package org.sonar.python.checks;

import com.google.gson.Gson;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.QualifiedExpression;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.utils.Expressions;
import org.sonar.python.tree.TreeUtils;

@Rule(key = "S6437")
/* loaded from: input_file:org/sonar/python/checks/HardcodedCredentialsCallCheck.class */
public class HardcodedCredentialsCallCheck extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Revoke and change this password, as it is compromised.";
    private final Map<String, CredentialMethod> methods = new CredentialMethodsLoader().load();

    /* loaded from: input_file:org/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod.class */
    public static final class CredentialMethod extends Record {
        private final String name;
        private final List<MethodArgument> sensitiveArguments;

        public CredentialMethod(String str, List<MethodArgument> list) {
            this.name = str;
            this.sensitiveArguments = list;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CredentialMethod.class), CredentialMethod.class, "name;sensitiveArguments", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->sensitiveArguments:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CredentialMethod.class), CredentialMethod.class, "name;sensitiveArguments", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->sensitiveArguments:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CredentialMethod.class, Object.class), CredentialMethod.class, "name;sensitiveArguments", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethod;->sensitiveArguments:Ljava/util/List;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String name() {
            return this.name;
        }

        public List<MethodArgument> sensitiveArguments() {
            return this.sensitiveArguments;
        }
    }

    /* loaded from: input_file:org/sonar/python/checks/HardcodedCredentialsCallCheck$CredentialMethodsLoader.class */
    private static class CredentialMethodsLoader {
        private static final String CHECKS_DIR = "/org/sonar/python/checks";
        private static final String GENERATED_METHODS_RESOURCE_PATH = "/org/sonar/python/checks/generated_hardcoded_credentials_call_check_meta.json";
        private static final String MANUAL_METHODS_RESOURCE_PATH = "/org/sonar/python/checks/manual_hardcoded_credentials_call_check_meta.json";
        private final Gson gson = new Gson();

        private CredentialMethodsLoader() {
        }

        private Map<String, CredentialMethod> load() {
            return (Map) Stream.concat(Stream.of((Object[]) loadMethodsFromResource(GENERATED_METHODS_RESOURCE_PATH)), Stream.of((Object[]) loadMethodsFromResource(MANUAL_METHODS_RESOURCE_PATH))).collect(Collectors.toMap((v0) -> {
                return v0.name();
            }, Function.identity()));
        }

        private CredentialMethod[] loadMethodsFromResource(String str) {
            try {
                InputStream resourceAsStream = HardcodedCredentialsCallCheck.class.getResourceAsStream(str);
                try {
                    CredentialMethod[] credentialMethodArr = (CredentialMethod[]) Optional.ofNullable(resourceAsStream).map(InputStreamReader::new).map(inputStreamReader -> {
                        return (CredentialMethod[]) this.gson.fromJson(inputStreamReader, CredentialMethod[].class);
                    }).orElseThrow(() -> {
                        return new IllegalStateException("Unable to open resource: " + str);
                    });
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return credentialMethodArr;
                } finally {
                }
            } catch (IOException e) {
                throw new IllegalStateException("Unable to read methods metadata from " + str, e);
            }
        }
    }

    /* loaded from: input_file:org/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument.class */
    public static final class MethodArgument extends Record {
        private final String name;

        @Nullable
        private final Integer index;

        public MethodArgument(String str, @Nullable Integer num) {
            this.name = str;
            this.index = num;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, MethodArgument.class), MethodArgument.class, "name;index", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->index:Ljava/lang/Integer;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, MethodArgument.class), MethodArgument.class, "name;index", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->index:Ljava/lang/Integer;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, MethodArgument.class, Object.class), MethodArgument.class, "name;index", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->name:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/HardcodedCredentialsCallCheck$MethodArgument;->index:Ljava/lang/Integer;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String name() {
            return this.name;
        }

        @Nullable
        public Integer index() {
            return this.index;
        }
    }

    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::processCallExpression);
    }

    private void processCallExpression(SubscriptionContext subscriptionContext) {
        Optional of = Optional.of(subscriptionContext.syntaxNode());
        Class<CallExpression> cls = CallExpression.class;
        Objects.requireNonNull(CallExpression.class);
        Optional filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<CallExpression> cls2 = CallExpression.class;
        Objects.requireNonNull(CallExpression.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(this::callHasToBeChecked).ifPresent(callExpression -> {
            checkCallArguments(subscriptionContext, callExpression);
        });
    }

    private void checkCallArguments(SubscriptionContext subscriptionContext, CallExpression callExpression) {
        getMethod(callExpression).ifPresent(credentialMethod -> {
            getArgumentsToCheck(callExpression, credentialMethod).forEach(regularArgument -> {
                checkArgument(subscriptionContext, regularArgument);
            });
        });
    }

