package apiaddicts.sonar.openapi.checks.security;

import apiaddicts.sonar.openapi.checks.BaseCheck;
import apiaddicts.sonar.openapi.utils.VerbPathMatcher;
import com.google.common.collect.ImmutableSet;
import com.sonar.sslr.api.AstNodeType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apiaddicts.apitools.dosonarapi.api.v2.OpenApi2Grammar;
import org.apiaddicts.apitools.dosonarapi.api.v3.OpenApi3Grammar;
import org.apiaddicts.apitools.dosonarapi.api.v31.OpenApi31Grammar;
import org.apiaddicts.apitools.dosonarapi.sslr.yaml.grammar.JsonNode;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;

@Rule(key = OAR084ForbiddenFormatsInQueryCheck.KEY)
/* loaded from: input_file:apiaddicts/sonar/openapi/checks/security/OAR084ForbiddenFormatsInQueryCheck.class */
public class OAR084ForbiddenFormatsInQueryCheck extends BaseCheck {
    public static final String KEY = "OAR084";
    private static final String MESSAGE = "OAR084.error";
    private static final String FORBIDDEN_QUERY_FORMATS = "password";
    private static final String DEFAULT_PATH = "/examples";
    private static final String PATH_STRATEGY = "/include";

    @RuleProperty(key = "forbidden-query-formats", description = "List of forbidden query params separated by comma", defaultValue = FORBIDDEN_QUERY_FORMATS)
    private String forbiddenQueryFormatsStr = FORBIDDEN_QUERY_FORMATS;

    @RuleProperty(key = "paths", description = "List of explicit paths to include/exclude from this rule separated by comma", defaultValue = DEFAULT_PATH)
    private String pathsStr = DEFAULT_PATH;

    @RuleProperty(key = "pathValidationStrategy", description = "Path validation strategy (include/exclude)", defaultValue = PATH_STRATEGY)
    private String pathCheckStrategy = PATH_STRATEGY;
    private Set<String> forbiddenQueryFormats = new HashSet();
    private Set<String> paths;
    private String currentPath;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiVisitor
    public void visitFile(JsonNode jsonNode) {
        if (!this.forbiddenQueryFormatsStr.trim().isEmpty()) {
            this.forbiddenQueryFormats.addAll((Collection) Stream.of((Object[]) this.forbiddenQueryFormatsStr.split(VerbPathMatcher.VALUE_SEPARATOR)).map((v0) -> {
                return v0.trim();
            }).collect(Collectors.toSet()));
        }
        if (this.pathsStr.trim().isEmpty()) {
            this.paths = new HashSet();
        } else {
            this.paths = (Set) Stream.of((Object[]) this.pathsStr.split(VerbPathMatcher.VALUE_SEPARATOR)).map((v0) -> {
                return v0.trim();
            }).collect(Collectors.toSet());
        }
        super.visitFile(jsonNode);
    }

    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiCheck
    public Set<AstNodeType> subscribedKinds() {
        return ImmutableSet.of((OpenApi31Grammar) OpenApi2Grammar.PATH, (OpenApi31Grammar) OpenApi3Grammar.PATH, OpenApi31Grammar.PATH, (OpenApi31Grammar) OpenApi2Grammar.OPERATION, (OpenApi31Grammar) OpenApi3Grammar.OPERATION, OpenApi31Grammar.OPERATION, (OpenApi31Grammar[]) new AstNodeType[0]);
    }

    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiVisitor
    public void visitNode(JsonNode jsonNode) {
        JsonNode jsonNode2;
        if (jsonNode.getType() == OpenApi2Grammar.PATH || jsonNode.getType() == OpenApi3Grammar.PATH || jsonNode.getType() == OpenApi31Grammar.PATH) {
            this.currentPath = jsonNode.key().getTokenValue();
            return;
        }
        if ((jsonNode.getType() != OpenApi2Grammar.OPERATION && jsonNode.getType() != OpenApi3Grammar.OPERATION && jsonNode.getType() != OpenApi31Grammar.OPERATION) || shouldExcludePath() || !ImmutableSet.of(VerbPathMatcher.GET_WORD, "post", "put", "patch", VerbPathMatcher.DELETE_WORD).contains(jsonNode.key().getTokenValue().toLowerCase()) || (jsonNode2 = jsonNode.get("parameters")) == null || jsonNode2.isNull()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        jsonNode2.elements().forEach(jsonNode3 -> {
            JsonNode jsonNode3;
            JsonNode jsonNode4 = jsonNode3.get("in");
            if (jsonNode4 == null || !"query".equals(jsonNode4.getTokenValue())) {
                return;
            }
            if (jsonNode.getType() == OpenApi2Grammar.OPERATION) {
                jsonNode3 = jsonNode3.get("format");
            } else {
                JsonNode jsonNode5 = jsonNode3.get("schema");
                if (jsonNode5 == null || jsonNode5.isNull()) {
                    return;
                } else {
                    jsonNode3 = jsonNode5.get("format");
                }
            }
            if (jsonNode3 == null || jsonNode3.isNull() || !this.forbiddenQueryFormats.contains(jsonNode3.getTokenValue())) {
                return;
            }
            arrayList.add(jsonNode3);
        });
        if (arrayList.isEmpty()) {
            return;
        }
        String str = (String) arrayList.stream().map((v0) -> {
            return v0.getTokenValue();
        }).collect(Collectors.joining(", "));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            addIssue(KEY, translate(MESSAGE, str), (JsonNode) it.next());
        }
    }

    private boolean shouldExcludePath() {
        return "/exclude".equals(this.pathCheckStrategy) ? this.paths.contains(this.currentPath) : PATH_STRATEGY.equals(this.pathCheckStrategy) && !this.paths.contains(this.currentPath);
    }
}
