package io.joern.scanners.java;

import flatgraph.traversal.GenericSteps$;
import io.joern.console.CodeExamples$;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.language.package$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.accessors.Accessors$AccessPropertyCode$;
import io.shiftleft.codepropertygraph.generated.neighboraccessors.AccessNeighborsForMethodTraversal$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyCode$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyFullName$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: CryptographyMisuse.scala */
/* loaded from: input_file:io/joern/scanners/java/CryptographyMisuse$.class */
public final class CryptographyMisuse$ implements QueryBundle, Serializable {
    public static final CryptographyMisuse$ MODULE$ = new CryptographyMisuse$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private CryptographyMisuse$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(CryptographyMisuse$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query unsafeHashAlgo(EngineContext engineContext) {
        return Query$.MODULE$.make("unsafe-crypto-hash-algo", Crew$.MODULE$.dave(), "Unsafe cryptographic hash algorithm used.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          | MD5 and SHA-1 are considered weak and insecure; an attacker can easily use an MD5 collision to forge valid\n          | digital certificates or use dictionary/brute-force attacks to obtain passwords. Use SHA-256 instead.\n          |")), 6.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), source$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        def source = cpg.literal(\"\\\"MD5\\\"|\\\"SHA-1\\\"\")\n\n        def sink =\n          cpg.method.fullName(\"java.security.MessageDigest.getInstance.*\").parameter\n\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.cryptography(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), CodeExamples$.MODULE$.apply(new $colon.colon(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |String algo = \"MD5\";\n          |MessageDigest md = MessageDigest.getInstance(algo);\n          |")), new $colon.colon(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |String algo = \"SHA-1\";\n          |MessageDigest md = MessageDigest.getInstance(algo);\n          |")), Nil$.MODULE$)), new $colon.colon(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |String algo = \"SHA-256\";\n          |MessageDigest md = MessageDigest.getInstance(algo);\n          |")), Nil$.MODULE$)), Query$.MODULE$.make$default$9());
    }

    @q
    public Query lowIterationPbeKey(EngineContext engineContext) {
        return Query$.MODULE$.make("low-pbe-key-iterations", Crew$.MODULE$.dave(), "Low number of iterations detected for password-based encryption.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          | Do not use password-based encryption with iterations count less than 1000. You should use the maximum number\n          | of rounds which is tolerable, performance-wise, in your application.\n          |")), 6.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return GenericSteps$.MODULE$.dedup$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterableToGenericSteps(ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$2(cpg)), source$2(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext))).filter(literal -> {
                return Integer.parseInt(Accessors$AccessPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCode(literal))) < 1000;
            });
        }, "{ cpg =>\n        def source = cpg.literal.code(\"\\\\d+\")\n\n        def sink =\n          cpg.method.fullName(\"javax.crypto.spec.PBEKeySpec.<init>.*\").parameter\n\n        sink.reachableBy(source).dedup.filter(f => Integer.parseInt(f.code) < 1000)\n      }"), new $colon.colon(QueryTags$.MODULE$.cryptography(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), CodeExamples$.MODULE$.apply(new $colon.colon(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n            |SecretKeyFactory factory = SecretKeyFactory.getInstance(\"PBKDF2WithHmacSHA512\");\n            |SecretKey key = factory.generateSecret(new PBEKeySpec(password.toCharArray(), salt, 500, keyLength));\n            |")), Nil$.MODULE$), new $colon.colon(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n            |SecretKeyFactory factory = SecretKeyFactory.getInstance(\"PBKDF2WithHmacSHA512\");\n            |SecretKey key = factory.generateSecret(new PBEKeySpec(password.toCharArray(), salt, 4000, keyLength));\n            |")), Nil$.MODULE$)), Query$.MODULE$.make$default$9());
    }

    private final Iterator source$1(Cpg cpg) {
        return io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).literal("\"MD5\"|\"SHA-1\"");
    }

    private final Iterator sink$1(Cpg cpg) {
        return AccessNeighborsForMethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessNeighborsForMethodTraversal(TraversalPropertyFullName$.MODULE$.fullName$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyFullNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).method()), "java.security.MessageDigest.getInstance.*")));
    }

    private final Iterator source$2(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).literal()), "\\d+");
    }

    private final Iterator sink$2(Cpg cpg) {
        return AccessNeighborsForMethodTraversal$.MODULE$.parameter$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessNeighborsForMethodTraversal(TraversalPropertyFullName$.MODULE$.fullName$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyFullNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).method()), "javax.crypto.spec.PBEKeySpec.<init>.*")));
    }
}
