package org.sonar.php.checks.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.sonar.check.Rule;
import org.sonar.php.checks.NestedControlFlowDepthCheck;
import org.sonar.php.checks.TooManyFieldsInClassCheck;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.TreeUtils;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.declaration.ClassMemberTree;
import org.sonar.plugins.php.api.tree.declaration.FunctionTree;
import org.sonar.plugins.php.api.tree.declaration.MethodDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.FunctionExpressionTree;
import org.sonar.plugins.php.api.tree.expression.MemberAccessTree;
import org.sonar.plugins.php.api.tree.expression.NameIdentifierTree;
import org.sonar.plugins.php.api.tree.statement.ReturnStatementTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S5808")
/* loaded from: input_file:org/sonar/php/checks/security/AuthorizationsCheck.class */
public class AuthorizationsCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Vote methods should return at least once a negative response";
    private static final QualifiedName SYMFONY_VOTER_INTERFACE_NAMESPACE = QualifiedName.qualifiedName("Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface");
    private static final QualifiedName SYMFONY_VOTER_NAMESPACE = QualifiedName.qualifiedName("Symfony\\Component\\Security\\Core\\Authorization\\Voter\\Voter");
    private static final QualifiedName LARAVEL_GATE_NAMESPACE = QualifiedName.qualifiedName("Illuminate\\Support\\Facades\\Gate");
    private static final Set<String> VOTER_INTERFACE_COMPLIANT_RETURN_VALUES = new HashSet(Arrays.asList("ACCESS_ABSTAIN", "ACCESS_DENIED"));
    private static final Set<String> LARAVEL_GATE_CLOSURE_COMPLIANT_RETURN_VALUES = new HashSet(Arrays.asList("false", "null"));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.sonar.php.checks.security.AuthorizationsCheck$1, reason: invalid class name */
    /* loaded from: input_file:org/sonar/php/checks/security/AuthorizationsCheck$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind = new int[Tree.Kind.values().length];

        static {
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.NUMERIC_LITERAL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.REGULAR_STRING_LITERAL.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.FUNCTION_CALL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.VARIABLE_IDENTIFIER.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.CLASS_MEMBER_ACCESS.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.NULL_LITERAL.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[Tree.Kind.BOOLEAN_LITERAL.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/AuthorizationsCheck$CompliantResultStatement.class */
    public static class CompliantResultStatement {
        private ExpressionTree returnExpressionTree;
        private Predicate<String> predicate;

        private CompliantResultStatement(ExpressionTree expressionTree, Predicate<String> predicate) {
            this.returnExpressionTree = expressionTree;
            this.predicate = predicate;
        }

        static CompliantResultStatement create(ExpressionTree expressionTree, Predicate<String> predicate) {
            return new CompliantResultStatement(expressionTree, predicate);
        }

        boolean isCompliant() {
            switch (AnonymousClass1.$SwitchMap$org$sonar$plugins$php$api$tree$Tree$Kind[this.returnExpressionTree.getKind().ordinal()]) {
                case TooManyFieldsInClassCheck.DEFAULT_COUNT_NON_PUBLIC /* 1 */:
                case 2:
                    return false;
                case 3:
                    return isFunctionCallCompliant();
                case NestedControlFlowDepthCheck.DEFAULT /* 4 */:
                    return isVariableValueCompliant();
                case 5:
                    return isMemberValueCompliant();
                case 6:
                case 7:
                    return isBooleanOrNullLiteralValueCompliant();
                default:
                    return true;
            }
        }

        boolean isFunctionCallCompliant() {
            return !"response::allow".equalsIgnoreCase(CheckUtils.nameOf(this.returnExpressionTree.callee()));
        }

        boolean isVariableValueCompliant() {
            Optional<ExpressionTree> uniqueAssignedValue = CheckUtils.uniqueAssignedValue(this.returnExpressionTree);
            if (uniqueAssignedValue.isPresent()) {
                return create(uniqueAssignedValue.get(), this.predicate).isCompliant();
            }
            return true;
        }

