package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.Iterator;
import java.util.List;
import org.sonar.check.BelongsToProfile;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.java.model.expression.MethodInvocationTreeImpl;
import org.sonar.java.resolve.Symbol;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2092", priority = Priority.CRITICAL, tags = {"cwe", "owasp-top10", "security"})
@BelongsToProfile(title = "Sonar way", priority = Priority.CRITICAL)
/* loaded from: input_file:org/sonar/java/checks/SecureCookieCheck.class */
public class SecureCookieCheck extends SubscriptionBaseVisitor {
    private List<Symbol> unsecuredCookies = Lists.newArrayList();

    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.VARIABLE, Tree.Kind.METHOD_INVOCATION);
    }

    public void scanFile(JavaFileScannerContext javaFileScannerContext) {
        this.unsecuredCookies.clear();
        super.scanFile(javaFileScannerContext);
        Iterator<Symbol> it = this.unsecuredCookies.iterator();
        while (it.hasNext()) {
            addIssue(getSemanticModel().getTree(it.next()), "Add the \"secure\" attribute to this cookie");
        }
    }

    public void visitNode(Tree tree) {
        if (hasSemantic()) {
            if (tree.is(new Tree.Kind[]{Tree.Kind.VARIABLE})) {
                VariableTree variableTree = (VariableTree) tree;
                if (variableTree.type().getSymbolType().is("javax.servlet.http.Cookie") && isConstructorInitialized(variableTree)) {
                    Symbol symbol = getSemanticModel().getSymbol(variableTree);
                    if (symbol.owner().getType().isTagged(12)) {
                        this.unsecuredCookies.add(symbol);
                        return;
                    }
                    return;
                }
                return;
            }
            if (tree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION})) {
                MethodInvocationTreeImpl methodInvocationTreeImpl = (MethodInvocationTreeImpl) tree;
                if (isSetSecureCall(methodInvocationTreeImpl) && methodInvocationTreeImpl.methodSelect().is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT})) {
                    MemberSelectExpressionTree methodSelect = methodInvocationTreeImpl.methodSelect();
                    if (methodSelect.expression().is(new Tree.Kind[]{Tree.Kind.IDENTIFIER})) {
                        this.unsecuredCookies.remove(getSemanticModel().getReference(methodSelect.expression()));
                    }
                }
            }
        }
    }

    private boolean isConstructorInitialized(VariableTree variableTree) {
        return variableTree.initializer() != null && variableTree.initializer().is(new Tree.Kind[]{Tree.Kind.NEW_CLASS});
    }

    private boolean isSetSecureCall(MethodInvocationTreeImpl methodInvocationTreeImpl) {
        Symbol symbol = methodInvocationTreeImpl.getSymbol();
        if (!(methodInvocationTreeImpl.arguments().size() == 1) || !isCallSiteCookie(symbol)) {
            return false;
        }
        LiteralTree literalTree = (ExpressionTree) methodInvocationTreeImpl.arguments().get(0);
        if (literalTree.is(new Tree.Kind[]{Tree.Kind.BOOLEAN_LITERAL}) && "false".equals(literalTree.value())) {
            return false;
        }
        return "setSecure".equals(getIdentifier(methodInvocationTreeImpl).name());
    }

    private boolean isCallSiteCookie(Symbol symbol) {
        return !symbol.isKind(64) && symbol.owner().getType().is("javax.servlet.http.Cookie");
    }

    private IdentifierTree getIdentifier(MethodInvocationTree methodInvocationTree) {
        return methodInvocationTree.methodSelect().is(new Tree.Kind[]{Tree.Kind.IDENTIFIER}) ? (IdentifierTree) methodInvocationTree.methodSelect() : methodInvocationTree.methodSelect().identifier();
    }
}
