package org.sonar.java.se.checks;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.apache.jasper.compiler.TagConstants;
import org.apache.xerces.impl.Constants;
import org.sonar.check.Rule;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.se.CheckerContext;
import org.sonar.java.se.FlowComputation;
import org.sonar.java.se.ProgramState;
import org.sonar.java.se.checks.XxeProperty;
import org.sonar.java.se.constraint.BooleanConstraint;
import org.sonar.java.se.constraint.Constraint;
import org.sonar.java.se.constraint.ConstraintManager;
import org.sonar.java.se.constraint.ConstraintsByDomain;
import org.sonar.java.se.constraint.ObjectConstraint;
import org.sonar.java.se.symbolicvalues.SymbolicValue;
import org.sonar.plugins.java.api.JavaVersion;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.tree.Arguments;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;
import org.sonarsource.analyzer.commons.collections.MapBuilder;

@Rule(key = "S2755")
/* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck.class */
public class XxeProcessingCheck extends SECheck {
    private static final String BOOLEAN = "boolean";
    private static final String JAVA_LANG_STRING = "java.lang.String";
    private static final String XML_INPUT_FACTORY = "javax.xml.stream.XMLInputFactory";
    private static final String NEW_INSTANCE = "newInstance";
    private static final MethodMatchers XML_INPUT_FACTORY_NEW_INSTANCE = MethodMatchers.create().ofTypes(XML_INPUT_FACTORY).names(NEW_INSTANCE, "newFactory").withAnyParameters().build();
    private static final String DOCUMENT_BUILDER_FACTORY = "javax.xml.parsers.DocumentBuilderFactory";
    private static final MethodMatchers DOCUMENT_BUILDER_FACTORY_NEW_INSTANCE = MethodMatchers.create().ofTypes(DOCUMENT_BUILDER_FACTORY).names(NEW_INSTANCE).withAnyParameters().build();
    private static final MethodMatchers SET_EXPAND_ENTITY_REFERENCE = MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY).names("setExpandEntityReferences").addParametersMatcher("boolean").build();
    private static final String SAX_PARSER_FACTORY = "javax.xml.parsers.SAXParserFactory";
    private static final MethodMatchers SAX_PARSER_FACTORY_NEW_INSTANCE = MethodMatchers.create().ofTypes(SAX_PARSER_FACTORY).names(NEW_INSTANCE).withAnyParameters().build();
    private static final MethodMatchers SET_X_INCLUDE_AWARE = MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY, SAX_PARSER_FACTORY).names("setXIncludeAware").addParametersMatcher("boolean").build();
    private static final MethodMatchers SET_VALIDATING = MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY, SAX_PARSER_FACTORY).names("setValidating").addParametersMatcher("boolean").build();
    private static final String SCHEMA_FACTORY = "javax.xml.validation.SchemaFactory";
    private static final MethodMatchers SCHEMA_FACTORY_NEW_INSTANCE = MethodMatchers.create().ofTypes(SCHEMA_FACTORY).names(NEW_INSTANCE).withAnyParameters().build();
    private static final String TRANSFORMER_FACTORY = "javax.xml.transform.TransformerFactory";
    private static final MethodMatchers TRANSFORMER_FACTORY_NEW_INSTANCE = MethodMatchers.create().ofSubTypes(TRANSFORMER_FACTORY).names(NEW_INSTANCE).withAnyParameters().build();
    private static final MethodMatchers CREATE_XML_READER = MethodMatchers.create().ofTypes("org.xml.sax.helpers.XMLReaderFactory").names("createXMLReader").withAnyParameters().build();
    private static final String SAX_BUILDER = "org.jdom2.input.SAXBuilder";
    private static final MethodMatchers SAX_BUILDER_CONSTRUCTOR = MethodMatchers.create().ofTypes(SAX_BUILDER).constructor().withAnyParameters().build();
    private static final String SAX_READER = "org.dom4j.io.SAXReader";
    private static final MethodMatchers SAX_READER_CONSTRUCTOR = MethodMatchers.create().ofTypes(SAX_READER).constructor().withAnyParameters().build();
    protected static final MethodMatchers NEW_DOCUMENT_BUILDER = MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY).names("newDocumentBuilder").addWithoutParametersMatcher().build();
    private static final Map<MethodMatchers, Predicate<ConstraintsByDomain>> CONDITIONS_FOR_SECURED_BY_TYPE = MapBuilder.newMap().put(XML_INPUT_FACTORY_NEW_INSTANCE, constraintsByDomain -> {
        return (constraintsByDomain.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain.hasConstraint(XxeProperty.AttributeSchema.SECURED)) || constraintsByDomain.hasConstraint(XxeProperty.FeatureSupportDtd.SECURED) || constraintsByDomain.hasConstraint(XxeProperty.FeatureIsSupportingExternalEntities.SECURED) || constraintsByDomain.hasConstraint(XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
    }).put(DOCUMENT_BUILDER_FACTORY_NEW_INSTANCE, XxeProcessingCheck::documentBuilderFactoryIsSecured).put(SAX_PARSER_FACTORY_NEW_INSTANCE, constraintsByDomain2 -> {
        return (constraintsByDomain2.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain2.hasConstraint(XxeProperty.AttributeSchema.SECURED)) || constraintsByDomain2.hasConstraint(XxeProperty.FeatureDisallowDoctypeDecl.SECURED) || constraintsByDomain2.hasConstraint(XxeProperty.FeatureExternalGeneralEntities.SECURED);
    }).put(SCHEMA_FACTORY_NEW_INSTANCE, constraintsByDomain3 -> {
