package org.sonar.php.checks.security;

import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.BinaryExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.expression.UnaryExpressionTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4829")
/* loaded from: input_file:org/sonar/php/checks/security/StandardInputUsageCheck.class */
public class StandardInputUsageCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that reading the standard input is safe here.";
    private static final String STDIN = "STDIN";
    private static final String PHP_STDIN = "php://stdin";
    private static final List<String> SAFE_FUNCTIONS = Arrays.asList("fclose", "feof", "fseek", "fstat", "ftell", "ftruncate", "posix_isatty", "stream_set_blocking");

    public void visitNamespaceName(NamespaceNameTree namespaceNameTree) {
        if (STDIN.equalsIgnoreCase(namespaceNameTree.qualifiedName())) {
            checkUsage(namespaceNameTree);
        }
    }

    public void visitLiteral(LiteralTree literalTree) {
        if (literalTree.is(new Tree.Kind[]{Tree.Kind.REGULAR_STRING_LITERAL}) && PHP_STDIN.equals(CheckUtils.trimQuotes(literalTree))) {
            checkUsage(literalTree);
        }
    }

    private void checkUsage(Tree tree) {
        Tree parent = tree.getParent();
        if ((parent instanceof BinaryExpressionTree) || (parent instanceof UnaryExpressionTree) || isArgumentOfSafeFunctionCall(tree)) {
            return;
        }
        context().newIssue(this, tree, MESSAGE);
    }

    private static boolean isArgumentOfSafeFunctionCall(Tree tree) {
        FunctionCallTree parent = tree.getParent();
        if (!parent.is(new Tree.Kind[]{Tree.Kind.FUNCTION_CALL})) {
            return false;
        }
        NamespaceNameTree callee = parent.callee();
        if (!callee.is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            return false;
        }
        String qualifiedName = callee.qualifiedName();
        Stream<String> stream = SAFE_FUNCTIONS.stream();
        Objects.requireNonNull(qualifiedName);
        return stream.anyMatch(qualifiedName::equalsIgnoreCase);
    }
}
