package io.codemodder.remediation.javadeserialization;

import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.Node;
import com.github.javaparser.ast.body.VariableDeclarator;
import com.github.javaparser.ast.expr.Expression;
import com.github.javaparser.ast.expr.MethodCallExpr;
import com.github.javaparser.ast.expr.NameExpr;
import com.github.javaparser.ast.expr.ObjectCreationExpr;
import com.github.javaparser.ast.expr.VariableDeclarationExpr;
import io.codemodder.DependencyGAV;
import io.codemodder.Either;
import io.codemodder.ast.ASTs;
import io.codemodder.ast.LocalDeclaration;
import io.codemodder.javaparser.JavaParserTransformer;
import io.codemodder.remediation.RemediationStrategy;
import io.codemodder.remediation.SuccessOrReason;
import io.github.pixee.security.ObjectInputFilters;
import java.util.List;
import java.util.Optional;

/* loaded from: input_file:io/codemodder/remediation/javadeserialization/JavaDeserializationFixStrategy.class */
public final class JavaDeserializationFixStrategy implements RemediationStrategy {
    private Either<ObjectCreationExpr, String> findConstructor(MethodCallExpr methodCallExpr) {
        Optional map = methodCallExpr.getScope().map(expression -> {
            if (expression instanceof NameExpr) {
                return expression.asNameExpr();
            }
            return null;
        });
        if (map.isEmpty()) {
            return Either.right("Unexpected shape");
        }
        Optional<LocalDeclaration> findEarliestLocalDeclarationOf = ASTs.findEarliestLocalDeclarationOf(((NameExpr) map.get()).getName());
        if (findEarliestLocalDeclarationOf.isEmpty()) {
            return Either.right("No declaration found");
        }
        VariableDeclarator mo24getDeclaration = findEarliestLocalDeclarationOf.get().mo24getDeclaration();
        if (!(mo24getDeclaration instanceof VariableDeclarator)) {
            return Either.right("Unexpected declaration type");
        }
        Optional initializer = mo24getDeclaration.getInitializer();
        if (initializer.isEmpty()) {
            return Either.right("No initializer found");
        }
        ObjectCreationExpr objectCreationExpr = (Expression) initializer.get();
        return objectCreationExpr instanceof ObjectCreationExpr ? Either.left(objectCreationExpr) : Either.right("Failed to find constructor for associated call");
    }

    @Override // io.codemodder.remediation.RemediationStrategy
    public SuccessOrReason fix(CompilationUnit compilationUnit, Node node) {
        Node asObjectCreationExpr = node instanceof VariableDeclarationExpr ? ((Expression) ((VariableDeclarationExpr) node).getVariable(0).getInitializer().get()).asObjectCreationExpr() : node;
        Optional or = Optional.empty().or(() -> {
            return asObjectCreationExpr instanceof MethodCallExpr ? Optional.of(Either.left((MethodCallExpr) asObjectCreationExpr)) : Optional.empty();
        }).or(() -> {
            return asObjectCreationExpr instanceof ObjectCreationExpr ? Optional.of(Either.right((ObjectCreationExpr) asObjectCreationExpr)) : Optional.empty();
        });
        if (or.isEmpty()) {
            return SuccessOrReason.reason("Not a call or constructor");
        }
        Either either = (Either) ((Either) or.get()).ifLeftOrElseGet(this::findConstructor, (v0) -> {
            return Either.left(v0);
        });
        if (either.isRight()) {
            return SuccessOrReason.reason((String) either.getRight());
        }
        fixObjectInputStreamCreation((ObjectCreationExpr) either.getLeft());
        return SuccessOrReason.success(List.of(DependencyGAV.JAVA_SECURITY_TOOLKIT));
    }

    private void fixObjectInputStreamCreation(ObjectCreationExpr objectCreationExpr) {
        JavaParserTransformer.replace(objectCreationExpr).withStaticMethod(ObjectInputFilters.class.getName(), "createSafeObjectInputStream").withStaticImport().withSameArguments();
    }

    public static boolean match(VariableDeclarationExpr variableDeclarationExpr) {
        return Optional.of(variableDeclarationExpr).flatMap(variableDeclarationExpr2 -> {
            return variableDeclarationExpr2.getVariables().getFirst();
        }).flatMap((v0) -> {
            return v0.getInitializer();
        }).map(expression -> {
            if (expression.isObjectCreationExpr()) {
                return expression.asObjectCreationExpr();
            }
            return null;
        }).filter(JavaDeserializationFixStrategy::match).isPresent();
    }

    public static boolean match(ObjectCreationExpr objectCreationExpr) {
        return Optional.of(objectCreationExpr).map(objectCreationExpr2 -> {
            if (objectCreationExpr2 instanceof ObjectCreationExpr) {
                return objectCreationExpr2;
            }
            return null;
        }).filter(objectCreationExpr3 -> {
            return "ObjectInputStream".equals(objectCreationExpr3.getTypeAsString());
        }).isPresent();
    }

    public static boolean match(MethodCallExpr methodCallExpr) {
        return Optional.of(methodCallExpr).map(methodCallExpr2 -> {
            if (methodCallExpr2 instanceof MethodCallExpr) {
                return methodCallExpr2;
            }
            return null;
        }).filter(methodCallExpr3 -> {
            return methodCallExpr3.getNameAsString().equals("readObject");
        }).filter(methodCallExpr4 -> {
            return methodCallExpr4.getArguments().isEmpty();
        }).isPresent();
    }

    public static boolean match(Node node) {
        if (node instanceof MethodCallExpr) {
            return match((MethodCallExpr) node);
        }
        if (node instanceof ObjectCreationExpr) {
            return match((ObjectCreationExpr) node);
        }
        return false;
    }
}
