package org.sonar.python.checks;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.symbols.Symbol;
import org.sonar.plugins.python.api.tree.Argument;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.ExpressionList;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.Tree;

@Rule(key = "S2115")
/* loaded from: input_file:org/sonar/python/checks/DbNoPasswordCheck.class */
public class DbNoPasswordCheck extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Add password protection to this database.";
    private static final List<String> CONNECT_METHODS = Arrays.asList("mysql.connector.connect", "mysql.connector.connection.MySQLConnection", "pymysql.connect", "psycopg2.connect", "pgdb.connect", "pg.DB", "pg.connect");
    private static final Pattern CONNECTION_URI_PATTERN = Pattern.compile("^(?:postgresql|mysql|oracle|mssql)(?:\\+.+?)?://.+?(:.*)?@.+");

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.STRING_LITERAL, DbNoPasswordCheck::checkDbUri);
        context.registerSyntaxNodeConsumer(Tree.Kind.KEY_VALUE_PAIR, DbNoPasswordCheck::checkDjangoSettings);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, DbNoPasswordCheck::checkDbApi);
    }

    private static void checkDbUri(SubscriptionContext subscriptionContext) {
        Matcher matcher = CONNECTION_URI_PATTERN.matcher(subscriptionContext.syntaxNode().trimmedQuotesValue());
        if (matcher.find()) {
            String group = matcher.group(1);
            if (group == null || group.equals(":")) {
                subscriptionContext.addIssue(subscriptionContext.syntaxNode(), MESSAGE);
            }
        }
    }

    private static void checkDbApi(SubscriptionContext subscriptionContext) {
        RegularArgument passwordArgument;
        CallExpression syntaxNode = subscriptionContext.syntaxNode();
        Symbol calleeSymbol = syntaxNode.calleeSymbol();
        if (calleeSymbol == null || !CONNECT_METHODS.contains(calleeSymbol.fullyQualifiedName()) || (passwordArgument = getPasswordArgument(calleeSymbol.fullyQualifiedName(), syntaxNode.arguments())) == null || !isString(passwordArgument.expression(), "")) {
            return;
        }
        subscriptionContext.addIssue(passwordArgument, MESSAGE);
    }

    private static RegularArgument getPasswordArgument(String str, List<Argument> list) {
        boolean startsWith = str.startsWith("pg.");
        String str2 = startsWith ? "passwd" : "password";
        int i = startsWith ? 5 : 2;
        int i2 = 0;
        Iterator<Argument> it = list.iterator();
        while (it.hasNext()) {
            RegularArgument regularArgument = (Argument) it.next();
            if (regularArgument.is(new Tree.Kind[]{Tree.Kind.REGULAR_ARGUMENT})) {
                RegularArgument regularArgument2 = regularArgument;
                Name keywordArgument = regularArgument2.keywordArgument();
                if (keywordArgument != null && keywordArgument.name().equals(str2)) {
                    return regularArgument2;
                }
                if (keywordArgument != null) {
                    continue;
                } else {
                    if (i2 == i) {
                        return regularArgument2;
                    }
                    i2++;
                }
            }
        }
        return null;
    }

    private static void checkDjangoSettings(SubscriptionContext subscriptionContext) {
        if (subscriptionContext.pythonFile().fileName().equals("settings.py")) {
            KeyValuePair syntaxNode = subscriptionContext.syntaxNode();
            Tree.Kind[] kindArr = {Tree.Kind.DICTIONARY_LITERAL, Tree.Kind.KEY_VALUE_PAIR, Tree.Kind.DICTIONARY_LITERAL, Tree.Kind.ASSIGNMENT_STMT, Tree.Kind.STATEMENT_LIST, Tree.Kind.FILE_INPUT};
            int i = 0;
            AssignmentStatement parent = syntaxNode.parent();
            while (true) {
                AssignmentStatement assignmentStatement = parent;
                if (assignmentStatement == null || !assignmentStatement.is(new Tree.Kind[]{kindArr[i]})) {
                    break;
                }
                if (assignmentStatement.is(new Tree.Kind[]{Tree.Kind.ASSIGNMENT_STMT}) && !isDatabasesAssignment(assignmentStatement)) {
                    return;
                }
                i++;
                parent = assignmentStatement.parent();
            }
            if (i == kindArr.length && syntaxNode.key().is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL}) && isString(syntaxNode.key(), "PASSWORD") && isString(syntaxNode.value(), "")) {
                subscriptionContext.addIssue(syntaxNode, MESSAGE);
            }
        }
    }

    private static boolean isString(Tree tree, String str) {
        if (tree.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL})) {
            return ((StringLiteral) tree).trimmedQuotesValue().equals(str);
        }
        return false;
    }

    private static boolean isDatabasesAssignment(AssignmentStatement assignmentStatement) {
        List lhsExpressions = assignmentStatement.lhsExpressions();
        return lhsExpressions.size() == 1 && ((ExpressionList) lhsExpressions.get(0)).expressions().size() == 1 && ((Expression) ((ExpressionList) lhsExpressions.get(0)).expressions().get(0)).is(new Tree.Kind[]{Tree.Kind.NAME}) && ((Name) ((ExpressionList) lhsExpressions.get(0)).expressions().get(0)).name().equals("DATABASES");
    }
}
