package org.sonar.python.checks;

import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.plugins.python.api.PythonCheck;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.Argument;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.QualifiedExpression;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.SubscriptionExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.utils.Expressions;
import org.sonar.python.tree.TreeUtils;

/* loaded from: input_file:org/sonar/python/checks/FlaskHardCodedSecret.class */
public abstract class FlaskHardCodedSecret extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Don't disclose %s secret keys.";
    private static final String SECONDARY_MESSAGE = "Assignment to sensitive property.";
    private static final Set<String> FLASK_APP_CONFIG_QUALIFIER_FQNS = Set.of("flask.app.Flask.config", "flask.globals.current_app.config");
    public static final String SECONDARY_LOCATION_MESSAGE = "The secret is used in this call.";

    protected abstract String getSecretKeyKeyword();

    protected abstract String getSecretKeyType();

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::verifyCallExpression);
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, this::verifyAssignmentStatement);
    }

    private void verifyCallExpression(SubscriptionContext subscriptionContext) {
        CallExpression syntaxNode = subscriptionContext.syntaxNode();
        Optional map = Optional.of(syntaxNode).map((v0) -> {
            return v0.callee();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(QualifiedExpression.class)).filter(qualifiedExpression -> {
            return "update".equals(qualifiedExpression.name().name());
        }).map((v0) -> {
            return v0.qualifier();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(QualifiedExpression.class)).map((v0) -> {
            return v0.name();
        }).map((v0) -> {
            return v0.symbol();
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        });
        Set<String> set = FLASK_APP_CONFIG_QUALIFIER_FQNS;
        Objects.requireNonNull(set);
        map.filter((v1) -> {
            return r1.contains(v1);
        }).ifPresent(str -> {
            verifyUpdateCallArgument(subscriptionContext, syntaxNode);
        });
    }

    private void verifyUpdateCallArgument(SubscriptionContext subscriptionContext, CallExpression callExpression) {
        Optional.of(callExpression.arguments()).filter(list -> {
            return list.size() == 1;
        }).map(list2 -> {
            return (Argument) list2.get(0);
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(RegularArgument.class)).map((v0) -> {
            return v0.expression();
        }).map(FlaskHardCodedSecret::getAssignedValue).flatMap(this::getIllegalDictArgument).ifPresent(tree -> {
            subscriptionContext.addIssue(tree, getMessage()).secondary(callExpression.callee(), SECONDARY_LOCATION_MESSAGE);
        });
    }

    private String getMessage() {
        return String.format(MESSAGE, getSecretKeyType());
    }

    private static Expression getAssignedValue(Expression expression) {
        return expression.is(new Tree.Kind[]{Tree.Kind.NAME}) ? Expressions.singleAssignedValue((Name) expression) : expression;
    }

    private Optional<Tree> getIllegalDictArgument(Expression expression) {
        return expression.is(new Tree.Kind[]{Tree.Kind.CALL_EXPR}) ? TreeUtils.toOptionalInstanceOf(CallExpression.class, expression).filter(FlaskHardCodedSecret::isCallToDictConstructor).flatMap(this::getIllegalKeywordArgument) : expression.is(new Tree.Kind[]{Tree.Kind.DICTIONARY_LITERAL}) ? TreeUtils.toOptionalInstanceOf(DictionaryLiteral.class, expression).flatMap(this::getIllegalKeyValuePair) : Optional.empty();
    }

    private static boolean isCallToDictConstructor(CallExpression callExpression) {
        String str = "dict";
        return Optional.of(callExpression).map((v0) -> {
            return v0.callee();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(Name.class)).map((v0) -> {
            return v0.symbol();
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        }).filter((v1) -> {
            return r1.equals(v1);
        }).isPresent();
    }

    private Optional<KeyValuePair> getIllegalKeyValuePair(DictionaryLiteral dictionaryLiteral) {
        Stream stream = dictionaryLiteral.elements().stream();
        Class<KeyValuePair> cls = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<KeyValuePair> cls2 = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(this::isIllegalKeyValuePair).findFirst();
    }

