package org.sonar.php.checks;

import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.VariableDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.AssignmentExpressionTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.lexical.SyntaxToken;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = HardCodedCredentialsCheck.KEY)
/* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends PHPVisitorCheck {
    public static final String KEY = "S2068";
    private static final String MESSAGE = "'%s' detected in this variable name, review this potentially hardcoded credential.";
    private static final String DEFAULT_CREDENTIAL_WORDS = "password,passwd,pwd";

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential credentials", defaultValue = DEFAULT_CREDENTIAL_WORDS)
    public String credentialWords = DEFAULT_CREDENTIAL_WORDS;
    private List<Pattern> variablePatterns = null;
    private List<Pattern> literalPatterns = null;

    private Stream<Pattern> variablePatterns() {
        if (this.variablePatterns == null) {
            this.variablePatterns = toPatterns("");
        }
        return this.variablePatterns.stream();
    }

    private Stream<Pattern> literalPatterns() {
        if (this.literalPatterns == null) {
            this.literalPatterns = toPatterns("=..");
        }
        return this.literalPatterns.stream();
    }

    private List<Pattern> toPatterns(String str) {
        return (List) Stream.of((Object[]) this.credentialWords.split(",")).map((v0) -> {
            return v0.trim();
        }).map(str2 -> {
            return Pattern.compile(str2 + str, 2);
        }).collect(Collectors.toList());
    }

    public void visitLiteral(LiteralTree literalTree) {
        if (literalTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL})) {
            checkCredential(literalTree, literalTree.token().text(), literalPatterns());
        }
        super.visitLiteral(literalTree);
    }

    public void visitVariableDeclaration(VariableDeclarationTree variableDeclarationTree) {
        checkVariable(variableDeclarationTree.identifier().token(), variableDeclarationTree.initValue());
        super.visitVariableDeclaration(variableDeclarationTree);
    }

    public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
        checkVariable(assignmentExpressionTree.variable().getLastToken(), assignmentExpressionTree.value());
        super.visitAssignmentExpression(assignmentExpressionTree);
    }

    private void checkVariable(SyntaxToken syntaxToken, @Nullable Tree tree) {
        if (tree == null || !tree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) || isEmptyStringLiteral((LiteralTree) tree)) {
            return;
        }
        checkCredential(syntaxToken, syntaxToken.text(), variablePatterns());
    }

    private void checkCredential(Tree tree, String str, Stream<Pattern> stream) {
        stream.filter(pattern -> {
            return pattern.matcher(str).find();
        }).findAny().ifPresent(pattern2 -> {
            addIssue(pattern2, tree);
        });
    }

    private static boolean isEmptyStringLiteral(LiteralTree literalTree) {
        return literalTree.value().substring(1, literalTree.value().length() - 1).isEmpty();
    }

    private void addIssue(Pattern pattern, Tree tree) {
        context().newIssue(this, tree, String.format(MESSAGE, cleanedPattern(pattern.pattern())));
    }

    private static String cleanedPattern(String str) {
        return str.endsWith("=..") ? str.substring(0, str.length() - 3) : str;
    }
}
