package com.h3xstream.findsecbugs;

import com.h3xstream.findsecbugs.common.StringTracer;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/CommandInjectionDetector.class */
public class CommandInjectionDetector extends OpcodeStackDetector {
    private static final String COMMAND_INJECTION_TYPE = "COMMAND_INJECTION";
    private BugReporter bugReporter;

    public CommandInjectionDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.bcel.OpcodeStackDetector, edu.umd.cs.findbugs.visitclass.DismantleBytecode
    public void sawOpcode(int i) {
        if (i == 182 && getClassConstantOperand().equals("java/lang/Runtime") && getNameConstantOperand().equals("exec")) {
            if (StringTracer.isVariableString(this.stack.getStackItem(0))) {
                this.bugReporter.reportBug(new BugInstance(this, COMMAND_INJECTION_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString("Runtime.exec(...)"));
            }
        } else if (i == 182 && getClassConstantOperand().equals("java/lang/ProcessBuilder") && getNameConstantOperand().equals("command") && StringTracer.hasVariableString(this.stack)) {
            this.bugReporter.reportBug(new BugInstance(this, COMMAND_INJECTION_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString("ProcessBuilder.command(...)"));
        }
    }
}
