package org.sonar.php.checks.security;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.php.checks.TooManyFieldsInClassCheck;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.symbols.ClassSymbol;
import org.sonar.php.symbols.Symbols;
import org.sonar.php.tree.TreeUtils;
import org.sonar.php.tree.impl.VariableIdentifierTreeImpl;
import org.sonar.php.tree.symbols.SymbolImpl;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.MethodDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.declaration.ParameterTree;
import org.sonar.plugins.php.api.tree.declaration.TypeNameTree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.expression.MemberAccessTree;
import org.sonar.plugins.php.api.tree.expression.NewExpressionTree;
import org.sonar.plugins.php.api.tree.statement.ReturnStatementTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S5693")
/* loaded from: input_file:org/sonar/php/checks/security/RequestContentLengthCheck.class */
public class RequestContentLengthCheck extends PHPVisitorCheck {
    public static final int DEFAULT = 8000000;

    @RuleProperty(key = "fileUploadSizeLimit", defaultValue = "8000000")
    long fileUploadSizeLimit = 8000000;
    private static final String LARAVEL_RULES_KEY = "rules";
    private static final String MESSAGE = "Make sure the content length limit is safe here.";
    private static final QualifiedName SYMFONY_FILE_CONSTRAINT = QualifiedName.qualifiedName("Symfony\\Component\\Validator\\Constraints\\File");
    private static final Pattern SIZE_FORMAT = Pattern.compile("^(?<number>[0-9]+)(?<unit>k|M|Ki|Mi)?$");
    private static final Pattern LARAVEL_SIZE_FORMAT = Pattern.compile("^max:(?<size>[0-9]+)$");
    private static final Tree.Kind[] ARRAY = {Tree.Kind.ARRAY_INITIALIZER_BRACKET, Tree.Kind.ARRAY_INITIALIZER_FUNCTION};
    private static final QualifiedName LARAVEL_FORM_REQUEST = QualifiedName.qualifiedName("Illuminate\\Foundation\\Http\\FormRequest");
    private static final QualifiedName LARAVEL_CONTROLLER = QualifiedName.qualifiedName("App\\Http\\Controllers\\Controller");
    private static final Map<String, Integer> LARAVEL_RULES_ARGUMENT = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/RequestContentLengthCheck$LaravelFileValidation.class */
    public static class LaravelFileValidation {
        ExpressionTree definition;
        Long maxBytes;

        public LaravelFileValidation(ExpressionTree expressionTree, @Nullable Long l) {
            this.definition = expressionTree;
            this.maxBytes = l;
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v13, types: [java.util.Set] */
        @Nullable
        public static LaravelFileValidation of(ExpressionTree expressionTree) {
            HashSet hashSet = new HashSet();
            if (expressionTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL})) {
                Collections.addAll(hashSet, CheckUtils.trimQuotes((LiteralTree) expressionTree).split("\\|"));
            } else if (expressionTree.is(RequestContentLengthCheck.ARRAY)) {
                hashSet = (Set) ((ArrayInitializerTree) expressionTree).arrayPairs().stream().map((v0) -> {
                    return v0.value();
                }).filter(expressionTree2 -> {
                    return expressionTree2.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL});
                }).map(expressionTree3 -> {
                    return CheckUtils.trimQuotes((LiteralTree) expressionTree3);
                }).collect(Collectors.toSet());
            }
            return ofArray(expressionTree, hashSet);
        }

        @Nullable
        private static LaravelFileValidation ofArray(ExpressionTree expressionTree, Set<String> set) {
            if (!set.contains("file")) {
                return null;
            }
            Stream<String> stream = set.stream();
            Pattern pattern = RequestContentLengthCheck.LARAVEL_SIZE_FORMAT;
            Objects.requireNonNull(pattern);
            return new LaravelFileValidation(expressionTree, (Long) stream.map((v1) -> {
                return r1.matcher(v1);
            }).filter((v0) -> {
                return v0.matches();
            }).map(matcher -> {
                return Long.valueOf(Long.parseLong(matcher.group("size")) * 1000);
            }).findFirst().orElse(null));
        }

