package org.sonar.java.checks.security;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.checks.methods.AbstractMethodDetection;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;

@Rule(key = "S2115")
/* loaded from: input_file:org/sonar/java/checks/security/EmptyDatabasePasswordCheck.class */
public class EmptyDatabasePasswordCheck extends AbstractMethodDetection {
    private static final String MESSAGE = "Add password protection to this database.";
    private static final int PASSWORD_ARGUMENT = 2;
    private static final int URL_ARGUMENT = 0;
    private static final Pattern EMPTY_PASSWORD_PATTERN = Pattern.compile(".*password\\s*=\\s*([&;\\)].*|$)");
    private static final Pattern URL_PATTERN = Pattern.compile("(jdbc:mysql://[^:]*:?(?<password>.*)@.*)|(jdbc:oracle:[^:]*:?.*/(?<password2>.*)@.*)");

    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    protected MethodMatchers getMethodInvocationMatchers() {
        return MethodMatchers.create().ofTypes("java.sql.DriverManager").names("getConnection").withAnyParameters().build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonar.java.checks.methods.AbstractMethodDetection
    public void onMethodInvocationFound(MethodInvocationTree methodInvocationTree) {
        Arguments arguments = methodInvocationTree.arguments();
        if (arguments.size() > 2) {
            checkEmptyValue(methodInvocationTree, (ExpressionTree) arguments.get(2));
        }
        if (arguments.size() == 1) {
            checkUrlContainsEmptyPassword(methodInvocationTree);
        }
    }

    private void checkEmptyValue(MethodInvocationTree methodInvocationTree, ExpressionTree expressionTree) {
        ExpressionsHelper.ValueResolution<String> constantValueAsString = ExpressionsHelper.getConstantValueAsString(expressionTree, "Empty password value.");
        String value = constantValueAsString.value();
        if (value == null || !value.trim().isEmpty()) {
            return;
        }
        reportIssue(methodInvocationTree, MESSAGE, constantValueAsString.valuePath(), null);
    }

    private void checkUrlContainsEmptyPassword(MethodInvocationTree methodInvocationTree) {
        ExpressionsHelper.ValueResolution<String> constantValueAsString = ExpressionsHelper.getConstantValueAsString((ExpressionTree) methodInvocationTree.arguments().get(0), "URL containing the empty password.");
        String value = constantValueAsString.value();
        if (value == null || !urlContainsEmptyPassword(value)) {
            return;
        }
        reportIssue(methodInvocationTree, MESSAGE, constantValueAsString.valuePath(), null);
    }

    private static boolean urlContainsEmptyPassword(String str) {
        Matcher matcher = URL_PATTERN.matcher(str);
        if (!matcher.matches()) {
            return EMPTY_PASSWORD_PATTERN.matcher(str).matches() || !str.contains("password=");
        }
        String group = matcher.group("password");
        String group2 = matcher.group("password2");
        return (group != null && group.trim().isEmpty()) || (group2 != null && group2.trim().isEmpty());
    }
}
