package io.joern.scanners.android;

import io.joern.console.CodeExamples;
import io.joern.console.CodeSnippet;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.nodes.ConfigFile;
import io.shiftleft.codepropertygraph.generated.traversal.CallTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.ConfigFileTraversalExtGen$;
import io.shiftleft.semanticcpg.language.package$;
import overflowdb.traversal.Traversal;
import overflowdb.traversal.Traversal$;
import scala.MatchError;
import scala.None$;
import scala.Predef$;
import scala.Some;
import scala.collection.ArrayOps$;
import scala.collection.IterableOps;
import scala.collection.Seq;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.runtime.BoxesRunTime;
import scala.runtime.LazyRef;
import scala.runtime.ScalaRunTime$;
import scala.util.matching.Regex;
import scala.xml.Elem;
import scala.xml.Node;

/* compiled from: AndroidMisconfigurations.scala */
/* loaded from: input_file:io/joern/scanners/android/AndroidMisconfigurations$.class */
public final class AndroidMisconfigurations$ implements QueryBundle {
    public static final AndroidMisconfigurations$ MODULE$ = new AndroidMisconfigurations$();

    @q
    public Query manifestXmlBackupEnabled() {
        return Query$.MODULE$.make("manifest-backup-enabled", Crew$.MODULE$.claudiu(), "Backups enabled in Android Manifest File", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |Backup flag is set to true in AndroidManifest.xml which means that the application data can be retrieved via adb.\n          |")), 3.0d, new TraversalWithStrRep(cpg -> {
            LazyRef lazyRef = new LazyRef();
            String str = "http://schemas.android.com/apk/res/android";
            return ((Traversal) package$.MODULE$.toNodeTypeStarters(cpg).configFile().filter(configFile -> {
                return BoxesRunTime.boxToBoolean($anonfun$manifestXmlBackupEnabled$2(configFile));
            })).where(traversal -> {
                return (Traversal) ((IterableOps) ((IterableOps) ((IterableOps) ((IterableOps) ConfigFileTraversalExtGen$.MODULE$.content$extension(package$.MODULE$.toConfigFileTraversalExtGen(traversal)).flatMap(str2 -> {
                    return this.SecureXmlParsing$2(lazyRef).parseXml(str2);
                })).filter(elem -> {
                    return BoxesRunTime.boxToBoolean($anonfun$manifestXmlBackupEnabled$5(elem));
                })).flatMap(elem2 -> {
                    return elem2.child();
                })).filter(node -> {
                    return BoxesRunTime.boxToBoolean($anonfun$manifestXmlBackupEnabled$7(node));
                })).filter(node2 -> {
                    return BoxesRunTime.boxToBoolean($anonfun$manifestXmlBackupEnabled$8(str, node2));
                });
            });
        }, "cpg =>\n        import javax.xml.parsers.SAXParserFactory\n        import scala.xml.{Elem, XML}\n\n        object SecureXmlParsing {\n          def parseXml(content: String): Option[Elem] = {\n            try {\n              val spf = SAXParserFactory.newInstance()\n\n              spf.setValidating(false)\n              spf.setNamespaceAware(false)\n              spf.setXIncludeAware(false)\n              spf.setFeature(\"http://xml.org/sax/features/validation\", false)\n              spf.setFeature(\"http://apache.org/xml/features/disallow-doctype-decl\", false)\n              spf.setFeature(\"http://apache.org/xml/features/nonvalidating/load-dtd-grammar\", false)\n              spf.setFeature(\"http://apache.org/xml/features/nonvalidating/load-external-dtd\", false)\n              spf.setFeature(\"http://xml.org/sax/features/external-parameter-entities\", false)\n              spf.setFeature(\"http://xml.org/sax/features/external-general-entities\", false)\n\n              Some(XML.withSAXParser(spf.newSAXParser()).loadString(content))\n            } catch {\n              case _: Throwable =>\n                None\n            }\n          }\n        }\n\n        val androidUri = \"http://schemas.android.com/apk/res/android\"\n        cpg.configFile\n          .filter(_.name.endsWith(\"AndroidManifest.xml\"))\n          .where { config =>\n            config.content\n              .flatMap(SecureXmlParsing.parseXml)\n              .filter(_.label == \"manifest\")\n              .flatMap(_.child)\n              .filter(_.label == \"application\")\n              .filter { node =>\n                val isAllowBackup = node.attribute(androidUri, \"allowBackup\")\n                isAllowBackup match {\n                  case Some(n) => n.toString == \"true\"\n                  case None    => false\n                }\n              }\n          }"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.android(), QueryTags$.MODULE$.misconfiguration()})), new CodeExamples((List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|<?xml version=\"1.0\" encoding=\"utf-8\"?>\n            |<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n            |    package=\"com.example.slimandroid\">\n            |\n            |    <application\n            |        android:allowBackup=\"true\"\n            |        android:label=\"SlimAndroid\"\n            |        android:supportsRtl=\"true\"\n            |        android:theme=\"@style/Theme.AppCompat\">\n            |        <activity\n            |            android:name=\".MainActivity\"\n            |            android:exported=\"true\">\n            |            <intent-filter>\n            |                <action android:name=\"android.intent.action.MAIN\" />\n            |                <category android:name=\"android.intent.category.LAUNCHER\" />\n            |            </intent-filter>\n            |        </activity>\n            |    </application>\n            |</manifest>"))})), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|<?xml version=\"1.0\" encoding=\"utf-8\"?>\n           |<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n           |    package=\"com.example.slimandroid\">\n           |\n           |    <application\n           |        android:allowBackup=\"false\"\n           |        android:label=\"SlimAndroid\"\n           |        android:supportsRtl=\"true\"\n           |        android:theme=\"@style/Theme.AppCompat\">\n           |        <activity\n           |            android:name=\".MainActivity\"\n           |            android:exported=\"true\">\n           |            <intent-filter>\n           |                <action android:name=\"android.intent.action.MAIN\" />\n           |                <category android:name=\"android.intent.category.LAUNCHER\" />\n           |            </intent-filter>\n           |        </activity>\n           |    </application>\n           |</manifest>"))}))), Query$.MODULE$.make$default$9());
    }

