package org.sonar.python.checks.hotspots;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.symbols.Symbol;
import org.sonar.plugins.python.api.tree.ArgList;
import org.sonar.plugins.python.api.tree.Argument;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Decorator;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.DictionaryLiteralElement;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.ExpressionList;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.ListLiteral;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.SubscriptionExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.plugins.python.api.tree.Tuple;

@Rule(key = "S5122")
/* loaded from: input_file:org/sonar/python/checks/hotspots/CorsCheck.class */
public class CorsCheck extends PythonSubscriptionCheck {
    private static final String MESSAGE = "Make sure this permissive CORS policy is safe here.";
    private static final String DJANGO_ALLOW_ALL = "CORS_ORIGIN_ALLOW_ALL";
    private static final String DJANGO_WHITELIST = "CORS_ORIGIN_REGEX_WHITELIST";
    private static final String ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static final String ORIGINS = "origins";
    private static final String STAR = "*";
    private static final List<String> REGEX_TO_REPORT = Arrays.asList(".*", ".+", "^.*$", "^.+$", ".*$", ".+$", "^.*", "^.+", STAR);
    private static final List<String> TYPES_TO_CHECK = Arrays.asList("django.http.HttpResponse", "django.http.response.HttpResponse", "werkzeug.datastructures.Headers");

    @Override // org.sonar.plugins.python.api.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, CorsCheck::checkDjangoSettings);
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, CorsCheck::checkAllowOriginProperty);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, CorsCheck::checkDjangoResponseSetItem);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, CorsCheck::checkFlaskCorsCall);
        context.registerSyntaxNodeConsumer(Tree.Kind.DECORATOR, CorsCheck::checkFlaskDecorator);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, CorsCheck::checkFlaskResponse);
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, CorsCheck::checkWerkzeugHeaders);
    }

    private static void checkDjangoSettings(SubscriptionContext subscriptionContext) {
        if (subscriptionContext.pythonFile().fileName().equals("settings.py")) {
            AssignmentStatement assignmentStatement = (AssignmentStatement) subscriptionContext.syntaxNode();
            if (isVarAssignment(assignmentStatement, DJANGO_ALLOW_ALL) && assignmentStatement.assignedValue().is(Tree.Kind.NAME) && ((Name) assignmentStatement.assignedValue()).name().equals("True")) {
                subscriptionContext.addIssue(assignmentStatement, MESSAGE);
            } else if (isVarAssignment(assignmentStatement, DJANGO_WHITELIST)) {
                getSingleElementInList(assignmentStatement.assignedValue()).ifPresent(expression -> {
                    if (isString(expression, REGEX_TO_REPORT)) {
                        subscriptionContext.addIssue(assignmentStatement, MESSAGE);
                    }
                });
            }
        }
    }

    private static void checkAllowOriginProperty(SubscriptionContext subscriptionContext) {
        AssignmentStatement assignmentStatement = (AssignmentStatement) subscriptionContext.syntaxNode();
        Optional<Expression> onlyAssignedLhs = getOnlyAssignedLhs(assignmentStatement);
        if (onlyAssignedLhs.isPresent() && onlyAssignedLhs.get().is(Tree.Kind.SUBSCRIPTION)) {
            SubscriptionExpression subscriptionExpression = (SubscriptionExpression) onlyAssignedLhs.get();
            if (subscriptionExpression.object().is(Tree.Kind.NAME)) {
                List<Expression> expressions = subscriptionExpression.subscripts().expressions();
                if (expressions.size() == 1 && TYPES_TO_CHECK.stream().anyMatch(str -> {
                    return subscriptionExpression.object().type().canOnlyBe(str);
                }) && isString(expressions.get(0), ALLOW_ORIGIN) && isString(assignmentStatement.assignedValue(), STAR)) {
                    subscriptionContext.addIssue(assignmentStatement, MESSAGE);
                }
            }
        }
    }

    private static void checkDjangoResponseSetItem(SubscriptionContext subscriptionContext) {
        reportOnSetMethod(subscriptionContext, "django.http.response.HttpResponseBase.__setitem__");
    }

