package org.sonar.python.checks.hotspots;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.python.PythonSubscriptionCheck;
import org.sonar.python.SubscriptionCheck;
import org.sonar.python.api.tree.PyStringElementTree;
import org.sonar.python.api.tree.Tree;
import org.sonar.python.semantic.Symbol;

@Rule(key = "S5332")
/* loaded from: input_file:org/sonar/python/checks/hotspots/ClearTextProtocolsCheck.class */
public class ClearTextProtocolsCheck extends PythonSubscriptionCheck {
    private static final List<String> SENSITIVE_PROTOCOLS = Arrays.asList("http://", "ftp://", "telnet://");
    private static final Pattern LOOPBACK = Pattern.compile("localhost|127(?:\\.[0-9]+){0,2}\\.[0-9]+$|^(?:0*\\:)*?:?0*1", 2);
    private static final Map<String, String> ALTERNATIVES = new HashMap();

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.STRING_ELEMENT, subscriptionContext -> {
            PyStringElementTree syntaxNode = subscriptionContext.syntaxNode();
            unsafeProtocol(syntaxNode.trimmedQuotesValue()).map(str -> {
                return str.substring(0, str.length() - 3);
            }).ifPresent(str2 -> {
                subscriptionContext.addIssue(syntaxNode, message(str2));
            });
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext2 -> {
            isUnsafeLib(subscriptionContext2.symbolTable().getSymbol(subscriptionContext2.syntaxNode())).ifPresent(str -> {
                subscriptionContext2.addIssue(subscriptionContext2.syntaxNode(), message(str));
            });
        });
    }

    private static Optional<String> unsafeProtocol(String str) {
        for (String str2 : SENSITIVE_PROTOCOLS) {
            if (str.startsWith(str2)) {
                try {
                    URI uri = new URI(str);
                    String host = uri.getHost();
                    if (host == null) {
                        host = uri.getAuthority();
                    }
                    if (LOOPBACK.matcher(host).matches()) {
                        return Optional.empty();
                    }
                } catch (URISyntaxException e) {
                    if (LOOPBACK.matcher(str.substring(str2.length())).find()) {
                        return Optional.empty();
                    }
                }
                return Optional.of(str2);
            }
        }
        return Optional.empty();
    }

    private static Optional<String> isUnsafeLib(@Nullable Symbol symbol) {
        if (symbol != null) {
            String qualifiedName = symbol.qualifiedName();
            if ("telnetlib.Telnet".equals(qualifiedName)) {
                return Optional.of("telnet");
            }
            if ("ftplib.FTP".equals(qualifiedName)) {
                return Optional.of("ftp");
            }
        }
        return Optional.empty();
    }

    private static String message(String str) {
        return "Using " + str + " protocol is insecure. Use " + ALTERNATIVES.get(str) + " instead";
    }

    static {
        ALTERNATIVES.put("http", "https");
        ALTERNATIVES.put("ftp", "sftp, scp or ftps");
        ALTERNATIVES.put("telnet", "ssh");
    }
}
