package org.sonar.java.checks.security;

import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;

@Rule(key = "S2115")
/* loaded from: input_file:org/sonar/java/checks/security/EmptyDatabasePasswordCheck.class */
public class EmptyDatabasePasswordCheck extends AbstractMethodDetection {
    private static final String MESSAGE = "Add password protection to this database.";
    private static final int PASSWORD_ARGUMENT = 2;
    private static final int URL_ARGUMENT = 0;
    private static final Pattern EMPTY_PASSWORD_PATTERN = Pattern.compile(".*password\\s*=\\s*([&;].*|$)");
    private static final Pattern MYSQL_URL_PATTERN = Pattern.compile("jdbc:mysql://.*:(?<password>.*)@.*");
    private static final Pattern ORACLE_URL_PATTERN = Pattern.compile("jdbc:oracle:.*:.*/(?<password>.*)@.*");
    private static final List<MethodMatcher> METHOD_MATCHERS = Collections.singletonList(MethodMatcher.create().typeDefinition("java.sql.DriverManager").name("getConnection").withAnyParameters());

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected List<MethodMatcher> getMethodInvocationMatchers() {
        return METHOD_MATCHERS;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        Arguments arguments = methodInvocationTree.arguments();
        if (arguments.size() > PASSWORD_ARGUMENT) {
            checkEmptyValue(methodInvocationTree, (ExpressionTree) arguments.get(PASSWORD_ARGUMENT));
        }
        if (arguments.size() == 1) {
            checkUrlContainsEmptyPassword(methodInvocationTree);
        }
    }

    private void checkEmptyValue(MethodInvocationTree methodInvocationTree, ExpressionTree expressionTree) {
        String resolveAsStringConstant = ConstantUtils.resolveAsStringConstant(expressionTree);
        if (resolveAsStringConstant == null || !resolveAsStringConstant.trim().isEmpty()) {
            return;
        }
        reportIssue(methodInvocationTree, MESSAGE);
    }

    private void checkUrlContainsEmptyPassword(MethodInvocationTree methodInvocationTree) {
        String resolveAsStringConstant = ConstantUtils.resolveAsStringConstant((ExpressionTree) methodInvocationTree.arguments().get(URL_ARGUMENT));
        if (resolveAsStringConstant != null) {
            if (urlContainsEmptyPassword(resolveAsStringConstant, MYSQL_URL_PATTERN) || urlContainsEmptyPassword(resolveAsStringConstant, ORACLE_URL_PATTERN) || EMPTY_PASSWORD_PATTERN.matcher(resolveAsStringConstant).matches()) {
                reportIssue(methodInvocationTree, MESSAGE);
            }
        }
    }

    private static boolean urlContainsEmptyPassword(String str, Pattern pattern) {
        Matcher matcher = pattern.matcher(str);
        return matcher.matches() && matcher.group("password").trim().isEmpty();
    }
}
