package org.sonar.plugins.web.checks.scripting;

import java.lang.reflect.Method;
import java.util.List;
import javax.el.ELContext;
import javax.el.ELException;
import javax.el.ELResolver;
import javax.el.FunctionMapper;
import javax.el.VariableMapper;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.jboss.el.lang.ExpressionBuilder;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.plugins.web.checks.AbstractPageCheck;
import org.sonar.plugins.web.node.Attribute;
import org.sonar.plugins.web.node.Node;
import org.sonar.plugins.web.node.TagNode;

@Rule(key = "UnifiedExpressionCheck", priority = Priority.BLOCKER)
/* loaded from: input_file:org/sonar/plugins/web/checks/scripting/UnifiedExpressionCheck.class */
public class UnifiedExpressionCheck extends AbstractPageCheck {
    private static final String DEFAULT_FUNCTIONS = "";
    private static final String[] JSTL_FUNCTIONS = {"contains", "containsIgnoreCase", "endsWith", "escapeXml", "indexOf", "join", "length", "replace", "split", "startsWith", "substring", "substringAfter", "substringBefore", "toLowerCase", "toUpperCase", "trim"};

    @RuleProperty(key = "functions", defaultValue = DEFAULT_FUNCTIONS)
    public String functions = DEFAULT_FUNCTIONS;
    private String[] functionsArray;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/plugins/web/checks/scripting/UnifiedExpressionCheck$ExpressionLanguageContext.class */
    public class ExpressionLanguageContext extends ELContext {
        private final TagNode element;

        public ExpressionLanguageContext(TagNode tagNode) {
            this.element = tagNode;
        }

        @Override // javax.el.ELContext
        public ELResolver getELResolver() {
            return null;
        }

        @Override // javax.el.ELContext
        public FunctionMapper getFunctionMapper() {
            if (UnifiedExpressionCheck.this.functions.isEmpty()) {
                return null;
            }
            return new FunctionMapper() { // from class: org.sonar.plugins.web.checks.scripting.UnifiedExpressionCheck.ExpressionLanguageContext.1
                @Override // javax.el.FunctionMapper
                public Method resolveFunction(String str, String str2) {
                    if (ArrayUtils.contains(UnifiedExpressionCheck.JSTL_FUNCTIONS, str2) || ArrayUtils.contains(UnifiedExpressionCheck.this.functionsArray, str2)) {
                        return null;
                    }
                    UnifiedExpressionCheck.this.createViolation(ExpressionLanguageContext.this.element.getStartLinePosition(), "Unknown function: " + str2);
                    return null;
                }
            };
        }

        @Override // javax.el.ELContext
        public VariableMapper getVariableMapper() {
            return null;
        }
    }

    @Override // org.sonar.plugins.web.visitor.DefaultNodeVisitor
    public void startDocument(List<Node> list) {
        this.functionsArray = StringUtils.stripAll(StringUtils.split(this.functions, ","));
    }

    @Override // org.sonar.plugins.web.visitor.DefaultNodeVisitor
    public void startElement(TagNode tagNode) {
        for (Attribute attribute : tagNode.getAttributes()) {
            String value = attribute.getValue();
            if (value != null) {
                String trim = value.trim();
                if (trim.length() > 0 && isUnifiedExpression(trim)) {
                    validateExpression(tagNode, attribute);
                }
            }
        }
    }

    private void validateExpression(TagNode tagNode, Attribute attribute) {
        try {
            new ExpressionBuilder(attribute.getValue(), new ExpressionLanguageContext(tagNode)).createValueExpression(Object.class);
        } catch (ELException e) {
            if (e.getMessage().startsWith("Error")) {
                createViolation(tagNode.getStartLinePosition(), "This expression is not valid. " + (e.getMessage() == null ? DEFAULT_FUNCTIONS : e.getMessage()));
            }
        }
    }
}
