package io.joern.scanners.android;

import io.joern.console.CodeSnippet;
import io.joern.console.MultiFileCodeExamples;
import io.joern.console.Query;
import io.joern.console.Query$;
import io.joern.console.QueryBundle;
import io.joern.console.TraversalWithStrRep;
import io.joern.console.q;
import io.joern.dataflowengineoss.language.ExtendedCfgNode$;
import io.joern.dataflowengineoss.queryengine.EngineContext;
import io.joern.dataflowengineoss.queryengine.EngineContext$;
import io.joern.dataflowengineoss.semanticsloader.Semantics$;
import io.joern.scanners.Crew$;
import io.joern.scanners.QueryTags$;
import io.joern.x2cpg.Defines$;
import io.shiftleft.codepropertygraph.generated.Cpg;
import io.shiftleft.codepropertygraph.generated.traversal.CallTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.IdentifierTraversalExtGen$;
import io.shiftleft.codepropertygraph.generated.traversal.LocalTraversalExtGen$;
import io.shiftleft.semanticcpg.language.ICallResolver;
import io.shiftleft.semanticcpg.language.NoResolve$;
import io.shiftleft.semanticcpg.language.android.ConfigFileTraversal$;
import io.shiftleft.semanticcpg.language.callgraphextension.MethodTraversal$;
import io.shiftleft.semanticcpg.language.package$;
import io.shiftleft.semanticcpg.language.types.expressions.CallTraversal$;
import io.shiftleft.semanticcpg.language.types.expressions.generalizations.AstNodeTraversal$;
import io.shiftleft.semanticcpg.language.types.expressions.generalizations.ExpressionTraversal$;
import io.shiftleft.semanticcpg.language.types.structure.LocalTraversal$;
import overflowdb.traversal.TraversalLogicExt$;
import scala.Predef$;
import scala.collection.Iterator;
import scala.collection.StringOps$;
import scala.collection.immutable.List;
import scala.runtime.ScalaRunTime$;

/* compiled from: ExternalStorage.scala */
/* loaded from: input_file:io/joern/scanners/android/ExternalStorage$.class */
public final class ExternalStorage$ implements QueryBundle {
    public static final ExternalStorage$ MODULE$ = new ExternalStorage$();
    private static final EngineContext engineContext = new EngineContext(Semantics$.MODULE$.empty(), EngineContext$.MODULE$.apply$default$2());
    private static final ICallResolver resolver = NoResolve$.MODULE$;

