package io.yupiik.bundlebee.core.command.impl.lint.builtin;

import io.yupiik.bundlebee.core.command.impl.lint.LintError;
import io.yupiik.bundlebee.core.command.impl.lint.LintingCheck;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.enterprise.context.Dependent;
import javax.json.JsonValue;
import org.apache.webbeans.proxy.AbstractProxyFactory;

@Dependent
/* loaded from: input_file:io/yupiik/bundlebee/core/command/impl/lint/builtin/PrivilegedPorts.class */
public class PrivilegedPorts extends CheckValue {
    public PrivilegedPorts() {
        super((Set<String>) Set.of("DeploymentConfig", "Deployment"), (Map<String, String>) Map.of("DeploymentConfig", "/spec/template/spec/containers", "Deployment", "/spec/template/spec/containers"), true);
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String name() {
        return "privileged-ports";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String description() {
        return "Alert on deployments with privileged ports mapped in containers";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String remediation() {
        return "Ensure privileged ports [0, 1024] are not mapped within containers.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.builtin.CheckValue
    protected Stream<LintError> doValidate(LintingCheck.LintableDescriptor lintableDescriptor, JsonValue jsonValue) {
        return jsonValue.asJsonArray().stream().map((v0) -> {
            return v0.asJsonObject();
        }).map(jsonObject -> {
            return jsonObject.getJsonArray("ports");
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).flatMap((v0) -> {
            return v0.stream();
        }).map((v0) -> {
            return v0.asJsonObject();
        }).map(jsonObject2 -> {
            return Integer.valueOf(jsonObject2.getInt("containerPort", AbstractProxyFactory.MAX_CLASSLOAD_TRIES));
        }).filter(num -> {
            return num.intValue() >= 0 && num.intValue() <= 1024;
        }).distinct().sorted().map(num2 -> {
            return new LintError(LintError.LintLevel.ERROR, "priviledged port used by container: " + num2);
        });
    }
}
