package com.cflint.plugins.core;

import cfml.dictionary.Procedure;
import cfml.parsing.cfscript.CFExpression;
import cfml.parsing.cfscript.CFFullVarExpression;
import cfml.parsing.cfscript.CFIdentifier;
import com.cflint.BugList;
import com.cflint.plugins.CFLintScannerAdapter;
import com.cflint.plugins.Context;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.htmlparser.jericho.Element;
import net.htmlparser.jericho.HTMLElementName;
import org.apache.tools.ant.types.selectors.FilenameSelector;
import org.apache.tools.ant.types.selectors.TypeSelector;

/* loaded from: input_file:com/cflint/plugins/core/VarScoper.class */
public class VarScoper extends CFLintScannerAdapter {
    Map<String, List<String>> CHECK_ELEMENT_ATTRIBUTES = new HashMap();
    List<String> CHECK_NAMES = Arrays.asList("cfquery", "cfstoredproc", "cffeed", "cfdirectory", "cfform", "cfftp", "cfobject", "cfsearch", "cfprocresult", "cfpop", "cfregistry", "cfreport", "cfdbinfo", "cfdocument", "cfcollection", "cfpdf", "cfzip", "cfldap");
    static final Collection<String> variables = Arrays.asList("APPLICATION", "CGI", "COOKIE", "FORM", "REQUEST", "SERVER", "SESSION", "URL");

    @Override // com.cflint.plugins.CFLintScannerAdapter, com.cflint.plugins.CFLintScanner
    public void expression(CFExpression cFExpression, Context context, BugList bugList) {
        if (cFExpression instanceof CFIdentifier) {
            if (!(cFExpression instanceof CFFullVarExpression) || ((CFFullVarExpression) cFExpression).getExpressions().size() <= 1) {
                String name = ((CFIdentifier) cFExpression).getName();
                if (context.isInFunction() && context.isInAssignmentExpression() && !context.getCallStack().checkVariable(name) && !isGlobal(name)) {
                    context.addMessage("MISSING_VAR", name);
                } else if (cFExpression instanceof CFFullVarExpression) {
                    expression(((CFFullVarExpression) cFExpression).getExpressions().get(0), context, bugList);
                }
            }
        }
    }

    public VarScoper() {
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfinvoke", Arrays.asList("returnvariable"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cffile", Arrays.asList("variable"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfsavecontent", Arrays.asList("variable"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfhttp", Arrays.asList("result"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfquery", Arrays.asList("result"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfmail", Arrays.asList(Procedure.QUERY));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfftp", Arrays.asList("result"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfwddx", Arrays.asList(HTMLElementName.OUTPUT));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfexecute", Arrays.asList("variable"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfntauthenticate", Arrays.asList("result"));
        this.CHECK_ELEMENT_ATTRIBUTES.put("cfxml", Arrays.asList("variable"));
    }

    @Override // com.cflint.plugins.CFLintScannerAdapter, com.cflint.plugins.CFLintScanner
    public void element(Element element, Context context, BugList bugList) {
        String attributeValue;
        String attributeValue2;
        String name = element.getName();
        if (name == null || name.trim().length() <= 0 || !context.isInFunction()) {
            return;
        }
        if (this.CHECK_NAMES.contains(name.toLowerCase())) {
            assertVariable(element, context, bugList, element.getAttributeValue(FilenameSelector.NAME_KEY));
        }
        if (this.CHECK_ELEMENT_ATTRIBUTES.containsKey(name.toLowerCase())) {
            Iterator<String> it = this.CHECK_ELEMENT_ATTRIBUTES.get(name.toLowerCase()).iterator();
            while (it.hasNext()) {
                assertVariable(element, context, bugList, element.getAttributeValue(it.next()));
            }
        }
        if (name.equalsIgnoreCase("cfprocparam") && (attributeValue2 = element.getAttributeValue(TypeSelector.TYPE_KEY)) != null && (attributeValue2.equalsIgnoreCase("out") || attributeValue2.equalsIgnoreCase("inout"))) {
            assertVariable(element, context, bugList, element.getAttributeValue("variable"));
        }
        if (name.equalsIgnoreCase("cffeed") && (attributeValue = element.getAttributeValue("action")) != null && attributeValue.equalsIgnoreCase("read")) {
            assertVariable(element, context, bugList, element.getAttributeValue(Procedure.QUERY));
        }
    }

    protected void assertVariable(Element element, Context context, BugList bugList, String str) {
        String str2 = str == null ? null : str.split("\\.")[0].split("\\[")[0];
        if (str2 == null || context.getCallStack().checkVariable(str2) || isGlobal(str2)) {
            return;
        }
        context.addMessage("MISSING_VAR", str);
    }

    private boolean isGlobal(String str) {
        return str != null && variables.contains(str.toUpperCase().trim());
    }
}