    public EngineContext engineContext() {
        return engineContext;
    }

    public ICallResolver resolver() {
        return resolver;
    }

    @q
    public Query externalStorageToDexClassLoader(EngineContext engineContext2) {
        return Query$.MODULE$.make("external-storage-to-dex-classloader", Crew$.MODULE$.claudiu(), "Data from external storage ends up in dex classloader, leading to code execution.", "-", 9.0d, new TraversalWithStrRep(cpg -> {
            return TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(reflectInvoke$1(cpg)), iterator -> {
                return ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(iterator), Predef$.MODULE$.int2Integer(1))), ScalaRunTime$.MODULE$.wrapRefArray(new Iterator[]{loadClassCalls$1(cpg, engineContext2)}), engineContext2);
            });
        }, "cpg =>\n        import overflowdb.traversal.Traversal\n        import io.shiftleft.semanticcpg.language.android._\n        import io.joern.x2cpg.Defines.ConstructorMethodName\n\n        def externalStorageReads =\n          if (cpg.appManifest.hasReadExternalStoragePermission.nonEmpty)\n            cpg.getExternalStorageDir\n          else Iterator.empty\n        def dexClassLoadersWithExternalStorageInit =\n          cpg.dexClassLoader\n            .where(\n              _.method.call\n                .nameExact(ConstructorMethodName)\n                .where(_.argument(0).isIdentifier.typeFullNameExact(\"dalvik.system.DexClassLoader\"))\n                .where(_.argument(1).reachableBy(externalStorageReads))\n            )\n        def loadClassCalls =\n          dexClassLoadersWithExternalStorageInit.referencingIdentifiers.inCall.nameExact(\"loadClass\")\n        def reflectInvoke = cpg.call.methodFullNameExact(\n          \"java.lang.reflect.Method.invoke:java.lang.Object(java.lang.Object,java.lang.Object[])\"\n        )\n        reflectInvoke.where(_.argument(1).reachableBy(loadClassCalls))"), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new String[]{QueryTags$.MODULE$.android()})), Query$.MODULE$.make$default$8(), new MultiFileCodeExamples((List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|package io.vroooom.vulnerableapp;\n                 |\n                 |import android.Manifest;\n                 |import android.content.pm.PackageManager;\n                 |import android.os.Bundle;\n                 |import android.os.Environment;\n                 |import android.support.v4.app.ActivityCompat;\n                 |import android.support.v4.content.ContextCompat;\n                 |import android.support.v7.app.AppCompatActivity;\n                 |import android.util.Log;\n                 |\n                 |import java.io.File;\n                 |import java.lang.reflect.Method;\n                 |\n                 |import dalvik.system.DexClassLoader;\n                 |\n                 |public class DexClassLoaderActivity extends AppCompatActivity {\n                 |\n                 |    @Override\n                 |    protected void onCreate(Bundle savedInstanceState) {\n                 |        super.onCreate(savedInstanceState);\n                 |        setContentView(R.layout.activity_main);\n                 |\n                 |        if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE)\n                 |                != PackageManager.PERMISSION_GRANTED) {\n                 |            ActivityCompat.requestPermissions(this, new String[] { Manifest.permission.READ_EXTERNAL_STORAGE }, 1234);\n                 |        } else {\n                 |            String externalStorageRoot = Environment.getExternalStorageDirectory().toString();\n                 |            listFiles(externalStorageRoot);\n                 |\n                 |            String pathToDex = externalStorageRoot + \"/Beep.zip\";\n                 |            loadDexFromPath(pathToDex);\n                 |        }\n                 |    }\n                 |\n                 |    private void listFiles(String path) {\n                 |        Log.d(\"Files\", \"Path: \" + path);\n                 |        File directory = new File(path);\n                 |        File[] files = directory.listFiles();\n                 |        Log.d(\"Files\", \"Size: \"+ files.length);\n                 |        for (int i = 0; i < files.length; i++) {\n                 |            Log.d(\"Files\", \"FileName:\" + files[i].getName());\n                 |        }\n                 |    }\n                 |\n                 |    private void loadDexFromPath(String path) {\n                 |        try {\n                 |            File tmpDir = getDir(\"dex\", 0);\n                 |\n                 |            DexClassLoader classloader = new DexClassLoader(path, tmpDir.getAbsolutePath(), null, this.getClass().getClassLoader());\n                 |            final Class<Object> classToLoad = (Class<Object>) classloader.loadClass(\"Beep\");\n                 |            final Object myInstance  = classToLoad.newInstance();\n                 |            final Method returnString = classToLoad.getMethod(\"getName\");\n                 |            String result = (String) returnString.invoke(myInstance);\n                 |            Log.e(\"Test\", result);\n                 |        } catch (Exception e) {\n                 |            e.printStackTrace();\n                 |        }\n                 |    }\n                 |}\n                 |")), "io/vroooom/vulnerableapp/DexClassLoaderActivity.java"), new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|<?xml version=\"1.0\" encoding=\"utf-8\"?