reporter.classdata */
public class Reporter {
    private static final String VULNERABILITY_SPAN_NAME = "vulnerability";
    private final Predicate<Vulnerability> duplicated;

    /* loaded from: input_file:iast/com/datadog/iast/Reporter$HashBasedDeduplication.classdata */
    protected static class HashBasedDeduplication implements Predicate<Vulnerability> {
        private static final int DEFAULT_MAX_SIZE = 1000;
        private final int maxSize;
        private final Set<Long> hashes;

        public HashBasedDeduplication(AgentTaskScheduler agentTaskScheduler) {
            this(DEFAULT_MAX_SIZE, agentTaskScheduler);
        }

        HashBasedDeduplication(int i, AgentTaskScheduler agentTaskScheduler) {
            this.maxSize = i;
            this.hashes = ConcurrentHashMap.newKeySet(i);
            if (agentTaskScheduler != null) {
                Set<Long> set = this.hashes;
                set.getClass();
                agentTaskScheduler.scheduleAtFixedRate(set::clear, 1L, 1L, TimeUnit.HOURS);
            }
        }

        @Override // java.util.function.Predicate
        public boolean test(Vulnerability vulnerability) {
            boolean add = this.hashes.add(Long.valueOf(vulnerability.getHash()));
            if (add && this.hashes.size() > this.maxSize) {
                this.hashes.clear();
                this.hashes.add(Long.valueOf(vulnerability.getHash()));
            }
            return !add;
        }
    }

    Reporter() {
        this(Config.get(), null);
    }

    public Reporter(Config config, AgentTaskScheduler agentTaskScheduler) {
        this(config.isIastDeduplicationEnabled() ? new HashBasedDeduplication(agentTaskScheduler) : vulnerability -> {
            return false;
        });
    }

    Reporter(Predicate<Vulnerability> predicate) {
        this.duplicated = predicate;
    }

    public void report(@Nullable AgentSpan agentSpan, @Nonnull Vulnerability vulnerability) {
        if (this.duplicated.test(vulnerability)) {
            return;
        }
        if (agentSpan != null) {
            reportVulnerability(agentSpan, vulnerability);
            return;
        }
        AgentSpan startNewSpan = startNewSpan();
        try {
            AgentScope activateSpan = tracer().activateSpan(startNewSpan, ScopeSource.MANUAL);
            Throwable th = null;
            try {
                try {
                    vulnerability.getLocation().updateSpan(startNewSpan.getSpanId());
                    reportVulnerability(startNewSpan, vulnerability);
                    if (activateSpan != null) {
                        if (0 != 0) {
                            try {
                                activateSpan.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            activateSpan.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } finally {
            startNewSpan.finish();
        }
    }

    private void reportVulnerability(@Nonnull AgentSpan agentSpan, @Nonnull Vulnerability vulnerability) {
        IastRequestContext iastRequestContext;
        RequestContext requestContext = agentSpan.getRequestContext();
        if (requestContext == null || (iastRequestContext = (IastRequestContext) requestContext.getData(RequestContextSlot.IAST)) == null) {
            return;
        }
        VulnerabilityBatch vulnerabilityBatch = iastRequestContext.getVulnerabilityBatch();
        vulnerabilityBatch.add(vulnerability);
        if (iastRequestContext.getAndSetSpanDataIsSet()) {
            return;
        }
        TraceSegment traceSegment = requestContext.getTraceSegment();
        traceSegment.setDataTop("iast", vulnerabilityBatch);
        traceSegment.setTagTop(DDTags.MANUAL_KEEP, true);
    }

    private AgentSpan startNewSpan() {
        AgentSpan spanType = tracer().startSpan("iast", "vulnerability", new TagContext().withRequestContextDataIast(new IastRequestContext(TaintedObjects.NoOp.INSTANCE))).setSpanType((CharSequence) InternalSpanTypes.VULNERABILITY);
        IastTag.ANALYZED.setTag(spanType);
        return spanType;
    }

    protected AgentTracer.TracerAPI tracer() {
        return AgentTracer.get();
    }
}
