package com.code_intelligence.jazzer.sanitizers;

import com.code_intelligence.jazzer.api.FuzzerSecurityIssueCritical;
import com.code_intelligence.jazzer.api.HookType;
import com.code_intelligence.jazzer.api.Jazzer;
import com.code_intelligence.jazzer.api.MethodHook;
import com.code_intelligence.jazzer.api.MethodHooks;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.lang.invoke.MethodHandle;

/* loaded from: input_file:jazzer.jar:com/code_intelligence/jazzer/runtime/jazzer_bootstrap.jar:com/code_intelligence/jazzer/sanitizers/ScriptEngineInjection.class */
public final class ScriptEngineInjection {
    private static final String PAYLOAD = "\"jaz\"+\"zer\"";

    @MethodHooks({@MethodHook(type = HookType.BEFORE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/lang/String;)Ljava/lang/Object;"), @MethodHook(type = HookType.BEFORE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/lang/String;Ljavax/script/ScriptContext;)Ljava/lang/Object;"), @MethodHook(type = HookType.BEFORE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/lang/String;Ljavax/script/Bindings;)Ljava/lang/Object;")})
    public static void checkScriptEngineExecuteString(MethodHandle methodHandle, Object obj, Object[] objArr, int i) {
        checkScriptContent((String) objArr[0], i);
    }

    @MethodHooks({@MethodHook(type = HookType.REPLACE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/io/Reader;)Ljava/lang/Object;"), @MethodHook(type = HookType.REPLACE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/io/Reader;Ljavax/script/ScriptContext;)Ljava/lang/Object;"), @MethodHook(type = HookType.REPLACE, targetClassName = "javax.script.ScriptEngine", targetMethod = "eval", targetMethodDescriptor = "(Ljava/io/Reader;Ljavax/script/Bindings;)Ljava/lang/Object;")})
    public static Object checkScriptEngineExecute(MethodHandle methodHandle, Object obj, Object[] objArr, int i) throws Throwable {
        if (objArr[0] != null) {
            String readAll = readAll((Reader) objArr[0]);
            checkScriptContent(readAll, i);
            objArr[0] = new StringReader(readAll);
        }
        return methodHandle.invokeWithArguments(obj, objArr);
    }

    private static void checkScriptContent(String str, int i) {
        if (str != null) {
            if (str.contains(PAYLOAD)) {
                Jazzer.reportFindingFromHook(new FuzzerSecurityIssueCritical("Script Engine Injection: Insecure user input was used in script engine invocation.\nDepending on the script engine's capabilities this could lead to sandbox escape and remote code execution."));
            } else {
                Jazzer.guideTowardsContainment(str, PAYLOAD, i);
            }
        }
    }

    private static String readAll(Reader reader) throws IOException {
        StringBuilder sb = new StringBuilder();
        char[] cArr = new char[4096];
        while (true) {
            int read = reader.read(cArr);
            if (read < 0) {
                return sb.toString();
            }
            sb.append(cArr, 0, read);
        }
    }
}
