package io.joern.scanners.php;

import io.joern.console.CodeSnippet$;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.MultiFileCodeExamples$;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.TraversalWithStrRep$;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.language.package$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyCode$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyMethodFullName$;
import io.shiftleft.codepropertygraph.generated.traversals.TraversalPropertyName$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import java.io.Serializable;
import scala.Predef$;
import scala.collection.IterableOnce;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.$colon;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.ScalaRunTime$;

/* compiled from: TwigTemplateInjection.scala */
/* loaded from: input_file:io/joern/scanners/php/TwigTemplateInjection$.class */
public final class TwigTemplateInjection$ implements QueryBundle, Serializable {
    public static final TwigTemplateInjection$ MODULE$ = new TwigTemplateInjection$();
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    private TwigTemplateInjection$() {
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(TwigTemplateInjection$.class);
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query TwigTemplateInjection(EngineContext engineContext) {
        String SJ1iu = Crew$.MODULE$.SJ1iu();
        String stripMargin$extension = StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n          |An attacker controlled parameter is used in an twig template.\n          |\n          |This doesn't necessarily indicate a Twig template injection, but if the input is not sanitized and the escape settings are disabled in the application, it could potentially lead to a template injection vulnerability.\n          |"));
        TraversalWithStrRep apply = TraversalWithStrRep$.MODULE$.apply(cpg -> {
            return ExtendedCfgNode$.MODULE$.reachableBy$extension(package$.MODULE$.toExtendedCfgNode(sink$1(cpg)), source$1(cpg), ScalaRunTime$.MODULE$.genericWrapArray(new IterableOnce[0]), engineContext).iterator();
        }, "{ cpg =>\n\n        def source =\n          cpg.call.name(Operators.assignment).argument.code(\"(?i).*request.*\")\n\n        def sink =\n          cpg.call.name(\"createTemplate\").methodFullName(\"(?i).*twig.*\").argument\n\n        sink.reachableBy(source).iterator\n\n      }");
        List colonVar = new $colon.colon(QueryTags$.MODULE$.remoteCodeExecution(), new $colon.colon(QueryTags$.MODULE$.m4default(), Nil$.MODULE$));
        MultiFileCodeExamples apply2 = MultiFileCodeExamples$.MODULE$.apply(new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n      |<?php \n      |require_once 'vendor/autoload.php'; // Load Composer autoloader\n      |\n      |use Twig\\Loader\\FilesystemLoader;\n      |use Twig\\Environment;\n      |\n      |// Set up Twig environment\n      |$loader = new FilesystemLoader('./Template'); // Directory for templates\n      |$twig = new Environment($loader, [\n      |    'cache' => false, // Disable caching for development\n      |    'debug' => true,  // Enable debugging\n      |    'autoescape' => false // Disabling auto-escaping can lead to template injection vulnerabilities, potentially allowing command execution if the input is not properly sanitized\n      |]);\n      |\n      |// Get the 'name' parameter from the request, some other dummy parameters are provided but not in use. The rule will only detect the vulnerable parameter \"name\". The rule is granular enough to detect other requests, such as those using Symfony\\Component\\HttpFoundation\\Request.\n      |$name = $_REQUEST['name'] ?? 'Guest';\n      |$name2 = $_REQUEST['name2'] ?? 'Guest';\n      |$name3 = $_REQUEST['name3'] ?? 'Guest';\n      |$name4 = $_REQUEST['name4'] ?? 'Guest';\n      |$name5 = $_REQUEST['name5'] ?? 'Guest';\n      |\n      |// Render a dynamic template using createTemplate. This is the sink.\n      |$template = $twig->createTemplate(\"Hello, {$name}! Welcome to Twig dynamic templates.\");\n      |\n      |// Render\n      |echo $template->render(['name' => $name]);\n      |")), "Positive.kt"), Nil$.MODULE$), Nil$.MODULE$), new $colon.colon(new $colon.colon(CodeSnippet$.MODULE$.apply(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("\n      |<?php\n      |require_once 'vendor/autoload.php'; // Load Composer autoloader\n      |\n      |use Twig\\Loader\\FilesystemLoader;\n      |use Twig\\Environment;\n      |\n      |// Set up Twig environment\n      |$loader = new FilesystemLoader('./Template'); // Directory for templates\n      |$twig = new Environment($loader, [\n      |    'cache' => false, // Disable caching for development\n      |    'debug' => true,  // Enable debugging\n      |    'autoescape' => false\n      |]);\n      |\n      |// This time a custom function named \"createTemplate\" is defined which has no template injection issues. It's simply echo the user's input.\n      |function createTemplate($templateString) {\n      |    echo $templateString;\n      |}\n      |\n      |// Get the 'name' parameter from the request, some other dummy parameters are provided but not in use.\n      |$name = $_REQUEST['name'] ?? 'Guest';\n      |$name2 = $_REQUEST['name2'] ?? 'Guest';\n      |$name3 = $_REQUEST['name3'] ?? 'Guest';\n      |$name4 = $_REQUEST['name4'] ?? 'Guest';\n      |$name5 = $_REQUEST['name5'] ?? 'Guest';\n      |\n      |// All Twig functions below are commented out, but the custom \"createTemplate\" function is called. No Twig template injection occurred this time, and the rule will not report an issue even if the function names \"createTemplate\" is invoked.\n      |createTemplate($name);\n      |\n      |// Render a regular template\n      |// echo $twig->render('template.twig', ['title' => 'Twig Setup', 'name' => $name]);\n      |\n      |// Render a dynamic template using createTemplate\n      |// $template = $twig->createTemplate(\"Hello, {$name}! Welcome to Twig dynamic templates.\");\n      |\n      |// echo $template->render(['name' => $name]);\n      |")), "Negative.kt"), Nil$.MODULE$), Nil$.MODULE$));
        return Query$.MODULE$.make("twig-template-injection", SJ1iu, "Twig-Template-Injection: A parameter controlled by the user is rendered within a Twig template.", stripMargin$extension, 5.0d, apply, colonVar, Query$.MODULE$.make$default$8(), apply2);
    }

    private final Iterator source$1(Cpg cpg) {
        return TraversalPropertyCode$.MODULE$.code$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyCodeTraversal(CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "<operator>.assignment")))), "(?i).*request.*");
    }

    private final Iterator sink$1(Cpg cpg) {
        return CallTraversal$.MODULE$.argument$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.iterOnceToOriginalCallTrav(TraversalPropertyMethodFullName$.MODULE$.methodFullName$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyMethodFullNameTraversal(TraversalPropertyName$.MODULE$.name$extension(io.shiftleft.semanticcpg.language.package$.MODULE$.accessPropertyNameTraversal(io.shiftleft.semanticcpg.language.package$.MODULE$.toGeneratedNodeStarters(cpg).call()), "createTemplate")), "(?i).*twig.*")));
    }
}
