package org.sonar.python.checks.hotspots;

import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.symbols.Symbol;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.AbstractCallExpressionCheck;

@Rule(key = CommandLineArgsCheck.CHECK_KEY)
/* loaded from: input_file:org/sonar/python/checks/hotspots/CommandLineArgsCheck.class */
public class CommandLineArgsCheck extends AbstractCallExpressionCheck {
    public static final String CHECK_KEY = "S4823";
    private static final String MESSAGE = "Make sure that command line arguments are used safely here.";
    private static final Set<String> questionableFunctions = immutableSet("argparse.ArgumentParser", "optparse.OptionParser");

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.NAME, CommandLineArgsCheck::checkSysArgNode);
        super.initialize(context);
    }

    private static void checkSysArgNode(SubscriptionContext subscriptionContext) {
        Name syntaxNode = subscriptionContext.syntaxNode();
        Tree parent = syntaxNode.parent();
        Symbol symbol = syntaxNode.symbol();
        if (symbol == null || !"sys.argv".equals(symbol.fullyQualifiedName()) || isWithinImport(parent)) {
            return;
        }
        subscriptionContext.addIssue(syntaxNode, MESSAGE);
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected Set<String> functionsToCheck() {
        return questionableFunctions;
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected String message() {
        return MESSAGE;
    }
}
