package org.sonar.php.checks;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.checks.utils.argumentmatching.ArgumentMatcher;
import org.sonar.php.checks.utils.argumentmatching.ArgumentVerifierUnaryFunction;
import org.sonar.php.checks.utils.argumentmatching.FunctionArgumentCheck;
import org.sonar.php.tree.impl.declaration.ClassNamespaceNameTreeImpl;
import org.sonar.php.tree.impl.declaration.NamespaceNameTreeImpl;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.tree.expression.MemberAccessTree;
import org.sonar.plugins.php.api.tree.expression.NewExpressionTree;
import org.sonarsource.analyzer.commons.internal.json.simple.JSONArray;
import org.sonarsource.analyzer.commons.internal.json.simple.JSONObject;
import org.sonarsource.analyzer.commons.internal.json.simple.parser.JSONParser;
import org.sonarsource.analyzer.commons.internal.json.simple.parser.ParseException;

@Rule(key = "S6437")
/* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsInFunctionCallsCheck.class */
public class HardCodedCredentialsInFunctionCallsCheck extends FunctionArgumentCheck {
    private static final String MESSAGE = "Revoke and change this password, as it is compromised.";
    private boolean isPhpUnitTestCase = false;
    private static final Set<String> SENSITIVE_FUNCTIONS_JSON = Set.of("generatedSensitiveFunctions.json", "manuallyCreatedSensitiveFunctions.json");
    private static final String LOCATION_OF_FUNCTIONS_JSON = "/org/sonar/php/checks/hardCodedCredentialsInFunctionCallsCheck/";
    private static final Map<String, SensitiveMethod> SENSITIVE_FUNCTIONS = JsonSensitiveFunctionsReader.parseSensitiveFunctions(LOCATION_OF_FUNCTIONS_JSON, SENSITIVE_FUNCTIONS_JSON);
    private static final Map<String, ArgumentMatcher> matcherMap = new HashMap();

    /* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsInFunctionCallsCheck$JsonSensitiveFunctionsReader.class */
    static class JsonSensitiveFunctionsReader {
        private static final JSONParser jsonParser = new JSONParser();
        private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JsonSensitiveFunctionsReader.class);

        private JsonSensitiveFunctionsReader() {
        }

        static Map<String, SensitiveMethod> parseSensitiveFunctions(String str, Set<String> set) {
            HashMap hashMap = new HashMap();
            for (String str2 : set) {
                try {
                    Iterator it = parseResource(str + str2).iterator();
                    while (it.hasNext()) {
                        JSONObject jSONObject = (JSONObject) it.next();
                        String str3 = (String) jSONObject.get("cls");
                        SensitiveMethod sensitiveMethod = new SensitiveMethod((String) jSONObject.get("name"), str3, retrieveSensitiveIndices((JSONArray) jSONObject.get("indices")), retrieveActualArguments((JSONArray) jSONObject.get("args")));
                        hashMap.put(sensitiveMethod.uniqueName(), sensitiveMethod);
                    }
                } catch (IOException | ParseException e) {
                    LOG.error("JSON containing the sensitive functions for hard coded credentials couldn't be read correctly from resources at {}.", str2);
                }
            }
            return hashMap;
        }

        static JSONArray parseResource(String str) throws IOException, ParseException {
            InputStream resourceAsStream = JsonSensitiveFunctionsReader.class.getResourceAsStream(str);
            if (resourceAsStream == null) {
                throw new FileNotFoundException(String.format("Json file with name %s not found.", str));
            }
            return (JSONArray) jsonParser.parse(new InputStreamReader(resourceAsStream, StandardCharsets.UTF_8));
        }

        private static List<String> retrieveActualArguments(JSONArray jSONArray) {
            ArrayList arrayList = new ArrayList();
            Iterator it = jSONArray.iterator();
            while (it.hasNext()) {
                String[] split = ((String) it.next()).split(" ");
                arrayList.add(split[split.length != 1 ? 1 : 0].substring(1));
            }
            return arrayList;
        }

        private static Set<Integer> retrieveSensitiveIndices(JSONArray jSONArray) {
            HashSet hashSet = new HashSet();
            Iterator it = jSONArray.iterator();
            while (it.hasNext()) {
                hashSet.add(toInteger(it.next()));
            }
            return hashSet;
        }

