package org.sonar.iac.terraform.checks;

import java.util.Optional;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.SecondaryLocation;
import org.sonar.iac.common.checks.PropertyUtils;
import org.sonar.iac.common.checks.TextUtils;
import org.sonar.iac.terraform.api.tree.AttributeTree;
import org.sonar.iac.terraform.api.tree.BlockTree;
import org.sonar.iac.terraform.api.tree.ExpressionTree;
import org.sonar.iac.terraform.api.tree.LabelTree;
import org.sonar.iac.terraform.api.tree.ObjectElementTree;
import org.sonar.iac.terraform.api.tree.TerraformTree;

@Rule(key = "S6252")
/* loaded from: input_file:org/sonar/iac/terraform/checks/UnversionedS3BucketCheck.class */
public class UnversionedS3BucketCheck extends AbstractResourceCheck {
    private static final String MESSAGE = "Make sure using %s S3 bucket is safe here.";
    private static final String OMITTING_MESSAGE = "Omitting \"versioning\" disables S3 bucket versioning. Make sure it is safe here.";
    private static final String UNVERSIONED_MSG = "unversioned";
    private static final String SUSPENDED_MSG = "suspended versioned";
    private static final String SECONDARY_MESSAGE = "Related bucket";

    @Override // org.sonar.iac.terraform.checks.AbstractResourceCheck
    protected void registerResourceChecks() {
        register(UnversionedS3BucketCheck::checkBucket, "aws_s3_bucket");
    }

    private static void checkBucket(CheckContext checkContext, BlockTree blockTree) {
        LabelTree labelTree = blockTree.labels().get(0);
        Optional optional = PropertyUtils.get(blockTree, "versioning", BlockTree.class);
        optional.ifPresent(blockTree2 -> {
            checkBlock(checkContext, labelTree, blockTree2);
        });
        Optional optional2 = PropertyUtils.get(blockTree, "versioning", AttributeTree.class);
        optional2.ifPresent(attributeTree -> {
            checkAttribute(checkContext, labelTree, attributeTree);
        });
        if (optional.isEmpty() && optional2.isEmpty()) {
            reportResource(checkContext, blockTree, OMITTING_MESSAGE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkBlock(CheckContext checkContext, LabelTree labelTree, BlockTree blockTree) {
        Optional optional = PropertyUtils.get(blockTree, "enabled", AttributeTree.class);
        if (optional.isPresent()) {
            checkSuspendedVersioning(checkContext, labelTree, (TerraformTree) optional.get(), ((AttributeTree) optional.get()).mo0value());
        } else {
            checkContext.reportIssue(blockTree.mo4key(), String.format(MESSAGE, UNVERSIONED_MSG), new SecondaryLocation(labelTree, SECONDARY_MESSAGE));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkAttribute(CheckContext checkContext, LabelTree labelTree, AttributeTree attributeTree) {
        if (attributeTree.mo0value().is(TerraformTree.Kind.OBJECT)) {
            Optional optional = PropertyUtils.get(attributeTree.mo0value(), "enabled", ObjectElementTree.class);
            if (optional.isPresent()) {
                checkSuspendedVersioning(checkContext, labelTree, (TerraformTree) optional.get(), ((ObjectElementTree) optional.get()).mo2value());
            } else {
                checkContext.reportIssue(attributeTree.mo4key(), String.format(MESSAGE, UNVERSIONED_MSG), new SecondaryLocation(labelTree, SECONDARY_MESSAGE));
            }
        }
    }

    private static void checkSuspendedVersioning(CheckContext checkContext, LabelTree labelTree, TerraformTree terraformTree, ExpressionTree expressionTree) {
        if (TextUtils.isValueFalse(expressionTree)) {
            checkContext.reportIssue(terraformTree, String.format(MESSAGE, SUSPENDED_MSG), new SecondaryLocation(labelTree, SECONDARY_MESSAGE));
        }
    }
}