    @q
    public Query tapJacking() {
        return Query$.MODULE$.make("tap-jacking", Crew$.MODULE$.claudiu(), "Tap Jacking: target SDK <23 specified in `build.gradle` ", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |Android apps targeting API levels 22 and lower have the SYSTEM_ALERT_WINDOW permission enabled by default.\n          |This allows apps to draw overlays over other apps. Attackers can use this option to create an overlay that\n          |would essentially hijack user taps and use it to obtain sensitive user information.")), 6.0d, new TraversalWithStrRep(cpg -> {
            Regex r$extension = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("^[^t]+targetSdk[^0-9]+(\\d+)"));
            int i = 23;
            return (Traversal) groovyBuildGradleFiles$1(cpg).filter(configFile -> {
                return BoxesRunTime.boxToBoolean($anonfun$tapJacking$2(r$extension, i, configFile));
            });
        }, "cpg =>\n        def groovyBuildGradleFiles = cpg.configFile.name(\".*build.gradle\")\n        val targetSdkVersionMatch  = \"\"\"^[^t]+targetSdk[^0-9]+(\\d+)\"\"\".r\n        val firstSecureSdkVersion  = 23\n        groovyBuildGradleFiles.filter { gradleFile =>\n          gradleFile.content\n            .split('\\n')\n            .exists { line =>\n              targetSdkVersionMatch\n                .findAllIn(line)\n                .matchData\n                .exists { m =>\n                  m.groupCount > 0 && m.group(1).toInt < firstSecureSdkVersion\n                }\n            }\n        }"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.android(), QueryTags$.MODULE$.misconfiguration()})), Query$.MODULE$.make$default$8(), new MultiFileCodeExamples((List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet("fun main() = println(0xbadf00d)", "SomeActivity.kt"), new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n              |plugins {\n              |    id 'com.android.application'\n              |    id 'kotlin-android'\n              |}\n              |\n              |android {\n              |    compileSdk 22\n              |    defaultConfig {\n              |        applicationId \"com.example.slimandroid\"\n              |        minSdk 22\n              |        targetSdk 22\n              |        versionCode 1\n              |        versionName \"1.0\"\n              |    }\n              |}\n              |")), "build.gradle")}))})), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet("fun main() = println(0xbadf00d)", "SomeActivity.kt"), new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |plugins {\n                |    id 'com.android.application'\n                |    id 'kotlin-android'\n                |}\n                |\n                |android {\n                |    compileSdk 23\n                |    defaultConfig {\n                |        applicationId \"com.example.slimandroid\"\n                |        minSdk 23\n                |        targetSdk 23\n                |        versionCode 1\n                |        versionName \"1.0\"\n                |    }\n                |}\n                |")), "build.gradle")}))}))));
    }

