package org.sonar.iac.terraform.checks;

import java.util.List;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.policy.Policy;
import org.sonar.iac.common.checks.policy.PolicyValidator;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.checks.utils.PolicyUtils;

@Rule(key = "S6304")
/* loaded from: input_file:org/sonar/iac/terraform/checks/ResourceAccessPolicyCheck.class */
public class ResourceAccessPolicyCheck extends AbstractResourceCheck {
    private static final String MESSAGE = "Make sure granting access to all resources is safe here.";
    private static final String EFFECT_MESSAGE = "Related effect";
    private static final String ACTION_MESSAGE = "Related action";

    @Override // org.sonar.iac.terraform.checks.AbstractResourceCheck
    protected void checkResource(CheckContext checkContext, BlockTree blockTree) {
        if (isResource(blockTree, "aws_kms_key")) {
            return;
        }
        PolicyUtils.getPolicies(blockTree).forEach(policy -> {
            checkInsecurePolicy(checkContext, policy);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkInsecurePolicy(CheckContext checkContext, Policy policy) {
        PolicyValidator.findInsecureStatements(policy).forEach(insecureStatement -> {
            checkContext.reportIssue(insecureStatement.resource, MESSAGE, List.of(new SecondaryLocation(insecureStatement.effect, EFFECT_MESSAGE), new SecondaryLocation(insecureStatement.action, ACTION_MESSAGE)));
        });
    }
}