        return constraintsByDomain3.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain3.hasConstraint(XxeProperty.AttributeSchema.SECURED);
    }).put(TRANSFORMER_FACTORY_NEW_INSTANCE, constraintsByDomain4 -> {
        return constraintsByDomain4.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain4.hasConstraint(XxeProperty.AttributeStyleSheet.SECURED);
    }).put(CREATE_XML_READER, constraintsByDomain5 -> {
        return (constraintsByDomain5.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain5.hasConstraint(XxeProperty.AttributeSchema.SECURED)) || constraintsByDomain5.hasConstraint(XxeProperty.FeatureDisallowDoctypeDecl.SECURED) || constraintsByDomain5.hasConstraint(XxeProperty.FeatureExternalGeneralEntities.SECURED) || constraintsByDomain5.hasConstraint(XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
    }).build();
    private static final Map<MethodMatchers, Predicate<ConstraintsByDomain>> CONDITIONS_FOR_SECURED_BY_TYPE_NEW_CLASS = MapBuilder.newMap().put(SAX_BUILDER_CONSTRUCTOR, constraintsByDomain -> {
        return (constraintsByDomain.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain.hasConstraint(XxeProperty.AttributeSchema.SECURED)) || constraintsByDomain.hasConstraint(XxeProperty.FeatureDisallowDoctypeDecl.SECURED) || constraintsByDomain.hasConstraint(XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
    }).put(SAX_READER_CONSTRUCTOR, constraintsByDomain2 -> {
        return constraintsByDomain2.hasConstraint(XxeProperty.FeatureDisallowDoctypeDecl.SECURED) || constraintsByDomain2.hasConstraint(XxeProperty.FeatureExternalGeneralEntities.SECURED) || constraintsByDomain2.hasConstraint(XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
    }).build();
    private static final String JAVA_LANG_OBJECT = "java.lang.Object";
    private static final String SAX_PARSER = "javax.xml.parsers.SAXParser";
    private static final String VALIDATOR = "javax.xml.validation.Validator";
    private static final String XML_READER = "org.xml.sax.XMLReader";
    private static final MethodMatchers FEATURES_AND_PROPERTIES_SETTERS = MethodMatchers.or(MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY, TRANSFORMER_FACTORY).names("setAttribute").addParametersMatcher("java.lang.String", JAVA_LANG_OBJECT).build(), MethodMatchers.create().ofSubTypes(XML_INPUT_FACTORY, SAX_PARSER, SCHEMA_FACTORY, VALIDATOR, XML_READER, SAX_BUILDER).names(TagConstants.SET_PROPERTY_ACTION).addParametersMatcher("java.lang.String", JAVA_LANG_OBJECT).build(), MethodMatchers.create().ofSubTypes(DOCUMENT_BUILDER_FACTORY, SAX_PARSER_FACTORY, TRANSFORMER_FACTORY, SCHEMA_FACTORY, XML_READER, SAX_BUILDER, SAX_READER).names("setFeature").addParametersMatcher("java.lang.String", "boolean").build());
    private static final String DOCUMENT_BUILDER = "javax.xml.parsers.DocumentBuilder";
    private static final MethodMatchers ENTITY_RESOLVER_SETTERS = MethodMatchers.or(MethodMatchers.create().ofSubTypes(XML_READER, SAX_BUILDER, SAX_READER, DOCUMENT_BUILDER).names("setEntityResolver").addParametersMatcher("*").build(), MethodMatchers.create().ofSubTypes(XML_INPUT_FACTORY).names("setXMLResolver").addParametersMatcher("*").build());
    private static final MethodMatchers TRANSFERRING_METHOD_CALLS = MethodMatchers.or(MethodMatchers.create().ofTypes(SAX_PARSER_FACTORY).names("newSAXParser").withAnyParameters().build(), MethodMatchers.create().ofTypes(SCHEMA_FACTORY).names("newSchema").withAnyParameters().build(), MethodMatchers.create().ofTypes("javax.xml.validation.Schema").names("newValidator").withAnyParameters().build(), MethodMatchers.create().ofTypes(SAX_PARSER).names("getXMLReader").withAnyParameters().build(), NEW_DOCUMENT_BUILDER);
    protected static final MethodMatchers PARSING_METHODS = MethodMatchers.or(MethodMatchers.create().ofSubTypes(SAX_PARSER, XML_READER, DOCUMENT_BUILDER).names("parse").withAnyParameters().build(), MethodMatchers.create().ofSubTypes(TRANSFORMER_FACTORY).names("newTransformer").withAnyParameters().build(), MethodMatchers.create().ofSubTypes(XML_INPUT_FACTORY).name(str -> {
        return str.startsWith("create");
    }).withAnyParameters().build(), MethodMatchers.create().ofSubTypes(VALIDATOR).names(Constants.DOM_VALIDATE).withAnyParameters().build(), MethodMatchers.create().ofSubTypes(SAX_BUILDER).names("build").withAnyParameters().build(), MethodMatchers.create().ofSubTypes(SAX_READER).names("read").withAnyParameters().build());
    private static final List<? extends XxeProperty> PROPERTIES_TO_CHECK = Stream.of((Object[]) new Enum[]{XxeProperty.FeatureSupportDtd.values(), XxeProperty.FeatureIsSupportingExternalEntities.values(), XxeProperty.FeatureDisallowDoctypeDecl.values(), XxeProperty.FeatureExternalGeneralEntities.values(), XxeProperty.FeatureLoadExternalDtd.values(), XxeProperty.FeatureSecureProcessing.values(), XxeProperty.FeatureXInclude.values(), XxeProperty.AttributeDTD.values(), XxeProperty.AttributeSchema.values(), XxeProperty.AttributeStyleSheet.values()}).flatMap((v0) -> {
        return Stream.of(v0);
    }).toList();
    private static final List<Class<? extends Constraint>> FLOW_CONSTRAINT_DOMAIN = Arrays.asList(XxeProperty.AttributeDTD.class, XxeProperty.AttributeSchema.class, XxeProperty.AttributeStyleSheet.class);