>\n                |<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n                |    xmlns:tools=\"http://schemas.android.com/tools\">\n                |    <uses-permission android:name=\"android.permission.INTERNET\" />\n                |    <uses-permission android:name=\"android.permission.READ_EXTERNAL_STORAGE\" />\n                |\n                |    <application\n                |        android:allowBackup=\"true\"\n                |        android:dataExtractionRules=\"@xml/data_extraction_rules\"\n                |        android:fullBackupContent=\"@xml/backup_rules\"\n                |        android:usesCleartextTraffic=\"true\"\n                |        android:icon=\"@mipmap/ic_launcher\"\n                |        android:label=\"@string/app_name\"\n                |        android:roundIcon=\"@mipmap/ic_launcher_round\"\n                |        android:supportsRtl=\"true\"\n                |        android:theme=\"@style/Theme.Vulnerableapp\"\n                |        android:requestLegacyExternalStorage=\"true\"\n                |        tools:targetApi=\"31\">\n                |\n                |        <activity\n                |            android:name=\".MainActivityJava\"\n                |            android:exported=\"true\">\n                |            <intent-filter>\n                |                <action android:name=\"android.intent.action.MAIN\" />\n                |                <category android:name=\"android.intent.category.LAUNCHER\" />\n                |            </intent-filter>\n                |            <meta-data\n                |                android:name=\"android.app.lib_name\"\n                |                android:value=\"\" />\n                |        </activity>\n                |    </application>\n                |</manifest>\n                |")), "AndroidManifest.xml")}))})), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new List[]{(List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|package io.vroooom.vulnerableapp;\n                 |\n                 |import android.Manifest;\n                 |import android.content.pm.PackageManager;\n                 |import android.os.Bundle;\n                 |import android.os.Environment;\n                 |import android.support.v4.app.ActivityCompat;\n                 |import android.support.v4.content.ContextCompat;\n                 |import android.support.v7.app.AppCompatActivity;\n                 |import android.util.Log;\n                 |\n                 |import java.io.File;\n                 |import java.lang.reflect.Method;\n                 |\n                 |import dalvik.system.DexClassLoader;\n                 |\n                 |public class DexClassLoaderActivity extends AppCompatActivity {\n                 |\n                 |    @Override\n                 |    protected void onCreate(Bundle savedInstanceState) {\n                 |        super.onCreate(savedInstanceState);\n                 |        setContentView(R.layout.activity_main);\n                 |\n                 |        if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE)\n                 |                != PackageManager.PERMISSION_GRANTED) {\n                 |            ActivityCompat.requestPermissions(this, new String[] { Manifest.permission.READ_EXTERNAL_STORAGE }, 1234);\n                 |        } else {\n                 |            String externalStorageRoot = Environment.getExternalStorageDirectory().toString();\n                 |            listFiles(externalStorageRoot);\n                 |\n                 |            String pathToDex = externalStorageRoot + \"/Beep.zip\";\n                 |            loadDexFromPath(pathToDex);\n                 |        }\n                 |    }\n                 |\n                 |    private void listFiles(String path) {\n                 |        Log.d(\"Files\", \"Path: \" + path);\n                 |        File directory = new File(path);\n                 |        File[] files = directory.listFiles();\n                 |        Log.d(\"Files\", \"Size: \"+ files.length);\n                 |        for (int i = 0; i < files.length; i++) {\n                 |            Log.d(\"Files\", \"FileName:\" + files[i].getName());\n                 |        }\n                 |    }\n                 |\n                 |    private void loadDexFromPath(String path) {\n                 |        try {\n                 |            File tmpDir = getDir(\"dex\", 0);\n                 |\n                 |            DexClassLoader classloader = new DexClassLoader(path, tmpDir.getAbsolutePath(), null, this.getClass().getClassLoader());\n                 |            final Class<Object> classToLoad = (Class<Object>) classloader.loadClass(\"Beep\");\n                 |            final Object myInstance  = classToLoad.newInstance();\n                 |            final Method returnString = classToLoad.getMethod(\"getName\");\n                 |            String result = (String) returnString.invoke(myInstance);\n                 |            Log.e(\"Test\", result);\n                 |        } catch (Exception e) {\n                 |            e.printStackTrace();\n                 |        }\n                 |    }\n                 |}\n                 |")), "io/vroooom/vulnerableapp/DexClassLoaderActivity.java"), new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|<?xml version=\"1.0\" encoding=\"utf-8\"?>\n                 |<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n                 |    xmlns:tools=\"http://schemas.android.com/tools\">\n                 |    <uses-permission android:name=\"android.permission.INTERNET\" />\n                 |\n                 |    <application\n                 |        android:allowBackup=\"true\"\n                 |        android:dataExtractionRules=\"@xml/data_extraction_rules\"\n                 |        android:fullBackupContent=\"@xml/backup_rules\"\n                 |        android:usesCleartextTraffic=\"true\"\n                 |        android:icon=\"@mipmap/ic_launcher\"\n                 |        android:label=\"@string/app_name\"\n                 |        android:roundIcon=\"@mipmap/ic_launcher_round\"\n                 |        android:supportsRtl=\"true\"\n                 |        android:theme=\"@style/Theme.Vulnerableapp\"\n                 |        tools:targetApi=\"31\">\n                 |\n                 |        <activity\n                 |            