package org.sonar.php.checks.security;

import com.google.common.collect.ImmutableSet;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.FunctionUsageCheck;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.NamespaceNameTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;

@Rule(key = "S4790")
/* loaded from: input_file:org/sonar/php/checks/security/CryptographicHashCheck.class */
public class CryptographicHashCheck extends FunctionUsageCheck {
    private static final String MESSAGE = "Make sure that hashing data is safe here.";
    private static final ImmutableSet<String> FUNCTION_NAMES = ImmutableSet.of("hash", "hash_init", "crypt", "password_hash", "hash_pbkdf2", "openssl_pbkdf2", "md5", "sha1");

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected ImmutableSet<String> functionNames() {
        return FUNCTION_NAMES;
    }

    @Override // org.sonar.php.checks.utils.FunctionUsageCheck
    protected void createIssue(FunctionCallTree functionCallTree) {
        if (isHashInitHMAC(functionCallTree)) {
            return;
        }
        context().newIssue(this, functionCallTree, MESSAGE);
    }

    private static boolean isHashInitHMAC(FunctionCallTree functionCallTree) {
        return ((NamespaceNameTree) functionCallTree.callee()).qualifiedName().equalsIgnoreCase("hash_init") && functionCallTree.arguments().size() >= 2 && isHMAC((ExpressionTree) functionCallTree.arguments().get(1));
    }

    private static boolean isHMAC(ExpressionTree expressionTree) {
        return expressionTree.getKind() == Tree.Kind.NAMESPACE_NAME && ((NamespaceNameTree) expressionTree).qualifiedName().equals("HASH_HMAC");
    }
}
