package org.sonar.python.checks.hotspots;

import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.python.PythonSubscriptionCheck;
import org.sonar.python.SubscriptionCheck;
import org.sonar.python.api.tree.PyCallExpressionTree;
import org.sonar.python.api.tree.PyExpressionTree;
import org.sonar.python.api.tree.PyQualifiedExpressionTree;
import org.sonar.python.api.tree.PyStringElementTree;
import org.sonar.python.api.tree.PyStringLiteralTree;
import org.sonar.python.api.tree.PySubscriptionExpressionTree;
import org.sonar.python.api.tree.Tree;
import org.sonar.python.semantic.Symbol;
import org.sonar.python.semantic.SymbolTable;

@Rule(key = "S5443")
/* loaded from: input_file:org/sonar/python/checks/hotspots/PubliclyWritableDirectoriesCheck.class */
public class PubliclyWritableDirectoriesCheck extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Make sure publicly writable directories are used safely here.";
    private static final List<String> UNIX_WRITABLE_DIRECTORIES = Arrays.asList("/tmp/", "/var/tmp/", "/usr/tmp/", "/dev/shm/", "/dev/mqueue/", "/run/lock/", "/var/run/lock/", "/library/caches/", "/users/shared/", "/private/tmp/", "/private/var/tmp/");
    private static final List<String> NONCOMPLIANT_ENVIRON_VARIABLES = Arrays.asList("tmpdir", "tmp");
    private static final Pattern WINDOWS_WRITABLE_DIRECTORIES = Pattern.compile("[^\\\\]*\\\\(Windows\\\\Temp|Temp|TMP)(\\\\.*|$)", 2);

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.STRING_ELEMENT, subscriptionContext -> {
            PyStringElementTree syntaxNode = subscriptionContext.syntaxNode();
            String lowerCase = syntaxNode.trimmedQuotesValue().toLowerCase(Locale.ENGLISH);
            if (UNIX_WRITABLE_DIRECTORIES.stream().anyMatch(str -> {
                return containsDirectory(lowerCase, str);
            }) || WINDOWS_WRITABLE_DIRECTORIES.matcher(lowerCase).matches()) {
                subscriptionContext.addIssue(syntaxNode, MESSAGE);
            }
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext2 -> {
            PyCallExpressionTree syntaxNode = subscriptionContext2.syntaxNode();
            List arguments = syntaxNode.arguments();
            if (isOsEnvironGetter(syntaxNode.callee(), subscriptionContext2.symbolTable()) && arguments.stream().map((v0) -> {
                return v0.expression();
            }).anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
                subscriptionContext2.addIssue(syntaxNode, MESSAGE);
            }
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.SUBSCRIPTION, subscriptionContext3 -> {
            PySubscriptionExpressionTree syntaxNode = subscriptionContext3.syntaxNode();
            if (isOsEnvironQualifiedExpression(syntaxNode.object(), subscriptionContext3.symbolTable()) && syntaxNode.subscripts().expressions().stream().anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
                subscriptionContext3.addIssue(syntaxNode, MESSAGE);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean containsDirectory(String str, String str2) {
        return str.startsWith(str2) || str.equals(str2.substring(0, str2.length() - 1));
    }

    private static boolean isNonCompliantOsEnvironArgument(PyExpressionTree pyExpressionTree) {
        if (pyExpressionTree.is(Tree.Kind.STRING_LITERAL)) {
            Stream map = ((PyStringLiteralTree) pyExpressionTree).stringElements().stream().map(pyStringElementTree -> {
                return pyStringElementTree.trimmedQuotesValue().toLowerCase(Locale.ENGLISH);
            });
            List<String> list = NONCOMPLIANT_ENVIRON_VARIABLES;
            Objects.requireNonNull(list);
            if (map.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return true;
            }
        }
        return false;
    }

    private static boolean isOsEnvironGetter(PyExpressionTree pyExpressionTree, SymbolTable symbolTable) {
        if (!pyExpressionTree.is(Tree.Kind.QUALIFIED_EXPR)) {
            return false;
        }
        PyQualifiedExpressionTree pyQualifiedExpressionTree = (PyQualifiedExpressionTree) pyExpressionTree;
        if (pyQualifiedExpressionTree.name().name().equals("get")) {
            return isOsEnvironQualifiedExpression(pyQualifiedExpressionTree.qualifier(), symbolTable);
        }
        return false;
    }

    private static boolean isOsEnvironQualifiedExpression(PyExpressionTree pyExpressionTree, SymbolTable symbolTable) {
        Symbol symbol = symbolTable.getSymbol(pyExpressionTree);
        if (symbol != null) {
            return symbol.qualifiedName().equals("os.environ");
        }
        if (!pyExpressionTree.is(Tree.Kind.QUALIFIED_EXPR)) {
            return false;
        }
        PyQualifiedExpressionTree pyQualifiedExpressionTree = (PyQualifiedExpressionTree) pyExpressionTree;
        return pyQualifiedExpressionTree.qualifier().is(Tree.Kind.NAME) && pyQualifiedExpressionTree.qualifier().name().equals("os") && pyQualifiedExpressionTree.name().name().equals("environ");
    }
}
