package org.sonar.java.checks.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.check.Rule;
import org.sonar.java.annotations.VisibleForTesting;
import org.sonar.java.checks.helpers.CredentialMethod;
import org.sonar.java.checks.helpers.CredentialMethodsLoader;
import org.sonar.java.checks.helpers.HardcodedStringExpressionChecker;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S6437")
/* loaded from: input_file:org/sonar/java/checks/security/HardCodedCredentialsShouldNotBeUsedCheck.class */
public class HardCodedCredentialsShouldNotBeUsedCheck extends IssuableSubscriptionVisitor {
    public static final String CREDENTIALS_METHODS_FILE = "/org/sonar/java/checks/security/S6437-methods.json";
    private static final Logger LOG = LoggerFactory.getLogger(HardCodedCredentialsShouldNotBeUsedCheck.class);
    private static final String ISSUE_MESSAGE = "Revoke and change this password, as it is compromised.";
    private Map<String, List<CredentialMethod>> methods;

    public HardCodedCredentialsShouldNotBeUsedCheck() {
        this(CREDENTIALS_METHODS_FILE);
    }

    @VisibleForTesting
    HardCodedCredentialsShouldNotBeUsedCheck(String str) {
        try {
            this.methods = CredentialMethodsLoader.load(str);
        } catch (IOException e) {
            LOG.error(e.getMessage());
            this.methods = Collections.emptyMap();
        }
    }

    public Map<String, List<CredentialMethod>> getMethods() {
        return this.methods;
    }

    public List<Tree.Kind> nodesToVisit() {
        return List.of(Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    public void visitNode(Tree tree) {
        boolean is = tree.is(new Tree.Kind[]{Tree.Kind.NEW_CLASS});
        List<CredentialMethod> list = this.methods.get(is ? ((NewClassTree) tree).symbolType().name() : ((MethodInvocationTree) tree).methodSymbol().name());
        if (list == null) {
            return;
        }
        for (CredentialMethod credentialMethod : list) {
            MethodMatchers methodMatcher = credentialMethod.methodMatcher();
            if (is) {
                NewClassTree newClassTree = (NewClassTree) tree;
                if (methodMatcher.matches(newClassTree)) {
                    checkArguments(newClassTree.arguments(), credentialMethod);
                }
            } else {
                MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
                if (methodMatcher.matches(methodInvocationTree)) {
                    checkArguments(methodInvocationTree.arguments(), credentialMethod);
                }
            }
        }
    }

    private void checkArguments(Arguments arguments, CredentialMethod credentialMethod) {
        Iterator it = credentialMethod.indices.iterator();
        while (it.hasNext()) {
            ExpressionTree expressionTree = (ExpressionTree) arguments.get(((Integer) it.next()).intValue());
            ArrayList arrayList = new ArrayList();
            if (HardcodedStringExpressionChecker.isExpressionDerivedFromPlainText(expressionTree, arrayList, new HashSet())) {
                reportIssue(expressionTree, ISSUE_MESSAGE, arrayList, null);
            }
        }
    }
}
