package org.sonar.php.checks;

import java.util.regex.Pattern;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.VariableDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.AssignmentExpressionTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;
import org.sonar.squidbridge.annotations.ActivatedByDefault;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;

@SqaleSubCharacteristic("SECURITY_FEATURES")
@Rule(key = HardCodedCredentialsCheck.KEY, name = "Credentials should not be hard-coded", priority = Priority.CRITICAL, tags = {Tags.CWE, Tags.OWASP_A2, Tags.SANS_TOP25_POROUS, Tags.SECURITY})
@ActivatedByDefault
@SqaleConstantRemediation("30min")
/* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends PHPVisitorCheck {
    public static final String KEY = "S2068";
    private static final String MESSAGE = "Remove this hard-coded password.";
    private static final Pattern PASSWORD_LITERAL_PATTERN = Pattern.compile("password=..", 2);
    private static final Pattern PASSWORD_VARIABLE_PATTERN = Pattern.compile("password", 2);

    public void visitLiteral(LiteralTree literalTree) {
        if (literalTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && PASSWORD_LITERAL_PATTERN.matcher(literalTree.token().text()).find()) {
            addIssue(literalTree);
        }
        super.visitLiteral(literalTree);
    }

    public void visitVariableDeclaration(VariableDeclarationTree variableDeclarationTree) {
        checkVariable(variableDeclarationTree, variableDeclarationTree.identifier().text(), variableDeclarationTree.initValue());
        super.visitVariableDeclaration(variableDeclarationTree);
    }

    public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
        checkVariable(assignmentExpressionTree, assignmentExpressionTree.variable().getLastToken().text(), assignmentExpressionTree.value());
        super.visitAssignmentExpression(assignmentExpressionTree);
    }

    private void checkVariable(Tree tree, String str, Tree tree2) {
        if (tree2 != null && tree2.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && PASSWORD_VARIABLE_PATTERN.matcher(str).find()) {
            addIssue(tree);
        }
    }

    private void addIssue(Tree tree) {
        context().newIssue(this, MESSAGE).tree(tree);
    }
}
