package org.sonar.python.checks.hotspots;

import com.sonar.sslr.api.AstNode;
import com.sonar.sslr.api.AstNodeType;
import java.util.Set;
import javax.annotation.CheckForNull;
import org.apache.commons.lang.StringUtils;
import org.sonar.check.Rule;
import org.sonar.python.IssueLocation;
import org.sonar.python.PythonCheck;
import org.sonar.python.api.PythonGrammar;
import org.sonar.python.api.PythonPunctuator;
import org.sonar.python.semantic.Symbol;

@Rule(key = RegexCheck.CHECK_KEY)
/* loaded from: input_file:org/sonar/python/checks/hotspots/RegexCheck.class */
public class RegexCheck extends PythonCheck {
    public static final String CHECK_KEY = "S4784";
    private static final String MESSAGE = "Make sure that using a regular expression is safe here.";
    private static final int REGEX_ARGUMENT = 0;
    private static final Set<String> questionableFunctions = immutableSet("django.core.validators.RegexValidator", "django.urls.re_path", "re.compile", "re.match", "re.search", "re.fullmatch", "re.split", "re.findall", "re.finditer", "re.sub", "re.subn", "regex.compile", "regex.match", "regex.search", "regex.fullmatch", "regex.split", "regex.findall", "regex.finditer", "regex.sub", "regex.subn", "regex.subf", "regex.subfn", "regex.splititer");

    @Override // org.sonar.python.PythonVisitor
    public Set<AstNodeType> subscribedKinds() {
        return immutableSet(PythonGrammar.ATTRIBUTE_REF, PythonGrammar.ATOM);
    }

    @Override // org.sonar.python.PythonVisitor
    public void visitNode(AstNode astNode) {
        AstNode parent;
        AstNode firstChild;
        Symbol symbol = getContext().symbolTable().getSymbol(astNode);
        if (symbol == null || !questionableFunctions.contains(symbol.qualifiedName()) || (parent = astNode.getParent()) == null || !parent.is(PythonGrammar.CALL_EXPR) || (firstChild = parent.getFirstChild(PythonGrammar.ARGLIST)) == null) {
            return;
        }
        checkRegexArgument(firstChild.getChildren().get(0));
    }

    private void checkRegexArgument(AstNode astNode) {
        AstNode firstDescendant = astNode.getFirstDescendant(PythonGrammar.ATOM);
        if (firstDescendant == null) {
            return;
        }
        String tokenValue = firstDescendant.getTokenValue();
        Symbol symbol = getContext().symbolTable().getSymbol(firstDescendant);
        IssueLocation issueLocation = null;
        if (symbol != null && symbol.writeUsages().size() == 1) {
            AstNode firstAncestor = symbol.writeUsages().iterator().next().getFirstAncestor(PythonGrammar.EXPRESSION_STMT);
            if (isAssignment(firstAncestor)) {
                AstNode astNode2 = firstAncestor.getChildren().get(2);
                tokenValue = astNode2.getTokenValue();
                issueLocation = IssueLocation.preciseLocation(astNode2, StringUtils.EMPTY);
            }
        }
        if (isSuspiciousRegex(tokenValue)) {
            PythonCheck.PreciseIssue addIssue = addIssue(firstDescendant, MESSAGE);
            if (issueLocation != null) {
                addIssue.secondary(issueLocation);
            }
        }
    }

    private static boolean isAssignment(@CheckForNull AstNode astNode) {
        return astNode != null && astNode.getChildren().size() == 3 && astNode.getChildren().get(1).is(PythonPunctuator.ASSIGN);
    }

    private static boolean isSuspiciousRegex(String str) {
        return str.length() > 2 && str.length() - str.replaceAll("[*+{]", StringUtils.EMPTY).length() > 1;
    }
}
