package org.sonar.java.checks.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.stream.Stream;
import javax.annotation.CheckForNull;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ConstantUtils;
import org.sonar.java.checks.helpers.IdentifierUtils;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.matcher.TypeCriteria;
import org.sonar.java.model.LiteralUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.JavaFileScannerContext;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.Type;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.ReturnStatementTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;

@Rule(key = "S3330")
/* loaded from: input_file:org/sonar/java/checks/security/CookieHttpOnlyCheck.class */
public class CookieHttpOnlyCheck extends IssuableSubscriptionVisitor {
    private final List<Symbol.VariableSymbol> compliantConstructorInitializations = Lists.newArrayList();
    private final List<Symbol.VariableSymbol> ignoredVariables = Lists.newArrayList();
    private final List<Symbol.VariableSymbol> variablesToReport = Lists.newArrayList();
    private final List<MethodInvocationTree> settersToReport = Lists.newArrayList();
    private final List<NewClassTree> newClassToReport = Lists.newArrayList();
    private static final String CONSTRUCTOR = "<init>";
    private static final String JAVA_UTIL_DATE = "java.util.Date";
    private static final String MESSAGE = "Add the \"HttpOnly\" cookie attribute.";
    private static final int COOKIE_NAME_ARGUMENT = 0;
    private static final List<String> IGNORED_COOKIE_NAMES = ImmutableList.of("csrf", "xsrf");
    private static final List<String> SETTER_NAMES = Arrays.asList("setHttpOnly", "withHttpOnly");
    private static final List<String> CLASSES = Arrays.asList("javax.servlet.http.Cookie", "java.net.HttpCookie", "javax.ws.rs.core.Cookie", "org.apache.shiro.web.servlet.SimpleCookie", "play.mvc.Http$Cookie", "play.mvc.Http$CookieBuilder");
    private static final MethodMatcher PLAY_COOKIE_BUILDER = MethodMatcher.create().typeDefinition("play.mvc.Http$Cookie").name("builder").withAnyParameters();
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String INT = "int";
    private static final String BOOLEAN = "boolean";
    private static final List<MethodMatcher> CONSTRUCTORS_WITH_HTTP_ONLY_PARAM = Arrays.asList(MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("javax.ws.rs.core.NewCookie")).name("<init>").parameters("javax.ws.rs.core.Cookie", JAVA_LANG_STRING, INT, "java.util.Date", BOOLEAN, BOOLEAN), MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("javax.ws.rs.core.NewCookie")).name("<init>").parameters(JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, JAVA_LANG_STRING, INT, "java.util.Date", BOOLEAN, BOOLEAN), MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("javax.ws.rs.core.NewCookie")).name("<init>").parameters(JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, JAVA_LANG_STRING, INT, BOOLEAN, BOOLEAN), MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("play.mvc.Http$Cookie")).name("<init>").parameters(JAVA_LANG_STRING, JAVA_LANG_STRING, "java.lang.Integer", JAVA_LANG_STRING, JAVA_LANG_STRING, BOOLEAN, BOOLEAN));
    private static final List<MethodMatcher> CONSTRUCTORS_WITH_GOOD_DEFAULT = Arrays.asList(MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("org.apache.shiro.web.servlet.SimpleCookie")).name("<init>").withoutParameter(), MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("org.apache.shiro.web.servlet.SimpleCookie")).name("<init>").parameters(JAVA_LANG_STRING));

    /* loaded from: input_file:org/sonar/java/checks/security/CookieHttpOnlyCheck$ClassName.class */
    private static final class ClassName {
        private static final String SERVLET_COOKIE = "javax.servlet.http.Cookie";
        private static final String NET_HTTP_COOKIE = "java.net.HttpCookie";
        private static final String JAX_RS_COOKIE = "javax.ws.rs.core.Cookie";
        private static final String JAX_RS_NEW_COOKIE = "javax.ws.rs.core.NewCookie";
        private static final String SHIRO_COOKIE = "org.apache.shiro.web.servlet.SimpleCookie";
        private static final String PLAY_COOKIE = "play.mvc.Http$Cookie";
        private static final String PLAY_COOKIE_BUILDER = "play.mvc.Http$CookieBuilder";