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$PostStatementVisitor.class */
    private static class PostStatementVisitor extends CheckerTreeNodeVisitor {
        private PostStatementVisitor(CheckerContext checkerContext) {
            super(checkerContext.getState());
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitNewClass(NewClassTree newClassTree) {
            SymbolicValue peekValue = this.programState.peekValue();
            if (peekValue == null || !XxeProcessingCheck.CONDITIONS_FOR_SECURED_BY_TYPE_NEW_CLASS.keySet().stream().anyMatch(methodMatchers -> {
                return methodMatchers.matches(newClassTree);
            })) {
                return;
            }
            this.programState = this.programState.addConstraint(peekValue, XxeSensitive.SENSITIVE);
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            SymbolicValue peekValue = this.programState.peekValue();
            if (peekValue == null || !XxeProcessingCheck.CONDITIONS_FOR_SECURED_BY_TYPE.keySet().stream().anyMatch(methodMatchers -> {
                return methodMatchers.matches(methodInvocationTree);
            })) {
                return;
            }
            this.programState = this.programState.addConstraint(peekValue, XxeSensitive.SENSITIVE);
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitAssignmentExpression(AssignmentExpressionTree assignmentExpressionTree) {
            ProgramState.SymbolicValueSymbol peekValueSymbol = this.programState.peekValueSymbol();
            Symbol symbol = peekValueSymbol.symbol();
            SymbolicValue symbolicValue = peekValueSymbol.symbolicValue();
            if (symbol != null && (symbolicValue instanceof XxeSymbolicValue)) {
                ((XxeSymbolicValue) symbolicValue).setField(ProgramState.isField(symbol));
            }
            this.programState = XxeProcessingCheck.addNamedConstraint(assignmentExpressionTree.expression(), this.programState);
        }
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$PreStatementVisitor.class */
    private class PreStatementVisitor extends CheckerTreeNodeVisitor {
        private final ConstraintManager constraintManager;
        private final CheckerContext context;
        private final boolean canSecureWithSetExpandEntityReferences;

