package io.joern.scanners.kotlin;

import io.joern.console.CodeSnippet$;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.MultiFileCodeExamples$;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.language.package$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.dataflowengineoss.queryengine.EngineContext$;
import io.joern.dataflowengineoss.semanticsloader.Semantics$;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversal.MethodParameterInTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.MethodTraversalExtGen$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.callgraphextension.MethodTraversal$;
import io.shiftleft.semanticcpg.language.nodemethods.CallMethods$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: PathTraversals.scala */
/* loaded from: input_file:io/joern/scanners/kotlin/PathTraversals$.class */
public final class PathTraversals$ implements QueryBundle, Serializable {
    public static final PathTraversals$ MODULE$ = new PathTraversals$();
    private static final EngineContext engineContext = EngineContext$.MODULE$.apply(Semantics$.MODULE$.empty(), EngineContext$.MODULE$.$lessinit$greater$default$2());
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private PathTraversals$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(PathTraversals$.class);
    }

    public EngineContext engineContext() {
        return engineContext;
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query unzipDirectoryTraversal() {
        String claudiu = Crew$.MODULE$.claudiu();
        TraversalWithStrRep apply = TraversalWithStrRep$.MODULE$.apply(cpg -> {
            List colonVar = new $colon.colon("org.apache.commons.compress.archivers.ArchiveEntry", new $colon.colon("java.util.zip.ZipEntry", Nil$.MODULE$));
            return fileOutStreamInit$1(cpg).filter(call -> {
                return ExtendedCfgNode$.MODULE$.reachableByFlows$extension(package$.MODULE$.toExtendedCfgNode(CallMethods$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toCallMethods(call))), uncheckedZipEntryParameters$1(cpg, colonVar), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext()).nonEmpty();
            });
        }, "{ cpg =>\n        val zipEntryTypeFullNames =\n          List(\"org.apache.commons.compress.archivers.ArchiveEntry\", \"java.util.zip.ZipEntry\")\n        def zipEntryParams =\n          cpg.method.parameter.typeFullNameExact(zipEntryTypeFullNames*)\n        def fileOutStreamInit =\n          cpg.method.fullNameExact(\"java.io.FileOutputStream.<init>:void(java.io.File)\").callIn\n        def pathStartsWithCalls =\n          cpg.method.fullNameExact(\"java.nio.file.Path.startsWith:boolean(java.nio.file.Path)\").callIn\n\n        def uncheckedZipEntryParameters = zipEntryParams.filter { param =>\n          pathStartsWithCalls.argument(0).reachableByFlows(param).isEmpty\n        }\n        fileOutStreamInit.filter { call =>\n          call.argument.reachableByFlows(uncheckedZipEntryParameters).nonEmpty\n        }\n      }");
        List colonVar = new $colon.colon(QueryTags$.MODULE$.pathTraversal(), new $colon.colon(QueryTags$.MODULE$.android(), Nil$.MODULE$));
        MultiFileCodeExamples apply2 = MultiFileCodeExamples$.MODULE$.apply(new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |import java.io.*\n                |import java.nio.file.Paths\n                |import java.util.zip.ZipFile\n                |\n                |fun unzip(zipFilePath: File, destDirectory: String) {\n                |    val BUFFER_SIZE = 4096\n                |    ZipFile(zipFilePath).use { zip ->\n                |        zip.entries().asSequence().forEach { entry ->\n                |            val zipEntryInputStream = zip.getInputStream(entry)\n                |\n                |            val fileForEntry = File(destDirectory, entry.getName())\n                |            val entryOutStream = FileOutputStream(fileForEntry)\n                |\n                |            val bos = BufferedOutputStream(entryOutStream)\n                |            val bytesIn = ByteArray(BUFFER_SIZE)\n                |            var read: Int\n                |            while (zipEntryInputStream.read(bytesIn).also { read = it } != -1) {\n                |                bos.write(bytesIn, 0, read)\n                |            }\n                |            bos.close()\n                |\n                |            zipEntryInputStream.close()\n                |        }\n                |    }\n                |}\n                |\n                |fun main() {\n                |    // to make a slippery zip:\n                |    // 1. create a file /tmp/zip/extract/slip.txt\n                |    // 2. inside /tmp/zip/extract run `zip slip.zip ../slip.txt`\n                |    val zp = File(\"/tmp/zip/slip.zip\")\n                |    unzip(zp, \"/tmp/zip/extract\")\n                |}\n                |")), "Positive.kt"), Nil$.MODULE$), Nil$.MODULE$), new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n              |import java.io.*\n              |import java.nio.file.Paths\n              |import java.util.zip.ZipFile\n              |\n              |fun unzip(zipFilePath: File, destDirectory: String) {\n              |    val BUFFER_SIZE = 4096\n              |    ZipFile(zipFilePath).use { zip ->\n              |        zip.entries().asSequence().forEach { entry ->\n              |            val zipEntryInputStream = zip.getInputStream(entry)\n              |\n              |            val fileForEntry = File(destDirectory, entry.getName())\n              |            if (!fileForEntry.toPath().normalize().startsWith(Paths.get(destDirectory))) {\n              |                throw Exception(\"Whatever's in this zip, it's not good.\")\n              |            }\n              |            val entryOutStream = FileOutputStream(fileForEntry)\n              |\n              |            val bos = BufferedOutputStream(entryOutStream)\n              |            val bytesIn = ByteArray(BUFFER_SIZE)\n              |            var read: Int\n              |            while (zipEntryInputStream.read(bytesIn).also { read = it } != -1) {\n              |                bos.write(bytesIn, 0, read)\n              |            }\n              |            bos.close()\n              |\n              |            zipEntryInputStream.close()\n              |        }\n              |    }\n              |}\n              |")), "Negative.kt"), Nil$.MODULE$), Nil$.MODULE$));
        return Query$.MODULE$.make("unzip-directory-traversal", claudiu, "Zip entries not checked before unzipping", "-", 4.0d, apply, colonVar, Query$.MODULE$.make$default$8(), apply2);
    }

    private final Iterator zipEntryParams$1(Cpg cpg, List list) {
        return MethodParameterInTraversalExtGen$.MODULE$.typeFullNameExact$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodParameterInTraversalExtGen(MethodTraversalExtGen$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodTraversalExtGen(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStarters(cpg).method()))), list);
    }

    private final Iterator fileOutStreamInit$1(Cpg cpg) {
        return MethodTraversal$.MODULE$.callIn$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToMethodTravCallGraphExt(MethodTraversalExtGen$.MODULE$.fullNameExact$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodTraversalExtGen(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStarters(cpg).method()), "java.io.FileOutputStream.<init>:void(java.io.File)")), resolver());
    }

    private final Iterator pathStartsWithCalls$1(Cpg cpg) {
        return MethodTraversal$.MODULE$.callIn$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToMethodTravCallGraphExt(MethodTraversalExtGen$.MODULE$.fullNameExact$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toMethodTraversalExtGen(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStarters(cpg).method()), "java.nio.file.Path.startsWith:boolean(java.nio.file.Path)")), resolver());
    }

    private final Iterator uncheckedZipEntryParameters$1(Cpg cpg, List list) {
        return zipEntryParams$1(cpg, list).filter(methodParameterIn -> {
            return ExtendedCfgNode$.MODULE$.reachableByFlows$extension(package$.MODULE$.toExtendedCfgNode(CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(pathStartsWithCalls$1(cpg)), Predef$.MODULE$.int2Integer(0))), io.shiftleft.semanticcpg.language.package$.MODULE$.toTraversal(methodParameterIn), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext()).isEmpty();
        });
    }
}
