package io.joern.scanners.kotlin;

import io.joern.console.CodeSnippet$;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.MultiFileCodeExamples$;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.nodemethods.ExtendedCfgNodeMethods$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.dataflowengineoss.queryengine.EngineContext$;
import io.joern.dataflowengineoss.semanticsloader.NoSemantics$;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.accessors.Accessors$AccessPropertyInheritsFromTypeFullName$;
import io.shiftleft.codepropertygraph.generated.neighboraccessors.AccessNeighborsForMethodTraversal$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyFullName$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyIsExternal$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyName$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyTypeFullName$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.callgraphextension.MethodTraversal$;
import io.shiftleft.semanticcpg.language.nodemethods.CallMethods$;
import io.shiftleft.semanticcpg.language.package$;
import io.shiftleft.semanticcpg.language.types.expressions.generalizations.ExpressionTraversal$;
import io.shiftleft.semanticcpg.language.types.structure.TypeDeclTraversal$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.Seq;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: NetworkCommunication.scala */
/* loaded from: input_file:io/joern/scanners/kotlin/NetworkCommunication$.class */
public final class NetworkCommunication$ implements QueryBundle, Serializable {
    public static final NetworkCommunication$ MODULE$ = new NetworkCommunication$();
    private static final EngineContext engineContext = EngineContext$.MODULE$.apply(NoSemantics$.MODULE$, EngineContext$.MODULE$.$lessinit$greater$default$2());
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private NetworkCommunication$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(NetworkCommunication$.class);
    }