        private ClassName() {
        }
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor, org.sonar.plugins.java.api.JavaFileScanner
    public void scanFile(JavaFileScannerContext javaFileScannerContext) {
        this.compliantConstructorInitializations.clear();
        this.ignoredVariables.clear();
        this.variablesToReport.clear();
        this.settersToReport.clear();
        this.newClassToReport.clear();
        super.scanFile(javaFileScannerContext);
        Iterator<Symbol.VariableSymbol> it = this.variablesToReport.iterator();
        while (it.hasNext()) {
            VariableTree declaration = it.next().declaration();
            if (declaration != null) {
                reportIssue(declaration.simpleName(), MESSAGE);
            }
        }
        Iterator<MethodInvocationTree> it2 = this.settersToReport.iterator();
        while (it2.hasNext()) {
            reportIssue(it2.next().arguments(), MESSAGE);
        }
        Iterator<NewClassTree> it3 = this.newClassToReport.iterator();
        while (it3.hasNext()) {
            reportIssue(it3.next(), MESSAGE);
        }
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.VARIABLE, Tree.Kind.ASSIGNMENT, Tree.Kind.METHOD_INVOCATION, Tree.Kind.RETURN_STATEMENT);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        if (hasSemantic()) {
            if (tree.is(Tree.Kind.VARIABLE)) {
                checkVariableDeclaration((VariableTree) tree);
                return;
            }
            if (tree.is(Tree.Kind.ASSIGNMENT)) {
                checkAssignment((AssignmentExpressionTree) tree);
            } else if (tree.is(Tree.Kind.METHOD_INVOCATION)) {
                checkSetterInvocation((MethodInvocationTree) tree);
            } else {
                categorizeBasedOnConstructor((ReturnStatementTree) tree);
            }
        }
    }

    private void checkAssignment(AssignmentExpressionTree assignmentExpressionTree) {
        checkCookieBuilder(assignmentExpressionTree);
        if (shouldVerify(assignmentExpressionTree)) {
            categorizeBasedOnConstructor((NewClassTree) assignmentExpressionTree.expression(), (Symbol.VariableSymbol) ((IdentifierTree) assignmentExpressionTree.variable()).symbol());
        }
    }

    private void checkVariableDeclaration(VariableTree variableTree) {
        checkCookieBuilder(variableTree);
        if (shouldVerify(variableTree)) {
            categorizeBasedOnConstructor((NewClassTree) variableTree.initializer(), (Symbol.VariableSymbol) variableTree.symbol());
        }
    }

    private void checkCookieBuilder(AssignmentExpressionTree assignmentExpressionTree) {
        if (assignmentExpressionTree.expression().is(Tree.Kind.METHOD_INVOCATION)) {
            if (assignmentExpressionTree.variable().is(Tree.Kind.IDENTIFIER) || assignmentExpressionTree.variable().is(Tree.Kind.MEMBER_SELECT)) {
                MethodInvocationTree methodInvocationTree = (MethodInvocationTree) assignmentExpressionTree.expression();
                Symbol.VariableSymbol variableSymbol = getVariableSymbol(assignmentExpressionTree);
                if (variableSymbol != null) {
                    addToIgnoredVariables(variableSymbol, methodInvocationTree);
                }
            }
        }
    }

    @CheckForNull
    private static Symbol.VariableSymbol getVariableSymbol(AssignmentExpressionTree assignmentExpressionTree) {
        Symbol.VariableSymbol variableSymbol = null;
        if (assignmentExpressionTree.variable().is(Tree.Kind.IDENTIFIER)) {
            Symbol symbol = ((IdentifierTree) assignmentExpressionTree.variable()).symbol();
            if (symbol.isVariableSymbol()) {
                variableSymbol = (Symbol.VariableSymbol) symbol;
            }
        } else {
            MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) assignmentExpressionTree.variable();
            if (memberSelectExpressionTree.identifier().symbol().isVariableSymbol()) {
                variableSymbol = (Symbol.VariableSymbol) memberSelectExpressionTree.identifier().symbol();
            }
        }
        return variableSymbol;
    }

    private void addToIgnoredVariables(Symbol.VariableSymbol variableSymbol, MethodInvocationTree methodInvocationTree) {
        if (PLAY_COOKIE_BUILDER.matches(methodInvocationTree) && isIgnoredCookieName(methodInvocationTree.arguments())) {
            this.ignoredVariables.add(variableSymbol);
        }
    }