        static Integer toInteger(Object obj) {
            if (obj instanceof Number) {
                return Integer.valueOf(((Number) obj).intValue());
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/HardCodedCredentialsInFunctionCallsCheck$SensitiveMethod.class */
    public static class SensitiveMethod {
        private final String name;
        private final String cls;
        private final Set<Integer> sensitiveIndices;
        private final List<String> orderedArguments;

        public SensitiveMethod(String str, String str2, Set<Integer> set, List<String> list) {
            this.name = str;
            this.cls = str2;
            this.sensitiveIndices = set;
            this.orderedArguments = list;
        }

        public String uniqueName() {
            return this.cls.isEmpty() ? this.name : this.cls + "::" + this.name;
        }

        public Set<ArgumentMatcher> getCorrespondingMatchers() {
            Function function = expressionTree -> {
                return Boolean.valueOf(expressionTree.is(Tree.Kind.REGULAR_STRING_LITERAL) && !isEmptyStringLiteral((LiteralTree) expressionTree));
            };
            return (Set) this.sensitiveIndices.stream().map(num -> {
                return HardCodedCredentialsInFunctionCallsCheck.matcherMap.computeIfAbsent(num + ";" + this.orderedArguments.get(num.intValue()), str -> {
                    return ((ArgumentVerifierUnaryFunction.ArgumentVerifierUnaryFunctionBuilder) ((ArgumentVerifierUnaryFunction.ArgumentVerifierUnaryFunctionBuilder) ArgumentVerifierUnaryFunction.builder().position(num.intValue())).name(this.orderedArguments.get(num.intValue()))).matchingFunction(function).build();
                });
            }).collect(Collectors.toSet());
        }

        private static boolean isEmptyStringLiteral(LiteralTree literalTree) {
            return literalTree.value().substring(1, literalTree.value().length() - 1).isEmpty();
        }
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitClassDeclaration(ClassDeclarationTree classDeclarationTree) {
        this.isPhpUnitTestCase = CheckUtils.isSubClassOfTestCase(classDeclarationTree);
        super.visitClassDeclaration(classDeclarationTree);
        this.isPhpUnitTestCase = false;
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitNewExpression(NewExpressionTree newExpressionTree) {
        if (!this.isPhpUnitTestCase && newExpressionTree.expression().is(Tree.Kind.FUNCTION_CALL)) {
            FunctionCallTree functionCallTree = (FunctionCallTree) newExpressionTree.expression();
            if (functionCallTree.callee().is(Tree.Kind.NAMESPACE_NAME)) {
                checkForSensitiveMethod(functionCallTree, ((ClassNamespaceNameTreeImpl) functionCallTree.callee()).symbol().qualifiedName() + "::__construct");
            }
        }
        super.visitNewExpression(newExpressionTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        ExpressionTree callee = functionCallTree.callee();
        if (!this.isPhpUnitTestCase) {
            if (callee.is(Tree.Kind.CLASS_MEMBER_ACCESS) && ((MemberAccessTree) callee).object().is(Tree.Kind.NAMESPACE_NAME)) {
                MemberAccessTree memberAccessTree = (MemberAccessTree) callee;
                checkForSensitiveMethod(functionCallTree, ((ClassNamespaceNameTreeImpl) memberAccessTree.object()).symbol().qualifiedName() + "::" + memberAccessTree.member());
            } else if (callee.is(Tree.Kind.NAMESPACE_NAME)) {
                checkForSensitiveMethod(functionCallTree, ((NamespaceNameTreeImpl) callee).qualifiedName());
            }
        }
        super.visitFunctionCall(functionCallTree);
    }

    void checkForSensitiveMethod(FunctionCallTree functionCallTree, String str) {
        if (SENSITIVE_FUNCTIONS.containsKey(str)) {
            Set<ArgumentMatcher> correspondingMatchers = SENSITIVE_FUNCTIONS.get(str).getCorrespondingMatchers();
            String lowerCaseFunctionName = CheckUtils.getLowerCaseFunctionName(functionCallTree);
            if (lowerCaseFunctionName != null) {
                Iterator<ArgumentMatcher> it = correspondingMatchers.iterator();
                while (it.hasNext()) {
                    checkArgument(functionCallTree, lowerCaseFunctionName, it.next());
                }
            }
        }
    }

    @Override // org.sonar.php.checks.utils.argumentmatching.FunctionArgumentCheck
    protected void createIssue(ExpressionTree expressionTree) {
        context().newIssue(this, expressionTree, MESSAGE);
    }
}
