package org.sonar.python.checks.hotspots;

import com.sonar.sslr.api.AstNode;
import com.sonar.sslr.api.AstNodeType;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.CheckForNull;
import org.sonar.check.Rule;
import org.sonar.python.api.PythonGrammar;
import org.sonar.python.api.PythonPunctuator;
import org.sonar.python.api.PythonTokenType;
import org.sonar.python.checks.AbstractCallExpressionCheck;
import org.sonar.python.semantic.Symbol;

@Rule(key = SQLQueriesCheck.CHECK_KEY)
/* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck.class */
public class SQLQueriesCheck extends AbstractCallExpressionCheck {
    public static final String CHECK_KEY = "S2077";
    private static final String MESSAGE = "Make sure that formatting this SQL query is safe here.";
    private boolean isUsingDjangoModel = false;
    private boolean isUsingDjangoDBConnection = false;

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected Set<String> functionsToCheck() {
        return Collections.singleton("django.db.models.expressions.RawSQL");
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected String message() {
        return MESSAGE;
    }

    public void visitFile(AstNode astNode) {
        this.isUsingDjangoModel = false;
        this.isUsingDjangoDBConnection = false;
        Iterator it = getContext().symbolTable().symbols(astNode).iterator();
        while (it.hasNext()) {
            String qualifiedName = ((Symbol) it.next()).qualifiedName();
            if (qualifiedName.contains("django.db.models")) {
                this.isUsingDjangoModel = true;
            }
            if (qualifiedName.contains("django.db.connection")) {
                this.isUsingDjangoDBConnection = true;
            }
        }
    }

    private boolean isSQLQueryFromDjangoModel(String str) {
        return this.isUsingDjangoModel && (str.equals("raw") || str.equals("extra"));
    }

    private boolean isSQLQueryFromDjangoDBConnection(String str) {
        return this.isUsingDjangoDBConnection && str.equals("execute");
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    public void visitNode(AstNode astNode) {
        AstNode firstChild = astNode.getFirstChild(new AstNodeType[]{PythonGrammar.ATTRIBUTE_REF});
        if (firstChild != null) {
            String tokenValue = firstChild.getLastChild(new AstNodeType[]{PythonGrammar.NAME}).getTokenValue();
            if ((isSQLQueryFromDjangoModel(tokenValue) || isSQLQueryFromDjangoDBConnection(tokenValue)) && !isException(astNode, tokenValue)) {
                addIssue(astNode, MESSAGE);
            }
        }
        super.visitNode(astNode);
    }

    private boolean isException(AstNode astNode, String str) {
        AstNode firstChild = astNode.getFirstChild(new AstNodeType[]{PythonGrammar.ARGLIST});
        if (extraContainsFormattedSqlQueries(firstChild, str)) {
            return false;
        }
        if (firstChild == null) {
            return true;
        }
        AstNode astNode2 = (AstNode) firstChild.getChildren().get(0);
        return (astNode2.getChildren().size() == 1 && astNode2.getFirstChild(new AstNodeType[]{PythonGrammar.TEST}) != null && isFormatted(astNode2.getFirstChild(new AstNodeType[]{PythonGrammar.TEST}))) ? false : true;
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected boolean isException(AstNode astNode) {
        return isException(astNode, "");
    }

    private boolean isFormatted(AstNode astNode) {
        if (astNode.getChildren().size() != 1) {
            return false;
        }
        return isStrFormatCall(astNode) || isFormattedStringLiteral(astNode) || astNode.getFirstChild(new AstNodeType[]{PythonGrammar.M_EXPR}) != null || astNode.getFirstChild(new AstNodeType[]{PythonGrammar.A_EXPR}) != null;
    }

    private static boolean isStrFormatCall(AstNode astNode) {
        AstNode firstChild;
        AstNode firstChild2 = astNode.getFirstChild(new AstNodeType[]{PythonGrammar.CALL_EXPR});
        return (firstChild2 == null || (firstChild = firstChild2.getFirstChild(new AstNodeType[]{PythonGrammar.ATTRIBUTE_REF})) == null || firstChild.getFirstChild(new AstNodeType[]{PythonGrammar.ATOM}).getFirstChild(new AstNodeType[]{PythonTokenType.STRING}) == null || !firstChild.getFirstChild(new AstNodeType[]{PythonGrammar.NAME}).getTokenValue().equals("format")) ? false : true;
    }

    private static boolean isFormattedStringLiteral(AstNode astNode) {
        AstNode firstChild;
        AstNode firstChild2 = astNode.getFirstChild(new AstNodeType[]{PythonGrammar.ATOM});
        return (firstChild2 == null || (firstChild = firstChild2.getFirstChild(new AstNodeType[]{PythonTokenType.STRING})) == null || (!firstChild.getTokenValue().startsWith("f") && !firstChild.getTokenValue().startsWith("F"))) ? false : true;
    }

    private boolean extraContainsFormattedSqlQueries(@CheckForNull AstNode astNode, String str) {
        return str.equals("extra") && astNode != null && astNode.getChildren(new AstNodeType[]{PythonGrammar.ARGUMENT}).stream().filter(SQLQueriesCheck::isAssignment).map(astNode2 -> {
            return (AstNode) astNode2.getChildren().get(2);
        }).anyMatch(astNode3 -> {
            return astNode3.getDescendants(new AstNodeType[]{PythonGrammar.TEST}).stream().anyMatch(this::isFormatted);
        });
    }

    private static boolean isAssignment(@CheckForNull AstNode astNode) {
        return astNode != null && astNode.getChildren().size() == 3 && ((AstNode) astNode.getChildren().get(0)).is(new AstNodeType[]{PythonGrammar.TEST}) && ((AstNode) astNode.getChildren().get(1)).is(new AstNodeType[]{PythonPunctuator.ASSIGN}) && ((AstNode) astNode.getChildren().get(2)).is(new AstNodeType[]{PythonGrammar.TEST});
    }
}
