package org.sonar.java.checks.security;

import org.sonar.check.Rule;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5304")
/* loaded from: input_file:org/sonar/java/checks/security/EnvVariablesHotspotCheck.class */
public class EnvVariablesHotspotCheck extends AbstractMethodDetection {
    private static final MethodMatchers RUNTIME_EXEC = MethodMatchers.create().ofTypes(new String[]{"java.lang.Runtime"}).names(new String[]{"exec"}).withAnyParameters().build();

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{"java.lang.System"}).names(new String[]{"getenv"}).withAnyParameters().build(), MethodMatchers.create().ofTypes(new String[]{"java.lang.ProcessBuilder"}).names(new String[]{"environment"}).addWithoutParametersMatcher().build(), RUNTIME_EXEC});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        if (isRuntimeExecWithoutSettingEnv(methodInvocationTree)) {
            return;
        }
        reportIssue(methodInvocationTree, "Make sure that environment variables are used safely here.");
    }

    private static boolean isRuntimeExecWithoutSettingEnv(MethodInvocationTree methodInvocationTree) {
        return RUNTIME_EXEC.matches(methodInvocationTree) && (methodInvocationTree.arguments().size() < 2 || ((ExpressionTree) methodInvocationTree.arguments().get(1)).is(new Tree.Kind[]{Tree.Kind.NULL_LITERAL}));
    }
}
