package io.joern.scanners.php;

import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.language.package$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyCode$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyName$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.operatorextension.AssignmentTraversal$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: PhpJoern.scala */
/* loaded from: input_file:io/joern/scanners/php/PhpJoern$.class */
public final class PhpJoern$ implements QueryBundle, Serializable {
    public static final PhpJoern$ MODULE$ = new PhpJoern$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private PhpJoern$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(PhpJoern$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query sqli(EngineContext engineContext) {
        return Query$.MODULE$.make("phpjoern_sqli", Crew$.MODULE$.yichao(), "CWE-89(SQL Injection): A parameter is used in an insecure sqli related func call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure sqli related func call.\n          |\n          |If the parameter is not validated and sanitized, this may result in a SQL injection.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), source$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source = cpg.assignment.source.code(\".*_(REQUEST|GET|POST).*\")\n        def sink =\n          cpg.call.name(\"(query|mysql_query|mysqli_query|mysqli_prepare|mysqli_execute|pg_query|pg_prepare)\").argument\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.sqlInjection(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    @q
    public Query cmdi(EngineContext engineContext) {
        return Query$.MODULE$.make("phpjoern_cmdi", Crew$.MODULE$.yichao(), "CWE-77(Command Injection): A parameter is used in an insecure cmdi related func call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure cmdi related func call.\n          |\n          |If the parameter is not validated and sanitized, this is a remote code execution.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$2(cpg)), source$2(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source = cpg.assignment.source.code(\".*_(REQUEST|GET|POST).*\")\n        def sink   = cpg.call.name(\"(system|exec|shell_exec|passthru|popen|proc_open|backticks)\").argument\n\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.xss(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    @q
    public Query codei(EngineContext engineContext) {
        return Query$.MODULE$.make("phpjoern_codei", Crew$.MODULE$.yichao(), "CWE-94(Code Injection): A parameter is used in an insecure codei related func call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure codei related func call.\n          |\n          |If the parameter is not validated and sanitized, this is a remote code execution.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$3(cpg)), source$3(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source = cpg.assignment.source.code(\".*_(REQUEST|GET|POST).*\")\n        def sink = cpg.call\n          .name(\n            \"(eval|assert|create_function|include|include_once|require|require_once|call_user_func|call_user_func_array)\"\n          )\n          .argument\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.remoteCodeExecution(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    @q
    public Query uuf(EngineContext engineContext) {
        return Query$.MODULE$.make("phpjoern_uuf", Crew$.MODULE$.yichao(), "CWE-434(Unrestricted Upload of File): A parameter is used in an insecure uuf related func call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure uuf related func call.\n          |\n          |If the parameter is not validated and sanitized, this may result in remote code execution.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$4(cpg)), source$4(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source = cpg.assignment.source.code(\".*_(REQUEST|GET|POST).*\")\n        def sink = cpg.call\n          .name(\n            \"(file_get_contents|readfile|fgets|file|fopen|file_put_contents|fwrite|move_uploaded_file|unlink|rename|chmod|chown)\"\n          )\n          .argument\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    @q
    public Query xss(EngineContext engineContext) {
        return Query$.MODULE$.make("phpjoern_xss", Crew$.MODULE$.yichao(), "CWE-79(Cross-site Scripting): A parameter is used in an insecure xss related func call.", StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an insecure xss related func call.\n          |\n          |If the parameter is not validated and sanitized, this is may result in a cross-site scripting vulnerability.\n          |")), 5.0d, TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$5(cpg)), source$5(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext);
        }, "{ cpg =>\n        // $_REQUEST[\"foo\"], $_GET[\"foo\"], $_POST[\"foo\"]\n        // are identifier (at the moment)\n        def source = cpg.assignment.source.code(\".*_(REQUEST|GET|POST).*\")\n        def sink   = cpg.call.name(\"(assert|echo|exit|print|printf|vprintf|print_r|var_dump)\").argument\n        sink.reachableBy(source)\n      }"), new $colon.colon(QueryTags$.MODULE$.xss(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$)), Query$.MODULE$.make$default$8(), Query$.MODULE$.make$default$9());
    }

    private final Iterator source$1(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(AssignmentTraversal$.MODULE$.source$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toAssignmentTrav(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStartersOperatorExtension(cpg).assignment()))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$1(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "(query|mysql_query|mysqli_query|mysqli_prepare|mysqli_execute|pg_query|pg_prepare)")));
    }

    private final Iterator source$2(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(AssignmentTraversal$.MODULE$.source$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toAssignmentTrav(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStartersOperatorExtension(cpg).assignment()))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$2(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "(system|exec|shell_exec|passthru|popen|proc_open|backticks)")));
    }

    private final Iterator source$3(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(AssignmentTraversal$.MODULE$.source$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toAssignmentTrav(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStartersOperatorExtension(cpg).assignment()))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$3(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "(eval|assert|create_function|include|include_once|require|require_once|call_user_func|call_user_func_array)")));
    }

    private final Iterator source$4(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(AssignmentTraversal$.MODULE$.source$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toAssignmentTrav(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStartersOperatorExtension(cpg).assignment()))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$4(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "(file_get_contents|readfile|fgets|file|fopen|file_put_contents|fwrite|move_uploaded_file|unlink|rename|chmod|chown)")));
    }

    private final Iterator source$5(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(AssignmentTraversal$.MODULE$.source$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.toAssignmentTrav(io.shiftleft.semanticcpg.language.package$.MODULE$.toNodeTypeStartersOperatorExtension(cpg).assignment()))), ".*_(REQUEST|GET|POST).*");
    }

    private final Iterator sink$5(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "(assert|echo|exit|print|printf|vprintf|print_r|var_dump)")));
    }
}
