package org.sonar.python.checks.hotspots;

import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.python.PythonSubscriptionCheck;
import org.sonar.python.SubscriptionCheck;
import org.sonar.python.api.tree.CallExpression;
import org.sonar.python.api.tree.Expression;
import org.sonar.python.api.tree.HasSymbol;
import org.sonar.python.api.tree.StringElement;
import org.sonar.python.api.tree.StringLiteral;
import org.sonar.python.api.tree.SubscriptionExpression;
import org.sonar.python.api.tree.Tree;
import org.sonar.python.semantic.Symbol;

@Rule(key = "S5443")
/* loaded from: input_file:org/sonar/python/checks/hotspots/PubliclyWritableDirectoriesCheck.class */
public class PubliclyWritableDirectoriesCheck extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Make sure publicly writable directories are used safely here.";
    private static final List<String> UNIX_WRITABLE_DIRECTORIES = Arrays.asList("/tmp/", "/var/tmp/", "/usr/tmp/", "/dev/shm/", "/dev/mqueue/", "/run/lock/", "/var/run/lock/", "/library/caches/", "/users/shared/", "/private/tmp/", "/private/var/tmp/");
    private static final List<String> NONCOMPLIANT_ENVIRON_VARIABLES = Arrays.asList("tmpdir", "tmp");
    private static final Pattern WINDOWS_WRITABLE_DIRECTORIES = Pattern.compile("[^\\\\]*\\\\(Windows\\\\Temp|Temp|TMP)(\\\\.*|$)", 2);

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.STRING_ELEMENT, subscriptionContext -> {
            StringElement syntaxNode = subscriptionContext.syntaxNode();
            String lowerCase = syntaxNode.trimmedQuotesValue().toLowerCase(Locale.ENGLISH);
            if (UNIX_WRITABLE_DIRECTORIES.stream().anyMatch(str -> {
                return containsDirectory(lowerCase, str);
            }) || WINDOWS_WRITABLE_DIRECTORIES.matcher(lowerCase).matches()) {
                subscriptionContext.addIssue(syntaxNode, MESSAGE);
            }
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext2 -> {
            CallExpression syntaxNode = subscriptionContext2.syntaxNode();
            List arguments = syntaxNode.arguments();
            if (isOsEnvironGetter(syntaxNode) && arguments.stream().map((v0) -> {
                return v0.expression();
            }).anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
                subscriptionContext2.addIssue(syntaxNode, MESSAGE);
            }
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.SUBSCRIPTION, subscriptionContext3 -> {
            SubscriptionExpression syntaxNode = subscriptionContext3.syntaxNode();
            if (isOsEnvironQualifiedExpression(syntaxNode.object()) && syntaxNode.subscripts().expressions().stream().anyMatch(PubliclyWritableDirectoriesCheck::isNonCompliantOsEnvironArgument)) {
                subscriptionContext3.addIssue(syntaxNode, MESSAGE);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean containsDirectory(String str, String str2) {
        return str.startsWith(str2) || str.equals(str2.substring(0, str2.length() - 1));
    }

    private static boolean isNonCompliantOsEnvironArgument(Expression expression) {
        if (expression.is(Tree.Kind.STRING_LITERAL)) {
            Stream map = ((StringLiteral) expression).stringElements().stream().map(stringElement -> {
                return stringElement.trimmedQuotesValue().toLowerCase(Locale.ENGLISH);
            });
            List<String> list = NONCOMPLIANT_ENVIRON_VARIABLES;
            Objects.requireNonNull(list);
            if (map.anyMatch((v1) -> {
                return r1.contains(v1);
            })) {
                return true;
            }
        }
        return false;
    }

    private static boolean isOsEnvironGetter(CallExpression callExpression) {
        Symbol calleeSymbol = callExpression.calleeSymbol();
        return calleeSymbol != null && "os.environ.get".equals(calleeSymbol.fullyQualifiedName());
    }

    private static boolean isOsEnvironQualifiedExpression(Expression expression) {
        Symbol symbol;
        if (!(expression instanceof HasSymbol) || (symbol = ((HasSymbol) expression).symbol()) == null) {
            return false;
        }
        return "os.environ".equals(symbol.fullyQualifiedName());
    }
}