        private PreStatementVisitor(CheckerContext checkerContext) {
            super(checkerContext.getState());
            this.constraintManager = checkerContext.getConstraintManager();
            this.context = checkerContext;
            JavaVersion javaVersion = checkerContext.getScannerContext().getJavaVersion();
            this.canSecureWithSetExpandEntityReferences = javaVersion.isNotSet() || javaVersion.asInt() >= 13;
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitNewClass(NewClassTree newClassTree) {
            for (Map.Entry<MethodMatchers, Predicate<ConstraintsByDomain>> entry : XxeProcessingCheck.CONDITIONS_FOR_SECURED_BY_TYPE_NEW_CLASS.entrySet()) {
                if (entry.getKey().matches(newClassTree)) {
                    this.constraintManager.setValueFactory(() -> {
                        return new XxeSymbolicValue(newClassTree.identifier(), (Predicate) entry.getValue());
                    });
                    return;
                }
            }
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitVariable(VariableTree variableTree) {
            this.programState = XxeProcessingCheck.addNamedConstraint(variableTree.initializer(), this.programState);
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitMethodInvocation(MethodInvocationTree methodInvocationTree) {
            Iterator<Map.Entry<MethodMatchers, Predicate<ConstraintsByDomain>>> it = XxeProcessingCheck.CONDITIONS_FOR_SECURED_BY_TYPE.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry<MethodMatchers, Predicate<ConstraintsByDomain>> next = it.next();
                if (next.getKey().matches(methodInvocationTree)) {
                    this.constraintManager.setValueFactory(() -> {
                        return new XxeSymbolicValue(ExpressionUtils.methodName(methodInvocationTree), (Predicate) next.getValue());
                    });
                    break;
                }
            }
            if (XxeProcessingCheck.TRANSFERRING_METHOD_CALLS.matches(methodInvocationTree)) {
                this.constraintManager.setValueFactory(() -> {
                    return this.programState.peekValue(methodInvocationTree.arguments().size());
                });
            } else if (XxeProcessingCheck.FEATURES_AND_PROPERTIES_SETTERS.matches(methodInvocationTree)) {
                Arguments arguments = methodInvocationTree.arguments();
                Iterator<? extends XxeProperty> it2 = XxeProcessingCheck.PROPERTIES_TO_CHECK.iterator();
                while (it2.hasNext()) {
                    this.programState = checkArguments(this.programState, arguments, it2.next());
                }
            } else if (XxeProcessingCheck.ENTITY_RESOLVER_SETTERS.matches(methodInvocationTree)) {
                handleEntityResolver(methodInvocationTree);
            } else if (XxeProcessingCheck.SET_X_INCLUDE_AWARE.matches(methodInvocationTree)) {
                handleBooleanConstraintFromFirstArgument(methodInvocationTree, BooleanConstraint.TRUE, XmlSetXIncludeAware.ENABLE, XmlSetXIncludeAware.class);
            } else if (XxeProcessingCheck.SET_VALIDATING.matches(methodInvocationTree)) {
                handleBooleanConstraintFromFirstArgument(methodInvocationTree, BooleanConstraint.TRUE, XmlSetValidating.ENABLE, XmlSetValidating.class);
            } else if (this.canSecureWithSetExpandEntityReferences && XxeProcessingCheck.SET_EXPAND_ENTITY_REFERENCE.matches(methodInvocationTree)) {
                handleBooleanConstraintFromFirstArgument(methodInvocationTree, BooleanConstraint.FALSE, XxeSetExpandEntity.DISABLE, XxeSetExpandEntity.class);
            }
            if (XxeProcessingCheck.PARSING_METHODS.matches(methodInvocationTree)) {
                SymbolicValue peekValue = this.programState.peekValue(methodInvocationTree.arguments().size());
                if (peekValue instanceof XxeSymbolicValue) {
                    XxeSymbolicValue xxeSymbolicValue = (XxeSymbolicValue) peekValue;
                    XxeProcessingCheck.this.reportIfNotSecured(this.context, xxeSymbolicValue, this.programState.getConstraints(xxeSymbolicValue));
                }
            }
        }