        public boolean isMaxHigher(long j) {
            return this.maxBytes == null || this.maxBytes.longValue() > j;
        }
    }

    public void visitNewExpression(NewExpressionTree newExpressionTree) {
        if (isInstantiationOf(newExpressionTree, SYMFONY_FILE_CONSTRAINT) && newExpressionTree.expression().callArguments().size() == 1) {
            checkSymfonyFileConstraint(((CallArgumentTree) newExpressionTree.expression().callArguments().get(0)).value());
        }
        super.visitNewExpression(newExpressionTree);
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        super.visitFunctionCall(functionCallTree);
        String lowerCaseFunctionName = functionCallTree.callee().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME}) ? CheckUtils.getLowerCaseFunctionName(functionCallTree) : getMethodName(functionCallTree);
        if (lowerCaseFunctionName == null) {
            return;
        }
        getLaravelValidationsArgument(functionCallTree, lowerCaseFunctionName).map((v0) -> {
            return v0.value();
        }).ifPresent(this::checkLaravelFileRules);
    }

    public void visitMethodDeclaration(MethodDeclarationTree methodDeclarationTree) {
        super.visitMethodDeclaration(methodDeclarationTree);
        if (CheckUtils.isMethodInheritedFromClassOrInterface(LARAVEL_FORM_REQUEST, methodDeclarationTree) && LARAVEL_RULES_KEY.equalsIgnoreCase(methodDeclarationTree.name().text())) {
            checkLaravelFormRequestRulesReturns(methodDeclarationTree);
        }
    }

    private void checkLaravelFormRequestRulesReturns(MethodDeclarationTree methodDeclarationTree) {
        TreeUtils.descendants(methodDeclarationTree, ReturnStatementTree.class).map((v0) -> {
            return v0.expression();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(CheckUtils::assignedValue).forEach(this::checkLaravelFileRules);
    }

    private void checkLaravelFileRules(ExpressionTree expressionTree) {
        if (expressionTree.is(ARRAY)) {
            getLaravelFileValidations((ArrayInitializerTree) expressionTree).filter(laravelFileValidation -> {
                return laravelFileValidation.isMaxHigher(this.fileUploadSizeLimit);
            }).forEach(laravelFileValidation2 -> {
                context().newIssue(this, laravelFileValidation2.definition, MESSAGE);
            });
        }
    }

    private String getMethodName(FunctionCallTree functionCallTree) {
        MemberAccessTree callee = functionCallTree.callee();
        String str = null;
        if (callee.is(new Tree.Kind[]{Tree.Kind.CLASS_MEMBER_ACCESS}) && callee.object().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            str = getFullyQualifiedName((NamespaceNameTree) callee.object()).toString();
        } else if (callee.is(new Tree.Kind[]{Tree.Kind.OBJECT_MEMBER_ACCESS}) && (callee.object() instanceof VariableIdentifierTreeImpl)) {
            SymbolImpl symbol = callee.object().symbol();
            if (symbol == null) {
                return null;
            }
            Tree parent = symbol.declaration().getParent();
            if (!parent.is(new Tree.Kind[]{Tree.Kind.PARAMETER})) {
                return null;
            }
            str = parameterType((ParameterTree) parent);
        }
        if (str == null) {
            return null;
        }
        return (str + "::" + CheckUtils.functionName(functionCallTree)).toLowerCase(Locale.ROOT);
    }

    private static Optional<CallArgumentTree> getLaravelValidationsArgument(FunctionCallTree functionCallTree, String str) {
        return (!LARAVEL_RULES_ARGUMENT.containsKey(str) || ("validator".equals(str) && !isInLaravelController(functionCallTree))) ? Optional.empty() : CheckUtils.argument(functionCallTree, LARAVEL_RULES_KEY, LARAVEL_RULES_ARGUMENT.get(str).intValue());
    }

