package org.sonar.php.checks.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.checks.utils.type.StaticFunctionCall;
import org.sonar.php.tree.impl.expression.MemberAccessTreeImpl;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.ClassMemberTree;
import org.sonar.plugins.php.api.tree.declaration.ClassTree;
import org.sonar.plugins.php.api.tree.declaration.MethodDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.AnonymousClassTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.MemberAccessTree;
import org.sonar.plugins.php.api.tree.expression.NameIdentifierTree;
import org.sonar.plugins.php.api.tree.expression.NewExpressionTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4787")
/* loaded from: input_file:org/sonar/php/checks/security/DataEncryptionCheck.class */
public class DataEncryptionCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that encrypting data is safe here.";
    private static final Set<String> SUSPICIOUS_GLOBAL_FUNCTIONS = CheckUtils.lowerCaseSet("mcrypt_ecb", "mcrypt_cfb", "mcrypt_cbc", "mcrypt_encrypt", "openssl_encrypt", "openssl_public_encrypt", "openssl_pkcs7_encrypt", "openssl_seal", "sodium_crypto_aead_aes256gcm_encrypt", "sodium_crypto_aead_chacha20poly1305_encrypt", "sodium_crypto_aead_chacha20poly1305_ietf_encrypt", "sodium_crypto_aead_xchacha20poly1305_ietf_encrypt", "sodium_crypto_box_seal", "sodium_crypto_box", "sodium_crypto_secretbox", "sodium_crypto_stream_xor", "encrypt");
    private static final Set<String> ENCRYPTION_MEMBER = CheckUtils.lowerCaseSet("encryption");
    private static final Set<String> SUSPICIOUS_ENCRYPTION_FUNCTIONS = CheckUtils.lowerCaseSet("create_key", "initialize", "encrypt");
    private static final Set<String> SUSPICIOUS_MEMBER_FUNCTIONS = CheckUtils.lowerCaseSet("encryptByKey", "encryptByPassword");
    private static final List<StaticFunctionCall> SUSPICIOUS_STATIC_FUNCTIONS = Arrays.asList(StaticFunctionCall.staticFunctionCall("Cake\\Utility\\Security::encrypt"), StaticFunctionCall.staticFunctionCall("Cake\\Utility\\Security::engine"), StaticFunctionCall.staticFunctionCall("Illuminate\\Support\\Facades\\Crypt::encrypt"), StaticFunctionCall.staticFunctionCall("Illuminate\\Support\\Facades\\Crypt::encryptString"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\Crypto::encrypt"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\Crypto::encryptWithPassword"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\File::encryptFile"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\File::encryptFileWithPassword"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\File::encryptResource"), StaticFunctionCall.staticFunctionCall("Defuse\\Crypto\\File::encryptResourceWithPassword"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_ietf_encrypt"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_encrypt"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_aead_chacha20poly1305_encrypt"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_aead_aes256gcm_encrypt"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_box"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_secretbox"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_box_seal"), StaticFunctionCall.staticFunctionCall("ParagonIE_Sodium_Compat::crypto_secretbox_xchacha20poly1305"), StaticFunctionCall.staticFunctionCall("Zend\\Crypt\\PublicKey\\Rsa::factory"), StaticFunctionCall.staticFunctionCall("Zend\\Crypt\\BlockCipher::factory"));
    private static final List<QualifiedName> SUSPICIOUS_CLASS_INSTANTIATIONS = Arrays.asList(QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_Sodium"), QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_Simple"), QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_Rijndael256"), QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_Crypto"), QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_Blowfish"), QualifiedName.qualifiedName("Joomla\\Crypt\\Cipher_3DES"), QualifiedName.qualifiedName("phpseclib\\Crypt\\RSA"), QualifiedName.qualifiedName("phpseclib\\Crypt\\AES"), QualifiedName.qualifiedName("phpseclib\\Crypt\\Rijndael"), QualifiedName.qualifiedName("phpseclib\\Crypt\\Twofish"), QualifiedName.qualifiedName("phpseclib\\Crypt\\Blowfish"), QualifiedName.qualifiedName("phpseclib\\Crypt\\RC4"), QualifiedName.qualifiedName("phpseclib\\Crypt\\RC2"), QualifiedName.qualifiedName("phpseclib\\Crypt\\TripleDES"), QualifiedName.qualifiedName("phpseclib\\Crypt\\DES"), QualifiedName.qualifiedName("Zend\\Crypt\\PublicKey\\DiffieHellman"), QualifiedName.qualifiedName("Zend\\Crypt\\PublicKey\\Rsa"), QualifiedName.qualifiedName("Zend\\Crypt\\FileCipher"), QualifiedName.qualifiedName("Zend\\Crypt\\Hybrid"), QualifiedName.qualifiedName("Zend\\Crypt\\BlockCipher"));
    private static final QualifiedName JOOMLA_CIPHER_INTERFACE = QualifiedName.qualifiedName("Joomla\\Crypt\\CipherInterface");
    private static final QualifiedName CODE_IGNITER_CONTROLLER_CLASS = QualifiedName.qualifiedName("CI_Controller");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/DataEncryptionCheck$CodeIgniterMethodCallChecker.class */
    public static class CodeIgniterMethodCallChecker extends PHPVisitorCheck {
        private List<Tree> suspiciousFunctionCalls = new ArrayList();

        private CodeIgniterMethodCallChecker() {
        }

        @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
        public void visitFunctionCall(FunctionCallTree functionCallTree) {
            if (isSuspiciousEncryptionFunction(functionCallTree.callee())) {
                this.suspiciousFunctionCalls.add(functionCallTree);
            }
            super.visitFunctionCall(functionCallTree);
        }