        private void handleBooleanConstraintFromFirstArgument(MethodInvocationTree methodInvocationTree, BooleanConstraint booleanConstraint, Constraint constraint, Class<? extends Constraint> cls) {
            SymbolicValue peekValue = this.programState.peekValue(methodInvocationTree.arguments().size());
            if (this.programState.getConstraint(this.programState.peekValue(0), BooleanConstraint.class) == booleanConstraint) {
                this.programState = this.programState.addConstraint(peekValue, constraint);
            } else {
                this.programState = this.programState.removeConstraintsOnDomain(peekValue, cls);
            }
        }

        private void handleEntityResolver(MethodInvocationTree methodInvocationTree) {
            SymbolicValue peekValue = this.programState.peekValue(methodInvocationTree.arguments().size());
            if (this.programState.getConstraint(this.programState.peekValue(0), ObjectConstraint.class) == ObjectConstraint.NULL) {
                this.programState = this.programState.removeConstraintsOnDomain(peekValue, XxeEntityResolver.class);
            } else {
                this.programState = this.programState.addConstraint(peekValue, XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
            }
        }

        private ProgramState checkArguments(ProgramState programState, Arguments arguments, XxeProperty xxeProperty) {
            if (isSettingProperty(programState, (ExpressionTree) arguments.get(0), xxeProperty)) {
                SymbolicValue peekValue = programState.peekValue();
                ExpressionTree expressionTree = (ExpressionTree) arguments.get(1);
                if (xxeProperty.isSecuring(peekValue, expressionTree)) {
                    return programState.addConstraint(programState.peekValue(2), xxeProperty.securedConstraint());
                }
                if (xxeProperty.isUnsecuring(peekValue, expressionTree)) {
                    return programState.addConstraint(programState.peekValue(2), xxeProperty.unsecuredConstraint());
                }
            }
            return programState;
        }

        boolean isSettingProperty(ProgramState programState, ExpressionTree expressionTree, XxeProperty xxeProperty) {
            Optional asConstant = expressionTree.asConstant(String.class);
            Objects.requireNonNull(xxeProperty);
            if (asConstant.filter(xxeProperty::isNamed).isPresent()) {
                return true;
            }
            ConstraintsByDomain constraints = programState.getConstraints(programState.peekValue(1));
            return constraints != null && constraints.hasConstraint(xxeProperty.namedConstraint());
        }
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XmlSetValidating.class */
    protected enum XmlSetValidating implements Constraint {
        ENABLE
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XmlSetXIncludeAware.class */
    protected enum XmlSetXIncludeAware implements Constraint {
        ENABLE
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XxeEntityResolver.class */
    public enum XxeEntityResolver implements Constraint {
        CUSTOM_ENTITY_RESOLVER
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XxeSensitive.class */
    private enum XxeSensitive implements Constraint {
        SENSITIVE
    }

    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XxeSetExpandEntity.class */
    protected enum XxeSetExpandEntity implements Constraint {
        DISABLE
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/sonar/java/se/checks/XxeProcessingCheck$XxeSymbolicValue.class */
    public static class XxeSymbolicValue extends SymbolicValue {
        protected final Tree init;
        private final Predicate<ConstraintsByDomain> conditionForSecured;
        protected boolean isField = false;

        private XxeSymbolicValue(Tree tree, Predicate<ConstraintsByDomain> predicate) {
            this.init = tree;
            this.conditionForSecured = predicate;
        }

        @Override // org.sonar.java.se.symbolicvalues.SymbolicValue
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            XxeSymbolicValue xxeSymbolicValue = (XxeSymbolicValue) obj;
            return this.isField == xxeSymbolicValue.isField && this.init.equals(xxeSymbolicValue.init) && this.conditionForSecured.equals(xxeSymbolicValue.conditionForSecured);
        }