    private static boolean isInLaravelController(FunctionCallTree functionCallTree) {
        ClassSymbol classSymbol;
        ClassDeclarationTree findAncestorWithKind = TreeUtils.findAncestorWithKind(functionCallTree, Collections.singletonList(Tree.Kind.CLASS_DECLARATION));
        if (findAncestorWithKind == null || (classSymbol = Symbols.get(findAncestorWithKind)) == null) {
            return false;
        }
        return classSymbol.isSubTypeOf(new QualifiedName[]{LARAVEL_CONTROLLER}).isTrue();
    }

    private static Stream<LaravelFileValidation> getLaravelFileValidations(ArrayInitializerTree arrayInitializerTree) {
        return arrayInitializerTree.arrayPairs().stream().map((v0) -> {
            return v0.value();
        }).map(expressionTree -> {
            return LaravelFileValidation.of(expressionTree);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    @Nullable
    private String parameterType(ParameterTree parameterTree) {
        if (parameterTree.declaredType() == null || !parameterTree.declaredType().isSimple()) {
            return null;
        }
        TypeNameTree typeName = parameterTree.declaredType().typeName();
        if (typeName.is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            return getFullyQualifiedName((NamespaceNameTree) typeName).toString();
        }
        return null;
    }

    private void checkSymfonyFileConstraint(ExpressionTree expressionTree) {
        ArrayInitializerTree assignedValue = CheckUtils.assignedValue(expressionTree);
        if (assignedValue.is(ARRAY)) {
            Optional<ExpressionTree> arrayValue = CheckUtils.arrayValue(assignedValue, "maxSize");
            if (arrayValue.isPresent()) {
                checkFileSize(arrayValue.get());
            } else {
                context().newIssue(this, assignedValue, MESSAGE);
            }
        }
    }

    private void checkFileSize(ExpressionTree expressionTree) {
        LiteralTree assignedValue = CheckUtils.assignedValue(expressionTree);
        long j = 0;
        if (assignedValue.is(new Tree.Kind[]{Tree.Kind.NUMERIC_LITERAL, Tree.Kind.REGULAR_STRING_LITERAL})) {
            Matcher matcher = SIZE_FORMAT.matcher(assignedValue.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) ? CheckUtils.trimQuotes(assignedValue) : assignedValue.value());
            if (matcher.matches()) {
                j = Long.parseLong(matcher.group("number"));
                String group = matcher.group("unit") != null ? matcher.group("unit") : "";
                boolean z = -1;
                switch (group.hashCode()) {
                    case 77:
                        if (group.equals("M")) {
                            z = true;
                            break;
                        }
                        break;
                    case 107:
                        if (group.equals("k")) {
                            z = false;
                            break;
                        }
                        break;
                    case 2430:
                        if (group.equals("Ki")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 2492:
                        if (group.equals("Mi")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        j *= 1000;
                        break;
                    case TooManyFieldsInClassCheck.DEFAULT_COUNT_NON_PUBLIC /* 1 */:
                        j *= 1000000;
                        break;
                    case true:
                        j *= 1024;
                        break;
                    case true:
                        j *= 1048576;
                        break;
                }
            } else {
                return;
            }
        } else if (assignedValue.is(new Tree.Kind[]{Tree.Kind.NULL_LITERAL})) {
            j = this.fileUploadSizeLimit + 1;
        }
        if (j > this.fileUploadSizeLimit) {
            context().newIssue(this, assignedValue, MESSAGE);
        }
    }

    private boolean isInstantiationOf(NewExpressionTree newExpressionTree, QualifiedName qualifiedName) {
        FunctionCallTree expression = newExpressionTree.expression();
        if (expression.is(new Tree.Kind[]{Tree.Kind.FUNCTION_CALL}) && expression.callee().is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            return qualifiedName.equals(getFullyQualifiedName((NamespaceNameTree) expression.callee()));
        }
        return false;
    }

    static {
        LARAVEL_RULES_ARGUMENT.put("illuminate\\http\\request::validate", 0);
        LARAVEL_RULES_ARGUMENT.put("illuminate\\http\\request::validatewithbag", 1);
        LARAVEL_RULES_ARGUMENT.put("validator", 1);
        LARAVEL_RULES_ARGUMENT.put("illuminate\\support\\facades\\validator::make", 1);
    }
}
