package org.sonar.iac.terraform.checks;

import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.ExpressionTree;
import org.sonar.iac.terraform.checks.utils.ExpressionPredicate;
import org.sonar.iac.terraform.symbols.AttributeSymbol;
import org.sonar.iac.terraform.symbols.BlockSymbol;

@Rule(key = "S6413")
/* loaded from: input_file:org/sonar/iac/terraform/checks/ShortLogRetentionCheck.class */
public class ShortLogRetentionCheck extends AbstractNewResourceCheck {
    private static final String MESSAGE = "Make sure that defining a short log retention duration is safe here.";
    private static final int FALLBACK_DEFAULT = 30;
    private static final int MIN_DEFAULT = 14;

    @RuleProperty(key = "minimum_log_retention_days", defaultValue = "14")
    int minimumLogRetentionDays = MIN_DEFAULT;

    @Override // org.sonar.iac.terraform.checks.AbstractNewResourceCheck
    protected void registerResourceConsumer() {
        register(List.of("google_logging_project_bucket_config", "google_logging_billing_account_bucket_config", "google_logging_organization_bucket_config", "google_logging_folder_bucket_config"), resourceSymbol -> {
            if (!resourceSymbol.attribute("retention_days").reportIf(lessThanMinimumOrFallback(), MESSAGE, new SecondaryLocation[0]).isAbsent() || FALLBACK_DEFAULT >= this.minimumLogRetentionDays) {
                return;
            }
            resourceSymbol.report(MESSAGE, new SecondaryLocation[0]);
        });
        register(List.of("azurerm_mssql_server_extended_auditing_policy", "azurerm_mssql_database_extended_auditing_policy"), resourceSymbol2 -> {
            resourceSymbol2.consume(this::checkRetentionInDays);
        });
        register("azurerm_app_service", resourceSymbol3 -> {
            BlockSymbol block = resourceSymbol3.block("logs");
            Set.of(block.block("http_logs").block("azure_blob_storage"), block.block("http_logs").block("file_system"), block.block("application_logs").block("azure_blob_storage")).forEach(blockSymbol -> {
                blockSymbol.consume(this::checkRetentionInDays);
            });
        });
        register("azurerm_firewall_policy", resourceSymbol4 -> {
            resourceSymbol4.block("insights").consume(this::checkRetentionInDays);
        });
        register(Set.of("azurerm_monitor_log_profile", "azurerm_network_watcher_flow_log"), resourceSymbol5 -> {
            BlockSymbol block = resourceSymbol5.block("retention_policy");
            AttributeSymbol attribute = block.attribute("enabled");
            if (attribute.is(ExpressionPredicate.isFalse())) {
                attribute.report("Make sure that disabling retention policy is safe here.", new SecondaryLocation[0]);
            } else {
                block.attribute("days").reportIf(lessThanMinimumButNotZero(), MESSAGE, new SecondaryLocation[0]);
            }
        });
        register(List.of("azurerm_sql_server", "azurerm_mysql_server", "azurerm_postgresql_server"), resourceSymbol6 -> {
            resourceSymbol6.block("threat_detection_policy").attribute("retention_days").reportIf(lessThanMinimumButNotZero(), MESSAGE, new SecondaryLocation[0]);
        });
    }

    private void checkRetentionInDays(BlockSymbol blockSymbol) {
        blockSymbol.attribute("retention_in_days").reportIf(lessThanMinimumButNotZero(), MESSAGE, new SecondaryLocation[0]);
    }

    private Predicate<ExpressionTree> lessThanMinimumButNotZero() {
        return ExpressionPredicate.lessThan(this.minimumLogRetentionDays).and(ExpressionPredicate.notEqualTo("0"));
    }

    private Predicate<ExpressionTree> lessThanMinimumOrFallback() {
        return expressionTree -> {
            return TextUtils.getIntValue(expressionTree).map(num -> {
                return Integer.valueOf(num.intValue() == 0 ? FALLBACK_DEFAULT : num.intValue());
            }).filter(num2 -> {
                return num2.intValue() < this.minimumLogRetentionDays;
            }).isPresent();
        };
    }
}
