package com.h3xstream.findsecbugs.xpath;

import com.h3xstream.findsecbugs.common.StringTracer;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/xpath/XPathInjectionJavaxDetector.class */
public class XPathInjectionJavaxDetector extends OpcodeStackDetector {
    private static final String XPATH_INJECTION_TYPE = "XPATH_INJECTION";
    private BugReporter bugReporter;

    public XPathInjectionJavaxDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.bcel.OpcodeStackDetector, edu.umd.cs.findbugs.visitclass.DismantleBytecode
    public void sawOpcode(int i) {
        if (i == 185 && getClassConstantOperand().equals("javax/xml/xpath/XPath")) {
            if (getNameConstantOperand().equals("compile") && getSigConstantOperand().equals("(Ljava/lang/String;)Ljavax/xml/xpath/XPathExpression;")) {
                if (StringTracer.isVariableString(this.stack.getStackItem(0))) {
                    this.bugReporter.reportBug(new BugInstance(this, XPATH_INJECTION_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString("XPath.compile()"));
                }
            } else if (getNameConstantOperand().equals("evaluate") && getSigConstantOperand().equals("(Ljava/lang/String;Ljava/lang/Object;)Ljava/lang/String;") && StringTracer.isVariableString(this.stack.getStackItem(0))) {
                this.bugReporter.reportBug(new BugInstance(this, XPATH_INJECTION_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString("XPath.evaluate()"));
            }
        }
    }
}
