package org.sonar.php.checks.security;

import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.SeparatedList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4797")
/* loaded from: input_file:org/sonar/php/checks/security/FileSystemUsageCheck.class */
public class FileSystemUsageCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure this file handling is safe here.";
    private static final Map<String, FunctionArgsMatcher> FILE_SYSTEM_FUNCTIONS = buildFileSystemFunctions();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/FileSystemUsageCheck$FunctionArgsMatcher.class */
    public static class FunctionArgsMatcher {
        private static final Pattern NETWORK_OR_PHP_SCHEME = Pattern.compile("(^|/)(http|https|ftp|ftps|ssh\\d?(\\.\\w+?)?|php)://");
        private final int minCount;
        private final int maxCount;
        private final boolean matchesHardcodedPath;
        private final int[] pathIndexes;

        private FunctionArgsMatcher(int i, int i2, boolean z, int... iArr) {
            this.minCount = i;
            this.maxCount = i2;
            this.matchesHardcodedPath = z;
            this.pathIndexes = iArr;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean matches(FunctionCallTree functionCallTree) {
            int size = functionCallTree.arguments().size();
            return this.minCount <= size && size <= this.maxCount && (this.pathIndexes.length == 0 || hasFileSystemPath(functionCallTree.arguments()));
        }

        private boolean hasFileSystemPath(SeparatedList<ExpressionTree> separatedList) {
            boolean z = false;
            for (int i : this.pathIndexes) {
                if (i < separatedList.size()) {
                    LiteralTree literalTree = (ExpressionTree) separatedList.get(i);
                    if (!literalTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL})) {
                        z = true;
                    } else if (this.matchesHardcodedPath) {
                        z |= !NETWORK_OR_PHP_SCHEME.matcher(CheckUtils.trimQuotes(literalTree)).find();
                    }
                }
            }
            return z;
        }
    }

    private static Map<String, FunctionArgsMatcher> buildFileSystemFunctions() {
        HashMap hashMap = new HashMap();
        hashMap.put("chgrp", new FunctionArgsMatcher(2, 2, false, new int[]{0}));
        hashMap.put("chmod", new FunctionArgsMatcher(2, 2, false, new int[]{0}));
        hashMap.put("chown", new FunctionArgsMatcher(2, 2, false, new int[]{0}));
        hashMap.put("copy", new FunctionArgsMatcher(2, 2, true, new int[]{0, 1}));
        hashMap.put("delete", new FunctionArgsMatcher(1, 1, false, new int[]{0}));
        hashMap.put("file", new FunctionArgsMatcher(1, 2, true, new int[]{0}));
        hashMap.put("file_get_contents", new FunctionArgsMatcher(1, 2, true, new int[]{0}));
        hashMap.put("file_put_contents", new FunctionArgsMatcher(2, 3, true, new int[]{0}));
        hashMap.put("fopen", new FunctionArgsMatcher(2, 3, true, new int[]{0}));
        hashMap.put("lchgrp", new FunctionArgsMatcher(2, 2, false, new int[]{0}));
        hashMap.put("lchown", new FunctionArgsMatcher(2, 2, false, new int[]{0}));
        hashMap.put("move_uploaded_file", new FunctionArgsMatcher(2, 2, false, new int[]{0, 1}));
        hashMap.put("parse_ini_file", new FunctionArgsMatcher(1, 3, true, new int[]{0}));
        hashMap.put("readfile", new FunctionArgsMatcher(1, 2, true, new int[]{0}));
        hashMap.put("rmdir", new FunctionArgsMatcher(1, 1, false, new int[]{0}));
        hashMap.put("tmpfile", new FunctionArgsMatcher(0, 0, true, new int[0]));
        hashMap.put("unlink", new FunctionArgsMatcher(1, 1, false, new int[]{0}));
        return hashMap;
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        FunctionArgsMatcher functionArgsMatcher;
        if (functionCallTree.callee().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME}) && !functionCallTree.getParent().is(new Tree.Kind[]{Tree.Kind.NEW_EXPRESSION}) && (functionArgsMatcher = FILE_SYSTEM_FUNCTIONS.get(functionCallTree.callee().qualifiedName().toLowerCase(Locale.ROOT))) != null && functionArgsMatcher.matches(functionCallTree)) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }
}
