package edu.umd.cs.findbugs.detect;

import edu.umd.cs.findbugs.BugAccumulator;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.OpcodeStack;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.StringAnnotation;
import edu.umd.cs.findbugs.ba.XMethod;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.bcel.Constants;
import org.apache.bcel.classfile.Code;

/* loaded from: input_file:META-INF/lib/findbugs-2.0.2.jar:edu/umd/cs/findbugs/detect/CrossSiteScripting.class */
public class CrossSiteScripting extends OpcodeStackDetector {
    final BugReporter bugReporter;
    final BugAccumulator accumulator;
    Map<String, OpcodeStack.Item> map = new HashMap();
    OpcodeStack.Item top = null;
    Pattern xmlSafe = Pattern.compile("\\p{Alnum}+");
    OpcodeStack.Item replaceTop = null;
    boolean isPlainText;
    static final /* synthetic */ boolean $assertionsDisabled;

    public CrossSiteScripting(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
        this.accumulator = new BugAccumulator(bugReporter);
    }

    @Override // edu.umd.cs.findbugs.visitclass.DismantleBytecode, edu.umd.cs.findbugs.visitclass.BetterVisitor
    public void visit(Code code) {
        this.isPlainText = false;
        super.visit(code);
        this.map.clear();
        this.accumulator.reportAccumulatedBugs();
    }

    private void annotateAndReport(BugInstance bugInstance, OpcodeStack.Item item) {
        if (!$assertionsDisabled && !item.isServletParameterTainted()) {
            throw new AssertionError();
        }
        String httpParameterName = item.getHttpParameterName();
        int injectionPC = item.getInjectionPC();
        if (httpParameterName != null && this.xmlSafe.matcher(httpParameterName).matches()) {
            bugInstance.addString(httpParameterName).describe(StringAnnotation.PARAMETER_NAME_ROLE);
        }
        SourceLineAnnotation fromVisitedInstruction = SourceLineAnnotation.fromVisitedInstruction(this);
        if (injectionPC >= 0) {
            SourceLineAnnotation fromVisitedInstruction2 = SourceLineAnnotation.fromVisitedInstruction(this, injectionPC);
            if (fromVisitedInstruction.getStartLine() != fromVisitedInstruction2.getStartLine()) {
                bugInstance.add(fromVisitedInstruction2).describe(SourceLineAnnotation.ROLE_GENERATED_AT);
            }
        }
        bugInstance.addOptionalLocalVariable(this, item);
        this.accumulator.accumulateBug(bugInstance, this);
    }

