package io.joern.scanners.kotlin;

import io.joern.console.CodeSnippet;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.nodemethods.ExtendedCfgNodeMethods$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.dataflowengineoss.queryengine.EngineContext$;
import io.joern.dataflowengineoss.semanticsloader.Semantics$;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.nodes.Call;
import io.shiftleft.codepropertygraph.generated.nodes.TypeDecl;
import io.shiftleft.codepropertygraph.generated.traversal.CallTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.MethodTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.TypeDeclTraversalExtGen$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.callgraphextension.MethodTraversal$;
import io.shiftleft.semanticcpg.language.nodemethods.CallMethods$;
import io.shiftleft.semanticcpg.language.package$;
import io.shiftleft.semanticcpg.language.types.expressions.generalizations.ExpressionTraversal$;
import io.shiftleft.semanticcpg.language.types.structure.TypeDeclTraversal$;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.collection.immutable.Seq;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;

/* compiled from: NetworkCommunication.scala */
/* loaded from: input_file:io/joern/scanners/kotlin/NetworkCommunication$.class */
public final class NetworkCommunication$ implements QueryBundle {
    public static final NetworkCommunication$ MODULE$ = new NetworkCommunication$();
    private static final EngineContext engineContext = new EngineContext(Semantics$.MODULE$.empty(), EngineContext$.MODULE$.apply$default$2());
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    public EngineContext engineContext() {
        return engineContext;
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query nopTrustManagerUsed() {
        return Query$.MODULE$.make("usage-of-nop-trust-manager", Crew$.MODULE$.claudiu(), "NOP trust manager used to initialize SSL context", "Traffic sent using this context can be intercepted by attackers on the same network", 5.0d, new TraversalWithStrRep(cpg -> {
            Seq seq = TypeDeclTraversalExtGen$.MODULE$.fullName$extension(package$.MODULE$.toTypeDeclTraversalExtGen(TypeDeclTraversalExtGen$.MODULE$.isExternal$extension(package$.MODULE$.toTypeDeclTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).typeDecl()), false).filter(typeDecl -> {
                return BoxesRunTime.boxToBoolean($anonfun$nopTrustManagerUsed$2(typeDecl));
            }).filter(typeDecl2 -> {
                return BoxesRunTime.boxToBoolean($anonfun$nopTrustManagerUsed$3(typeDecl2));
            }))).toSeq();
            return sslCtxInitCalls$1(cpg).filter(call -> {
                return BoxesRunTime.boxToBoolean($anonfun$nopTrustManagerUsed$4(cpg, seq, call));
            });
        }, "cpg =>\n        val nopTrustManagerFullNames =\n          cpg.typeDecl\n            .isExternal(false)\n            .filter(_.inheritsFromTypeFullName.contains(\"javax.net.ssl.X509TrustManager\"))\n            .filter { node =>\n              node.method.nameExact(\"checkClientTrusted\").block.expressionDown.isEmpty ||\n              node.method.nameExact(\"checkServerTrusted\").block.expressionDown.isEmpty\n            }\n            .fullName\n            .toSeq\n        def nopTrustManagersAllocs =\n          cpg.method.fullNameExact(Operators.alloc).callIn.typeFullNameExact(nopTrustManagerFullNames: _*)\n        def sslCtxInitCalls = cpg.method\n          .fullNameExact(\"javax.net.ssl.SSLContext.init:void(kotlin.Array,kotlin.Array,java.security.SecureRandom)\")\n          .callIn\n        sslCtxInitCalls.filter { call =>\n          call.argument(2).reachableBy(nopTrustManagersAllocs).nonEmpty\n        }"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.android(), QueryTags$.MODULE$.insecureNetworkTraffic()})), Query$.MODULE$.make$default$8(), new MultiFileCodeExamples((List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |package mypkg\n                |\n                |import javax.net.ssl.SSLContext\n                |import javax.net.ssl.TrustManager\n                |import javax.net.ssl.X509TrustManager\n                |\n                |class NOPTrustManager : X509TrustManager {\n                |    override fun getAcceptedIssuers(): Array<X509Certificate>? = null\n                |    override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |    override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |}\n                |\n                |fun main() {\n                |    val acceptAllTrustManager = NOPTrustManager()\n                |    val trustAllCerts = arrayOf<TrustManager>(acceptAllTrustManager)\n                |    val sslContext = SSLContext.getInstance(\"SSL\")\n                |    sslContext.init(null, trustAllCerts, java.security.SecureRandom())\n                |}\n                |")), "App.kt")}))})), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |package mypkg\n                |\n                |import javax.net.ssl.SSLContext\n                |import javax.net.ssl.TrustManager\n                |import javax.net.ssl.X509TrustManager\n                |\n                |# nop trust manager defined but not used\n                |class NOPTrustManager : X509TrustManager {\n                |    override fun getAcceptedIssuers(): Array<X509Certificate>? = null\n                |    override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |    override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |}\n                |")), "App.kt")}))}))));
    }