    private boolean isIllegalKeyValuePair(KeyValuePair keyValuePair) {
        Optional of = Optional.of(keyValuePair.key());
        Class<StringLiteral> cls = StringLiteral.class;
        Objects.requireNonNull(StringLiteral.class);
        Optional filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<StringLiteral> cls2 = StringLiteral.class;
        Objects.requireNonNull(StringLiteral.class);
        Optional map = filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.trimmedQuotesValue();
        });
        String secretKeyKeyword = getSecretKeyKeyword();
        Objects.requireNonNull(secretKeyKeyword);
        return map.filter((v1) -> {
            return r1.equals(v1);
        }).isPresent() && isStringValue(keyValuePair.value());
    }

    private Optional<RegularArgument> getIllegalKeywordArgument(CallExpression callExpression) {
        return Optional.ofNullable(TreeUtils.argumentByKeyword(getSecretKeyKeyword(), callExpression.arguments())).filter(regularArgument -> {
            return Optional.of(regularArgument).map((v0) -> {
                return v0.expression();
            }).filter(FlaskHardCodedSecret::isStringValue).isPresent();
        });
    }

    private void verifyAssignmentStatement(SubscriptionContext subscriptionContext) {
        AssignmentStatement syntaxNode = subscriptionContext.syntaxNode();
        if (isStringValue(syntaxNode.assignedValue())) {
            List list = (List) syntaxNode.lhsExpressions().stream().map((v0) -> {
                return v0.expressions();
            }).flatMap((v0) -> {
                return v0.stream();
            }).filter(this::isSensitiveProperty).collect(Collectors.toList());
            if (list.isEmpty()) {
                return;
            }
            PythonCheck.PreciseIssue addIssue = subscriptionContext.addIssue(syntaxNode.assignedValue(), getMessage());
            list.forEach(expression -> {
                addIssue.secondary(expression, SECONDARY_MESSAGE);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSensitiveProperty(Expression expression) {
        if (!expression.is(new Tree.Kind[]{Tree.Kind.SUBSCRIPTION})) {
            return false;
        }
        Optional map = Optional.of((SubscriptionExpression) expression).map((v0) -> {
            return v0.object();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(QualifiedExpression.class)).map((v0) -> {
            return v0.symbol();
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        });
        Set<String> set = FLASK_APP_CONFIG_QUALIFIER_FQNS;
        Objects.requireNonNull(set);
        Optional map2 = map.filter((v1) -> {
            return r1.contains(v1);
        }).map(str -> {
            return ((SubscriptionExpression) expression).subscripts();
        }).map((v0) -> {
            return v0.expressions();
        }).filter(list -> {
            return list.size() == 1;
        }).map(list2 -> {
            return (Expression) list2.get(0);
        }).map(FlaskHardCodedSecret::getAssignedValue).flatMap(TreeUtils.toOptionalInstanceOfMapper(StringLiteral.class)).map((v0) -> {
            return v0.trimmedQuotesValue();
        });
        String secretKeyKeyword = getSecretKeyKeyword();
        Objects.requireNonNull(secretKeyKeyword);
        return map2.filter((v1) -> {
            return r1.equals(v1);
        }).isPresent();
    }

    private static boolean isStringValue(@Nullable Expression expression) {
        return isStringValue(expression, new HashSet());
    }

    private static boolean isStringValue(@Nullable Expression expression, Set<String> set) {
        if (expression == null) {
            return false;
        }
        if (!expression.is(new Tree.Kind[]{Tree.Kind.NAME})) {
            return expression.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL});
        }
        if (set.contains(((Name) expression).name())) {
            return false;
        }
        set.add(((Name) expression).name());
        return isStringValue(Expressions.singleAssignedValue((Name) expression), set);
    }
}
