package org.sonar.java.checks;

import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.Type;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.squidbridge.annotations.ActivatedByDefault;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;
import org.sonar.squidbridge.annotations.Tags;

@SqaleSubCharacteristic("INPUT_VALIDATION_AND_REPRESENTATION")
@Rule(key = "S2077", name = "Values passed to SQL commands should be sanitized", tags = {Tags.CWE, "hibernate", "injection", Tags.OWASP_TOP10, "sans-top25", Tags.SECURITY, Tags.SQL}, priority = Priority.CRITICAL)
@ActivatedByDefault
@SqaleConstantRemediation("20min")
/* loaded from: input_file:META-INF/lib/java-checks-3.1.jar:org/sonar/java/checks/SQLInjectionCheck.class */
public class SQLInjectionCheck extends AbstractInjectionChecker {
    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        boolean isHibernateCall = isHibernateCall(methodInvocationTree);
        if (isHibernateCall(methodInvocationTree) || isExecuteQueryOrPrepareStatement(methodInvocationTree)) {
            ExpressionTree expressionTree = methodInvocationTree.arguments().get(0);
            this.parameterName = "";
            if (isDynamicString(methodInvocationTree, expressionTree, null, true)) {
                String str = "\"" + this.parameterName + "\" is provided externally to the method and not sanitized before use.";
                if (isHibernateCall) {
                    str = "Use Hibernate's parameter binding instead of concatenation.";
                }
                addIssue(methodInvocationTree, str);
            }
        }
    }

    private boolean isExecuteQueryOrPrepareStatement(MethodInvocationTree methodInvocationTree) {
        if (!methodInvocationTree.methodSelect().is(Tree.Kind.MEMBER_SELECT)) {
            return false;
        }
        MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) methodInvocationTree.methodSelect();
        return !methodInvocationTree.arguments().isEmpty() && (isMethodCall("java.sql.Statement", "executeQuery", memberSelectExpressionTree) || isMethodCall("java.sql.Connection", "prepareStatement", memberSelectExpressionTree) || isMethodCall("java.sql.Connection", "prepareCall", memberSelectExpressionTree));
    }

    private boolean isHibernateCall(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.methodSelect().is(Tree.Kind.MEMBER_SELECT)) {
            return !methodInvocationTree.arguments().isEmpty() && isMethodCall("org.hibernate.Session", "createQuery", (MemberSelectExpressionTree) methodInvocationTree.methodSelect());
        }
        return false;
    }

    private boolean isMethodCall(String str, String str2, MemberSelectExpressionTree memberSelectExpressionTree) {
        return str2.equals(memberSelectExpressionTree.identifier().name()) && isInvokedOnType(str, memberSelectExpressionTree.expression());
    }

    private boolean isInvokedOnType(String str, ExpressionTree expressionTree) {
        Type symbolType = expressionTree.symbolType();
        if (symbolType.isClass()) {
            return str.equals(symbolType.fullyQualifiedName()) || checkInterfaces(str, symbolType.symbol());
        }
        return false;
    }

    private boolean checkInterfaces(String str, Symbol.TypeSymbol typeSymbol) {
        for (Type type : typeSymbol.interfaces()) {
            if (str.equals(type.fullyQualifiedName()) || checkInterfaces(str, type.symbol())) {
                return true;
            }
        }
        return false;
    }
}
