package org.sonar.java.checks;

import com.google.common.collect.ImmutableList;
import java.util.List;
import java.util.regex.Pattern;
import org.sonar.check.BelongsToProfile;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.LiteralTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S2068", priority = Priority.CRITICAL, tags = {"cwe", "owasp-top10", "sans-top25-2011", "security"})
@BelongsToProfile(title = "Sonar way", priority = Priority.CRITICAL)
/* loaded from: input_file:org/sonar/java/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends SubscriptionBaseVisitor {
    private static final Pattern PASSWORD_LITERAL_PATTERN = Pattern.compile("password=..", 2);
    private static final Pattern PASSWORD_VARIABLE_PATTERN = Pattern.compile("password", 2);

    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.STRING_LITERAL, Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT);
    }

    public void visitNode(Tree tree) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL})) {
            if (PASSWORD_LITERAL_PATTERN.matcher(((LiteralTree) tree).value()).find()) {
                addIssue(tree);
            }
        } else {
            if (tree.is(new Tree.Kind[]{Tree.Kind.VARIABLE})) {
                VariableTree variableTree = (VariableTree) tree;
                if (isStringLiteral(variableTree.initializer()) && isPasswordVariableName(variableTree.simpleName())) {
                    addIssue(tree);
                    return;
                }
                return;
            }
            AssignmentExpressionTree assignmentExpressionTree = (AssignmentExpressionTree) tree;
            if (isStringLiteral(assignmentExpressionTree.expression()) && isPasswordVariable(assignmentExpressionTree.variable())) {
                addIssue(tree);
            }
        }
    }

    private boolean isStringLiteral(ExpressionTree expressionTree) {
        return expressionTree != null && expressionTree.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL});
    }

    private boolean isPasswordVariableName(IdentifierTree identifierTree) {
        return PASSWORD_VARIABLE_PATTERN.matcher(identifierTree.name()).find();
    }

    private boolean isPasswordVariable(ExpressionTree expressionTree) {
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.MEMBER_SELECT})) {
            return isPasswordVariableName(((MemberSelectExpressionTree) expressionTree).identifier());
        }
        if (expressionTree.is(new Tree.Kind[]{Tree.Kind.IDENTIFIER})) {
            return isPasswordVariableName((IdentifierTree) expressionTree);
        }
        return false;
    }

    private void addIssue(Tree tree) {
        addIssue(tree, "Remove this hard-coded password.");
    }
}