    private void checkCookieBuilder(VariableTree variableTree) {
        if (variableTree.initializer() == null || !variableTree.initializer().is(Tree.Kind.METHOD_INVOCATION)) {
            return;
        }
        addToIgnoredVariables((Symbol.VariableSymbol) variableTree.symbol(), (MethodInvocationTree) variableTree.initializer());
    }

    private void categorizeBasedOnConstructor(ReturnStatementTree returnStatementTree) {
        ExpressionTree expression = returnStatementTree.expression();
        if (expression == null || !expression.is(Tree.Kind.NEW_CLASS)) {
            return;
        }
        NewClassTree newClassTree = (NewClassTree) expression;
        if (isIgnoredCookieName(newClassTree.arguments()) || isCompliantConstructorCall(newClassTree)) {
            return;
        }
        Stream<String> stream = CLASSES.stream();
        Type symbolType = newClassTree.symbolType();
        Objects.requireNonNull(symbolType);
        if (stream.anyMatch(symbolType::isSubtypeOf)) {
            this.newClassToReport.add(newClassTree);
        }
    }

    private void categorizeBasedOnConstructor(NewClassTree newClassTree, Symbol.VariableSymbol variableSymbol) {
        if (isIgnoredCookieName(newClassTree.arguments())) {
            this.ignoredVariables.add(variableSymbol);
        } else if (isCompliantConstructorCall(newClassTree)) {
            this.compliantConstructorInitializations.add(variableSymbol);
        } else {
            this.variablesToReport.add(variableSymbol);
        }
    }

    private static boolean shouldVerify(VariableTree variableTree) {
        boolean z;
        ExpressionTree initializer = variableTree.initializer();
        if (initializer == null || !initializer.is(Tree.Kind.NEW_CLASS)) {
            return false;
        }
        Stream<String> stream = CLASSES.stream();
        Type symbolType = variableTree.type().symbolType();
        Objects.requireNonNull(symbolType);
        if (!stream.anyMatch(symbolType::isSubtypeOf)) {
            Stream<String> stream2 = CLASSES.stream();
            Type symbolType2 = initializer.symbolType();
            Objects.requireNonNull(symbolType2);
            if (!stream2.anyMatch(symbolType2::isSubtypeOf)) {
                z = false;
                return !variableTree.symbol().owner().isMethodSymbol() && z;
            }
        }
        z = true;
        if (variableTree.symbol().owner().isMethodSymbol()) {
        }
    }

    private static boolean shouldVerify(AssignmentExpressionTree assignmentExpressionTree) {
        boolean z;
        if (!assignmentExpressionTree.expression().is(Tree.Kind.NEW_CLASS) || !assignmentExpressionTree.variable().is(Tree.Kind.IDENTIFIER)) {
            return false;
        }
        IdentifierTree identifierTree = (IdentifierTree) assignmentExpressionTree.variable();
        boolean z2 = identifierTree.symbol().isVariableSymbol() && identifierTree.symbol().owner().isMethodSymbol();
        Stream<String> stream = CLASSES.stream();
        Type symbolType = identifierTree.symbolType();
        Objects.requireNonNull(symbolType);
        if (!stream.anyMatch(symbolType::isSubtypeOf)) {
            Stream<String> stream2 = CLASSES.stream();
            Type symbolType2 = assignmentExpressionTree.expression().symbolType();
            Objects.requireNonNull(symbolType2);
            if (!stream2.anyMatch(symbolType2::isSubtypeOf)) {
                z = false;
                return !z2 && z;
            }
        }
        z = true;
        if (z2) {
        }
    }

    private static boolean isCompliantConstructorCall(NewClassTree newClassTree) {
        if (!CONSTRUCTORS_WITH_HTTP_ONLY_PARAM.stream().anyMatch(methodMatcher -> {
            return methodMatcher.matches(newClassTree);
        })) {
            return CONSTRUCTORS_WITH_GOOD_DEFAULT.stream().anyMatch(methodMatcher2 -> {
                return methodMatcher2.matches(newClassTree);
            });
        }
        Arguments arguments = newClassTree.arguments();
        return LiteralUtils.isTrue((ExpressionTree) arguments.get(arguments.size() - 1));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isIgnoredCookieName(Arguments arguments) {
        String str;
        return (arguments.isEmpty() || (str = (String) IdentifierUtils.getValue((ExpressionTree) arguments.get(0), ConstantUtils::resolveAsStringConstant)) == null || !IGNORED_COOKIE_NAMES.stream().anyMatch(str2 -> {
            return str.toLowerCase(Locale.ENGLISH).contains(str2);
        })) ? false : true;
    }

