package org.sonar.java.checks;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2068")
/* loaded from: input_file:org/sonar/java/checks/HardCodedPasswordCheck.class */
public class HardCodedPasswordCheck extends AbstractHardCodedCredentialChecker {
    private static final String DEFAULT_PASSWORD_WORDS = "password,passwd,pwd,passphrase,java.naming.security.credentials";
    private static final Pattern URL_PREFIX = Pattern.compile("^\\w{1,8}://");
    private static final Pattern NON_EMPTY_URL_CREDENTIAL = Pattern.compile("(?<user>[^\\s:]*+):(?<password>\\S++)");

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential passwords", defaultValue = DEFAULT_PASSWORD_WORDS)
    public String passwordWords = DEFAULT_PASSWORD_WORDS;

    @Override // org.sonar.java.checks.AbstractHardCodedCredentialChecker
    protected String getCredentialWords() {
        return this.passwordWords;
    }

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.STRING_LITERAL, Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT, Tree.Kind.METHOD_INVOCATION);
    }

    public void visitNode(Tree tree) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL})) {
            handleStringLiteral((LiteralTree) tree);
            return;
        }
        if (tree.is(new Tree.Kind[]{Tree.Kind.VARIABLE})) {
            handleVariable((VariableTree) tree);
        } else if (tree.is(new Tree.Kind[]{Tree.Kind.ASSIGNMENT})) {
            handleAssignment((AssignmentExpressionTree) tree);
        } else {
            handleMethodInvocation((MethodInvocationTree) tree);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.AbstractHardCodedCredentialChecker
    public void handleStringLiteral(LiteralTree literalTree) {
        if (isURLWithCredentials(LiteralUtils.trimQuotes(literalTree.value()))) {
            reportIssue(literalTree, "Review this hard-coded URL, which may contain a password.");
        } else {
            super.handleStringLiteral(literalTree);
        }
    }

    private static boolean isURLWithCredentials(String str) {
        if (!URL_PREFIX.matcher(str).find()) {
            return false;
        }
        try {
            String userInfo = new URL(str).getUserInfo();
            if (userInfo == null) {
                return false;
            }
            Matcher matcher = NON_EMPTY_URL_CREDENTIAL.matcher(userInfo);
            if (matcher.matches()) {
                if (!matcher.group("user").equals(matcher.group("password"))) {
                    return true;
                }
            }
            return false;
        } catch (MalformedURLException e) {
            return false;
        }
    }

    private void handleMethodInvocation(MethodInvocationTree methodInvocationTree) {
        ExpressionTree methodSelect = methodInvocationTree.methodSelect();
        if (EQUALS_MATCHER.matches(methodInvocationTree) && methodSelect.is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT})) {
            handleEqualsMethod(methodInvocationTree, (MemberSelectExpressionTree) methodSelect);
        } else {
            isSettingCredential(methodInvocationTree).ifPresent(str -> {
                report(ExpressionUtils.methodName(methodInvocationTree), str);
            });
        }
    }

    @Override // org.sonar.java.checks.AbstractHardCodedCredentialChecker
    protected void report(Tree tree, String str) {
        reportIssue(tree, "'" + str + "' detected in this expression, review this potentially hard-coded password.");
    }

    @Override // org.sonar.java.checks.AbstractHardCodedCredentialChecker
    protected boolean isCredentialContainingPattern(ExpressionTree expressionTree) {
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION})) {
            MemberSelectExpressionTree methodSelect = ((MethodInvocationTree) expressionTree).methodSelect();
            return methodSelect.is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT}) && isCredentialContainingPattern(methodSelect.expression());
        }
        String str = (String) ExpressionsHelper.getConstantValueAsString(expressionTree).value();
        return str == null || super.isCredentialLikeName(str).isPresent();
    }
}