android:name=\".MainActivityJava\"\n                 |            android:exported=\"true\">\n                 |            <intent-filter>\n                 |                <action android:name=\"android.intent.action.MAIN\" />\n                 |                <category android:name=\"android.intent.category.LAUNCHER\" />\n                 |            </intent-filter>\n                 |            <meta-data\n                 |                android:name=\"android.app.lib_name\"\n                 |                android:value=\"\" />\n                 |        </activity>\n                 |    </application>\n                 |</manifest>\n                 |")), "AndroidManifest.xml")})), (List) scala.package$.MODULE$.List().apply(ScalaRunTime$.MODULE$.wrapRefArray(new CodeSnippet[]{new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|package io.vroooom.vulnerableapp;\n                 |\n                 |import android.Manifest;\n                 |import android.content.pm.PackageManager;\n                 |import android.os.Bundle;\n                 |import android.os.Environment;\n                 |import android.support.v4.app.ActivityCompat;\n                 |import android.support.v4.content.ContextCompat;\n                 |import android.support.v7.app.AppCompatActivity;\n                 |import android.util.Log;\n                 |\n                 |import java.io.File;\n                 |import java.lang.reflect.Method;\n                 |\n                 |import dalvik.system.DexClassLoader;\n                 |\n                 |public class DexClassLoaderActivity extends AppCompatActivity {\n                 |\n                 |    @Override\n                 |    protected void onCreate(Bundle savedInstanceState) {\n                 |        super.onCreate(savedInstanceState);\n                 |        setContentView(R.layout.activity_main);\n                 |\n                 |        if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE)\n                 |                != PackageManager.PERMISSION_GRANTED) {\n                 |            ActivityCompat.requestPermissions(this, new String[] { Manifest.permission.READ_EXTERNAL_STORAGE }, 1234);\n                 |        } else {\n                 |            String somePath = \"/an/app/internal/path\";\n                 |            listFiles(somePath);\n                 |            loadDexFromPath(somePath);\n                 |        }\n                 |    }\n                 |\n                 |    private void listFiles(String path) {\n                 |        Log.d(\"Files\", \"Path: \" + path);\n                 |        File directory = new File(path);\n                 |        File[] files = directory.listFiles();\n                 |        Log.d(\"Files\", \"Size: \"+ files.length);\n                 |        for (int i = 0; i < files.length; i++) {\n                 |            Log.d(\"Files\", \"FileName:\" + files[i].getName());\n                 |        }\n                 |    }\n                 |\n                 |    private void loadDexFromPath(String path) {\n                 |        try {\n                 |            File tmpDir = getDir(\"dex\", 0);\n                 |\n                 |            DexClassLoader classloader = new DexClassLoader(path, tmpDir.getAbsolutePath(), null, this.getClass().getClassLoader());\n                 |            final Class<Object> classToLoad = (Class<Object>) classloader.loadClass(\"Beep\");\n                 |            final Object myInstance  = classToLoad.newInstance();\n                 |            final Method returnString = classToLoad.getMethod(\"getName\");\n                 |            String result = (String) returnString.invoke(myInstance);\n                 |            Log.e(\"Test\", result);\n                 |        } catch (Exception e) {\n                 |            e.printStackTrace();\n                 |        }\n                 |    }\n                 |}\n                 |")), "io/vroooom/vulnerableapp/DexClassLoaderActivity.java"), new CodeSnippet(StringOps$.MODULE$.stripMargin$extension(Predef$.MODULE$.augmentString("|<?xml version=\"1.0\" encoding=\"utf-8\"?>\n                 |<manifest xmlns:android=\"http://schemas.android.com/apk/res/android\"\n                 |    xmlns:tools=\"http://schemas.android.com/tools\">\n                 |    <uses-permission android:name=\"android.permission.INTERNET\" />\n                 |    <uses-permission android:name=\"android.permission.READ_EXTERNAL_STORAGE\" />\n                 |\n                 |    <application\n                 |        android:allowBackup=\"true\"\n                 |        android:dataExtractionRules=\"@xml/data_extraction_rules\"\n                 |        android:fullBackupContent=\"@xml/backup_rules\"\n                 |        android:usesCleartextTraffic=\"true\"\n                 |        android:icon=\"@mipmap/ic_launcher\"\n                 |        android:label=\"@string/app_name\"\n                 |        android:roundIcon=\"@mipmap/ic_launcher_round\"\n                 |        android:supportsRtl=\"true\"\n                 |        android:theme=\"@style/Theme.Vulnerableapp\"\n                 |        tools:targetApi=\"31\">\n                 |\n                 |        <activity\n                 |            android:name=\".MainActivityJava\"\n                 |            android:exported=\"true\">\n                 |            <intent-filter>\n                 |                <action android:name=\"android.intent.action.MAIN\" />\n                 |                <category android:name=\"android.intent.category.LAUNCHER\" />\n                 |            </intent-filter>\n                 |            <meta-data\n                 |                android:name=\"android.app.lib_name\"\n                 |                android:value=\"\" />\n                 |        </activity>\n                 |    </application>\n                 |</manifest>\n                 |")), "AndroidManifest.xml")}))}))));
    }

