package io.yupiik.bundlebee.core.command.impl.lint.builtin;

import io.yupiik.bundlebee.core.command.impl.lint.LintError;
import io.yupiik.bundlebee.core.command.impl.lint.LintingCheck;
import java.util.stream.Stream;
import javax.enterprise.context.Dependent;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.json.JsonString;
import javax.json.JsonValue;

@Dependent
/* loaded from: input_file:io/yupiik/bundlebee/core/command/impl/lint/builtin/DropNetRawCapability.class */
public class DropNetRawCapability extends ContainerValueValidator {
    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String name() {
        return "drop-net-raw-capability";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String description() {
        return "Indicates when containers do not drop NET_RAW capability";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.LintingCheck
    public String remediation() {
        return "`NET_RAW` makes it so that an application within the container is able to craft raw packets, use raw sockets, and bind to any address. Remove this capability in the containers under containers security contexts.";
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.builtin.ContainerValueValidator
    protected boolean supportsInitContainers() {
        return true;
    }

    @Override // io.yupiik.bundlebee.core.command.impl.lint.builtin.ContainerValueValidator
    protected Stream<LintError> validate(JsonObject jsonObject, LintingCheck.LintableDescriptor lintableDescriptor) {
        JsonObject jsonObject2;
        JsonArray jsonArray;
        JsonObject jsonObject3 = jsonObject.getJsonObject("securityContext");
        if (jsonObject3 != null && (jsonObject2 = jsonObject3.getJsonObject("capabilities")) != null && (jsonArray = jsonObject2.getJsonArray("add")) != null) {
            String str = "NET_RAW";
            return jsonArray.stream().filter(jsonValue -> {
                return jsonValue.getValueType() == JsonValue.ValueType.STRING;
            }).map(jsonValue2 -> {
                return (JsonString) jsonValue2;
            }).map((v0) -> {
                return v0.getString();
            }).filter((v1) -> {
                return r1.equals(v1);
            }).map(str2 -> {
                return new LintError(LintError.LintLevel.ERROR, "'NET_RAW' capabilities usage");
            });
        }
        return Stream.empty();
    }
}