    @q
    public Query vulnerablePRNGOnAndroidv16_18(EngineContext engineContext) {
        return Query$.MODULE$.make("vuln-prng-android-v16_18", Crew$.MODULE$.dave(), "Vulnerable underlying PRNG used on currently set version of Android", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |The underlying PRNG is vulnerable on Android v16-18. If the application is implemented by utilizing\n          |org.webkit package and a key exchange scheme is RSA, the PreMasterSecret of the first SSL session\n          |can be recovered using the restored PRNG states.\n          |\n          |For more information, see \"Predictability of Android OpenSSL's Pseudo random number generator\" by S.H. Kim \n          |et. al.\n          |")), 6.0d, new TraversalWithStrRep(cpg -> {
            Regex r$extension = StringOps$.MODULE$.r$extension(Predef$.MODULE$.augmentString("^[^t]+minSdk[^0-9]+(\\d+)"));
            return ((defaultSecRand$1(cpg).nonEmpty() || ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), ScalaRunTime$.MODULE$.wrapRefArray(new Traversal[]{source$1(cpg)}), engineContext).nonEmpty()) && satisfiesConfig$1(r$extension, 16, 18, cpg).nonEmpty()) ? satisfiesConfig$1(r$extension, 16, 18, cpg) : Traversal$.MODULE$.empty();
        }, "cpg =>\n        def groovyBuildGradleFiles = cpg.configFile.name(\".*build.gradle\")\n\n        val targetSdkVersionMatch = \"\"\"^[^t]+minSdk[^0-9]+(\\d+)\"\"\".r\n        val insecureSdkVersionMin = 16\n        val insecureSdkVersionMax = 18\n        def satisfiesConfig = groovyBuildGradleFiles.filter { gradleFile =>\n          gradleFile.content\n            .split('\\n')\n            .exists { line =>\n              targetSdkVersionMatch\n                .findAllIn(line)\n                .matchData\n                .exists { m =>\n                  m.groupCount > 0 &&\n                  m.group(1).toInt >= insecureSdkVersionMin\n                  m.group(1).toInt <= insecureSdkVersionMax\n                }\n            }\n        }\n\n        def source         = cpg.literal(\"\\\".*PRNG.*\\\"\")\n        def sink           = cpg.call.code(\".*SecureRandom.getInstance.*\")\n        def defaultSecRand = cpg.call.methodFullNameExact(\"java.security.SecureRandom.<init>:void()\")\n        if (\n          (defaultSecRand.nonEmpty || sink.reachableBy(source).nonEmpty) &&\n          satisfiesConfig.nonEmpty\n        )\n          satisfiesConfig\n        else\n          Traversal.empty"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.android(), QueryTags$.MODULE$.cryptography(), QueryTags$.MODULE$.misconfiguration()})), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    private static final /* synthetic */ AndroidMisconfigurations$SecureXmlParsing$1$ SecureXmlParsing$lzycompute$1(LazyRef lazyRef) {
        AndroidMisconfigurations$SecureXmlParsing$1$ androidMisconfigurations$SecureXmlParsing$1$;
        synchronized (lazyRef) {
            androidMisconfigurations$SecureXmlParsing$1$ = lazyRef.initialized() ? (AndroidMisconfigurations$SecureXmlParsing$1$) lazyRef.value() : (AndroidMisconfigurations$SecureXmlParsing$1$) lazyRef.initialize(new AndroidMisconfigurations$SecureXmlParsing$1$());
        }
        return androidMisconfigurations$SecureXmlParsing$1$;
    }

    private final AndroidMisconfigurations$SecureXmlParsing$1$ SecureXmlParsing$2(LazyRef lazyRef) {
        return lazyRef.initialized() ? (AndroidMisconfigurations$SecureXmlParsing$1$) lazyRef.value() : SecureXmlParsing$lzycompute$1(lazyRef);
    }

    public static final /* synthetic */ boolean $anonfun$manifestXmlBackupEnabled$2(ConfigFile configFile) {
        return configFile.name().endsWith("AndroidManifest.xml");
    }

    public static final /* synthetic */ boolean $anonfun$manifestXmlBackupEnabled$5(Elem elem) {
        String label = elem.label();
        return label != null ? label.equals("manifest") : "manifest" == 0;
    }

