package io.joern.scanners.java;

import io.joern.console.QueryBundle;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.Cpg;
import io.shiftleft.codepropertygraph.generated.traversal.MethodParameterInTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.MethodTraversalExtGen$;
import io.shiftleft.console.Query;
import io.shiftleft.console.Query$;
import io.shiftleft.console.TraversalWithStrRep;
import io.shiftleft.dataflowengineoss.language.ExtendedCfgNode$;
import io.shiftleft.dataflowengineoss.queryengine.EngineContext;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.types.propertyaccessors.EvalTypeAccessors$;
import io.shiftleft.semanticcpg.language.types.structure.MethodTraversal$;
import overflowdb.traversal.Traversal;
import overflowdb.traversal.package$;
import scala.Predef$;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.runtime.ScalaRunTime$;

/* compiled from: SQLInjection.scala */
/* loaded from: input_file:io/joern/scanners/java/SQLInjection$.class */
public final class SQLInjection$ implements QueryBundle {
    public static final SQLInjection$ MODULE$ = new SQLInjection$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    public ICallResolver resolver() {
        return resolver;
    }

    public Query sqlInjection(EngineContext engineContext) {
        return Query$.MODULE$.make("sql-injection", Crew$.MODULE$.niko(), "SQL injection: A parameter is used in an insecure database API call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n        |An attacker controlled parameter is used in an insecure database API call.\n        |\n        |If the parameter is not validated and sanitized, this is a SQL injection.\n        |")), 5.0d, new TraversalWithStrRep(cpg -> {
            return package$.MODULE$.iterableToTraversal(ExtendedCfgNode$.MODULE$.reachableBy$extension(io.shiftleft.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(sink$1(cpg), Predef$.MODULE$.$conforms()), ScalaRunTime$.MODULE$.wrapRefArray(new Traversal[]{source$1(cpg)}), engineContext).l());
        }, "cpg =>\n        def source =\n          cpg.method\n            .where(_.methodReturn.evalType(\"org.springframework.web.servlet.ModelAndView\"))\n            .parameter\n\n        def sink = cpg.method.name(\"query\").parameter.order(1)\n\n        sink.reachableBy(source).l"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.sqlInjection(), QueryTags$.MODULE$.m4default()})), Query$.MODULE$.make$default$8());
    }

    private static final Traversal source$1(Cpg cpg) {
        return MethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethod(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStarters(cpg).method().where(traversal -> {
            return EvalTypeAccessors$.MODULE$.evalType$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toEvalTypeAccessorsMethodReturn(MethodTraversal$.MODULE$.methodReturn$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethod(traversal, Predef$.MODULE$.$conforms())), Predef$.MODULE$.$conforms()), "org.springframework.web.servlet.ModelAndView");
        }), Predef$.MODULE$.$conforms()));
    }

    private static final Traversal sink$1(Cpg cpg) {
        return MethodParameterInTraversalExtGen$.MODULE$.order$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodParameterInTraversalExtGen(MethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethod(MethodTraversalExtGen$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodTraversalExtGen(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStarters(cpg).method()), "query"), Predef$.MODULE$.$conforms()))), 1);
    }

    private SQLInjection$() {
    }
}
