package org.sonar.php.checks.security;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nullable;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.tree.impl.expression.PrefixExpressionTreeImpl;
import org.sonar.php.utils.collections.SetUtils;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.ClassTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.AnonymousClassTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.statement.UseTraitDeclarationTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4792")
/* loaded from: input_file:org/sonar/php/checks/security/LoggerConfigurationCheck.class */
public class LoggerConfigurationCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that this logger's configuration is safe.";
    private static final String ERROR_REPORTING = "error_reporting";
    private static final Set<String> GLOBAL_CONFIGURATION_FUNCTIONS = SetUtils.immutableSetOf("ini_set", "ini_alter");
    private static final Map<String, List<String>> WHITELISTED_VALUE_BY_DIRECTIVE = buildWhitelistedValues();
    private static final QualifiedName PSR_LOG_ABSTRACT_LOGGER_CLASS = QualifiedName.qualifiedName("Psr\\Log\\AbstractLogger");
    private static final QualifiedName PSR_LOG_LOGGER_INTERFACE = QualifiedName.qualifiedName("Psr\\Log\\LoggerInterface");
    private static final QualifiedName PSR_LOG_LOGGER_TRAIT = QualifiedName.qualifiedName("Psr\\Log\\LoggerTrait");

    private static Map<String, List<String>> buildWhitelistedValues() {
        HashMap hashMap = new HashMap();
        hashMap.put("docref_root", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("display_errors", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("display_startup_errors", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("error_log", Collections.emptyList());
        hashMap.put(ERROR_REPORTING, Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("log_errors", Collections.singletonList(SchemaSymbols.ATTVAL_TRUE_1));
        hashMap.put("log_errors_max_length", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("ignore_repeated_errors", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("ignore_repeated_source", Collections.singletonList(SchemaSymbols.ATTVAL_FALSE_0));
        hashMap.put("track_errors", Collections.singletonList(SchemaSymbols.ATTVAL_TRUE_1));
        return hashMap;
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        super.visitFunctionCall(functionCallTree);
        ExpressionTree callee = functionCallTree.callee();
        if (callee.is(Tree.Kind.NAMESPACE_NAME)) {
            String lowerCase = ((NamespaceNameTree) callee).qualifiedName().toLowerCase(Locale.ROOT);
            if (!ERROR_REPORTING.equals(lowerCase)) {
                if (isSuspiciousGlobalConfiguration(lowerCase, functionCallTree)) {
                    context().newIssue(this, functionCallTree, MESSAGE);
                }
            } else {
                Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "level", 0);
                if (argument.isPresent() && isSuspiciousDirective(ERROR_REPORTING, argument.get().value())) {
                    context().newIssue(this, functionCallTree, MESSAGE);
                }
            }
        }
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitClassDeclaration(ClassDeclarationTree classDeclarationTree) {
        super.visitClassDeclaration(classDeclarationTree);
        checkSuspiciousClassDeclaration(classDeclarationTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitAnonymousClass(AnonymousClassTree anonymousClassTree) {
        super.visitAnonymousClass(anonymousClassTree);
        checkSuspiciousClassDeclaration(anonymousClassTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitUseTraitDeclaration(UseTraitDeclarationTree useTraitDeclarationTree) {
        super.visitUseTraitDeclaration(useTraitDeclarationTree);
        useTraitDeclarationTree.traits().stream().filter(namespaceNameTree -> {
            return PSR_LOG_LOGGER_TRAIT.equals(getFullyQualifiedName(namespaceNameTree));
        }).forEach(namespaceNameTree2 -> {
            context().newIssue(this, namespaceNameTree2, MESSAGE);
        });
    }

    private void checkSuspiciousClassDeclaration(ClassTree classTree) {
        NamespaceNameTree superClass = classTree.superClass();
        if (superClass != null && getFullyQualifiedName(superClass).equals(PSR_LOG_ABSTRACT_LOGGER_CLASS)) {
            context().newIssue(this, superClass, MESSAGE);
        }
        classTree.superInterfaces().stream().filter(namespaceNameTree -> {
            return PSR_LOG_LOGGER_INTERFACE.equals(getFullyQualifiedName(namespaceNameTree));
        }).forEach(namespaceNameTree2 -> {
            context().newIssue(this, namespaceNameTree2, MESSAGE);
        });
    }

    private static boolean isSuspiciousGlobalConfiguration(String str, FunctionCallTree functionCallTree) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "varname", 0);
        Optional<CallArgumentTree> argument2 = CheckUtils.argument(functionCallTree, "newvalue", 1);
        return GLOBAL_CONFIGURATION_FUNCTIONS.contains(str) && functionCallTree.callArguments().size() == 2 && argument.isPresent() && argument2.isPresent() && isSuspiciousDirective(getStringValue(argument.get().value()), argument2.get().value());
    }

    private static boolean isSuspiciousDirective(@Nullable String str, ExpressionTree expressionTree) {
        List<String> list = WHITELISTED_VALUE_BY_DIRECTIVE.get(str);
        return (list == null || list.contains(getRawValue(expressionTree))) ? false : true;
    }

    @Nullable
    private static String getStringValue(ExpressionTree expressionTree) {
        if (expressionTree.is(Tree.Kind.REGULAR_STRING_LITERAL)) {
            return CheckUtils.trimQuotes((LiteralTree) expressionTree);
        }
        return null;
    }

    @Nullable
    private static String getRawValue(ExpressionTree expressionTree) {
        if (expressionTree.is(Tree.Kind.NULL_LITERAL, Tree.Kind.BOOLEAN_LITERAL, Tree.Kind.NUMERIC_LITERAL)) {
            return ((LiteralTree) expressionTree).value();
        }
        if (!(expressionTree instanceof PrefixExpressionTreeImpl)) {
            return expressionTree.is(Tree.Kind.NAMESPACE_NAME) ? ((NamespaceNameTree) expressionTree).qualifiedName() : getStringValue(expressionTree);
        }
        PrefixExpressionTreeImpl prefixExpressionTreeImpl = (PrefixExpressionTreeImpl) expressionTree;
        return prefixExpressionTreeImpl.operator().text() + getRawValue(prefixExpressionTreeImpl.expression());
    }
}
