package io.codemodder.remediation.sqlinjection;

import com.github.javaparser.StaticJavaParser;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.body.ClassOrInterfaceDeclaration;
import com.github.javaparser.ast.body.MethodDeclaration;
import com.github.javaparser.ast.expr.BinaryExpr;
import com.github.javaparser.ast.expr.Expression;
import com.github.javaparser.ast.expr.MethodCallExpr;
import com.github.javaparser.ast.expr.StringLiteralExpr;
import io.codemodder.ast.ASTTransforms;
import io.codemodder.ast.LinearizedStringExpression;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import java.util.regex.Pattern;

/* loaded from: input_file:io/codemodder/remediation/sqlinjection/SQLTableInjectionFilterTransform.class */
public final class SQLTableInjectionFilterTransform {
    private static final Pattern regex = Pattern.compile(".*from +((\\\\)?\")?", 2);
    private static final String filterMethodName = "validateTableName";

    private SQLTableInjectionFilterTransform() {
    }

    private static boolean isExecuteCall(MethodCallExpr methodCallExpr) {
        return SQLParameterizer.isParameterizationCandidate(methodCallExpr);
    }

    private static boolean isPrepareStatementCall(MethodCallExpr methodCallExpr) {
        try {
            Predicate predicate = methodCallExpr2 -> {
                return methodCallExpr2.getNameAsString().equals("prepareStatement");
            };
            Predicate predicate2 = methodCallExpr3 -> {
                return methodCallExpr3.getScope().filter(expression -> {
                    try {
                        return "java.sql.Connection".equals(expression.calculateResolvedType().describe());
                    } catch (RuntimeException e) {
                        return false;
                    }
                }).isPresent();
            };
            return predicate.and(predicate2.and(methodCallExpr4 -> {
                return ((Boolean) methodCallExpr4.getArguments().getFirst().map(expression -> {
                    return Boolean.valueOf(!(expression instanceof StringLiteralExpr));
                }).orElse(false)).booleanValue();
            })).test(methodCallExpr);
        } catch (RuntimeException e) {
            return false;
        }
    }

    public static boolean matchCall(MethodCallExpr methodCallExpr) {
        return isPrepareStatementCall(methodCallExpr) || isExecuteCall(methodCallExpr);
    }

    public static boolean fix(MethodCallExpr methodCallExpr) {
        return ((Boolean) methodCallExpr.findCompilationUnit().map(compilationUnit -> {
            return Boolean.valueOf(fix(compilationUnit, methodCallExpr));
        }).orElse(false)).booleanValue();
    }

    public static boolean fix(CompilationUnit compilationUnit, MethodCallExpr methodCallExpr) {
        LinearizedStringExpression linearizedStringExpression = new LinearizedStringExpression(methodCallExpr.getArgument(0));
        List<Expression> list = findTableInjections(linearizedStringExpression).stream().filter(expression -> {
            return (expression.isMethodCallExpr() && expression.asMethodCallExpr().getNameAsString().equals(filterMethodName)) ? false : true;
        }).toList();
        if (list.isEmpty()) {
            return false;
        }
        fix(compilationUnit, list, linearizedStringExpression.getResolvedExpressionsMap());
        return true;
    }

    public static boolean findAndFix(MethodCallExpr methodCallExpr) {
        if (matchCall(methodCallExpr)) {
            return fix(methodCallExpr);
        }
        return false;
    }

    private static List<Expression> findTableInjections(LinearizedStringExpression linearizedStringExpression) {
        ArrayList arrayList = new ArrayList();
        Iterator<Expression> it = linearizedStringExpression.getLinearized().iterator();
        while (it.hasNext()) {
            Expression next = it.next();
            if (next.isStringLiteralExpr()) {
                if (regex.matcher(next.asStringLiteralExpr().getValue()).matches() && it.hasNext()) {
                    arrayList.add(it.next());
                }
            }
        }
        arrayList.removeIf((v0) -> {
            return v0.isStringLiteralExpr();
        });
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void addFilterMethodIfMissing(CompilationUnit compilationUnit, ClassOrInterfaceDeclaration classOrInterfaceDeclaration) {
        if (!classOrInterfaceDeclaration.findAll(MethodDeclaration.class).stream().anyMatch(methodDeclaration -> {
            return methodDeclaration.getNameAsString().equals(filterMethodName) && methodDeclaration.getParameters().size() == 1 && methodDeclaration.getParameters().get(0).getTypeAsString().equals("String");
        })) {
            classOrInterfaceDeclaration.addMember(StaticJavaParser.parseMethodDeclaration(" String validateTableName(final String tablename){\n  Pattern regex = Pattern.compile(\"[a-zA-Z0-9_]+(.[a-zA-Z0-9_]+)?\");\n  if (!regex.matcher(tablename).matches()){\n\t  throw new SecurityException(\"Supplied table name contains non-alphanumeric characters\");\n  }\n  return tablename;\n }\n"));
        }
        ASTTransforms.addImportIfMissing(compilationUnit, "java.util.regex.Pattern");
    }

    private static void fix(CompilationUnit compilationUnit, List<Expression> list, Map<Expression, Expression> map) {
        list.stream().map(expression -> {
            return unresolve(expression, map);
        }).forEach(SQLTableInjectionFilterTransform::wrapExpressionWithCall);
        list.get(0).findAncestor(new Class[]{ClassOrInterfaceDeclaration.class}).ifPresent(classOrInterfaceDeclaration -> {
            addFilterMethodIfMissing(compilationUnit, classOrInterfaceDeclaration);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Expression unresolve(Expression expression, Map<Expression, Expression> map) {
        Expression expression2 = expression;
        while (true) {
            Expression expression3 = expression2;
            if (map.get(expression3) == null) {
                return expression3;
            }
            expression2 = map.get(expression3);
        }
    }

    private static void wrapExpressionWithCall(Expression expression) {
        MethodCallExpr methodCallExpr = new MethodCallExpr(filterMethodName, new Expression[0]);
        expression.replace(methodCallExpr);
        methodCallExpr.addArgument(new BinaryExpr(expression, new StringLiteralExpr(""), BinaryExpr.Operator.PLUS));
    }
}
