package io.joern.scanners.java;

import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversal.CallTraversalExtGen$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.package$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import java.io.Serializable;
import overflowdb.traversal.TraversalLogicExt$;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: CrossSiteScripting.scala */
/* loaded from: input_file:io/joern/scanners/java/CrossSiteScripting$.class */
public final class CrossSiteScripting$ implements QueryBundle, Serializable {
    public static final CrossSiteScripting$ MODULE$ = new CrossSiteScripting$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private CrossSiteScripting$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(CrossSiteScripting$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query xssServlet(EngineContext engineContext) {
        return Query$.MODULE$.make("xss-servlet", Crew$.MODULE$.malte(), "Reflected Cross-Site Scripting: Servlet Returns HTTP Input in Response", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n        |A servlet returns a URL parameter as part of the response.\n        |\n        |Unless the parameter is escaped or validated in-between, this is a reflected XSS vulnerability.\n        |")), 8.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(sinks$1(cpg, engineContext)), iterator -> {
                return ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(iterator), Predef$.MODULE$.int2Integer(1))), source$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
            });
        }, "{ cpg =>\n        def source =\n          cpg.call.methodFullNameExact(\n            \"javax.servlet.http.HttpServletRequest.getParameter:java.lang.String(java.lang.String)\"\n          )\n\n        def responseWriter =\n          cpg.call.methodFullNameExact(\"javax.servlet.http.HttpServletResponse.getWriter:java.io.PrintWriter()\")\n\n        def sinks =\n          cpg.call\n            .methodFullNameExact(\"java.io.PrintWriter.println:void(java.lang.String)\")\n            .where(_.argument(0).reachableBy(responseWriter))\n\n        sinks.where(_.argument(1).reachableBy(source))\n      }"), new $colon.colon(QueryTags$.MODULE$.xss(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    private final Iterator source$1(Cpg cpg) {
        return CallTraversalExtGen$.MODULE$.methodFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "javax.servlet.http.HttpServletRequest.getParameter:java.lang.String(java.lang.String)");
    }

    private final Iterator responseWriter$1(Cpg cpg) {
        return CallTraversalExtGen$.MODULE$.methodFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "javax.servlet.http.HttpServletResponse.getWriter:java.io.PrintWriter()");
    }

    private final Iterator sinks$1(Cpg cpg, EngineContext engineContext) {
        return TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(CallTraversalExtGen$.MODULE$.methodFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "java.io.PrintWriter.println:void(java.lang.String)")), iterator -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(iterator), Predef$.MODULE$.int2Integer(0))), responseWriter$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        });
    }
}
