package io.joern.scanners.php;

import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversal.CallTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.ExpressionTraversalExtGen$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.package$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import java.io.Serializable;
import overflowdb.traversal.TraversalSugarExt$;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: ShellExec.scala */
/* loaded from: input_file:io/joern/scanners/php/ShellExec$.class */
public final class ShellExec$ implements QueryBundle, Serializable {
    public static final ShellExec$ MODULE$ = new ShellExec$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private ShellExec$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(ShellExec$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query shellExec(EngineContext engineContext) {
        return Query$.MODULE$.make("shell-exec", Crew$.MODULE$.niko(), "Shell exec: A parameter is used in an insecure `shell-exec` call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure `shell-exec` call.\n          |\n          |If the parameter is not validated and sanitized, this is a remote code execution.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return TraversalSugarExt$.MODULE$.l$extension(package$.MODULE$.toTraversalSugarExt(ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[]{source$1(cpg)}), engineContext))).iterator();
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source =\n          cpg.call.name(Operators.assignment).argument.code(\".*_(REQUEST|GET|POST).*\")\n\n        def sink = cpg.call.name(\"shell_exec\").argument\n\n        sink.reachableBy(source).l.iterator\n      }"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.remoteCodeExecution(), QueryTags$.MODULE$.m4default()})), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    private final Iterator source$1(Cpg cpg) {
        return ExpressionTraversalExtGen$.MODULE$.code$extension(package$.MODULE$.toExpressionTraversalExtGen(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(CallTraversalExtGen$.MODULE$.name$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "<operator>.assignment")))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$1(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(CallTraversalExtGen$.MODULE$.name$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "shell_exec")));
    }
}