    private static void reportOnSetMethod(SubscriptionContext subscriptionContext, String str) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        Symbol calleeSymbol = callExpression.calleeSymbol();
        if (callExpression.arguments().size() == 2 && isSymbol(calleeSymbol, str)) {
            Argument argument = callExpression.arguments().get(0);
            Argument argument2 = callExpression.arguments().get(1);
            if (isString(argument, ALLOW_ORIGIN) && isString(argument2, STAR)) {
                subscriptionContext.addIssue(callExpression, MESSAGE);
            }
        }
    }

    private static void checkFlaskDecorator(SubscriptionContext subscriptionContext) {
        Decorator decorator = (Decorator) subscriptionContext.syntaxNode();
        List<Name> names = decorator.name().names();
        if (names.size() == 1 && isSymbol(names.get(0).symbol(), "flask_cors.cross_origin")) {
            ArgList arguments = decorator.arguments();
            if (arguments == null) {
                subscriptionContext.addIssue(decorator, MESSAGE);
            } else {
                getArgument(arguments.arguments(), ORIGINS).ifPresent(expression -> {
                    if (originsToReport(expression)) {
                        subscriptionContext.addIssue(decorator, MESSAGE);
                    }
                });
            }
        }
    }

    private static void checkWerkzeugHeaders(SubscriptionContext subscriptionContext) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        if (isSymbol(callExpression.calleeSymbol(), "werkzeug.datastructures.Headers") && callExpression.arguments().size() == 1) {
            reportOnHeader(subscriptionContext, callExpression.arguments().get(0));
            return;
        }
        reportOnSetMethod(subscriptionContext, "werkzeug.datastructures.Headers.set");
        reportOnSetMethod(subscriptionContext, "werkzeug.datastructures.Headers.setdefault");
        reportOnSetMethod(subscriptionContext, "werkzeug.datastructures.Headers.__setitem__");
    }

    private static void checkFlaskResponse(SubscriptionContext subscriptionContext) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        Symbol calleeSymbol = callExpression.calleeSymbol();
        if (isSymbol(calleeSymbol, "flask.Response") || isSymbol(calleeSymbol, "flask.wrappers.Response")) {
            if (callExpression.arguments().size() > 2) {
                reportOnHeader(subscriptionContext, callExpression.arguments().get(2));
            }
        } else if ((isSymbol(calleeSymbol, "flask.make_response") || isSymbol(calleeSymbol, "flask.helpers.make_response")) && callExpression.arguments().size() == 1) {
            Argument argument = callExpression.arguments().get(0);
            if (argument.is(Tree.Kind.REGULAR_ARGUMENT) && ((RegularArgument) argument).expression().is(Tree.Kind.TUPLE)) {
                List<Expression> elements = ((Tuple) ((RegularArgument) argument).expression()).elements();
                if (elements.isEmpty()) {
                    return;
                }
                reportOnHeader(subscriptionContext, elements.get(elements.size() - 1));
            }
        }
    }

    private static <T extends Tree> void reportOnHeader(SubscriptionContext subscriptionContext, T t) {
        getValueInDictionary(t, ALLOW_ORIGIN).ifPresent(expression -> {
            if (isString(expression, STAR)) {
                subscriptionContext.addIssue(t, MESSAGE);
            }
        });
    }

    private static void checkFlaskCorsCall(SubscriptionContext subscriptionContext) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        if (isSymbol(callExpression.calleeSymbol(), "flask_cors.CORS")) {
            if (callExpression.arguments().size() == 1) {
                subscriptionContext.addIssue(callExpression, MESSAGE);
                return;
            }
            Optional<Expression> argument = getArgument(callExpression.arguments(), ORIGINS);
            argument.ifPresent(expression -> {
                if (originsToReport(expression)) {
                    subscriptionContext.addIssue(callExpression, MESSAGE);
                }
            });
            Optional<Expression> argument2 = getArgument(callExpression.arguments(), "resources");
            if (argument2.isPresent()) {
                Expression expression2 = argument2.get();
                if (expression2.is(Tree.Kind.STRING_LITERAL) && !argument.isPresent()) {
                    subscriptionContext.addIssue(callExpression, MESSAGE);
                } else if (expression2.is(Tree.Kind.DICTIONARY_LITERAL)) {
                    checkResourcesElements(subscriptionContext, callExpression, ((DictionaryLiteral) expression2).elements());
                }
            }
        }
    }

