package org.sonar.javascript.checks;

import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections.map.HashedMap;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.javascript.checks.utils.CheckUtils;
import org.sonar.plugins.javascript.api.tree.ScriptTree;
import org.sonar.plugins.javascript.api.tree.Tree;
import org.sonar.plugins.javascript.api.tree.expression.DotMemberExpressionTree;
import org.sonar.plugins.javascript.api.tree.expression.MemberExpressionTree;
import org.sonar.plugins.javascript.api.visitors.BaseTreeVisitor;
import org.sonar.squidbridge.annotations.SqaleLinearWithOffsetRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;

@SqaleLinearWithOffsetRemediation(coeff = "5min", offset = "1h", effortToFixDescription = "per additional use of the api")
@SqaleSubCharacteristic("SECURITY_FEATURES")
@Rule(key = "S3271", name = "Local storage should not be used", priority = Priority.CRITICAL, tags = {Tags.SECURITY, Tags.OWASP_A6})
/* loaded from: input_file:org/sonar/javascript/checks/LocalStorageCheck.class */
public class LocalStorageCheck extends BaseTreeVisitor {
    private static final String MESSAGE = "Remove all use of \"%s\"; use cookies or store the data on the server instead.";
    private static final List<String> API_CALLS = ImmutableList.of("getItem", "setItem", "removeItem", "clear", "key", "length");
    private static final List<String> OBJECTS = ImmutableList.of("localStorage", "sessionStorage");
    Map<String, StorageType> storageTypes = new HashedMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/javascript/checks/LocalStorageCheck$StorageType.class */
    public static class StorageType {
        private MemberExpressionTree tree;
        private int count = 1;

        StorageType(MemberExpressionTree memberExpressionTree) {
            this.tree = memberExpressionTree;
        }

        void inc() {
            this.count++;
        }
    }

    public void visitScript(ScriptTree scriptTree) {
        this.storageTypes.clear();
        super.visitScript(scriptTree);
        checkForIssues();
    }

    public void visitMemberExpression(MemberExpressionTree memberExpressionTree) {
        if (memberExpressionTree.is(new Tree.Kind[]{Tree.Kind.DOT_MEMBER_EXPRESSION})) {
            DotMemberExpressionTree dotMemberExpressionTree = (DotMemberExpressionTree) memberExpressionTree;
            String objectName = getObjectName(dotMemberExpressionTree);
            String name = dotMemberExpressionTree.property().name();
            if (OBJECTS.contains(objectName) && API_CALLS.contains(name)) {
                saveDebtLocation(memberExpressionTree, objectName);
            }
        } else if (memberExpressionTree.is(new Tree.Kind[]{Tree.Kind.BRACKET_MEMBER_EXPRESSION})) {
            String objectName2 = getObjectName(memberExpressionTree);
            if (OBJECTS.contains(objectName2)) {
                saveDebtLocation(memberExpressionTree, objectName2);
            }
        }
        super.visitMemberExpression(memberExpressionTree);
    }

    private void saveDebtLocation(MemberExpressionTree memberExpressionTree, String str) {
        StorageType storageType = this.storageTypes.get(str);
        if (storageType == null) {
            this.storageTypes.put(str, new StorageType(memberExpressionTree));
        } else {
            storageType.inc();
        }
    }

    private static String getObjectName(MemberExpressionTree memberExpressionTree) {
        return memberExpressionTree.object().is(new Tree.Kind[]{Tree.Kind.DOT_MEMBER_EXPRESSION}) ? memberExpressionTree.object().property().name() : CheckUtils.asString(memberExpressionTree.object());
    }

    private void checkForIssues() {
        for (Map.Entry<String, StorageType> entry : this.storageTypes.entrySet()) {
            getContext().addIssue(this, entry.getValue().tree, String.format(MESSAGE, entry.getKey()), entry.getValue().count - 1);
        }
    }
}
