package org.sonar.php.checks;

import com.google.common.collect.ImmutableSet;
import java.util.Set;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.VariableDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.AssignmentExpressionTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.IdentifierTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.expression.VariableIdentifierTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S1075")
/* loaded from: input_file:org/sonar/php/checks/HardCodedUriCheck.class */
public class HardCodedUriCheck extends PHPVisitorCheck {
    private static final String SCHEME = "^(?!.*php)[a-zA-Z\\+\\.\\-]+";
    private static final String URI_REGEX = "^(?!.*php)[a-zA-Z\\+\\.\\-]+://[^\\$]+";
    private static final Pattern URI_PATTERN = Pattern.compile(URI_REGEX);
    private static final Pattern VARIABLE_NAME_PATTERN = Pattern.compile("filename|path", 2);
    private static final Set<String> WHITELIST = ImmutableSet.builder().add((ImmutableSet.Builder) "basename").add((ImmutableSet.Builder) "chgrp").add((ImmutableSet.Builder) "chmod").add((ImmutableSet.Builder) "chown").add((ImmutableSet.Builder) "clearstatcache").add((ImmutableSet.Builder) "copy").add((ImmutableSet.Builder) "delete").add((ImmutableSet.Builder) "dirname").add((ImmutableSet.Builder) "disk_\u200bfree_\u200bspace").add((ImmutableSet.Builder) "disk_\u200btotal_\u200bspace").add((ImmutableSet.Builder) "diskfreespace").add((ImmutableSet.Builder) "fclose").add((ImmutableSet.Builder) "feof").add((ImmutableSet.Builder) "fflush").add((ImmutableSet.Builder) "fgetc").add((ImmutableSet.Builder) "fgetcsv").add((ImmutableSet.Builder) "fgets").add((ImmutableSet.Builder) "fgetss").add((ImmutableSet.Builder) "file_\u200bexists").add((ImmutableSet.Builder) "file_\u200bget_\u200bcontents").add((ImmutableSet.Builder) "file_\u200bput_\u200bcontents").add((ImmutableSet.Builder) "file").add((ImmutableSet.Builder) "fileatime").add((ImmutableSet.Builder) "filectime").add((ImmutableSet.Builder) "filegroup").add((ImmutableSet.Builder) "fileinode").add((ImmutableSet.Builder) "filemtime").add((ImmutableSet.Builder) "fileowner").add((ImmutableSet.Builder) "fileperms").add((ImmutableSet.Builder) "filesize").add((ImmutableSet.Builder) "filetype").add((ImmutableSet.Builder) "flock").add((ImmutableSet.Builder) "fnmatch").add((ImmutableSet.Builder) "fopen").add((ImmutableSet.Builder) "fpassthru").add((ImmutableSet.Builder) "fputcsv").add((ImmutableSet.Builder) "fputs").add((ImmutableSet.Builder) "fread").add((ImmutableSet.Builder) "fscanf").add((ImmutableSet.Builder) "fseek").add((ImmutableSet.Builder) "fstat").add((ImmutableSet.Builder) "ftell").add((ImmutableSet.Builder) "ftruncate").add((ImmutableSet.Builder) "fwrite").add((ImmutableSet.Builder) "glob").add((ImmutableSet.Builder) "is_\u200bdir").add((ImmutableSet.Builder) "is_\u200bexecutable").add((ImmutableSet.Builder) "is_\u200bfile").add((ImmutableSet.Builder) "is_\u200blink").add((ImmutableSet.Builder) "is_\u200breadable").add((ImmutableSet.Builder) "is_\u200buploaded_\u200bfile").add((ImmutableSet.Builder) "is_\u200bwritable").add((ImmutableSet.Builder) "is_\u200bwriteable").add((ImmutableSet.Builder) "lchgrp").add((ImmutableSet.Builder) "lchown").add((ImmutableSet.Builder) "link").add((ImmutableSet.Builder) "linkinfo").add((ImmutableSet.Builder) "lstat").add((ImmutableSet.Builder) "mkdir").add((ImmutableSet.Builder) "move_\u200buploaded_\u200bfile").add((ImmutableSet.Builder) "parse_\u200bini_\u200bfile").add((ImmutableSet.Builder) "parse_\u200bini_\u200bstring").add((ImmutableSet.Builder) "pathinfo").add((ImmutableSet.Builder) "pclose").add((ImmutableSet.Builder) "popen").add((ImmutableSet.Builder) "readfile").add((ImmutableSet.Builder) "readlink").add((ImmutableSet.Builder) "realpath_\u200bcache_\u200bget").add((ImmutableSet.Builder) "realpath_\u200bcache_\u200bsize").add((ImmutableSet.Builder) "realpath").add((ImmutableSet.Builder) "rename").add((ImmutableSet.Builder) "rewind").add((ImmutableSet.Builder) "rmdir").add((ImmutableSet.Builder) "set_\u200bfile_\u200bbuffer").add((ImmutableSet.Builder) "stat").add((ImmutableSet.Builder) "symlink").add((ImmutableSet.Builder) "tempnam").add((ImmutableSet.Builder) "tmpfile").add((ImmutableSet.Builder) "touch").add((ImmutableSet.Builder) "umask").add((ImmutableSet.Builder) "unlink").build();

    private static boolean isFileNameVariable(IdentifierTree identifierTree) {
        return VARIABLE_NAME_PATTERN.matcher(identifierTree.text()).find();
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String functionName = CheckUtils.getFunctionName(functionCallTree);
        if (functionName != null && (functionName.startsWith("http_") || WHITELIST.contains(functionName))) {
            functionCallTree.arguments().forEach(this::checkExpression);
        }
        super.visitFunctionCall(functionCallTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitVariableDeclaration(VariableDeclarationTree variableDeclarationTree) {
        if (isFileNameVariable(variableDeclarationTree.identifier())) {
            checkExpression(variableDeclarationTree.initValue());
        }
        super.visitVariableDeclaration(variableDeclarationTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
        if (assignmentExpressionTree.variable().is(Tree.Kind.VARIABLE_IDENTIFIER) && isFileNameVariable(((VariableIdentifierTree) assignmentExpressionTree.variable()).variableExpression())) {
            checkExpression(assignmentExpressionTree.value());
        }
        super.visitAssignmentExpression(assignmentExpressionTree);
    }

    private void checkExpression(@Nullable ExpressionTree expressionTree) {
        if (expressionTree == null || !isHardcodedURI(expressionTree)) {
            return;
        }
        reportHardcodedURI(expressionTree);
    }

    private static boolean isHardcodedURI(ExpressionTree expressionTree) {
        ExpressionTree skipParenthesis = CheckUtils.skipParenthesis(expressionTree);
        if (skipParenthesis.is(Tree.Kind.REGULAR_STRING_LITERAL)) {
            return URI_PATTERN.matcher(trimQuotes(((LiteralTree) skipParenthesis).value())).find();
        }
        return false;
    }

    private static String trimQuotes(String str) {
        return str.substring(1, str.length());
    }

    private void reportHardcodedURI(ExpressionTree expressionTree) {
        context().newIssue(this, expressionTree, "Refactor your code to get this URI from a customizable parameter.");
    }
}
