package org.sonar.php.checks.security;

import org.sonar.check.Rule;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S5328")
/* loaded from: input_file:org/sonar/php/checks/security/SessionFixationCheck.class */
public class SessionFixationCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure the session ID being set is cryptographically secure and is not user-supplied.";

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        if (isSessionIdFunction(functionCallTree) && hasArguments(functionCallTree)) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean isSessionIdFunction(FunctionCallTree functionCallTree) {
        if (functionCallTree.callee().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            return functionCallTree.callee().qualifiedName().equalsIgnoreCase("session_id");
        }
        return false;
    }

    private boolean hasArguments(FunctionCallTree functionCallTree) {
        return !functionCallTree.arguments().isEmpty();
    }
}
