package com.h3xstream.findsecbugs.jsp;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.CHECKCAST;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LoadInstruction;
import org.apache.bcel.generic.StoreInstruction;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/jsp/JspXssDetector.class */
public class JspXssDetector implements Detector {
    private static final String XSS_JSP_PRINT = "XSS_JSP_PRINT";
    private static final String XSS_SERVLET = "XSS_SERVLET";
    private static final boolean DEBUG = false;
    private BugReporter bugReporter;

    public JspXssDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        for (Method method : classContext.getJavaClass().getMethods()) {
            try {
                analyzeMethod(method, classContext);
            } catch (CFGBuilderException e) {
            } catch (DataflowAnalysisException e2) {
            }
        }
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(method);
        HashSet hashSet = new HashSet();
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Instruction instruction = nextLocation(locationIterator, constantPoolGen).getHandle().getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                if ("javax.servlet.http.HttpServletRequest".equals(invokeInstruction.getClassName(constantPoolGen)) && ("getAttribute".equals(invokeInstruction.getMethodName(constantPoolGen)) || "getParameter".equals(invokeInstruction.getMethodName(constantPoolGen)))) {
                    while (true) {
                        Location nextLocation = nextLocation(locationIterator, constantPoolGen);
                        if (nextLocation != null) {
                            Instruction instruction2 = nextLocation.getHandle().getInstruction();
                            if (!(instruction2 instanceof CHECKCAST)) {
                                if (instruction2 instanceof StoreInstruction) {
                                    hashSet.add(Integer.valueOf(((StoreInstruction) instruction2).getIndex()));
                                }
                            }
                        }
                    }
                }
            } else if (instruction instanceof LoadInstruction) {
                if (hashSet.contains(Integer.valueOf(((LoadInstruction) instruction).getIndex()))) {
                    Location next = locationIterator.next();
                    Instruction instruction3 = next.getHandle().getInstruction();
                    if (instruction3 instanceof InvokeInstruction) {
                        InvokeInstruction invokeInstruction2 = (InvokeInstruction) instruction3;
                        if ("javax.servlet.jsp.JspWriter".equals(invokeInstruction2.getClassName(constantPoolGen)) && "print".equals(invokeInstruction2.getMethodName(constantPoolGen))) {
                            JavaClass javaClass = classContext.getJavaClass();
                            this.bugReporter.reportBug(new BugInstance(this, XSS_JSP_PRINT, 1).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, next));
                        } else if ("java.io.PrintWriter".equals(invokeInstruction2.getClassName(constantPoolGen)) && "write".equals(invokeInstruction2.getMethodName(constantPoolGen))) {
                            JavaClass javaClass2 = classContext.getJavaClass();
                            this.bugReporter.reportBug(new BugInstance(this, XSS_SERVLET, 1).addClass(javaClass2).addMethod(javaClass2, method).addSourceLine(classContext, method, next));
                        }
                    } else if (instruction3 instanceof CHECKCAST) {
                        instruction3 = locationIterator.next().getHandle().getInstruction();
                    }
                    if (instruction3 instanceof StoreInstruction) {
                        hashSet.add(Integer.valueOf(((StoreInstruction) instruction3).getIndex()));
                    }
                }
            } else if (instruction instanceof StoreInstruction) {
                int index = ((StoreInstruction) instruction).getIndex();
                if (hashSet.contains(Integer.valueOf(index))) {
                    hashSet.remove(Integer.valueOf(index));
                }
            }
        }
    }

    private Location nextLocation(Iterator<Location> it, ConstantPoolGen constantPoolGen) {
        return it.next();
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }
}
