package io.joern.scanners.java;

import flatgraph.traversal.GenericSteps$;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.language.package$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.neighboraccessors.AccessNeighborsForMethodTraversal$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyName$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyOrder$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.types.propertyaccessors.EvalTypeAccessors$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: SQLInjection.scala */
/* loaded from: input_file:io/joern/scanners/java/SQLInjection$.class */
public final class SQLInjection$ implements QueryBundle, Serializable {
    public static final SQLInjection$ MODULE$ = new SQLInjection$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private SQLInjection$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(SQLInjection$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query sqlInjection(EngineContext engineContext) {
        return Query$.MODULE$.make("sql-injection", Crew$.MODULE$.niko(), "SQL injection: A parameter is used in an insecure database API call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n        |An attacker controlled parameter is used in an insecure database API call.\n        |\n        |If the parameter is not validated and sanitized, this is a SQL injection.\n        |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), source$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        def source =\n          cpg.method\n            .where(_.methodReturn.evalType(\"org.springframework.web.servlet.ModelAndView\"))\n            .parameter\n\n        def sink = cpg.method.name(\"query\").parameter.order(1)\n\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.sqlInjection(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    private final Iterator source$1(Cpg cpg) {
        return AccessNeighborsForMethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessNeighborsForMethodTraversal(GenericSteps$.MODULE$.where$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterableToGenericSteps(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).method()), iterator -> {
            return EvalTypeAccessors$.MODULE$.evalType$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToEvalTypeAccessorsMethodReturn(AccessNeighborsForMethodTraversal$.MODULE$.methodReturn$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessNeighborsForMethodTraversal(iterator))), "org.springframework.web.servlet.ModelAndView");
        })));
    }

    private final Iterator sink$1(Cpg cpg) {
        return TraversalPropertyOrder$.MODULE$.order$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyOrderTraversal(AccessNeighborsForMethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessNeighborsForMethodTraversal(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).method()), "query")))), 1);
    }
}
