package org.sonar.php.checks.security;

import java.util.Collections;
import java.util.Optional;
import javax.annotation.Nullable;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.php.checks.utils.CheckUtils;
import org.sonar.php.symbols.ClassSymbol;
import org.sonar.php.symbols.Symbols;
import org.sonar.php.tree.TreeUtils;
import org.sonar.plugins.php.api.symbols.QualifiedName;
import org.sonar.plugins.php.api.tree.Tree;
import org.sonar.plugins.php.api.tree.declaration.CallArgumentTree;
import org.sonar.plugins.php.api.tree.declaration.ClassDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.ClassPropertyDeclarationTree;
import org.sonar.plugins.php.api.tree.declaration.VariableDeclarationTree;
import org.sonar.plugins.php.api.tree.expression.ArrayInitializerTree;
import org.sonar.plugins.php.api.tree.expression.ExpressionTree;
import org.sonar.plugins.php.api.tree.expression.FunctionCallTree;
import org.sonar.plugins.php.api.tree.expression.LiteralTree;
import org.sonar.plugins.php.api.visitors.CheckContext;
import org.sonar.plugins.php.api.visitors.PHPVisitorCheck;
import org.sonar.plugins.php.api.visitors.PreciseIssue;

@Rule(key = "S4502")
/* loaded from: input_file:org/sonar/php/checks/security/DisableCsrfCheck.class */
public class DisableCsrfCheck extends PHPVisitorCheck {
    private static final String MESSAGE = "Make sure disabling CSRF protection is safe here.";
    private static final String SECONDARY_MESSAGE = "Setting variable to false.";
    private static final QualifiedName SYMFONY_ABSTRACT_CONTROLLER = QualifiedName.qualifiedName("Symfony\\Bundle\\FrameworkBundle\\Controller\\AbstractController");
    private static final QualifiedName SYMFONY_CONTROLLER = QualifiedName.qualifiedName("Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller");
    private static final QualifiedName SYMFONY_ABSTRACT_TYPE = QualifiedName.qualifiedName("Symfony\\Component\\Form\\AbstractType");
    private static final QualifiedName LARAVEL_CSRF_MIDDLEWARE = QualifiedName.qualifiedName("Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken");
    private static final Tree.Kind[] ARRAY = {Tree.Kind.ARRAY_INITIALIZER_BRACKET, Tree.Kind.ARRAY_INITIALIZER_FUNCTION};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/DisableCsrfCheck$Call.class */
    public static class Call extends Component {
        CheckContext context;

        public Call(FunctionCallTree functionCallTree, CheckContext checkContext) {
            super(functionCallTree, CheckUtils.functionName(functionCallTree));
            this.context = checkContext;
        }

        public Optional<CallArgumentTree> argument(String str, int i) {
            return CheckUtils.argument((FunctionCallTree) this.tree, str, i);
        }

        public boolean hasName(String str) {
            return str.equalsIgnoreCase(this.name);
        }

        public boolean inPath(String str) {
            return this.context.getPhpFile().uri().getPath().contains(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/php/checks/security/DisableCsrfCheck$Component.class */
    public static abstract class Component {
        Tree tree;
        String name;

        public Component(Tree tree, @Nullable String str) {
            this.tree = tree;
            this.name = str;
        }

        protected boolean inClass(QualifiedName... qualifiedNameArr) {
            ClassSymbol classSymbol;
            Tree findAncestorWithKind = TreeUtils.findAncestorWithKind(this.tree, Collections.singletonList(Tree.Kind.CLASS_DECLARATION));
            if (findAncestorWithKind == null || (classSymbol = Symbols.get((ClassDeclarationTree) findAncestorWithKind)) == null) {
                return false;
            }
            return classSymbol.isSubTypeOf(qualifiedNameArr).isTrue();
        }
    }