    private static final Iterator externalStorageReads$1(Cpg cpg) {
        return ConfigFileTraversal$.MODULE$.hasReadExternalStoragePermission$extension(io.shiftleft.semanticcpg.language.android.package$.MODULE$.iterOnceToConfigFileExt(io.shiftleft.semanticcpg.language.android.package$.MODULE$.toNodeTypeStartersFlows(cpg).appManifest())).nonEmpty() ? io.shiftleft.semanticcpg.language.android.package$.MODULE$.toNodeTypeStartersFlows(cpg).getExternalStorageDir() : scala.package$.MODULE$.Iterator().empty();
    }

    private static final Iterator dexClassLoadersWithExternalStorageInit$1(Cpg cpg, EngineContext engineContext2) {
        return TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(io.shiftleft.semanticcpg.language.android.package$.MODULE$.toNodeTypeStartersFlows(cpg).dexClassLoader()), iterator -> {
            return TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(TraversalLogicExt$.MODULE$.where$extension(package$.MODULE$.toTraversalLogicExt(CallTraversalExtGen$.MODULE$.nameExact$extension(package$.MODULE$.toCallTraversalExtGen(MethodTraversal$.MODULE$.call$extension(package$.MODULE$.iterOnceToMethodTravCallGraphExt(LocalTraversal$.MODULE$.method$extension(package$.MODULE$.toLocal(iterator))))), Defines$.MODULE$.ConstructorMethodName())), iterator -> {
                return IdentifierTraversalExtGen$.MODULE$.typeFullNameExact$extension(package$.MODULE$.toIdentifierTraversalExtGen(AstNodeTraversal$.MODULE$.isIdentifier$extension(package$.MODULE$.iterOnceToAstNodeTraversal(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(iterator), Predef$.MODULE$.int2Integer(0))))), "dalvik.system.DexClassLoader");
            })), iterator2 -> {
                return ExtendedCfgNode$.MODULE$.reachableBy$extension(io.joern.dataflowengineoss.language.package$.MODULE$.toExtendedCfgNode(CallTraversal$.MODULE$.argument$extension(package$.MODULE$.iterOnceToOriginalCallTrav(iterator2), Predef$.MODULE$.int2Integer(1))), ScalaRunTime$.MODULE$.wrapRefArray(new Iterator[]{externalStorageReads$1(cpg)}), engineContext2);
            });
        });
    }

    private static final Iterator loadClassCalls$1(Cpg cpg, EngineContext engineContext2) {
        return CallTraversalExtGen$.MODULE$.nameExact$extension(package$.MODULE$.toCallTraversalExtGen(ExpressionTraversal$.MODULE$.inCall$extension(package$.MODULE$.toExpression(LocalTraversalExtGen$.MODULE$.referencingIdentifiers$extension(package$.MODULE$.toLocalTraversalExtGen(dexClassLoadersWithExternalStorageInit$1(cpg, engineContext2)))))), "loadClass");
    }

    private static final Iterator reflectInvoke$1(Cpg cpg) {
        return CallTraversalExtGen$.MODULE$.methodFullNameExact$extension(package$.MODULE$.toCallTraversalExtGen(package$.MODULE$.toNodeTypeStarters(cpg).call()), "java.lang.reflect.Method.invoke:java.lang.Object(java.lang.Object,java.lang.Object[])");
    }

    private ExternalStorage$() {
    }
}
