package org.sonar.python.checks.hotspots;

import java.util.Objects;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.symbols.Symbol;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.SubscriptionExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.Expressions;
import org.sonar.python.checks.hotspots.AbstractCookieFlagCheck;

@Rule(key = "S3330")
/* loaded from: input_file:org/sonar/python/checks/hotspots/HttpOnlyCookieCheck.class */
public class HttpOnlyCookieCheck extends AbstractCookieFlagCheck {
    public static final String HTTPONLY_ARGUMENT_NAME = "httponly";
    public static final String HEADERS_ARGUMENT_NAME = "headers";
    public static final String SET_COOKIE_METHOD_NAME = "set_cookie";
    private final AbstractCookieFlagCheck.MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry = new AbstractCookieFlagCheck.MethodArgumentsToCheckRegistry(new AbstractCookieFlagCheck.MethodArgumentsToCheck("django.http.response.HttpResponseBase", "set_cookie", HTTPONLY_ARGUMENT_NAME, 7), new AbstractCookieFlagCheck.MethodArgumentsToCheck("django.http.response.HttpResponseBase", "set_signed_cookie", HTTPONLY_ARGUMENT_NAME, 8), new AbstractCookieFlagCheck.MethodArgumentsToCheck("flask.wrappers.Response", "set_cookie", HTTPONLY_ARGUMENT_NAME, 7), new AbstractCookieFlagCheck.MethodArgumentsToCheck("werkzeug.wrappers.BaseResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, 7), new AbstractCookieFlagCheck.MethodArgumentsToCheck("werkzeug.sansio.response.Response", "set_cookie", HTTPONLY_ARGUMENT_NAME, 7), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.Response", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.Response", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.Response", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.HTMLResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.HTMLResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.JSONResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.JSONResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.ORJSONResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.PlainTextResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.PlainTextResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.StreamingResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.StreamingResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.UJSONResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.FileResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.FileResponse", "set_cookie", HTTPONLY_ARGUMENT_NAME, -1), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.Response", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.Response", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.Response", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.HTMLResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.HTMLResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.JSONResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.JSONResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.ORJSONResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.PlainTextResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.PlainTextResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.StreamingResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.StreamingResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.UJSONResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("fastapi.responses.FileResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument), new AbstractCookieFlagCheck.MethodArgumentsToCheck("starlette.responses.FileResponse", "headers", -1, (Predicate<RegularArgument>) this::isInvalidHeaderArgument));
    private static final String SESSION_COOKIE_HTTPONLY = "SESSION_COOKIE_HTTPONLY";

    @Override // org.sonar.python.checks.hotspots.AbstractCookieFlagCheck
    String flagName() {
        return HTTPONLY_ARGUMENT_NAME;
    }

    @Override // org.sonar.python.checks.hotspots.AbstractCookieFlagCheck
    String message() {
        return "Make sure creating this cookie without the \"HttpOnly\" flag is safe.";
    }

    @Override // org.sonar.python.checks.hotspots.AbstractCookieFlagCheck
    AbstractCookieFlagCheck.MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry() {
        return this.methodArgumentsToCheckRegistry;
    }

    @Override // org.sonar.python.checks.hotspots.AbstractCookieFlagCheck
    public void initialize(SubscriptionCheck.Context context) {
        super.initialize(context);
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, this::subscriptionSessionCookieHttponlyCheck);
        context.registerSyntaxNodeConsumer(Tree.Kind.DICTIONARY_LITERAL, this::dictionarySessionCookieHttponlyCheck);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::dictConstructorSessionCookieHttponlyCheck);
    }

    @Override // org.sonar.python.checks.hotspots.AbstractCookieFlagCheck
    protected String headerValueRegex() {
        return ".*;\\s?HttpOnly.*";
    }

    private void subscriptionSessionCookieHttponlyCheck(SubscriptionContext subscriptionContext) {
        AssignmentStatement syntaxNode = subscriptionContext.syntaxNode();
        if (syntaxNode.lhsExpressions().stream().flatMap(expressionList -> {
            return expressionList.expressions().stream();
        }).filter(expression -> {
            return expression.is(new Tree.Kind[]{Tree.Kind.SUBSCRIPTION});
        }).flatMap(expression2 -> {
            return ((SubscriptionExpression) expression2).subscripts().expressions().stream();
        }).anyMatch(HttpOnlyCookieCheck::isSessionCookieHttponlyStringLiteral) && Expressions.isFalsy(syntaxNode.assignedValue())) {
            subscriptionContext.addIssue(syntaxNode.assignedValue(), message());
        }
    }

    private void dictionarySessionCookieHttponlyCheck(SubscriptionContext subscriptionContext) {
        searchForFalsySessionCookieHttponlyInDictionary(subscriptionContext.syntaxNode()).ifPresent(expression -> {
            subscriptionContext.addIssue(expression, message());
        });
    }

    private static Optional<Expression> searchForFalsySessionCookieHttponlyInDictionary(DictionaryLiteral dictionaryLiteral) {
        Stream filter = dictionaryLiteral.elements().stream().filter(dictionaryLiteralElement -> {
            return dictionaryLiteralElement.is(new Tree.Kind[]{Tree.Kind.KEY_VALUE_PAIR});
        });
        Class<KeyValuePair> cls = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(keyValuePair -> {
            return Optional.ofNullable(keyValuePair.key()).filter(HttpOnlyCookieCheck::isSessionCookieHttponlyStringLiteral).isPresent();
        }).findFirst().filter(keyValuePair2 -> {
            return Expressions.isFalsy(keyValuePair2.value());
        }).map((v0) -> {
            return v0.value();
        });
    }

    private void dictConstructorSessionCookieHttponlyCheck(SubscriptionContext subscriptionContext) {
        searchForFalsySessionCookieHttponlyInDictCons(subscriptionContext.syntaxNode()).ifPresent(expression -> {
            subscriptionContext.addIssue(expression, message());
        });
    }

    private static Optional<Expression> searchForFalsySessionCookieHttponlyInDictCons(CallExpression callExpression) {
        RegularArgument regularArgument;
        Name keywordArgument;
        Symbol calleeSymbol = callExpression.calleeSymbol();
        if (calleeSymbol != null && "dict".equals(calleeSymbol.fullyQualifiedName())) {
            for (RegularArgument regularArgument2 : callExpression.arguments()) {
                if (regularArgument2.is(new Tree.Kind[]{Tree.Kind.REGULAR_ARGUMENT}) && (keywordArgument = (regularArgument = regularArgument2).keywordArgument()) != null && SESSION_COOKIE_HTTPONLY.equals(keywordArgument.name()) && Expressions.isFalsy(regularArgument.expression())) {
                    return Optional.of(regularArgument.expression());
                }
            }
        }
        return Optional.empty();
    }

    private static boolean isSessionCookieHttponlyStringLiteral(Expression expression) {
        return expression.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL}) && SESSION_COOKIE_HTTPONLY.equals(((StringLiteral) expression).trimmedQuotesValue());
    }
}
