package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.List;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.matcher.MethodMatcherCollection;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.AnnotationTree;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S4784")
/* loaded from: input_file:org/sonar/java/checks/security/RegexHotspotCheck.class */
public class RegexHotspotCheck extends IssuableSubscriptionVisitor {
    private static final String MESSAGE = "Make sure that using a regular expression is safe here.";
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final MethodMatcherCollection REGEX_HOTSPOTS = MethodMatcherCollection.create(new MethodMatcher[]{MethodMatcher.create().typeDefinition(JAVA_LANG_STRING).name("matches").addParameter(JAVA_LANG_STRING), MethodMatcher.create().typeDefinition(JAVA_LANG_STRING).name("replaceAll").withAnyParameters(), MethodMatcher.create().typeDefinition(JAVA_LANG_STRING).name("replaceFirst").withAnyParameters(), MethodMatcher.create().typeDefinition("java.util.regex.Pattern").name("compile").withAnyParameters(), MethodMatcher.create().typeDefinition("java.util.regex.Pattern").name("matches").withAnyParameters()});
    private static final List<String> HOTSPOT_ANNOTATION_TYPES = Arrays.asList("javax.validation.constraints.Pattern", "javax.validation.constraints.Email", "org.hibernate.validator.constraints.URL");

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.ANNOTATION);
    }

    public void visitNode(Tree tree) {
        if (hasSemantic()) {
            if (!tree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION})) {
                AnnotationTree annotationTree = (AnnotationTree) tree;
                if (HOTSPOT_ANNOTATION_TYPES.stream().anyMatch(str -> {
                    return annotationTree.annotationType().symbolType().is(str);
                })) {
                    annotationTree.arguments().stream().filter(RegexHotspotCheck::isRegexpParameter).findFirst().ifPresent(expressionTree -> {
                        reportIssue(expressionTree, MESSAGE);
                    });
                    return;
                }
                return;
            }
            if (REGEX_HOTSPOTS.anyMatch((MethodInvocationTree) tree)) {
                Arguments arguments = ((MethodInvocationTree) tree).arguments();
                if (arguments.isEmpty() || !isSuspiciousRegex((ExpressionTree) arguments.get(0))) {
                    return;
                }
                reportIssue((Tree) arguments.get(0), MESSAGE);
            }
        }
    }

    private static boolean isRegexpParameter(ExpressionTree expressionTree) {
        if (!expressionTree.is(new Tree.Kind[]{Tree.Kind.ASSIGNMENT}) || !((AssignmentExpressionTree) expressionTree).variable().is(new Tree.Kind[]{Tree.Kind.IDENTIFIER})) {
            return false;
        }
        AssignmentExpressionTree assignmentExpressionTree = (AssignmentExpressionTree) expressionTree;
        return assignmentExpressionTree.variable().name().equals("regexp") && isSuspiciousRegex(assignmentExpressionTree.expression());
    }

    private static boolean isSuspiciousRegex(ExpressionTree expressionTree) {
        String value = ExpressionsHelper.getConstantValueAsString(expressionTree).value();
        return value != null && value.length() > 2 && value.length() - value.replaceAll("[*+{]", "").length() > 1;
    }
}
