package org.sonar.java.checks;

import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.tree.AnnotationTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S5122")
/* loaded from: input_file:org/sonar/java/checks/CORSCheck.class */
public class CORSCheck extends IssuableSubscriptionVisitor {
    private static final MethodMatcher SET_HEADER_MATCHER = MethodMatcher.create().typeDefinition("javax.servlet.http.HttpServletResponse").name("setHeader").withAnyParameters();
    private static final Set<String> HTTP_HEADERS = new HashSet(Arrays.asList("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "Access-Control-Expose-Headers", "Access-Control-Max-Age", "Access-Control-Allow-Methods", "Access-Control-Allow-Headers"));

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.ANNOTATION);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (tree.is(Tree.Kind.METHOD_INVOCATION) && SET_HEADER_MATCHER.matches((MethodInvocationTree) tree)) {
            MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
            if (HTTP_HEADERS.contains(ConstantUtils.resolveAsStringConstant((ExpressionTree) methodInvocationTree.arguments().get(0)))) {
                reportTree(methodInvocationTree.methodSelect());
                return;
            }
            return;
        }
        if (tree.is(Tree.Kind.ANNOTATION) && ((AnnotationTree) tree).symbolType().is("org.springframework.web.bind.annotation.CrossOrigin")) {
            reportTree(((AnnotationTree) tree).annotationType());
        }
    }

    private void reportTree(Tree tree) {
        reportIssue(tree, "Make sure that enabling CORS is safe here.");
    }
}
