package org.sonar.java.checks.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5042")
/* loaded from: input_file:org/sonar/java/checks/security/ZipEntryCheck.class */
public class ZipEntryCheck extends IssuableSubscriptionVisitor {
    private static final String ISSUE_MESSAGE = "Make sure that expanding this archive file is safe here.";
    private static final MethodMatchers SENSITIVE_METHODS = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofSubTypes(new String[]{"java.util.zip.ZipFile"}).names(new String[]{"entries"}).addWithoutParametersMatcher().build(), MethodMatchers.create().ofSubTypes(new String[]{"java.util.zip.ZipEntry"}).names(new String[]{"getSize"}).addWithoutParametersMatcher().build(), MethodMatchers.create().ofSubTypes(new String[]{"java.util.zip.ZipInputStream"}).names(new String[]{"getNextEntry"}).addWithoutParametersMatcher().build()});
    private static final MethodMatchers INPUT_STREAM_READ = MethodMatchers.create().ofSubTypes(new String[]{"java.io.InputStream"}).names(new String[]{"read"}).withAnyParameters().build();
    private boolean isSafe = false;
    private boolean insideMethod = false;
    private final List<MethodInvocationTree> calls = new ArrayList();

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.METHOD);
    }

    public void visitNode(Tree tree) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.METHOD})) {
            this.isSafe = false;
            this.calls.clear();
            this.insideMethod = true;
            return;
        }
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        if (this.insideMethod && INPUT_STREAM_READ.matches(methodInvocationTree)) {
            this.isSafe = true;
        } else if (SENSITIVE_METHODS.matches(methodInvocationTree)) {
            if (this.insideMethod) {
                this.calls.add(methodInvocationTree);
            } else {
                report(methodInvocationTree);
            }
        }
    }

    public void leaveNode(Tree tree) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.METHOD})) {
            if (!this.isSafe) {
                Iterator<MethodInvocationTree> it = this.calls.iterator();
                while (it.hasNext()) {
                    report(it.next());
                }
            }
            this.insideMethod = false;
        }
    }

    private void report(MethodInvocationTree methodInvocationTree) {
        reportIssue(ExpressionUtils.methodName(methodInvocationTree), ISSUE_MESSAGE);
    }
}
