package org.sonar.php.checks;

import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.visitors.AssignmentExpressionVisitor;
import org.sonar.plugins.php.api.tree.CompilationUnitTree;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.ArrayAccessTree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerBracketTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.expression.VariableIdentifierTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S2053")
/* loaded from: input_file:org/sonar/php/checks/HashFunctionCheck.class */
public class HashFunctionCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Use an unpredictable salt value.";
    private static final String MESSAGE_MISSING_SALT = "Provide a cryptographically strong salt parameter.";
    private static final String USE_DEFAULT_SALT_MESSAGE = "Use the salt that is generated by default.";
    private AssignmentExpressionVisitor assignmentExpressionVisitor;
    private boolean containsPasswordHashFunction;
    private List<Tree> passwordHashSaltTrees = new ArrayList();

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String lowerCaseFunctionName = CheckUtils.getLowerCaseFunctionName(functionCallTree);
        if ("hash_pbkdf2".equals(lowerCaseFunctionName) && functionCallTree.arguments().size() >= 3) {
            ExpressionTree expressionTree = (ExpressionTree) functionCallTree.arguments().get(2);
            if (isPredictable(expressionTree)) {
                context().newIssue(this, expressionTree, MESSAGE);
            }
        } else if ("crypt".equals(lowerCaseFunctionName)) {
            if (functionCallTree.arguments().size() < 2) {
                context().newIssue(this, functionCallTree, MESSAGE_MISSING_SALT);
            } else {
                ExpressionTree expressionTree2 = (ExpressionTree) functionCallTree.arguments().get(1);
                if (isPredictable(expressionTree2)) {
                    context().newIssue(this, expressionTree2, MESSAGE);
                }
            }
        } else if ("password_hash".equals(lowerCaseFunctionName)) {
            this.containsPasswordHashFunction = true;
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean isPredictable(ExpressionTree expressionTree) {
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL})) {
            return true;
        }
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.ARRAY_ACCESS})) {
            VariableIdentifierTree object = ((ArrayAccessTree) expressionTree).object();
            return object.is(new Tree.Kind[]{Tree.Kind.VARIABLE_IDENTIFIER}) && CheckUtils.SUPERGLOBALS.contains(object.text());
        }
        if (!expressionTree.is(new Tree.Kind[]{Tree.Kind.VARIABLE_IDENTIFIER})) {
            return false;
        }
        Optional uniqueAssignedValue = this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree));
        if (uniqueAssignedValue.isPresent()) {
            return isPredictable((ExpressionTree) uniqueAssignedValue.get());
        }
        return false;
    }

    public void visitCompilationUnit(CompilationUnitTree compilationUnitTree) {
        this.passwordHashSaltTrees.clear();
        this.assignmentExpressionVisitor = new AssignmentExpressionVisitor(context().symbolTable());
        compilationUnitTree.accept(this.assignmentExpressionVisitor);
        super.visitCompilationUnit(compilationUnitTree);
        if (!this.containsPasswordHashFunction || this.passwordHashSaltTrees.isEmpty()) {
            return;
        }
        this.passwordHashSaltTrees.forEach(tree -> {
            context().newIssue(this, tree, USE_DEFAULT_SALT_MESSAGE);
        });
    }

    public void visitArrayInitializerBracket(ArrayInitializerBracketTree arrayInitializerBracketTree) {
        Stream filter = arrayInitializerBracketTree.arrayPairs().stream().map((v0) -> {
            return v0.key();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).filter(expressionTree -> {
            return expressionTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && "salt".equals(CheckUtils.trimQuotes((LiteralTree) expressionTree));
        });
        List<Tree> list = this.passwordHashSaltTrees;
        list.getClass();
        filter.forEach((v1) -> {
            r1.add(v1);
        });
        super.visitArrayInitializerBracket(arrayInitializerBracketTree);
    }
}
