package org.sonar.python.checks.hotspots;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.sonar.check.Rule;
import org.sonar.python.SubscriptionCheck;
import org.sonar.python.SubscriptionContext;
import org.sonar.python.api.tree.Argument;
import org.sonar.python.api.tree.BinaryExpression;
import org.sonar.python.api.tree.CallExpression;
import org.sonar.python.api.tree.Expression;
import org.sonar.python.api.tree.FileInput;
import org.sonar.python.api.tree.Name;
import org.sonar.python.api.tree.QualifiedExpression;
import org.sonar.python.api.tree.StringLiteral;
import org.sonar.python.api.tree.Tree;
import org.sonar.python.checks.AbstractCallExpressionCheck;
import org.sonar.python.semantic.Symbol;
import org.sonar.python.tree.BaseTreeVisitor;

@Rule(key = SQLQueriesCheck.CHECK_KEY)
/* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck.class */
public class SQLQueriesCheck extends AbstractCallExpressionCheck {
    public static final String CHECK_KEY = "S2077";
    private static final String MESSAGE = "Make sure that formatting this SQL query is safe here.";
    private boolean isUsingDjangoModel = false;
    private boolean isUsingDjangoDBConnection = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/python/checks/hotspots/SQLQueriesCheck$FormattedStringVisitor.class */
    public static class FormattedStringVisitor extends BaseTreeVisitor {
        boolean hasFormattedString;

        private FormattedStringVisitor() {
            this.hasFormattedString = false;
        }

        @Override // org.sonar.python.tree.BaseTreeVisitor, org.sonar.python.api.tree.TreeVisitor
        public void visitStringLiteral(StringLiteral stringLiteral) {
            super.visitStringLiteral(stringLiteral);
            this.hasFormattedString |= stringLiteral.stringElements().stream().anyMatch(stringElement -> {
                return stringElement.prefix().equalsIgnoreCase("f");
            });
        }

        @Override // org.sonar.python.tree.BaseTreeVisitor, org.sonar.python.api.tree.TreeVisitor
        public void visitCallExpression(CallExpression callExpression) {
            if (callExpression.callee().is(Tree.Kind.QUALIFIED_EXPR)) {
                QualifiedExpression qualifiedExpression = (QualifiedExpression) callExpression.callee();
                this.hasFormattedString |= qualifiedExpression.name().name().equals("format") && qualifiedExpression.qualifier().is(Tree.Kind.STRING_LITERAL);
            }
            super.visitCallExpression(callExpression);
        }

        @Override // org.sonar.python.tree.BaseTreeVisitor, org.sonar.python.api.tree.TreeVisitor
        public void visitBinaryExpression(BinaryExpression binaryExpression) {
            this.hasFormattedString |= binaryExpression.leftOperand().is(Tree.Kind.STRING_LITERAL) || binaryExpression.rightOperand().is(Tree.Kind.STRING_LITERAL);
            super.visitBinaryExpression(binaryExpression);
        }
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected Set<String> functionsToCheck() {
        return Collections.singleton("django.db.models.expressions.RawSQL");
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected String message() {
        return MESSAGE;
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck, org.sonar.python.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        super.initialize(context);
        context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::visitFile);
    }

    private void visitFile(SubscriptionContext subscriptionContext) {
        this.isUsingDjangoModel = false;
        this.isUsingDjangoDBConnection = false;
        for (Symbol symbol : (List) ((FileInput) subscriptionContext.syntaxNode()).descendants().filter(tree -> {
            return tree.is(Tree.Kind.IMPORT_FROM) || tree.is(Tree.Kind.IMPORT_NAME);
        }).flatMap(tree2 -> {
            return tree2.descendants(Tree.Kind.NAME);
        }).map(tree3 -> {
            return ((Name) tree3).symbol();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList())) {
            String fullyQualifiedName = symbol.fullyQualifiedName() != null ? symbol.fullyQualifiedName() : StringUtils.EMPTY;
            if (fullyQualifiedName.contains("django.db.models")) {
                this.isUsingDjangoModel = true;
            }
            if (fullyQualifiedName.contains("django.db.connection")) {
                this.isUsingDjangoDBConnection = true;
            }
        }
    }

    private boolean isSQLQueryFromDjangoModel(String str) {
        return this.isUsingDjangoModel && (str.equals("raw") || str.equals("extra"));
    }

    private boolean isSQLQueryFromDjangoDBConnection(String str) {
        return this.isUsingDjangoDBConnection && str.equals("execute");
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    public void visitNode(SubscriptionContext subscriptionContext) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        if (callExpression.callee().is(Tree.Kind.QUALIFIED_EXPR)) {
            String name = ((QualifiedExpression) callExpression.callee()).name().name();
            if ((isSQLQueryFromDjangoModel(name) || isSQLQueryFromDjangoDBConnection(name)) && !isException(callExpression, name)) {
                subscriptionContext.addIssue(callExpression, MESSAGE);
            }
        }
        super.visitNode(subscriptionContext);
    }

    private static boolean isException(CallExpression callExpression, String str) {
        List<Argument> arguments = callExpression.arguments();
        if (extraContainsFormattedSqlQueries(arguments, str)) {
            return false;
        }
        return arguments.isEmpty() || !isFormatted(arguments.get(0).expression());
    }

    @Override // org.sonar.python.checks.AbstractCallExpressionCheck
    protected boolean isException(CallExpression callExpression) {
        return isException(callExpression, StringUtils.EMPTY);
    }

    private static boolean isFormatted(Expression expression) {
        FormattedStringVisitor formattedStringVisitor = new FormattedStringVisitor();
        expression.accept(formattedStringVisitor);
        return formattedStringVisitor.hasFormattedString;
    }

    private static boolean extraContainsFormattedSqlQueries(List<Argument> list, String str) {
        if (str.equals("extra")) {
            return list.stream().filter(SQLQueriesCheck::isAssignment).map((v0) -> {
                return v0.expression();
            }).anyMatch(SQLQueriesCheck::isFormatted);
        }
        return false;
    }

    private static boolean isAssignment(Argument argument) {
        return argument.equalToken() != null;
    }
}
