package org.sonar.php.checks.security;

import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.function.Predicate;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.type.NewObjectCall;
import org.sonar.php.checks.utils.type.ObjectMemberFunctionCall;
import org.sonar.php.checks.utils.type.TreeValues;
import org.sonar.php.checks.utils.type.TypePredicateList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S2077")
/* loaded from: input_file:org/sonar/php/checks/security/QueryUsageCheck.class */
public class QueryUsageCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that formatting this SQL query is safe here.";
    private static final NewObjectCall IS_PDO_OBJECT = new NewObjectCall("PDO");
    private static final NewObjectCall IS_MYSQLI_OBJECT = new NewObjectCall("mysqli");
    private static final Map<String, Integer> SUSPICIOUS_GLOBAL_FUNCTIONS = buildSuspiciousGlobalFunctions();
    private static final Predicate<TreeValues> SUSPICIOUS_QUERY_PREDICATES = new TypePredicateList(new ObjectMemberFunctionCall("exec", IS_PDO_OBJECT), new ObjectMemberFunctionCall("query", IS_PDO_OBJECT, IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("real_query", IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("multi_query", IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("send_query", IS_MYSQLI_OBJECT));
    private static final Predicate<TreeValues> PDO_PREPARE_PREDICATE = new ObjectMemberFunctionCall("prepare", new NewObjectCall("PDO"));

    private static Map<String, Integer> buildSuspiciousGlobalFunctions() {
        HashMap hashMap = new HashMap();
        hashMap.put("mssql_query", 0);
        hashMap.put("mysql_query", 0);
        hashMap.put("mysql_db_query", 1);
        hashMap.put("mysql_unbuffered_query", 0);
        hashMap.put("pg_send_query", 1);
        hashMap.put("mysqli_query", 1);
        hashMap.put("mysqli_real_query", 1);
        hashMap.put("mysqli_multi_query", 1);
        hashMap.put("mysqli_send_query", 1);
        return hashMap;
    }

    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        TreeValues of = TreeValues.of(functionCallTree, context().symbolTable());
        if (isSuspiciousGlobalFunction(functionCallTree) || isSuspiciousMemberFunction(functionCallTree, of) || isSuspiciousPrepareStatement(functionCallTree, of)) {
            context().newIssue(this, functionCallTree.callee(), MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private static boolean isSuspiciousGlobalFunction(FunctionCallTree functionCallTree) {
        NamespaceNameTree callee = functionCallTree.callee();
        if (!callee.is(new Tree.Kind[]{Tree.Kind.NAMESPACE_NAME})) {
            return false;
        }
        String lowerCase = callee.qualifiedName().toLowerCase(Locale.ENGLISH);
        if (!SUSPICIOUS_GLOBAL_FUNCTIONS.containsKey(lowerCase)) {
            return "pg_query".equals(lowerCase) && !functionCallTree.arguments().isEmpty() && isSuspiciousArgument((ExpressionTree) functionCallTree.arguments().get(functionCallTree.arguments().size() - 1));
        }
        Integer num = SUSPICIOUS_GLOBAL_FUNCTIONS.get(lowerCase);
        return functionCallTree.arguments().size() > num.intValue() && isSuspiciousArgument((ExpressionTree) functionCallTree.arguments().get(num.intValue()));
    }

    private static boolean isSuspiciousMemberFunction(FunctionCallTree functionCallTree, TreeValues treeValues) {
        return SUSPICIOUS_QUERY_PREDICATES.test(treeValues) && !functionCallTree.arguments().isEmpty() && isSuspiciousArgument((ExpressionTree) functionCallTree.arguments().get(0));
    }

    private static boolean isSuspiciousPrepareStatement(FunctionCallTree functionCallTree, TreeValues treeValues) {
        return PDO_PREPARE_PREDICATE.test(treeValues) && !functionCallTree.arguments().isEmpty() && isSuspiciousArgument((ExpressionTree) functionCallTree.arguments().get(0));
    }

    private static boolean isSuspiciousArgument(ExpressionTree expressionTree) {
        return expressionTree.is(new Tree.Kind[]{Tree.Kind.EXPANDABLE_STRING_LITERAL}) || expressionTree.is(new Tree.Kind[]{Tree.Kind.CONCATENATION});
    }
}