    private Stream<RegularArgument> getArgumentsToCheck(CallExpression callExpression, CredentialMethod credentialMethod) {
        return credentialMethod.sensitiveArguments().stream().map(methodArgument -> {
            return methodArgument.index() != null ? TreeUtils.nthArgumentOrKeyword(methodArgument.index().intValue(), methodArgument.name(), callExpression.arguments()) : TreeUtils.argumentByKeyword(methodArgument.name(), callExpression.arguments());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkArgument(SubscriptionContext subscriptionContext, RegularArgument regularArgument) {
        Name expression = regularArgument.expression();
        if (expression.is(new Tree.Kind[]{Tree.Kind.STRING_LITERAL})) {
            Optional of = Optional.of(expression);
            Class<StringLiteral> cls = StringLiteral.class;
            Objects.requireNonNull(StringLiteral.class);
            Optional filter = of.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<StringLiteral> cls2 = StringLiteral.class;
            Objects.requireNonNull(StringLiteral.class);
            filter.map((v1) -> {
                return r1.cast(v1);
            }).filter(HardcodedCredentialsCallCheck::isNotEmpty).ifPresent(stringLiteral -> {
                subscriptionContext.addIssue(regularArgument, MESSAGE);
            });
            return;
        }
        if (expression.is(new Tree.Kind[]{Tree.Kind.NAME})) {
            Optional<Tree> findAssignment = findAssignment(expression, 0);
            Class<StringLiteral> cls3 = StringLiteral.class;
            Objects.requireNonNull(StringLiteral.class);
            Optional<Tree> filter2 = findAssignment.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<StringLiteral> cls4 = StringLiteral.class;
            Objects.requireNonNull(StringLiteral.class);
            filter2.map((v1) -> {
                return r1.cast(v1);
            }).filter(HardcodedCredentialsCallCheck::isNotEmpty).ifPresent(stringLiteral2 -> {
                subscriptionContext.addIssue(regularArgument, MESSAGE).secondary(stringLiteral2, MESSAGE);
            });
        }
    }

    private static boolean isNotEmpty(StringLiteral stringLiteral) {
        return Optional.of(stringLiteral).map((v0) -> {
            return v0.trimmedQuotesValue();
        }).filter(Predicate.not((v0) -> {
            return v0.isEmpty();
        })).isPresent();
    }

    private static Optional<Tree> findAssignment(Name name, int i) {
        return i > 99 ? Optional.empty() : Optional.of(name).map(Expressions::singleAssignedValue).map(expression -> {
            return findValue(expression, i);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Tree findValue(Expression expression, int i) {
        if (expression.is(new Tree.Kind[]{Tree.Kind.NAME})) {
            return findAssignment((Name) expression, i + 1).orElse(null);
        }
        if (!expression.is(new Tree.Kind[]{Tree.Kind.CALL_EXPR})) {
            return expression;
        }
        Optional of = Optional.of(expression);
        Class<CallExpression> cls = CallExpression.class;
        Objects.requireNonNull(CallExpression.class);
        Optional filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<CallExpression> cls2 = CallExpression.class;
        Objects.requireNonNull(CallExpression.class);
        Optional map = filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.callee();
        });
        Class<QualifiedExpression> cls3 = QualifiedExpression.class;
        Objects.requireNonNull(QualifiedExpression.class);
        Optional filter2 = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<QualifiedExpression> cls4 = QualifiedExpression.class;
        Objects.requireNonNull(QualifiedExpression.class);
        return (Tree) filter2.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.qualifier();
        }).map(expression2 -> {
            return findValue(expression2, i + 1);
        }).orElse(expression);
    }

    private Boolean callHasToBeChecked(CallExpression callExpression) {
        Optional<String> methodFqn = getMethodFqn(callExpression);
        Map<String, CredentialMethod> map = this.methods;
        Objects.requireNonNull(map);
        return (Boolean) methodFqn.map((v1) -> {
            return r1.containsKey(v1);
        }).orElse(false);
    }

    private static Optional<String> getMethodFqn(CallExpression callExpression) {
        return Optional.of(callExpression).map((v0) -> {
            return v0.calleeSymbol();
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        });
    }

    private Optional<CredentialMethod> getMethod(CallExpression callExpression) {
        Optional<String> methodFqn = getMethodFqn(callExpression);
        Map<String, CredentialMethod> map = this.methods;
        Objects.requireNonNull(map);
        return methodFqn.map((v1) -> {
            return r1.get(v1);
        });
    }
}
