package org.sonar.php.checks.security;

import org.sonar.check.Rule;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.ClassMemberTree;
import org.sonar.plugins.php.api.tree.declaration.ClassTree;
import org.sonar.plugins.php.api.tree.declaration.MethodDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.AnonymousClassTree;
import org.sonar.plugins.php.api.tree.expression.NameIdentifierTree;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;

@Rule(key = "S4834")
/* loaded from: input_file:org/sonar/php/checks/security/PermissionsControlCheck.class */
public class PermissionsControlCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure that Permissions are controlled safely here.";
    private static final QualifiedName CAKE_BASE_AUTHORIZE_CLASS = QualifiedName.qualifiedName("Cake\\Auth\\BaseAuthorize");
    private static final QualifiedName CAKE_CONTROLLER_CLASS = QualifiedName.qualifiedName("Cake\\Controller\\Controller");

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitClassDeclaration(ClassDeclarationTree classDeclarationTree) {
        super.visitClassDeclaration(classDeclarationTree);
        checkClass(classDeclarationTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitAnonymousClass(AnonymousClassTree anonymousClassTree) {
        super.visitAnonymousClass(anonymousClassTree);
        checkClass(anonymousClassTree);
    }

    private void checkClass(ClassTree classTree) {
        NamespaceNameTree superClass = classTree.superClass();
        if (superClass != null) {
            QualifiedName fullyQualifiedName = getFullyQualifiedName(superClass);
            if (fullyQualifiedName.equals(CAKE_BASE_AUTHORIZE_CLASS)) {
                context().newIssue(this, superClass, MESSAGE);
            } else if (fullyQualifiedName.equals(CAKE_CONTROLLER_CLASS)) {
                checkCakeControllerMethods(classTree);
            }
        }
    }

    private void checkCakeControllerMethods(ClassTree classTree) {
        for (ClassMemberTree classMemberTree : classTree.members()) {
            if (classMemberTree.is(Tree.Kind.METHOD_DECLARATION)) {
                NameIdentifierTree name = ((MethodDeclarationTree) classMemberTree).name();
                if ("isAuthorized".equalsIgnoreCase(name.text())) {
                    context().newIssue(this, name, MESSAGE);
                }
            }
        }
    }
}
