package com.cflint.plugins.core;

import cfml.parsing.cfscript.CFExpression;
import cfml.parsing.cfscript.CFFunctionExpression;
import com.cflint.BugList;
import com.cflint.plugins.CFLintScannerAdapter;
import com.cflint.plugins.Context;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.htmlparser.jericho.Element;

/* loaded from: input_file:com/cflint/plugins/core/QueryParamChecker.class */
public class QueryParamChecker extends CFLintScannerAdapter {
    @Override // com.cflint.plugins.CFLintScannerAdapter, com.cflint.plugins.CFLintScanner
    public void expression(CFExpression cFExpression, Context context, BugList bugList) {
        if (cFExpression instanceof CFFunctionExpression) {
            CFFunctionExpression cFFunctionExpression = (CFFunctionExpression) cFExpression;
            if (!cFFunctionExpression.getFunctionName().equalsIgnoreCase("setSql") || cFFunctionExpression.getArgs().size() <= 0) {
                return;
            }
            if (Pattern.compile(".*#[^#].*", 32).matcher(((CFExpression) cFFunctionExpression.getArgs().get(0)).Decompile(0)).matches()) {
                context.addMessage("QUERYPARAM_REQ", cFFunctionExpression.getName());
            }
        }
    }

    @Override // com.cflint.plugins.CFLintScannerAdapter, com.cflint.plugins.CFLintScanner
    public void element(Element element, Context context, BugList bugList) {
        if (!element.getName().equals("cfquery") || "query".equalsIgnoreCase(element.getAttributeValue("dbtype"))) {
            return;
        }
        String textExtractor = element.getTextExtractor().toString();
        if (textExtractor.indexOf("#") > 0) {
            Matcher matcher = Pattern.compile("#(.+?)#").matcher(textExtractor);
            while (matcher.find()) {
                if (matcher.groupCount() >= 1) {
                    context.addMessage("CFQUERYPARAM_REQ", matcher.group(1));
                }
            }
        }
    }
}