    public static final /* synthetic */ boolean $anonfun$nopTrustManagerUsed$2(TypeDecl typeDecl) {
        return typeDecl.inheritsFromTypeFullName().contains("javax.net.ssl.X509TrustManager");
    }

    public static final /* synthetic */ boolean $anonfun$nopTrustManagerUsed$3(TypeDecl typeDecl) {
        return ExpressionTraversal$.MODULE$.expressionDown$extension(package$.MODULE$.toExpression(MethodTraversalExtGen$.MODULE$.block$extension(package$.MODULE$.toMethodTraversalExtGen(MethodTraversalExtGen$.MODULE$.nameExact$extension(package$.MODULE$.toMethodTraversalExtGen(TypeDeclTraversal$.MODULE$.method$extension(package$.MODULE$.singleToTypeDeclTrav(typeDecl))), "checkClientTrusted"))))).isEmpty() || ExpressionTraversal$.MODULE$.expressionDown$extension(package$.MODULE$.toExpression(MethodTraversalExtGen$.MODULE$.block$extension(package$.MODULE$.toMethodTraversalExtGen(MethodTraversalExtGen$.MODULE$.nameExact$extension(package$.MODULE$.toMethodTraversalExtGen(TypeDeclTraversal$.MODULE$.method$extension(package$.MODULE$.singleToTypeDeclTrav(typeDecl))), "checkServerTrusted"))))).isEmpty();
    }

    private static final Iterator nopTrustManagersAllocs$1(Cpg cpg, Seq seq) {
        return CallTraversalExtGen$.MODULE$.typeFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(MethodTraversal$.MODULE$.callIn$extension(package$.MODULE$.iterOnceToMethodTravCallGraphExt(MethodTraversalExtGen$.MODULE$.fullNameExact$extension(package$.MODULE$.toMethodTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).method()), "<operator>.alloc")), MODULE$.resolver())), seq);
    }

    private static final Iterator sslCtxInitCalls$1(Cpg cpg) {
        return MethodTraversal$.MODULE$.callIn$extension(package$.MODULE$.iterOnceToMethodTravCallGraphExt(MethodTraversalExtGen$.MODULE$.fullNameExact$extension(package$.MODULE$.toMethodTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).method()), "javax.net.ssl.SSLContext.init:void(kotlin.Array,kotlin.Array,java.security.SecureRandom)")), MODULE$.resolver());
    }

    public static final /* synthetic */ boolean $anonfun$nopTrustManagerUsed$4(Cpg cpg, Seq seq, Call call) {
        return ExtendedCfgNodeMethods$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.cfgNodeToMethodsQp(CallMethods$.MODULE$.argument$extension(package$.MODULE$.toCallMethods(call), 2)), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[]{nopTrustManagersAllocs$1(cpg, seq)}), MODULE$.engineContext()).nonEmpty();
    }

    private NetworkCommunication$() {
    }
}