    public EngineContext engineContext() {
        return engineContext;
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query nopTrustManagerUsed() {
        String claudiu = Crew$.MODULE$.claudiu();
        TraversalWithStrRep apply = TraversalWithStrRep$.MODULE$.apply(cpg -> {
            Seq seq = TraversalPropertyFullName$.MODULE$.fullName$extension(package$.MODULE$.accessPropertyFullNameTraversal(TraversalPropertyIsExternal$.MODULE$.isExternal$extension(package$.MODULE$.accessPropertyIsExternalTraversal(package$.MODULE$.toGeneratedNodeStarters(cpg).typeDecl()), false).filter(typeDecl -> {
                return Accessors$AccessPropertyInheritsFromTypeFullName$.MODULE$.inheritsFromTypeFullName$extension(package$.MODULE$.accessPropertyInheritsFromTypeFullName(typeDecl)).contains("javax.net.ssl.X509TrustManager");
            }).filter(typeDecl2 -> {
                if (!ExpressionTraversal$.MODULE$.expressionDown$extension(package$.MODULE$.toExpression(AccessNeighborsForMethodTraversal$.MODULE$.block$extension(package$.MODULE$.accessNeighborsForMethodTraversal(TraversalPropertyName$.MODULE$.nameExact$extension(package$.MODULE$.accessPropertyNameTraversal(TypeDeclTraversal$.MODULE$.method$extension(package$.MODULE$.singleToTypeDeclTrav(typeDecl2))), "checkClientTrusted"))))).isEmpty()) {
                    if (!ExpressionTraversal$.MODULE$.expressionDown$extension(package$.MODULE$.toExpression(AccessNeighborsForMethodTraversal$.MODULE$.block$extension(package$.MODULE$.accessNeighborsForMethodTraversal(TraversalPropertyName$.MODULE$.nameExact$extension(package$.MODULE$.accessPropertyNameTraversal(TypeDeclTraversal$.MODULE$.method$extension(package$.MODULE$.singleToTypeDeclTrav(typeDecl2))), "checkServerTrusted"))))).isEmpty()) {
                        return false;
                    }
                }
                return true;
            }))).toSeq();
            return sslCtxInitCalls$1(cpg).filter(call -> {
                return ExtendedCfgNodeMethods$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.cfgNodeToMethodsQp(CallMethods$.MODULE$.argument$extension(package$.MODULE$.toCallMethods(call), 2)), nopTrustManagersAllocs$1(cpg, seq), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext()).nonEmpty();
            });
        }, "{ cpg =>\n        val nopTrustManagerFullNames =\n          cpg.typeDecl\n            .isExternal(false)\n            .filter(_.inheritsFromTypeFullName.contains(\"javax.net.ssl.X509TrustManager\"))\n            .filter { node =>\n              node.method.nameExact(\"checkClientTrusted\").block.expressionDown.isEmpty ||\n              node.method.nameExact(\"checkServerTrusted\").block.expressionDown.isEmpty\n            }\n            .fullName\n            .toSeq\n        def nopTrustManagersAllocs =\n          cpg.method.fullNameExact(Operators.alloc).callIn.typeFullNameExact(nopTrustManagerFullNames*)\n        def sslCtxInitCalls = cpg.method\n          .fullNameExact(\"javax.net.ssl.SSLContext.init:void(kotlin.Array,kotlin.Array,java.security.SecureRandom)\")\n          .callIn\n        sslCtxInitCalls.filter { call =>\n          call.argument(2).reachableBy(nopTrustManagersAllocs).nonEmpty\n        }\n      }");
        List colonVar = new $colon.colon(QueryTags$.MODULE$.android(), new $colon.colon(QueryTags$.MODULE$.insecureNetworkTraffic(), Nil$.MODULE$));
        MultiFileCodeExamples apply2 = MultiFileCodeExamples$.MODULE$.apply(new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |package mypkg\n                |\n                |import javax.net.ssl.SSLContext\n                |import javax.net.ssl.TrustManager\n                |import javax.net.ssl.X509TrustManager\n                |\n                |class NOPTrustManager : X509TrustManager {\n                |    override fun getAcceptedIssuers(): Array<X509Certificate>? = null\n                |    override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |    override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |}\n                |\n                |fun main() {\n                |    val acceptAllTrustManager = NOPTrustManager()\n                |    val trustAllCerts = arrayOf<TrustManager>(acceptAllTrustManager)\n                |    val sslContext = SSLContext.getInstance(\"SSL\")\n                |    sslContext.init(null, trustAllCerts, java.security.SecureRandom())\n                |}\n                |")), "App.kt"), Nil$.MODULE$), Nil$.MODULE$), new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n                |package mypkg\n                |\n                |import javax.net.ssl.SSLContext\n                |import javax.net.ssl.TrustManager\n                |import javax.net.ssl.X509TrustManager\n                |\n                |# nop trust manager defined but not used\n                |class NOPTrustManager : X509TrustManager {\n                |    override fun getAcceptedIssuers(): Array<X509Certificate>? = null\n                |    override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |    override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {}\n                |}\n                |")), "App.kt"), Nil$.MODULE$), Nil$.MODULE$));
        return Query$.MODULE$.make("usage-of-nop-trust-manager", claudiu, "NOP trust manager used to initialize SSL context", "Traffic sent using this context can be intercepted by attackers on the same network", 5.0d, apply, colonVar, Query$.MODULE$.make$default$8(), apply2);
    }

    private final Iterator nopTrustManagersAllocs$1(Cpg cpg, Seq seq) {
        return TraversalPropertyTypeFullName$.MODULE$.typeFullNameExact$extension(package$.MODULE$.accessPropertyTypeFullNameTraversal(MethodTraversal$.MODULE$.callIn$extension(package$.MODULE$.iterOnceToMethodTravCallGraphExt(TraversalPropertyFullName$.MODULE$.fullNameExact$extension(package$.MODULE$.accessPropertyFullNameTraversal(package$.MODULE$.toGeneratedNodeStarters(cpg).method()), "<operator>.alloc")), resolver())), seq);
    }

    private final Iterator sslCtxInitCalls$1(Cpg cpg) {
        return MethodTraversal$.MODULE$.callIn$extension(package$.MODULE$.iterOnceToMethodTravCallGraphExt(TraversalPropertyFullName$.MODULE$.fullNameExact$extension(package$.MODULE$.accessPropertyFullNameTraversal(package$.MODULE$.toGeneratedNodeStarters(cpg).method()), "javax.net.ssl.SSLContext.init:void(kotlin.Array,kotlin.Array,java.security.SecureRandom)")), resolver());
    }
}
