package org.sonar.python.checks;

import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.semantic.Symbol;

@Rule(key = "S5445")
/* loaded from: input_file:org/sonar/python/checks/TempFileCreationCheck.class */
public class TempFileCreationCheck extends PythonSubscriptionCheck {
    private static final List<String> SUSPICIOUS_CALLS = Arrays.asList("os.tempnam", "os.tmpnam", "tempfile.mktemp");

    @Override // org.sonar.plugins.python.api.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext -> {
            CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
            isInsecureTempFile(callExpression.calleeSymbol()).ifPresent(str -> {
                subscriptionContext.addIssue(callExpression, String.format("'%s' is insecure. Use 'tempfile.TemporaryFile' instead", str));
            });
        });
    }

    private static Optional<String> isInsecureTempFile(@Nullable Symbol symbol) {
        return symbol == null ? Optional.empty() : SUSPICIOUS_CALLS.stream().filter(str -> {
            return str.equals(symbol.fullyQualifiedName());
        }).findFirst();
    }
}