    @Override // edu.umd.cs.findbugs.bcel.OpcodeStackDetector, edu.umd.cs.findbugs.visitclass.DismantleBytecode
    public void sawOpcode(int i) {
        if (this.replaceTop != null) {
            this.stack.replaceTop(this.replaceTop);
            this.replaceTop = null;
        }
        OpcodeStack.Item item = this.top;
        this.top = null;
        if (i == 183) {
            String classConstantOperand = getClassConstantOperand();
            String nameConstantOperand = getNameConstantOperand();
            String sigConstantOperand = getSigConstantOperand();
            if (classConstantOperand.startsWith("java/io/File") && sigConstantOperand.equals("(Ljava/lang/String;)V")) {
                OpcodeStack.Item stackItem = this.stack.getStackItem(0);
                if (isTainted(stackItem)) {
                    annotateAndReport(new BugInstance(this, taintPriority(stackItem) == 1 ? "PT_ABSOLUTE_PATH_TRAVERSAL" : "PT_RELATIVE_PATH_TRAVERSAL", 2).addClassAndMethod(this).addCalledMethod(this), stackItem);
                }
            }
            if (classConstantOperand.equals("javax/servlet/http/Cookie") && nameConstantOperand.equals(Constants.CONSTRUCTOR_NAME) && sigConstantOperand.equals("(Ljava/lang/String;Ljava/lang/String;)V")) {
                OpcodeStack.Item stackItem2 = this.stack.getStackItem(0);
                OpcodeStack.Item stackItem3 = this.stack.getStackItem(1);
                if (stackItem2.isServletParameterTainted() || stackItem3.isServletParameterTainted()) {
                    annotateAndReport(new BugInstance(this, "HRS_REQUEST_PARAMETER_TO_COOKIE", Math.min(taintPriority(stackItem2), taintPriority(stackItem3))).addClassAndMethod(this), stackItem2.isServletParameterTainted() ? stackItem2 : stackItem3);
                    return;
                }
                return;
            }
            return;
        }
        if (i != 185) {
            if (i != 182 || this.isPlainText) {
                return;
            }
            String classConstantOperand2 = getClassConstantOperand();
            String nameConstantOperand2 = getNameConstantOperand();
            String sigConstantOperand2 = getSigConstantOperand();
            if ((nameConstantOperand2.startsWith("print") || nameConstantOperand2.equals("write")) && classConstantOperand2.equals("javax/servlet/jsp/JspWriter") && (sigConstantOperand2.equals("(Ljava/lang/Object;)V") || sigConstantOperand2.equals("(Ljava/lang/String;)V"))) {
                OpcodeStack.Item stackItem4 = this.stack.getStackItem(0);
                if (isTainted(stackItem4)) {
                    annotateAndReport(new BugInstance(this, "XSS_REQUEST_PARAMETER_TO_JSP_WRITER", taintPriority(stackItem4)).addClassAndMethod(this), stackItem4);
                    return;
                } else {
                    if (isTainted(item)) {
                        annotateAndReport(new BugInstance(this, "XSS_REQUEST_PARAMETER_TO_JSP_WRITER", 2).addClassAndMethod(this), item);
                        return;
                    }
                    return;
                }
            }
            if (classConstantOperand2.startsWith("java/io/") && classConstantOperand2.endsWith("Writer")) {
                if (nameConstantOperand2.startsWith("print") || nameConstantOperand2.startsWith("write")) {
                    if (sigConstantOperand2.equals("(Ljava/lang/Object;)V") || sigConstantOperand2.equals("(Ljava/lang/String;)V")) {
                        OpcodeStack.Item stackItem5 = this.stack.getStackItem(0);
                        OpcodeStack.Item stackItem6 = this.stack.getStackItem(1);
                        if (isTainted(stackItem5) && stackItem6.isServletWriter()) {
                            annotateAndReport(new BugInstance(this, "XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER", taintPriority(stackItem5)).addClassAndMethod(this), stackItem5);
                            return;
                        } else {
                            if (isTainted(item) && stackItem6.isServletWriter()) {
                                annotateAndReport(new BugInstance(this, "XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER", 2).addClassAndMethod(this), stackItem5);
                                return;
                            }
                            return;
                        }
                    }
                    return;
                }
                return;
            }
            return;
        }
        String classConstantOperand3 = getClassConstantOperand();
        String nameConstantOperand3 = getNameConstantOperand();
        String sigConstantOperand3 = getSigConstantOperand();
        if (classConstantOperand3.equals("javax/servlet/http/HttpServletResponse") && nameConstantOperand3.equals("setContentType")) {
            if ("text/plain".equals(this.stack.getStackItem(0).getConstant())) {
                this.isPlainText = true;
                return;
            }
            return;
        }
        if (classConstantOperand3.equals("javax/servlet/http/HttpSession") && nameConstantOperand3.equals("setAttribute")) {
            OpcodeStack.Item stackItem7 = this.stack.getStackItem(0);
            Object constant = this.stack.getStackItem(1).getConstant();
            if (constant instanceof String) {
                this.map.put((String) constant, stackItem7);
                return;
            }
            return;
        }
        if (classConstantOperand3.equals("javax/servlet/http/HttpSession") && nameConstantOperand3.equals("getAttribute")) {
            Object constant2 = this.stack.getStackItem(0).getConstant();
            if (constant2 instanceof String) {
                this.top = this.map.get(constant2);
                if (isTainted(this.top)) {
                    this.replaceTop = this.top;
                    return;
                }
                return;
            }
            return;
        }
        if (classConstantOperand3.equals("javax/servlet/http/HttpServletResponse")) {
            if ((nameConstantOperand3.startsWith("send") || nameConstantOperand3.endsWith("Header")) && sigConstantOperand3.endsWith("Ljava/lang/String;)V")) {
                OpcodeStack.Item stackItem8 = this.stack.getStackItem(0);
                if (isTainted(stackItem8)) {
                    if (nameConstantOperand3.equals("sendError")) {
                        annotateAndReport(new BugInstance(this, "XSS_REQUEST_PARAMETER_TO_SEND_ERROR", taintPriority(stackItem8)).addClassAndMethod(this), stackItem8);
                    } else {
                        annotateAndReport(new BugInstance(this, "HRS_REQUEST_PARAMETER_TO_HTTP_HEADER", taintPriority(stackItem8)).addClassAndMethod(this), stackItem8);
                    }
                }
            }
        }
    }

    private boolean isTainted(OpcodeStack.Item item) {
        if (item == null) {
            return false;
        }
        return item.isServletParameterTainted();
    }

    private boolean isDirectTaint(OpcodeStack.Item item) {
        XMethod returnValueOf;
        if (item == null || !item.isServletParameterTainted() || (returnValueOf = item.getReturnValueOf()) == null || !returnValueOf.getName().equals("getParameter")) {
            return false;
        }
        String className = returnValueOf.getClassName();
        return className.equals("javax/servlet/http/HttpServletRequest") || className.equals("javax/servlet/http/ServletRequest");
    }

    private int taintPriority(OpcodeStack.Item item) {
        XMethod returnValueOf;
        return (item != null && (returnValueOf = item.getReturnValueOf()) != null && returnValueOf.getName().equals("getParameter") && returnValueOf.getClassName().equals("javax.servlet.http.HttpServletRequest")) ? 1 : 2;
    }

    static {
        $assertionsDisabled = !CrossSiteScripting.class.desiredAssertionStatus();
    }
}
