package org.sonar.php.checks.security;

import java.util.ArrayDeque;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.function.Predicate;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.checks.utils.type.NewObjectCall;
import org.sonar.php.checks.utils.type.ObjectMemberFunctionCall;
import org.sonar.php.checks.utils.type.TreeValues;
import org.sonar.php.checks.utils.type.TypePredicateList;
import org.sonar.plugins.php.api.tree.SeparatedList;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.BinaryExpressionTree;
import org.sonar.plugins.php.api.tree.expression.ExpandableStringLiteralTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.VariableIdentifierTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S2077")
/* loaded from: input_file:org/sonar/php/checks/security/QueryUsageCheck.class */
public class QueryUsageCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that formatting this SQL query is safe here.";
    private static final String STATEMENT = "statement";
    private static final NewObjectCall IS_PDO_OBJECT = new NewObjectCall("PDO");
    private static final NewObjectCall IS_MYSQLI_OBJECT = new NewObjectCall("mysqli");
    private static final Tree.Kind[] LITERALS = {Tree.Kind.REGULAR_STRING_LITERAL, Tree.Kind.BOOLEAN_LITERAL, Tree.Kind.NULL_LITERAL, Tree.Kind.NUMERIC_LITERAL};
    private static final Map<String, Integer> SUSPICIOUS_GLOBAL_FUNCTIONS = buildSuspiciousGlobalFunctions();
    private static final String QUERY = "query";
    private static final Predicate<TreeValues> SUSPICIOUS_PDO_QUERY_PREDICATES = new TypePredicateList(new ObjectMemberFunctionCall("exec", IS_PDO_OBJECT), new ObjectMemberFunctionCall(QUERY, IS_PDO_OBJECT));
    private static final Predicate<TreeValues> SUSPICIOUS_MYSQLI_QUERY_PREDICATES = new TypePredicateList(new ObjectMemberFunctionCall(QUERY, IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("real_query", IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("multi_query", IS_MYSQLI_OBJECT), new ObjectMemberFunctionCall("send_query", IS_MYSQLI_OBJECT));
    private static final Predicate<TreeValues> PDO_PREPARE_PREDICATE = new ObjectMemberFunctionCall("prepare", new NewObjectCall("PDO"));

    private static Map<String, Integer> buildSuspiciousGlobalFunctions() {
        HashMap hashMap = new HashMap();
        hashMap.put("mssql_query", 0);
        hashMap.put("mysql_query", 0);
        hashMap.put("mysql_db_query", 1);
        hashMap.put("mysql_unbuffered_query", 0);
        hashMap.put("pg_send_query", 1);
        hashMap.put("mysqli_query", 1);
        hashMap.put("mysqli_real_query", 1);
        hashMap.put("mysqli_multi_query", 1);
        hashMap.put("mysqli_send_query", 1);
        return hashMap;
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        TreeValues of = TreeValues.of(functionCallTree, context().symbolTable());
        if (isSuspiciousGlobalFunction(functionCallTree) || isSuspiciousMemberFunction(functionCallTree, of) || isSuspiciousPrepareStatement(functionCallTree, of)) {
            context().newIssue(this, functionCallTree.callee(), MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private boolean isSuspiciousGlobalFunction(FunctionCallTree functionCallTree) {
        ExpressionTree callee = functionCallTree.callee();
        if (!callee.is(Tree.Kind.NAMESPACE_NAME)) {
            return false;
        }
        String lowerCase = ((NamespaceNameTree) callee).qualifiedName().toLowerCase(Locale.ENGLISH);
        if (SUSPICIOUS_GLOBAL_FUNCTIONS.containsKey(lowerCase)) {
            Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, QUERY, SUSPICIOUS_GLOBAL_FUNCTIONS.get(lowerCase).intValue());
            return argument.isPresent() && isSuspiciousArgument(argument.get().value());
        }
        if (!"pg_query".equals(lowerCase)) {
            return false;
        }
        SeparatedList<CallArgumentTree> callArguments = functionCallTree.callArguments();
        Optional<CallArgumentTree> empty = Optional.empty();
        if (callArguments.size() == 1) {
            empty = CheckUtils.argument(functionCallTree, QUERY, 0);
        }
        if (callArguments.size() == 2) {
            empty = CheckUtils.argument(functionCallTree, QUERY, 1);
        }
        return empty.isPresent() && isSuspiciousArgument(empty.get().value());
    }

    private boolean isSuspiciousMemberFunction(FunctionCallTree functionCallTree, TreeValues treeValues) {
        if (SUSPICIOUS_MYSQLI_QUERY_PREDICATES.test(treeValues)) {
            Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, QUERY, 0);
            return argument.isPresent() && isSuspiciousArgument(argument.get().value());
        }
        if (!SUSPICIOUS_PDO_QUERY_PREDICATES.test(treeValues)) {
            return false;
        }
        Optional<CallArgumentTree> argument2 = CheckUtils.argument(functionCallTree, STATEMENT, 0);
        return argument2.isPresent() && isSuspiciousArgument(argument2.get().value());
    }

    private boolean isSuspiciousPrepareStatement(FunctionCallTree functionCallTree, TreeValues treeValues) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, STATEMENT, 0);
        return PDO_PREPARE_PREDICATE.test(treeValues) && argument.isPresent() && isSuspiciousArgument(argument.get().value());
    }

    private boolean isSuspiciousArgument(ExpressionTree expressionTree) {
        return (expressionTree.is(Tree.Kind.EXPANDABLE_STRING_LITERAL) && isSuspiciousExpandableString((ExpandableStringLiteralTree) expressionTree)) || (expressionTree.is(Tree.Kind.CONCATENATION) && isSuspiciousConcat((BinaryExpressionTree) expressionTree));
    }

    private boolean isSuspiciousExpandableString(ExpandableStringLiteralTree expandableStringLiteralTree) {
        for (ExpressionTree expressionTree : expandableStringLiteralTree.expressions()) {
            if (!expressionTree.is(Tree.Kind.VARIABLE_IDENTIFIER) || isSuspiciousVariable((VariableIdentifierTree) expressionTree)) {
                return true;
            }
        }
        return false;
    }

    private boolean isSuspiciousConcat(BinaryExpressionTree binaryExpressionTree) {
        boolean z = false;
        ArrayDeque arrayDeque = new ArrayDeque();
        arrayDeque.add(binaryExpressionTree.leftOperand());
        arrayDeque.add(binaryExpressionTree.rightOperand());
        while (!z && !arrayDeque.isEmpty()) {
            ExpressionTree expressionTree = (ExpressionTree) arrayDeque.pop();
            switch (expressionTree.getKind()) {
                case BOOLEAN_LITERAL:
                case NULL_LITERAL:
                case REGULAR_STRING_LITERAL:
                case NUMERIC_LITERAL:
                    break;
                case CONCATENATION:
                    arrayDeque.add(((BinaryExpressionTree) expressionTree).leftOperand());
                    arrayDeque.add(((BinaryExpressionTree) expressionTree).rightOperand());
                    break;
                case VARIABLE_IDENTIFIER:
                    z = isSuspiciousVariable((VariableIdentifierTree) expressionTree);
                    break;
                default:
                    z = true;
                    break;
            }
        }
        return z;
    }

    private boolean isSuspiciousVariable(VariableIdentifierTree variableIdentifierTree) {
        return !CheckUtils.assignedValue(variableIdentifierTree).is(LITERALS);
    }
}