    private static void checkResourcesElements(SubscriptionContext subscriptionContext, CallExpression callExpression, List<DictionaryLiteralElement> list) {
        for (DictionaryLiteralElement dictionaryLiteralElement : list) {
            if (dictionaryLiteralElement.is(Tree.Kind.KEY_VALUE_PAIR)) {
                Optional<Expression> valueInDictionary = getValueInDictionary(((KeyValuePair) dictionaryLiteralElement).value(), ORIGINS);
                if (valueInDictionary.isPresent() && originsToReport(valueInDictionary.get())) {
                    subscriptionContext.addIssue(callExpression, MESSAGE);
                    return;
                }
            }
        }
    }

    private static boolean originsToReport(Expression expression) {
        if (expression.is(Tree.Kind.STRING_LITERAL) && REGEX_TO_REPORT.contains(((StringLiteral) expression).trimmedQuotesValue())) {
            return true;
        }
        Optional<Expression> singleElementInList = getSingleElementInList(expression);
        return singleElementInList.isPresent() && isString(singleElementInList.get(), STAR);
    }

    private static Optional<Expression> getValueInDictionary(Tree tree, String str) {
        if (tree.is(Tree.Kind.DICTIONARY_LITERAL)) {
            List<DictionaryLiteralElement> elements = ((DictionaryLiteral) tree).elements();
            Iterator<DictionaryLiteralElement> it = elements.iterator();
            while (it.hasNext()) {
                if (it.next().is(Tree.Kind.KEY_VALUE_PAIR)) {
                    KeyValuePair keyValuePair = (KeyValuePair) elements.get(0);
                    if (isString(keyValuePair.key(), str)) {
                        return Optional.of(keyValuePair.value());
                    }
                }
            }
        } else if (tree.is(Tree.Kind.REGULAR_ARGUMENT)) {
            return getValueInDictionary(((RegularArgument) tree).expression(), str);
        }
        return Optional.empty();
    }

    private static Optional<Expression> getSingleElementInList(Expression expression) {
        if (expression.is(Tree.Kind.LIST_LITERAL)) {
            ListLiteral listLiteral = (ListLiteral) expression;
            if (listLiteral.elements().expressions().size() == 1) {
                return Optional.of(listLiteral.elements().expressions().get(0));
            }
        }
        return Optional.empty();
    }

    private static boolean isString(Tree tree, String str) {
        return isString(tree, (List<String>) Collections.singletonList(str));
    }

    private static boolean isString(Tree tree, List<String> list) {
        if (tree.is(Tree.Kind.STRING_LITERAL)) {
            return list.contains(((StringLiteral) tree).trimmedQuotesValue());
        }
        if (tree.is(Tree.Kind.REGULAR_ARGUMENT)) {
            return isString(((RegularArgument) tree).expression(), list);
        }
        return false;
    }

    private static boolean isVarAssignment(AssignmentStatement assignmentStatement, String str) {
        Optional<Expression> onlyAssignedLhs = getOnlyAssignedLhs(assignmentStatement);
        return onlyAssignedLhs.isPresent() && onlyAssignedLhs.get().is(Tree.Kind.NAME) && ((Name) onlyAssignedLhs.get()).name().equals(str);
    }

    private static Optional<Expression> getOnlyAssignedLhs(AssignmentStatement assignmentStatement) {
        List<ExpressionList> lhsExpressions = assignmentStatement.lhsExpressions();
        return (lhsExpressions.size() == 1 && lhsExpressions.get(0).expressions().size() == 1) ? Optional.of(lhsExpressions.get(0).expressions().get(0)) : Optional.empty();
    }

    private static Optional<Expression> getArgument(List<Argument> list, String str) {
        return list.stream().filter(argument -> {
            return argument.is(Tree.Kind.REGULAR_ARGUMENT);
        }).map(argument2 -> {
            return (RegularArgument) argument2;
        }).filter(regularArgument -> {
            return regularArgument.keywordArgument() != null && regularArgument.keywordArgument().name().equals(str);
        }).map((v0) -> {
            return v0.expression();
        }).findAny();
    }

    private static boolean isSymbol(@Nullable Symbol symbol, String str) {
        return (symbol == null || symbol.fullyQualifiedName() == null || !str.equals(symbol.fullyQualifiedName())) ? false : true;
    }
}
