package org.sonar.php.checks;

import com.google.common.collect.ImmutableSet;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.php.api.PHPKeyword;
import org.sonar.php.checks.utils.FunctionUsageCheck;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.squidbridge.annotations.ActivatedByDefault;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;

@SqaleSubCharacteristic("INPUT_VALIDATION_AND_REPRESENTATION")
@Rule(key = EvalUseCheck.KEY, name = "Code should not be dynamically injected and executed to prevent Eval Injection vulnerability", priority = Priority.CRITICAL, tags = {"security", "cwe", Tags.OWASP_A3})
@ActivatedByDefault
@SqaleConstantRemediation("30min")
/* loaded from: input_file:META-INF/lib/php-checks-2.8.jar:org/sonar/php/checks/EvalUseCheck.class */
public class EvalUseCheck extends FunctionUsageCheck {
    public static final String KEY = "S1523";
    private static final String MESSAGE = "Remove this use of the \"eval\" function.";

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected ImmutableSet<String> functionNames() {
        return ImmutableSet.of(PHPKeyword.EVAL.getValue());
    }

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected void createIssue(FunctionCallTree functionCallTree) {
        context().newIssue(this, MESSAGE).tree(functionCallTree.callee());
    }
}
