package org.sonar.plugins.web.checks.scripting;

import java.util.Iterator;
import ognl.Ognl;
import ognl.OgnlException;
import org.apache.commons.lang.StringUtils;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.plugins.web.checks.AbstractPageCheck;
import org.sonar.plugins.web.node.Attribute;
import org.sonar.plugins.web.node.TagNode;

@Rule(key = "OGNLExpressionCheck", priority = Priority.BLOCKER)
/* loaded from: input_file:org/sonar/plugins/web/checks/scripting/OGNLExpressionCheck.class */
public class OGNLExpressionCheck extends AbstractPageCheck {
    @Override // org.sonar.plugins.web.visitor.DefaultNodeVisitor
    public void startElement(TagNode tagNode) {
        Iterator<Attribute> it = tagNode.getAttributes().iterator();
        while (it.hasNext()) {
            String value = it.next().getValue();
            if (value != null) {
                parseAndValidate(tagNode, value);
            }
        }
    }

    private void parseAndValidate(TagNode tagNode, String str) {
        for (int i = 0; i + 1 < str.length(); i++) {
            if ((str.charAt(i) == '%' || str.charAt(i) == '#') && str.charAt(i + 1) == '{') {
                validateExpression(tagNode, extractExpression(str, i));
            }
        }
    }

    private String extractExpression(String str, int i) {
        char c;
        StringBuilder sb = new StringBuilder();
        int i2 = 0;
        char[] charArray = StringUtils.substring(str, i + 2).toCharArray();
        int length = charArray.length;
        for (int i3 = 0; i3 < length && ((c = charArray[i3]) != '}' || i2 != 0); i3++) {
            if (c == '{') {
                i2++;
            } else if (c == '}') {
                i2--;
            }
            sb.append(c);
        }
        return sb.toString();
    }

    private void validateExpression(TagNode tagNode, String str) {
        try {
            Ognl.parseExpression(str);
        } catch (OgnlException e) {
            createViolation(tagNode.getStartLinePosition(), "This OGNL expression is not valid. " + (e.getMessage() == null ? "" : e.getMessage()));
        }
    }
}
