package org.sonar.jproperties.checks;

import java.util.regex.Pattern;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.jproperties.api.tree.KeyTree;
import org.sonar.plugins.jproperties.api.visitors.DoubleDispatchVisitorCheck;
import org.sonar.squidbridge.annotations.ActivatedByDefault;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;

@Rule(key = "S2068", name = "Credentials should not be hard-coded", priority = Priority.CRITICAL, tags = {"security", "cwe", "owasp-a2", "sans-top25-porous"})
@SqaleConstantRemediation("30min")
@ActivatedByDefault
/* loaded from: input_file:org/sonar/jproperties/checks/HardCodedCredentialsCheck.class */
public class HardCodedCredentialsCheck extends DoubleDispatchVisitorCheck {
    private static final Pattern HARD_CODED_USERNAME = Pattern.compile(".*(login|username).*", 2);
    private static final Pattern HARD_CODED_PASSWORD = Pattern.compile(".*(password|passwd|pwd).*", 2);

    @Override // org.sonar.plugins.jproperties.api.visitors.DoubleDispatchVisitor
    public void visitKey(KeyTree keyTree) {
        if (HARD_CODED_USERNAME.matcher(keyTree.text()).matches()) {
            addPreciseIssue(keyTree, "Remove this hard-coded username.");
        }
        if (HARD_CODED_PASSWORD.matcher(keyTree.text()).matches()) {
            addPreciseIssue(keyTree, "Remove this hard-coded password.");
        }
    }
}