        private static boolean isSuspiciousEncryptionFunction(Tree tree) {
            return isMemberAccess(tree, DataEncryptionCheck.SUSPICIOUS_ENCRYPTION_FUNCTIONS) && isMemberAccess(((MemberAccessTree) tree).object(), DataEncryptionCheck.ENCRYPTION_MEMBER);
        }

        private static boolean isMemberAccess(Tree tree, Set<String> set) {
            if (!tree.is(Tree.Kind.OBJECT_MEMBER_ACCESS)) {
                return false;
            }
            Tree member = ((MemberAccessTree) tree).member();
            if (member.is(Tree.Kind.NAME_IDENTIFIER)) {
                return set.contains(((NameIdentifierTree) member).text().toLowerCase(Locale.ROOT));
            }
            return false;
        }
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitClassDeclaration(ClassDeclarationTree classDeclarationTree) {
        super.visitClassDeclaration(classDeclarationTree);
        checkSuspiciousClassDeclaration(classDeclarationTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitAnonymousClass(AnonymousClassTree anonymousClassTree) {
        super.visitAnonymousClass(anonymousClassTree);
        checkSuspiciousClassDeclaration(anonymousClassTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        ExpressionTree callee = functionCallTree.callee();
        if (isSuspiciousGlobalFunction(callee) || isSuspiciousMemberFunction(callee) || isSuspiciousClassInstantiation(callee)) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
        super.visitFunctionCall(functionCallTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitNewExpression(NewExpressionTree newExpressionTree) {
        if (isSuspiciousClassInstantiation(newExpressionTree.expression())) {
            context().newIssue(this, newExpressionTree, MESSAGE);
        }
        super.visitNewExpression(newExpressionTree);
    }

    private void checkSuspiciousClassDeclaration(ClassTree classTree) {
        NamespaceNameTree superClass = classTree.superClass();
        if (superClass != null && getFullyQualifiedName(superClass).equals(CODE_IGNITER_CONTROLLER_CLASS)) {
            checkCodeIgniterControllerMethods(classTree);
        }
        classTree.superInterfaces().stream().filter(namespaceNameTree -> {
            return JOOMLA_CIPHER_INTERFACE.equals(getFullyQualifiedName(namespaceNameTree));
        }).forEach(namespaceNameTree2 -> {
            context().newIssue(this, namespaceNameTree2, MESSAGE);
        });
    }

    private void checkCodeIgniterControllerMethods(ClassTree classTree) {
        for (ClassMemberTree classMemberTree : classTree.members()) {
            if (classMemberTree.is(Tree.Kind.METHOD_DECLARATION)) {
                MethodDeclarationTree methodDeclarationTree = (MethodDeclarationTree) classMemberTree;
                CodeIgniterMethodCallChecker codeIgniterMethodCallChecker = new CodeIgniterMethodCallChecker();
                methodDeclarationTree.body().accept(codeIgniterMethodCallChecker);
                codeIgniterMethodCallChecker.suspiciousFunctionCalls.forEach(tree -> {
                    context().newIssue(this, tree, MESSAGE);
                });
            }
        }
    }

    private boolean isSuspiciousMemberFunction(ExpressionTree expressionTree) {
        if (!expressionTree.is(Tree.Kind.CLASS_MEMBER_ACCESS, Tree.Kind.OBJECT_MEMBER_ACCESS)) {
            return false;
        }
        MemberAccessTreeImpl memberAccessTreeImpl = (MemberAccessTreeImpl) expressionTree;
        if (isStaticFunction(memberAccessTreeImpl)) {
            QualifiedName fullyQualifiedName = getFullyQualifiedName((NamespaceNameTree) memberAccessTreeImpl.object());
            String text = ((NameIdentifierTree) memberAccessTreeImpl.member()).text();
            return SUSPICIOUS_STATIC_FUNCTIONS.stream().anyMatch(staticFunctionCall -> {
                return staticFunctionCall.matches(fullyQualifiedName, text);
            });
        }
        if (memberAccessTreeImpl.member().is(Tree.Kind.NAME_IDENTIFIER)) {
            return SUSPICIOUS_MEMBER_FUNCTIONS.contains(((NameIdentifierTree) memberAccessTreeImpl.member()).text().toLowerCase(Locale.ROOT));
        }
        return false;
    }

    private boolean isSuspiciousClassInstantiation(ExpressionTree expressionTree) {
        if (!expressionTree.is(Tree.Kind.NAMESPACE_NAME)) {
            return false;
        }
        QualifiedName fullyQualifiedName = getFullyQualifiedName((NamespaceNameTree) expressionTree);
        Stream<QualifiedName> stream = SUSPICIOUS_CLASS_INSTANTIATIONS.stream();
        Objects.requireNonNull(fullyQualifiedName);
        return stream.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private static boolean isSuspiciousGlobalFunction(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.NAMESPACE_NAME) && SUSPICIOUS_GLOBAL_FUNCTIONS.contains(((NamespaceNameTree) expressionTree).qualifiedName().toLowerCase(Locale.ROOT));
    }

    private static boolean isStaticFunction(MemberAccessTreeImpl memberAccessTreeImpl) {
        return memberAccessTreeImpl.isStatic() && memberAccessTreeImpl.object().is(Tree.Kind.NAMESPACE_NAME) && memberAccessTreeImpl.member().is(Tree.Kind.NAME_IDENTIFIER);
    }
}
