package org.sonar.java.checks;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.AnnotationTree;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ClassTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewArrayTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5122")
/* loaded from: input_file:org/sonar/java/checks/CORSCheck.class */
public class CORSCheck extends IssuableSubscriptionVisitor {
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "access-control-allow-origin";
    public static final String MESSAGE = "Make sure that enabling CORS is safe here.";
    private static final MethodMatchers SET_ADD_HEADER_MATCHER = MethodMatchers.create().ofTypes(new String[]{"javax.servlet.http.HttpServletResponse"}).names(new String[]{"setHeader", "addHeader"}).withAnyParameters().build();
    private static final List<String> ANNOTATION_ORIGINS_KEY_ALIAS = Arrays.asList("origins", "value");
    private static final MethodMatchers ADD_ALLOWED_ORIGIN_MATCHER = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{"org.springframework.web.cors.CorsConfiguration"}).names(new String[]{"addAllowedOrigin"}).withAnyParameters().build(), MethodMatchers.create().ofTypes(new String[]{"org.springframework.web.servlet.config.annotation.CorsRegistration"}).names(new String[]{"allowedOrigins"}).withAnyParameters().build()});
    private static final MethodMatchers APPLY_PERMIT_DEFAULT_VALUES = MethodMatchers.create().ofTypes(new String[]{"org.springframework.web.cors.CorsConfiguration"}).names(new String[]{"applyPermitDefaultValues"}).withAnyParameters().build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/java/checks/CORSCheck$MethodInvocationVisitor.class */
    public class MethodInvocationVisitor extends BaseTreeVisitor {
        List<MethodInvocationTree> addAllowedOrigin;
        List<MethodInvocationTree> applyPermit;

        private MethodInvocationVisitor() {
            this.addAllowedOrigin = new ArrayList();
            this.applyPermit = new ArrayList();
        }

        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            if (CORSCheck.SET_ADD_HEADER_MATCHER.matches(methodInvocationTree)) {
                if (CORSCheck.ACCESS_CONTROL_ALLOW_ORIGIN.equalsIgnoreCase(ExpressionsHelper.getConstantValueAsString((ExpressionTree) methodInvocationTree.arguments().get(0)).value()) && CORSCheck.isStar((ExpressionTree) methodInvocationTree.arguments().get(1))) {
                    CORSCheck.this.reportTree(methodInvocationTree);
                }
            } else if (CORSCheck.APPLY_PERMIT_DEFAULT_VALUES.matches(methodInvocationTree)) {
                this.applyPermit.add(methodInvocationTree);
            } else if (CORSCheck.ADD_ALLOWED_ORIGIN_MATCHER.matches(methodInvocationTree) && CORSCheck.isStar((ExpressionTree) methodInvocationTree.arguments().get(0))) {
                this.addAllowedOrigin.add(methodInvocationTree);
            }
            super.visitMethodInvocation(methodInvocationTree);
        }

        public void visitClass(ClassTree classTree) {
        }
    }

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD, Tree.Kind.ANNOTATION);
    }

    public void visitNode(Tree tree) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.METHOD})) {
            checkMethod(tree);
        } else if (((AnnotationTree) tree).symbolType().is("org.springframework.web.bind.annotation.CrossOrigin")) {
            checkAnnotation((AnnotationTree) tree);
        }
    }

    private void checkMethod(Tree tree) {
        MethodInvocationVisitor methodInvocationVisitor = new MethodInvocationVisitor();
        tree.accept(methodInvocationVisitor);
        if (!methodInvocationVisitor.addAllowedOrigin.isEmpty() && !methodInvocationVisitor.applyPermit.isEmpty()) {
            methodInvocationVisitor.addAllowedOrigin.forEach(methodInvocationTree -> {
                reportIssue(methodInvocationTree.methodSelect(), MESSAGE, (List) methodInvocationVisitor.applyPermit.stream().map(methodInvocationTree -> {
                    return new JavaFileScannerContext.Location(MESSAGE, methodInvocationTree);
                }).collect(Collectors.toList()), null);
            });
        } else {
            methodInvocationVisitor.addAllowedOrigin.forEach(this::reportTree);
            methodInvocationVisitor.applyPermit.forEach(this::reportTree);
        }
    }

    private void checkAnnotation(AnnotationTree annotationTree) {
        if (annotationTree.arguments().stream().noneMatch(CORSCheck::setSpecificOrigins)) {
            reportTree((Tree) annotationTree.annotationType());
        }
    }

    private static boolean setSpecificOrigins(ExpressionTree expressionTree) {
        if (!expressionTree.is(new Tree.Kind[]{Tree.Kind.ASSIGNMENT})) {
            return !isStar(expressionTree);
        }
        AssignmentExpressionTree assignmentExpressionTree = (AssignmentExpressionTree) expressionTree;
        IdentifierTree variable = assignmentExpressionTree.variable();
        return variable.is(new Tree.Kind[]{Tree.Kind.IDENTIFIER}) && ANNOTATION_ORIGINS_KEY_ALIAS.contains(variable.name()) && !isStar(assignmentExpressionTree.expression());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void reportTree(MethodInvocationTree methodInvocationTree) {
        reportTree((Tree) ExpressionUtils.methodName(methodInvocationTree));
    }

    private void reportTree(Tree tree) {
        reportIssue(tree, MESSAGE);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isStar(ExpressionTree expressionTree) {
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.NEW_ARRAY})) {
            return ((NewArrayTree) expressionTree).initializers().stream().anyMatch(CORSCheck::isStar);
        }
        String value = ExpressionsHelper.getConstantValueAsString(expressionTree).value();
        return value != null && value.equals("*");
    }
}