    private void checkSetterInvocation(MethodInvocationTree methodInvocationTree) {
        if (isExpectedSetter(methodInvocationTree)) {
            if (!methodInvocationTree.methodSelect().is(Tree.Kind.MEMBER_SELECT)) {
                if (setterArgumentHasCompliantValue(methodInvocationTree.arguments())) {
                    return;
                }
                this.settersToReport.add(methodInvocationTree);
                return;
            }
            ExpressionTree expression = ((MemberSelectExpressionTree) methodInvocationTree.methodSelect()).expression();
            boolean is = expression.is(Tree.Kind.IDENTIFIER);
            boolean is2 = expression.is(Tree.Kind.MEMBER_SELECT);
            if (is || is2) {
                updateIssuesToReport(methodInvocationTree);
            } else {
                if (setterArgumentHasCompliantValue(methodInvocationTree.arguments())) {
                    return;
                }
                this.settersToReport.add(methodInvocationTree);
            }
        }
    }

    private static boolean isExpectedSetter(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.arguments().size() == 1 && methodInvocationTree.symbol().isMethodSymbol()) {
            Stream<String> stream = CLASSES.stream();
            Type type = methodInvocationTree.symbol().owner().type();
            Objects.requireNonNull(type);
            if (stream.anyMatch(type::isSubtypeOf) && SETTER_NAMES.contains(getIdentifier(methodInvocationTree).name()) && isIgnoredBuilder(methodInvocationTree)) {
                return true;
            }
        }
        return false;
    }

    private static boolean isIgnoredBuilder(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.symbol().owner().type().isSubtypeOf("play.mvc.Http$CookieBuilder")) {
            return getMethodChain(methodInvocationTree).filter(methodInvocationTree2 -> {
                return "builder".contains(getIdentifier(methodInvocationTree2).name());
            }).noneMatch(methodInvocationTree3 -> {
                return isIgnoredCookieName(methodInvocationTree3.arguments());
            });
        }
        return true;
    }

    private static Stream<MethodInvocationTree> getMethodChain(MethodInvocationTree methodInvocationTree) {
        if (methodInvocationTree.methodSelect().is(Tree.Kind.MEMBER_SELECT)) {
            ExpressionTree expression = ((MemberSelectExpressionTree) methodInvocationTree.methodSelect()).expression();
            if (expression.is(Tree.Kind.METHOD_INVOCATION)) {
                return Stream.concat(Stream.of(methodInvocationTree), getMethodChain((MethodInvocationTree) expression));
            }
        }
        return Stream.of(methodInvocationTree);
    }

    private void updateIssuesToReport(MethodInvocationTree methodInvocationTree) {
        MemberSelectExpressionTree memberSelectExpressionTree = (MemberSelectExpressionTree) methodInvocationTree.methodSelect();
        Symbol.VariableSymbol variableSymbol = memberSelectExpressionTree.expression().is(Tree.Kind.IDENTIFIER) ? (Symbol.VariableSymbol) ((IdentifierTree) memberSelectExpressionTree.expression()).symbol() : (Symbol.VariableSymbol) ((MemberSelectExpressionTree) memberSelectExpressionTree.expression()).identifier().symbol();
        if (this.ignoredVariables.contains(variableSymbol)) {
            return;
        }
        if (setterArgumentHasCompliantValue(methodInvocationTree.arguments())) {
            this.variablesToReport.remove(variableSymbol);
        } else if (this.compliantConstructorInitializations.contains(variableSymbol)) {
            this.variablesToReport.add(variableSymbol);
        } else {
            if (this.variablesToReport.contains(variableSymbol)) {
                return;
            }
            this.settersToReport.add(methodInvocationTree);
        }
    }

    private static boolean setterArgumentHasCompliantValue(Arguments arguments) {
        Boolean bool = (Boolean) IdentifierUtils.getValue((ExpressionTree) arguments.get(0), ConstantUtils::resolveAsBooleanConstant);
        return bool == null || bool.booleanValue();
    }

    private static IdentifierTree getIdentifier(MethodInvocationTree methodInvocationTree) {
        return methodInvocationTree.methodSelect().is(Tree.Kind.IDENTIFIER) ? (IdentifierTree) methodInvocationTree.methodSelect() : ((MemberSelectExpressionTree) methodInvocationTree.methodSelect()).identifier();
    }
}
