package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.Deque;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.CheckForNull;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.AnnotationTree;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ClassTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S4507")
/* loaded from: input_file:org/sonar/java/checks/security/DebugFeatureEnabledCheck.class */
public class DebugFeatureEnabledCheck extends IssuableSubscriptionVisitor {
    private static final String MESSAGE = "Make sure this debug feature is deactivated before delivering the code in production.";
    private static final MethodMatchers PRINT_STACK_TRACE_MATCHER = MethodMatchers.create().ofSubTypes("java.lang.Throwable").names("printStackTrace").addWithoutParametersMatcher().build();
    private static final MethodMatchers SET_WEB_CONTENTS_DEBUGGING_ENABLED = MethodMatchers.create().ofSubTypes("android.webkit.WebView", "android.webkit.WebViewFactoryProvider$Statics").names("setWebContentsDebuggingEnabled").addParametersMatcher(SchemaSymbols.ATTVAL_BOOLEAN).build();
    private static final MethodMatchers DEBUG_MATCHER = MethodMatchers.create().ofSubTypes("org.springframework.security.config.annotation.web.builders.WebSecurity").names("debug").addParametersMatcher(SchemaSymbols.ATTVAL_BOOLEAN).build();
    private final Deque<Symbol.TypeSymbol> enclosingClass = new LinkedList();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.ANNOTATION, Tree.Kind.CLASS, Tree.Kind.METHOD_INVOCATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        switch (tree.kind()) {
            case ANNOTATION:
                checkAnnotation((AnnotationTree) tree);
                return;
            case METHOD_INVOCATION:
                checkMethodInvocation((MethodInvocationTree) tree);
                return;
            default:
                this.enclosingClass.push(((ClassTree) tree).symbol());
                return;
        }
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void leaveNode(Tree tree) {
        if (tree instanceof ClassTree) {
            this.enclosingClass.pop();
        }
    }

    private void checkMethodInvocation(MethodInvocationTree methodInvocationTree) {
        if (isPrintStackTraceIllegalUsage(methodInvocationTree) || isSetWebContentsDebuggingEnabled(methodInvocationTree) || isDebugWithTrueArgument(methodInvocationTree)) {
            reportIssue(ExpressionUtils.methodName(methodInvocationTree), MESSAGE);
        }
    }

    private boolean isPrintStackTraceIllegalUsage(MethodInvocationTree methodInvocationTree) {
        return !enclosingClassExtendsThrowable() && PRINT_STACK_TRACE_MATCHER.matches(methodInvocationTree);
    }

    private static boolean isSetWebContentsDebuggingEnabled(MethodInvocationTree methodInvocationTree) {
        return SET_WEB_CONTENTS_DEBUGGING_ENABLED.matches(methodInvocationTree) && Boolean.TRUE.equals(ExpressionUtils.resolveAsConstant((ExpressionTree) methodInvocationTree.arguments().get(0)));
    }

    private static boolean isDebugWithTrueArgument(MethodInvocationTree methodInvocationTree) {
        if (!DEBUG_MATCHER.matches(methodInvocationTree.methodSymbol())) {
            return false;
        }
        Optional<Object> asConstant = ((ExpressionTree) methodInvocationTree.arguments().get(0)).asConstant();
        return asConstant.isPresent() && asConstant.get().equals(true);
    }

    private void checkAnnotation(AnnotationTree annotationTree) {
        if (annotationTree.symbolType().is("org.springframework.security.config.annotation.web.configuration.EnableWebSecurity")) {
            annotationTree.arguments().stream().map(DebugFeatureEnabledCheck::getDebugArgument).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().filter(assignmentExpressionTree -> {
                return Boolean.TRUE.equals(ExpressionsHelper.getConstantValueAsBoolean(assignmentExpressionTree.expression()).value());
            }).ifPresent(assignmentExpressionTree2 -> {
                reportIssue(assignmentExpressionTree2, MESSAGE);
            });
        }
    }

    @CheckForNull
    private static AssignmentExpressionTree getDebugArgument(ExpressionTree expressionTree) {
        if (!expressionTree.is(Tree.Kind.ASSIGNMENT)) {
            return null;
        }
        AssignmentExpressionTree assignmentExpressionTree = (AssignmentExpressionTree) expressionTree;
        if (assignmentExpressionTree.variable().is(Tree.Kind.IDENTIFIER) && "debug".equals(((IdentifierTree) assignmentExpressionTree.variable()).name())) {
            return assignmentExpressionTree;
        }
        return null;
    }

    private boolean enclosingClassExtendsThrowable() {
        return this.enclosingClass.peek() != null && this.enclosingClass.peek().type().isSubtypeOf("java.lang.Throwable");
    }
}