        boolean isBooleanOrNullLiteralValueCompliant() {
            return this.predicate.test(this.returnExpressionTree.value().toLowerCase(Locale.ROOT));
        }

        boolean isMemberValueCompliant() {
            return this.predicate.test(CheckUtils.nameOf(this.returnExpressionTree.member()));
        }
    }

    public void visitMethodDeclaration(MethodDeclarationTree methodDeclarationTree) {
        if (!CheckUtils.hasModifier((ClassMemberTree) methodDeclarationTree, "abstract")) {
            String trimQuotes = CheckUtils.trimQuotes(CheckUtils.getFunctionName((FunctionTree) methodDeclarationTree));
            if ("vote".equalsIgnoreCase(trimQuotes) && CheckUtils.isMethodInheritedFromClassOrInterface(SYMFONY_VOTER_INTERFACE_NAMESPACE, methodDeclarationTree)) {
                checkReturnStatements(methodDeclarationTree, str -> {
                    return VOTER_INTERFACE_COMPLIANT_RETURN_VALUES.contains(str);
                });
            }
            if ("voteOnAttribute".equalsIgnoreCase(trimQuotes) && CheckUtils.isMethodInheritedFromClassOrInterface(SYMFONY_VOTER_NAMESPACE, methodDeclarationTree)) {
                checkReturnStatements(methodDeclarationTree, str2 -> {
                    return "false".equals(str2);
                });
            }
        }
        super.visitMethodDeclaration(methodDeclarationTree);
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        ExpressionTree callee = functionCallTree.callee();
        if (callee.is(new Tree.Kind[]{Tree.Kind.CLASS_MEMBER_ACCESS})) {
            MemberAccessTree memberAccessTree = (MemberAccessTree) callee;
            Optional<CallArgumentTree> empty = Optional.empty();
            if (isLaravelGateMethod(memberAccessTree, "define")) {
                empty = CheckUtils.argument(functionCallTree, "callback", 1);
            }
            if (isLaravelGateMethod(memberAccessTree, "before") || isLaravelGateMethod(memberAccessTree, "after")) {
                empty = CheckUtils.argument(functionCallTree, "callback", 0);
            }
            Optional<U> map = empty.map((v0) -> {
                return v0.value();
            });
            Class<FunctionExpressionTree> cls = FunctionExpressionTree.class;
            Objects.requireNonNull(FunctionExpressionTree.class);
            Optional filter = map.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<FunctionExpressionTree> cls2 = FunctionExpressionTree.class;
            Objects.requireNonNull(FunctionExpressionTree.class);
            filter.map((v1) -> {
                return r1.cast(v1);
            }).ifPresent(functionExpressionTree -> {
                Set<String> set = LARAVEL_GATE_CLOSURE_COMPLIANT_RETURN_VALUES;
                Objects.requireNonNull(set);
                checkReturnStatements(functionExpressionTree, (v1) -> {
                    return r2.contains(v1);
                });
            });
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean isLaravelGateMethod(MemberAccessTree memberAccessTree, String str) {
        ExpressionTree object = memberAccessTree.object();
        NameIdentifierTree member = memberAccessTree.member();
        return member.is(new Tree.Kind[]{Tree.Kind.NAME_IDENTIFIER}) && member.text().equals(str) && object.is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME}) && getFullyQualifiedName((NamespaceNameTree) object).equals(LARAVEL_GATE_NAMESPACE);
    }

    private void checkReturnStatements(FunctionTree functionTree, Predicate<String> predicate) {
        List list = (List) TreeUtils.descendants(functionTree, ReturnStatementTree.class).collect(Collectors.toList());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (CompliantResultStatement.create(((ReturnStatementTree) it.next()).expression(), predicate).isCompliant()) {
                return;
            }
        }
        if (list.isEmpty()) {
            context().newIssue(this, functionTree, MESSAGE);
        } else {
            context().newIssue(this, (Tree) list.get(list.size() - 1), MESSAGE);
        }
    }
}