        @Override // org.sonar.java.se.symbolicvalues.SymbolicValue
        public int hashCode() {
            return Objects.hash(Integer.valueOf(super.hashCode()), this.init, this.conditionForSecured, Boolean.valueOf(this.isField));
        }

        public void setField(boolean z) {
            this.isField = z;
        }
    }

    private static boolean documentBuilderFactoryIsSecured(@Nullable ConstraintsByDomain constraintsByDomain) {
        return constraintsByDomain == null || (constraintsByDomain.hasConstraint(XxeProperty.AttributeDTD.SECURED) && constraintsByDomain.hasConstraint(XxeProperty.AttributeSchema.SECURED)) || constraintsByDomain.hasConstraint(XxeProperty.FeatureDisallowDoctypeDecl.SECURED) || constraintsByDomain.hasConstraint(XxeProperty.FeatureLoadExternalDtd.SECURED) || constraintsByDomain.hasConstraint(XxeProperty.FeatureExternalGeneralEntities.SECURED) || constraintsByDomain.hasConstraint(XxeSetExpandEntity.DISABLE) || constraintsByDomain.hasConstraint(XxeEntityResolver.CUSTOM_ENTITY_RESOLVER);
    }

    @Override // org.sonar.java.se.checks.SECheck
    public ProgramState checkPreStatement(CheckerContext checkerContext, Tree tree) {
        PreStatementVisitor preStatementVisitor = new PreStatementVisitor(checkerContext);
        tree.accept(preStatementVisitor);
        return preStatementVisitor.programState;
    }

    @Override // org.sonar.java.se.checks.SECheck
    public ProgramState checkPostStatement(CheckerContext checkerContext, Tree tree) {
        PostStatementVisitor postStatementVisitor = new PostStatementVisitor(checkerContext);
        tree.accept(postStatementVisitor);
        return postStatementVisitor.programState;
    }

    private static ProgramState addNamedConstraint(@Nullable ExpressionTree expressionTree, ProgramState programState) {
        SymbolicValue peekValue;
        if (expressionTree != null && (peekValue = programState.peekValue()) != null) {
            Optional asConstant = expressionTree.asConstant(String.class);
            if (asConstant.isPresent()) {
                for (XxeProperty xxeProperty : PROPERTIES_TO_CHECK) {
                    if (xxeProperty.isNamed((String) asConstant.get())) {
                        return programState.addConstraint(peekValue, xxeProperty.namedConstraint());
                    }
                }
            }
        }
        return programState;
    }

    @Override // org.sonar.java.se.checks.SECheck
    public void checkEndOfExecutionPath(CheckerContext checkerContext, ConstraintManager constraintManager) {
        ProgramState state = checkerContext.getState();
        if (state.exitingOnRuntimeException()) {
            return;
        }
        SymbolicValue peekValue = state.peekValue();
        if (peekValue instanceof XxeSymbolicValue) {
            XxeSymbolicValue xxeSymbolicValue = (XxeSymbolicValue) peekValue;
            reportIfNotSecured(checkerContext, xxeSymbolicValue, state.getConstraints(xxeSymbolicValue));
        }
    }

    private void reportIfNotSecured(CheckerContext checkerContext, XxeSymbolicValue xxeSymbolicValue, @Nullable ConstraintsByDomain constraintsByDomain) {
        if (xxeSymbolicValue.isField || isSecuredByProperty(xxeSymbolicValue, constraintsByDomain)) {
            return;
        }
        checkerContext.reportIssue(xxeSymbolicValue.init, this, "Disable access to external entities in XML parsing.", FlowComputation.flowWithoutExceptions(checkerContext.getNode(), xxeSymbolicValue, constraint -> {
            return constraint == XxeProperty.AttributeDTD.UNSECURED || constraint == XxeProperty.AttributeSchema.UNSECURED || constraint == XxeProperty.AttributeStyleSheet.UNSECURED;
        }, FLOW_CONSTRAINT_DOMAIN, 20));
    }

    private static boolean isSecuredByProperty(XxeSymbolicValue xxeSymbolicValue, @Nullable ConstraintsByDomain constraintsByDomain) {
        return constraintsByDomain == null || xxeSymbolicValue.conditionForSecured.test(constraintsByDomain);
    }
}
