package org.sonar.php.checks.security;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.checks.utils.FunctionUsageCheck;
import org.sonar.php.utils.collections.SetUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;

@Rule(key = "S4784")
/* loaded from: input_file:org/sonar/php/checks/security/RegexUsageCheck.class */
public class RegexUsageCheck extends FunctionUsageCheck {
    private static final String MESSAGE = "Make sure that using a regular expression is safe here.";
    private static final int MIN_PATTERN_LENGTH = 7;
    private static final Set<Character> SPECIAL_CHARS = new HashSet(Arrays.asList('+', '*', '{'));
    private static final String MB_EREG_SEARCH_INIT = "mb_ereg_search_init";
    private static final Set<String> FUNCTION_NAMES = SetUtils.immutableSetOf("ereg", "ereg_replace", "eregi", "eregi_replace", "fnmatch", "mb_ereg", "mb_ereg_match", "mb_ereg_replace", "mb_ereg_replace_callback", "mb_ereg_search", MB_EREG_SEARCH_INIT, "mb_ereg_search_pos", "mb_ereg_search_regs", "mb_eregi", "mb_eregi_replace", "preg_filter", "preg_grep", "preg_match", "preg_match_all", "preg_replace", "preg_replace_callback", "preg_split", "split", "spliti");

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected Set<String> lookedUpFunctionNames() {
        return FUNCTION_NAMES;
    }

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected void checkFunctionCall(FunctionCallTree functionCallTree) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "pattern", getPatternArgumentIndex(functionCallTree));
        if (argument.isPresent()) {
            ExpressionTree value = argument.get().value();
            if (value.is(Tree.Kind.REGULAR_STRING_LITERAL)) {
                String value2 = ((LiteralTree) value).value();
                if (value2.length() < 7 || !hasEnoughNumberOfSpecialChars(value2)) {
                    return;
                }
                context().newIssue(this, functionCallTree, MESSAGE);
            }
        }
    }

    private static int getPatternArgumentIndex(FunctionCallTree functionCallTree) {
        return functionCallTree.callee().toString().equalsIgnoreCase(MB_EREG_SEARCH_INIT) ? 1 : 0;
    }

    private static boolean hasEnoughNumberOfSpecialChars(String str) {
        int i = 0;
        for (char c : str.toCharArray()) {
            if (SPECIAL_CHARS.contains(Character.valueOf(c))) {
                i++;
            }
            if (i == 2) {
                return true;
            }
        }
        return false;
    }
}