    public static final /* synthetic */ boolean $anonfun$manifestXmlBackupEnabled$7(Node node) {
        String label = node.label();
        return label != null ? label.equals("application") : "application" == 0;
    }

    public static final /* synthetic */ boolean $anonfun$manifestXmlBackupEnabled$8(String str, Node node) {
        boolean z;
        Some attribute = node.attribute(str, "allowBackup");
        if (attribute instanceof Some) {
            String seq = ((Seq) attribute.value()).toString();
            z = seq != null ? seq.equals("true") : "true" == 0;
        } else {
            if (!None$.MODULE$.equals(attribute)) {
                throw new MatchError(attribute);
            }
            z = false;
        }
        return z;
    }

    private static final Traversal groovyBuildGradleFiles$1(Cpg cpg) {
        return ConfigFileTraversalExtGen$.MODULE$.name$extension(package$.MODULE$.toConfigFileTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).configFile()), ".*build.gradle");
    }

    public static final /* synthetic */ boolean $anonfun$tapJacking$4(int i, Regex.Match match) {
        return match.groupCount() > 0 && StringOps$.MODULE$.toInt$extension(Predef$.MODULE$.augmentString(match.group(1))) < i;
    }

    public static final /* synthetic */ boolean $anonfun$tapJacking$3(Regex regex, int i, String str) {
        return regex.findAllIn(str).matchData().exists(match -> {
            return BoxesRunTime.boxToBoolean($anonfun$tapJacking$4(i, match));
        });
    }

    public static final /* synthetic */ boolean $anonfun$tapJacking$2(Regex regex, int i, ConfigFile configFile) {
        return ArrayOps$.MODULE$.exists$extension(Predef$.MODULE$.refArrayOps(StringOps$.MODULE$.split$extension(Predef$.MODULE$.augmentString(configFile.content()), '\n')), str -> {
            return BoxesRunTime.boxToBoolean($anonfun$tapJacking$3(regex, i, str));
        });
    }

    private static final Traversal groovyBuildGradleFiles$2(Cpg cpg) {
        return ConfigFileTraversalExtGen$.MODULE$.name$extension(package$.MODULE$.toConfigFileTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).configFile()), ".*build.gradle");
    }

    public static final /* synthetic */ boolean $anonfun$vulnerablePRNGOnAndroidv16_18$4(int i, int i2, Regex.Match match) {
        if (match.groupCount() <= 0 || StringOps$.MODULE$.toInt$extension(Predef$.MODULE$.augmentString(match.group(1))) < i) {
        }
        return StringOps$.MODULE$.toInt$extension(Predef$.MODULE$.augmentString(match.group(1))) <= i2;
    }

    public static final /* synthetic */ boolean $anonfun$vulnerablePRNGOnAndroidv16_18$3(Regex regex, int i, int i2, String str) {
        return regex.findAllIn(str).matchData().exists(match -> {
            return BoxesRunTime.boxToBoolean($anonfun$vulnerablePRNGOnAndroidv16_18$4(i, i2, match));
        });
    }

    public static final /* synthetic */ boolean $anonfun$vulnerablePRNGOnAndroidv16_18$2(Regex regex, int i, int i2, ConfigFile configFile) {
        return ArrayOps$.MODULE$.exists$extension(Predef$.MODULE$.refArrayOps(StringOps$.MODULE$.split$extension(Predef$.MODULE$.augmentString(configFile.content()), '\n')), str -> {
            return BoxesRunTime.boxToBoolean($anonfun$vulnerablePRNGOnAndroidv16_18$3(regex, i, i2, str));
        });
    }

    private static final Traversal satisfiesConfig$1(Regex regex, int i, int i2, Cpg cpg) {
        return (Traversal) groovyBuildGradleFiles$2(cpg).filter(configFile -> {
            return BoxesRunTime.boxToBoolean($anonfun$vulnerablePRNGOnAndroidv16_18$2(regex, i, i2, configFile));
        });
    }

    private static final Traversal source$1(Cpg cpg) {
        return package$.MODULE$.toNodeTypeStarters(cpg).literal("\".*PRNG.*\"");
    }

    private static final Traversal sink$1(Cpg cpg) {
        return CallTraversalExtGen$.MODULE$.code$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), ".*SecureRandom.getInstance.*");
    }

    private static final Traversal defaultSecRand$1(Cpg cpg) {
        return CallTraversalExtGen$.MODULE$.methodFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "java.security.SecureRandom.<init>:void()");
    }

    private AndroidMisconfigurations$() {
    }
}
