package org.sonar.php.checks;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.VariableDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.AssignmentExpressionTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.lexical.SyntaxToken;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S2068")
/* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsInVariablesAndUrisCheck.class */
public class HardCodedCredentialsInVariablesAndUrisCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Detected '%s' in this variable name, review this potentially hardcoded credential.";
    private static final String MESSAGE_URI = "Detected URI with password, review this potentially hardcoded credential.";
    private static final String DEFAULT_CREDENTIAL_WORDS = "password,passwd,pwd";
    private static final String LITERAL_PATTERN_SUFFIX = "=(?!([\\?:']|%s))..";
    private static final int LITERAL_PATTERN_SUFFIX_LENGTH = LITERAL_PATTERN_SUFFIX.length();

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential credentials", defaultValue = DEFAULT_CREDENTIAL_WORDS)
    public String credentialWords = DEFAULT_CREDENTIAL_WORDS;
    private List<Pattern> variablePatterns = null;
    private List<Pattern> literalPatterns = null;

    private Stream<Pattern> variablePatterns() {
        if (this.variablePatterns == null) {
            this.variablePatterns = toPatterns("");
        }
        return this.variablePatterns.stream();
    }

    private Stream<Pattern> literalPatterns() {
        if (this.literalPatterns == null) {
            this.literalPatterns = toPatterns(LITERAL_PATTERN_SUFFIX);
        }
        return this.literalPatterns.stream();
    }

    private List<Pattern> toPatterns(String str) {
        return Stream.of((Object[]) this.credentialWords.split(",")).map((v0) -> {
            return v0.trim();
        }).map(str2 -> {
            return Pattern.compile(str2 + str, 2);
        }).toList();
    }

    public void visitLiteral(LiteralTree literalTree) {
        checkForCredentialQuery(literalTree);
        checkForCredentialUri(literalTree);
        super.visitLiteral(literalTree);
    }

    private void checkForCredentialQuery(LiteralTree literalTree) {
        literalPatterns().filter(pattern -> {
            return pattern.matcher(literalTree.token().text()).find();
        }).findAny().ifPresent(pattern2 -> {
            addIssue(pattern2, literalTree);
        });
    }

    private void checkForCredentialUri(LiteralTree literalTree) {
        try {
            URI uri = new URI(CheckUtils.trimQuotes(literalTree.value()));
            if (uri.getUserInfo() != null) {
                String userInfo = uri.getUserInfo();
                String[] split = userInfo.split(":");
                if (split.length < 2 || split[0].equals(split[1]) || isCommonTestCredential(userInfo)) {
                    return;
                }
                context().newIssue(this, literalTree, MESSAGE_URI);
            }
        } catch (URISyntaxException e) {
        }
    }

    public void visitVariableDeclaration(VariableDeclarationTree variableDeclarationTree) {
        checkVariable(variableDeclarationTree.identifier().token(), variableDeclarationTree.initValue());
        super.visitVariableDeclaration(variableDeclarationTree);
    }

    public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
        checkVariable(assignmentExpressionTree.variable().getLastToken(), assignmentExpressionTree.value());
        super.visitAssignmentExpression(assignmentExpressionTree);
    }

    private void checkVariable(SyntaxToken syntaxToken, @Nullable Tree tree) {
        if (tree == null || !tree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) || isEmptyStringLiteral((LiteralTree) tree)) {
            return;
        }
        variablePatterns().filter(pattern -> {
            return pattern.matcher(syntaxToken.text()).find();
        }).findAny().ifPresent(pattern2 -> {
            checkAssignedValue(pattern2, syntaxToken, tree);
        });
    }

    private void checkAssignedValue(Pattern pattern, SyntaxToken syntaxToken, Tree tree) {
        if (pattern.matcher(tree.toString()).find()) {
            return;
        }
        addIssue(pattern, syntaxToken);
    }

    private static boolean isEmptyStringLiteral(LiteralTree literalTree) {
        return literalTree.value().substring(1, literalTree.value().length() - 1).isEmpty();
    }

    private void addIssue(Pattern pattern, Tree tree) {
        context().newIssue(this, tree, String.format(MESSAGE, cleanedPattern(pattern.pattern())));
    }

    private static String cleanedPattern(String str) {
        return str.endsWith(LITERAL_PATTERN_SUFFIX) ? str.substring(0, str.length() - LITERAL_PATTERN_SUFFIX_LENGTH) : str;
    }

    private static boolean isCommonTestCredential(String str) {
        return "user:password".equals(str) || "username:password".equals(str);
    }
}
