package org.sonar.php.checks.security;

import java.util.Optional;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S2612")
/* loaded from: input_file:org/sonar/php/checks/security/POSIXFilePermissionsCheck.class */
public class POSIXFilePermissionsCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure this permission is safe.";

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        String lowerCaseFunctionName = CheckUtils.lowerCaseFunctionName(functionCallTree);
        if (functionCallTree.callee().is(Tree.Kind.OBJECT_MEMBER_ACCESS)) {
            if ("chmod".equals(lowerCaseFunctionName)) {
                chmodSymfonyAndLaravelCheck(functionCallTree);
            }
        } else if ("chmod".equals(lowerCaseFunctionName)) {
            chmodCoreCheck(functionCallTree);
        } else if ("umask".equals(lowerCaseFunctionName)) {
            umaskCheck(functionCallTree);
        }
        super.visitFunctionCall(functionCallTree);
    }

    private void chmodCoreCheck(FunctionCallTree functionCallTree) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "permissions", 1);
        if ((argument.isPresent() ? resolveArgument(argument.get(), 0) : 0) % 8 != 0) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
    }

    private void chmodSymfonyAndLaravelCheck(FunctionCallTree functionCallTree) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "mode", 1);
        Optional<CallArgumentTree> argument2 = CheckUtils.argument(functionCallTree, "umask", 2);
        if (((argument.isPresent() ? resolveArgument(argument.get(), 0) : 0) & ((argument2.isPresent() ? resolveArgument(argument2.get(), 0) : 0) ^ (-1))) % 8 != 0) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
    }

    private void umaskCheck(FunctionCallTree functionCallTree) {
        Optional<CallArgumentTree> argument = CheckUtils.argument(functionCallTree, "mask", 0);
        if ((argument.isPresent() ? resolveArgument(argument.get(), 7) : 7) % 8 != 7) {
            context().newIssue(this, functionCallTree, MESSAGE);
        }
    }

    private int resolveArgument(CallArgumentTree callArgumentTree, int i) {
        ExpressionTree assignedValue = CheckUtils.assignedValue(callArgumentTree.value());
        return assignedValue.is(Tree.Kind.REGULAR_STRING_LITERAL, Tree.Kind.NUMERIC_LITERAL) ? getDecimalRepresentation(((LiteralTree) assignedValue).value(), i) : i;
    }

    private static int getDecimalRepresentation(String str, int i) {
        if (str.matches("\"[0-9]*\"")) {
            return Integer.valueOf(CheckUtils.trimQuotes(str)).intValue();
        }
        if (str.matches("^0[0-7]*$")) {
            return Integer.parseInt(str, 8);
        }
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            return i;
        }
    }
}