    /* loaded from: input_file:org/sonar/php/checks/security/DisableCsrfCheck$Property.class */
    private static class Property extends Component {
        public Property(VariableDeclarationTree variableDeclarationTree) {
            super(variableDeclarationTree, variableDeclarationTree.identifier().text());
        }

        public boolean isException() {
            return "$except".equals(this.name);
        }

        public boolean isLaravelMiddleware() {
            return inClass(DisableCsrfCheck.LARAVEL_CSRF_MIDDLEWARE);
        }

        public boolean hasExceptions() {
            ExpressionTree initValue = ((VariableDeclarationTree) this.tree).initValue();
            return initValue != null && initValue.is(DisableCsrfCheck.ARRAY) && ((ArrayInitializerTree) initValue).arrayPairs().stream().map((v0) -> {
                return v0.value();
            }).anyMatch(expressionTree -> {
                return (expressionTree.is(Tree.Kind.REGULAR_STRING_LITERAL) && "".equals(CheckUtils.trimQuotes((LiteralTree) expressionTree))) ? false : true;
            });
        }
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitFunctionCall(FunctionCallTree functionCallTree) {
        Call call = new Call(functionCallTree, context());
        if (call.hasName("createForm") && call.inClass(SYMFONY_ABSTRACT_CONTROLLER, SYMFONY_CONTROLLER)) {
            call.argument("options", 2).ifPresent(this::checkCsrfInSymfonyOptions);
        } else if (call.hasName("setDefaults") && call.inClass(SYMFONY_ABSTRACT_TYPE)) {
            call.argument("defaults", 0).ifPresent(this::checkCsrfInSymfonyOptions);
        } else if (call.inPath("config/packages")) {
            checkCsrfInSymfonyConfig(call);
        } else if (call.hasName("prependExtensionConfig") || call.hasName("loadFromExtension")) {
            checkCsrfInSymfonyExtensionConfig(call);
        }
        super.visitFunctionCall(functionCallTree);
    }

    @Override // org.sonar.plugins.php.api.visitors.PHPVisitorCheck, org.sonar.plugins.php.api.visitors.VisitorCheck
    public void visitClassPropertyDeclaration(ClassPropertyDeclarationTree classPropertyDeclarationTree) {
        classPropertyDeclarationTree.declarations().stream().map(Property::new).filter((v0) -> {
            return v0.isException();
        }).filter((v0) -> {
            return v0.isLaravelMiddleware();
        }).filter((v0) -> {
            return v0.hasExceptions();
        }).findFirst().ifPresent(property -> {
            context().newIssue(this, classPropertyDeclarationTree, MESSAGE);
        });
        super.visitClassPropertyDeclaration(classPropertyDeclarationTree);
    }

    private void checkCsrfInSymfonyConfig(Call call) {
        if (call.hasName("set")) {
            checkCsrfInSymfonyParametersConfig(call);
        } else if (call.hasName(SchemaSymbols.ATTVAL_EXTENSION)) {
            checkCsrfInSymfonyExtensionConfig(call);
        }
    }

    private void checkCsrfInSymfonyParametersConfig(Call call) {
        if (call.argument("name", 0).filter(callArgumentTree -> {
            return CheckUtils.argumentIsStringLiteralWithValue(callArgumentTree, "csrf_protection");
        }).isPresent()) {
            call.argument("value", 1).map((v0) -> {
                return v0.value();
            }).ifPresent(this::raiseIssueIfFalse);
        }
    }

    private void checkCsrfInSymfonyExtensionConfig(Call call) {
        if (call.argument(SchemaSymbols.ATTVAL_EXTENSION, 0).filter(callArgumentTree -> {
            return CheckUtils.argumentIsStringLiteralWithValue(callArgumentTree, "framework");
        }).isPresent()) {
            call.argument("values", 1).ifPresent(this::checkCsrfInSymfonyOptions);
        }
    }

    private void checkCsrfInSymfonyOptions(CallArgumentTree callArgumentTree) {
        if (callArgumentTree.value().is(ARRAY)) {
            CheckUtils.arrayValue((ArrayInitializerTree) callArgumentTree.value(), "csrf_protection").ifPresent(this::raiseIssueIfFalse);
        }
    }

    private void raiseIssueIfFalse(ExpressionTree expressionTree) {
        ExpressionTree assignedValue = CheckUtils.assignedValue(expressionTree);
        if (isDisabled(assignedValue)) {
            PreciseIssue newIssue = context().newIssue(this, expressionTree.getParent(), MESSAGE);
            if (assignedValue != expressionTree) {
                newIssue.secondary(assignedValue.getParent(), SECONDARY_MESSAGE);
            }
        }
    }

    public static boolean isDisabled(ExpressionTree expressionTree) {
        return !expressionTree.is(Tree.Kind.NULL_LITERAL) && CheckUtils.isFalseValue(expressionTree);
    }
}
