package org.sonar.php.checks;

import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.visitors.AssignmentExpressionVisitor;
import org.sonar.plugins.php.api.tree.CompilationUnitTree;
import org.sonar.plugins.php.api.tree.SeparatedList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerTree;
import org.sonar.plugins.php.api.tree.expression.ArrayPairTree;
import org.sonar.plugins.php.api.tree.expression.BinaryExpressionTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = EmptyDatabasePasswordCheck.KEY)
/* loaded from: input_file:org/sonar/php/checks/EmptyDatabasePasswordCheck.class */
public class EmptyDatabasePasswordCheck extends PHPVisitorCheck {
    public static final String KEY = "S2115";
    private static final String MESSAGE = "Add password protection to this database.";
    private AssignmentExpressionVisitor assignmentExpressionVisitor;

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitCompilationUnit(CompilationUnitTree compilationUnitTree) {
        this.assignmentExpressionVisitor = new AssignmentExpressionVisitor(context().symbolTable());
        compilationUnitTree.accept(this.assignmentExpressionVisitor);
        super.visitCompilationUnit(compilationUnitTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String functionName = CheckUtils.getFunctionName(functionCallTree);
        if ("mysqli".equals(functionName) || "mysqli_connect".equals(functionName) || "PDO".equals(functionName)) {
            checkPasswordArgument(functionCallTree, 2);
        } else if ("oci_connect".equals(functionName)) {
            checkPasswordArgument(functionCallTree, 1);
        } else if ("sqlsrv_connect".equals(functionName)) {
            checkSqlServer(functionCallTree);
        } else if ("pg_connect".equals(functionName)) {
            checkPostgresql(functionCallTree);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private void checkPasswordArgument(FunctionCallTree functionCallTree, int i) {
        SeparatedList<ExpressionTree> arguments = functionCallTree.arguments();
        if (arguments.size() > i) {
            ExpressionTree expressionTree = (ExpressionTree) arguments.get(i);
            if (hasEmptyValue(expressionTree)) {
                context().newIssue(this, expressionTree, MESSAGE);
            }
        }
    }

    private static boolean isEmptyLiteral(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.REGULAR_STRING_LITERAL) && ((LiteralTree) expressionTree).value().length() == 2;
    }

    private boolean hasEmptyValue(ExpressionTree expressionTree) {
        if (isEmptyLiteral(expressionTree)) {
            return true;
        }
        if (expressionTree.is(Tree.Kind.VARIABLE_IDENTIFIER)) {
            return ((Boolean) this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).map(EmptyDatabasePasswordCheck::isEmptyLiteral).orElse(false)).booleanValue();
        }
        return false;
    }

    private void checkSqlServer(FunctionCallTree functionCallTree) {
        ExpressionTree sqlServerPassword;
        SeparatedList<ExpressionTree> arguments = functionCallTree.arguments();
        if (arguments.size() <= 1 || (sqlServerPassword = sqlServerPassword((ExpressionTree) arguments.get(1))) == null || !hasEmptyValue(sqlServerPassword)) {
            return;
        }
        context().newIssue(this, sqlServerPassword, MESSAGE);
    }

    private ExpressionTree sqlServerPassword(ExpressionTree expressionTree) {
        if (!expressionTree.is(Tree.Kind.ARRAY_INITIALIZER_FUNCTION, Tree.Kind.ARRAY_INITIALIZER_BRACKET)) {
            return (ExpressionTree) this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).map(this::sqlServerPassword).orElse(null);
        }
        for (ArrayPairTree arrayPairTree : ((ArrayInitializerTree) expressionTree).arrayPairs()) {
            ExpressionTree key = arrayPairTree.key();
            if (key != null && key.is(Tree.Kind.REGULAR_STRING_LITERAL) && "PWD".equals(CheckUtils.trimQuotes((LiteralTree) key))) {
                return arrayPairTree.value();
            }
        }
        return null;
    }

    private void checkPostgresql(FunctionCallTree functionCallTree) {
        SeparatedList<ExpressionTree> arguments = functionCallTree.arguments();
        if (arguments.isEmpty()) {
            return;
        }
        ExpressionTree expressionTree = (ExpressionTree) arguments.get(0);
        checkPostgresqlConnectionString(this.assignmentExpressionVisitor.getUniqueAssignedValue(context().symbolTable().getSymbol(expressionTree)).orElse(expressionTree));
    }

    private void checkPostgresqlConnectionString(ExpressionTree expressionTree) {
        ArrayList arrayList = new ArrayList();
        if (expressionTree.is(Tree.Kind.CONCATENATION)) {
            concatenationOperands(expressionTree, arrayList);
        } else {
            arrayList.add(expressionTree);
        }
        ExpressionTree expressionTree2 = (ExpressionTree) arrayList.get(arrayList.size() - 1);
        Pattern compile = Pattern.compile(".*password\\s*=\\s*");
        Pattern compile2 = Pattern.compile(compile.pattern() + "''.*");
        if (arrayList.stream().anyMatch(expressionTree3 -> {
            return isStringLiteralMatching(compile2, expressionTree3);
        }) || isStringLiteralMatching(compile, expressionTree2)) {
            context().newIssue(this, expressionTree, MESSAGE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isStringLiteralMatching(Pattern pattern, ExpressionTree expressionTree) {
        if (expressionTree.is(Tree.Kind.REGULAR_STRING_LITERAL)) {
            return pattern.matcher(CheckUtils.trimQuotes((LiteralTree) expressionTree)).matches();
        }
        return false;
    }

    private static void concatenationOperands(ExpressionTree expressionTree, List<ExpressionTree> list) {
        if (!expressionTree.is(Tree.Kind.CONCATENATION)) {
            list.add(expressionTree);
            return;
        }
        BinaryExpressionTree binaryExpressionTree = (BinaryExpressionTree) expressionTree;
        concatenationOperands(binaryExpressionTree.leftOperand(), list);
        concatenationOperands(binaryExpressionTree.rightOperand(), list);
    }
}
