package org.sonar.python.checks.hotspots;

import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.AliasedName;
import org.sonar.plugins.python.api.tree.Argument;
import org.sonar.plugins.python.api.tree.BaseTreeVisitor;
import org.sonar.plugins.python.api.tree.BinaryExpression;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.FileInput;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.QualifiedExpression;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringElement;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.Expressions;
import org.sonar.python.semantic.Symbol;

@Rule(key = SQLQueriesCheck.CHECK_KEY)
/* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck.class */
public class SQLQueriesCheck extends PythonSubscriptionCheck {
    public static final String CHECK_KEY = "S2077";
    private static final String MESSAGE = "Make sure that formatting this SQL query is safe here.";
    private boolean isUsingDjangoModel = false;
    private boolean isUsingDjangoDBConnection = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck$FormattedStringVisitor.class */
    public static class FormattedStringVisitor extends BaseTreeVisitor {
        boolean hasFormattedString;

        private FormattedStringVisitor() {
            this.hasFormattedString = false;
        }

        public void visitStringElement(StringElement stringElement) {
            super.visitStringElement(stringElement);
            this.hasFormattedString |= stringElement.isInterpolated();
        }

        public void visitCallExpression(CallExpression callExpression) {
            if (callExpression.callee().is(new Tree.Kind[]{Tree.Kind.QUALIFIED_EXPR})) {
                QualifiedExpression callee = callExpression.callee();
                this.hasFormattedString |= callee.name().name().equals("format") && callee.qualifier().is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL});
            }
            super.visitCallExpression(callExpression);
        }

        public void visitBinaryExpression(BinaryExpression binaryExpression) {
            this.hasFormattedString |= binaryExpression.leftOperand().is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL}) || binaryExpression.rightOperand().is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL});
            super.visitBinaryExpression(binaryExpression);
        }
    }

    /* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck$SymbolsFromImport.class */
    private static class SymbolsFromImport extends BaseTreeVisitor {
        private Set<Symbol> symbols;

        private SymbolsFromImport() {
            this.symbols = new HashSet();
        }

        public void visitAliasedName(AliasedName aliasedName) {
            List names = aliasedName.dottedName().names();
            this.symbols.add(((Name) names.get(names.size() - 1)).symbol());
        }
    }

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::visitFile);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::checkCallExpression);
    }

    private void visitFile(SubscriptionContext subscriptionContext) {
        this.isUsingDjangoModel = false;
        this.isUsingDjangoDBConnection = false;
        FileInput syntaxNode = subscriptionContext.syntaxNode();
        SymbolsFromImport symbolsFromImport = new SymbolsFromImport();
        syntaxNode.accept(symbolsFromImport);
        symbolsFromImport.symbols.stream().filter((v0) -> {
            return Objects.nonNull(v0);
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).forEach(str -> {
            if (str.contains("django.db.models")) {
                this.isUsingDjangoModel = true;
            }
            if (str.contains("django.db.connection")) {
                this.isUsingDjangoDBConnection = true;
            }
        });
    }

    private boolean isSQLQueryFromDjangoModel(String str) {
        return this.isUsingDjangoModel && (str.equals("raw") || str.equals("extra"));
    }

    private boolean isSQLQueryFromDjangoDBConnection(String str) {
        return this.isUsingDjangoDBConnection && str.equals("execute");
    }

    private void checkCallExpression(SubscriptionContext subscriptionContext) {
        CallExpression syntaxNode = subscriptionContext.syntaxNode();
        Symbol calleeSymbol = syntaxNode.calleeSymbol();
        if (calleeSymbol != null && "django.db.models.expressions.RawSQL".equals(calleeSymbol.fullyQualifiedName())) {
            addIssue(subscriptionContext, syntaxNode);
            return;
        }
        if (syntaxNode.callee().is(new Tree.Kind[]{Tree.Kind.QUALIFIED_EXPR})) {
            String name = syntaxNode.callee().name().name();
            if ((isSQLQueryFromDjangoModel(name) || isSQLQueryFromDjangoDBConnection(name)) && !isException(syntaxNode, name)) {
                addIssue(subscriptionContext, syntaxNode);
            }
        }
    }

    private static void addIssue(SubscriptionContext subscriptionContext, CallExpression callExpression) {
        sensitiveArgumentValue(callExpression).ifPresent(tree -> {
            subscriptionContext.addIssue(callExpression, MESSAGE).secondary(tree, (String) null);
        });
    }

    private static boolean isException(CallExpression callExpression, String str) {
        List arguments = callExpression.arguments();
        if (extraContainsFormattedSqlQueries(arguments, str)) {
            return false;
        }
        return arguments.isEmpty();
    }

    private static Optional<Tree> sensitiveArgumentValue(CallExpression callExpression) {
        List arguments = callExpression.arguments();
        if (arguments.isEmpty()) {
            return Optional.empty();
        }
        RegularArgument regularArgument = (Argument) arguments.get(0);
        if (!regularArgument.is(new Tree.Kind[]{Tree.Kind.REGULAR_ARGUMENT})) {
            return Optional.empty();
        }
        Expression expression = regularArgument.expression();
        if (expression.is(new Tree.Kind[]{Tree.Kind.NAME})) {
            expression = Expressions.singleAssignedValue((Name) expression);
        }
        return (expression == null || !isFormatted(expression)) ? Optional.empty() : Optional.of(expression);
    }

    private static boolean isFormatted(Expression expression) {
        FormattedStringVisitor formattedStringVisitor = new FormattedStringVisitor();
        expression.accept(formattedStringVisitor);
        return formattedStringVisitor.hasFormattedString;
    }

    private static boolean extraContainsFormattedSqlQueries(List<Argument> list, String str) {
        if (!str.equals("extra")) {
            return false;
        }
        Stream<Argument> filter = list.stream().filter(argument -> {
            return argument.is(new Tree.Kind[]{Tree.Kind.REGULAR_ARGUMENT});
        });
        Class<RegularArgument> cls = RegularArgument.class;
        Objects.requireNonNull(RegularArgument.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(SQLQueriesCheck::isAssignment).map((v0) -> {
            return v0.expression();
        }).anyMatch(SQLQueriesCheck::isFormatted);
    }

    private static boolean isAssignment(RegularArgument regularArgument) {
        return regularArgument.equalToken() != null;
    }
}
