package org.sonar.php.checks.security;

import com.google.common.collect.ImmutableSet;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.type.StaticFunctionCall;
import org.sonar.php.tree.impl.expression.MemberAccessTreeImpl;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4529")
/* loaded from: input_file:org/sonar/php/checks/security/HttpEndpointCheck.class */
public class HttpEndpointCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that exposing this HTTP endpoint is safe here.";
    private static final ImmutableSet<StaticFunctionCall> SUSPICIOUS_STATIC_FUNCTIONS = ImmutableSet.of(StaticFunctionCall.staticFunctionCall("Cake\\Routing\\Router::scope"), StaticFunctionCall.staticFunctionCall("Cake\\Routing\\Router::connect"), StaticFunctionCall.staticFunctionCall("Cake\\Routing\\Router::plugin"), StaticFunctionCall.staticFunctionCall("Cake\\Routing\\Router::prefix"));

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        if (isSuspiciousStaticFunction(functionCallTree.callee())) {
            context().newIssue(this, functionCallTree.callee(), MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean isSuspiciousStaticFunction(ExpressionTree expressionTree) {
        if (!expressionTree.is(new Tree.Kind[]{Tree.Kind.CLASS_MEMBER_ACCESS})) {
            return false;
        }
        MemberAccessTreeImpl memberAccessTreeImpl = (MemberAccessTreeImpl) expressionTree;
        if (!memberAccessTreeImpl.object().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME}) || !memberAccessTreeImpl.member().is(new Tree.Kind[]{Tree.Kind.NAME_IDENTIFIER})) {
            return false;
        }
        QualifiedName fullyQualifiedName = getFullyQualifiedName((NamespaceNameTree) memberAccessTreeImpl.object());
        String text = memberAccessTreeImpl.member().text();
        return SUSPICIOUS_STATIC_FUNCTIONS.stream().anyMatch(staticFunctionCall -> {
            return staticFunctionCall.matches(fullyQualifiedName, text);
        });
    }
}
