package org.sonar.python.checks.hotspots;

import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.DictionaryLiteralElement;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.ExpressionList;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.QualifiedExpression;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.SubscriptionExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.utils.Expressions;
import org.sonar.python.tree.TreeUtils;

/* loaded from: input_file:org/sonar/python/checks/hotspots/AbstractCookieFlagCheck.class */
public abstract class AbstractCookieFlagCheck extends PythonSubscriptionCheck {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sonar/python/checks/hotspots/AbstractCookieFlagCheck$MethodArgumentsToCheck.class */
    public static class MethodArgumentsToCheck {
        private final String calleeFqn;
        private final String methodName;
        private final String methodFqn;
        private final String argumentName;
        private final int argumentPosition;
        private final Predicate<RegularArgument> invalidArgumentPredicate;

        public MethodArgumentsToCheck(String str, String str2, int i, Predicate<RegularArgument> predicate) {
            this(str, null, str2, i, predicate);
        }

        public MethodArgumentsToCheck(String str, String str2, String str3, int i) {
            this(str, str2, str3, i, regularArgument -> {
                return regularArgument == null || Expressions.isFalsy(regularArgument.expression());
            });
        }

        public MethodArgumentsToCheck(String str, @Nullable String str2, String str3, int i, Predicate<RegularArgument> predicate) {
            this.calleeFqn = str;
            this.methodName = str2;
            this.invalidArgumentPredicate = predicate;
            this.methodFqn = (String) Optional.ofNullable(str2).map(str4 -> {
                return str + "." + str4;
            }).orElse(str);
            this.argumentName = str3;
            this.argumentPosition = i;
        }

        public String calleeFqn() {
            return this.calleeFqn;
        }

        public String methodName() {
            return this.methodName;
        }

        public String argumentName() {
            return this.argumentName;
        }

        public int argumentPosition() {
            return this.argumentPosition;
        }

        public String methodFqn() {
            return this.methodFqn;
        }

        public Predicate<RegularArgument> invalidArgumentPredicate() {
            return this.invalidArgumentPredicate;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sonar/python/checks/hotspots/AbstractCookieFlagCheck$MethodArgumentsToCheckRegistry.class */
    public static class MethodArgumentsToCheckRegistry {
        private final Map<String, List<MethodArgumentsToCheck>> byMethodName;
        private final Map<String, MethodArgumentsToCheck> byMethodFqn;

        public MethodArgumentsToCheckRegistry(MethodArgumentsToCheck... methodArgumentsToCheckArr) {
            this.byMethodName = (Map) Stream.of((Object[]) methodArgumentsToCheckArr).filter(methodArgumentsToCheck -> {
                return Objects.nonNull(methodArgumentsToCheck.methodName);
            }).collect(Collectors.groupingBy((v0) -> {
                return v0.methodName();
            }));
            this.byMethodFqn = (Map) Stream.of((Object[]) methodArgumentsToCheckArr).collect(Collectors.toMap((v0) -> {
                return v0.methodFqn();
            }, Function.identity(), (methodArgumentsToCheck2, methodArgumentsToCheck3) -> {
                return methodArgumentsToCheck3;
            }));
        }

        List<MethodArgumentsToCheck> getByMethodName(String str) {
            return this.byMethodName.get(str);
        }

        MethodArgumentsToCheck getByMethodFqn(String str) {
            return this.byMethodFqn.get(str);
        }

        boolean hasMethodName(String str) {
            return this.byMethodName.containsKey(str);
        }

        boolean hasMethodFqn(String str) {
            return this.byMethodFqn.containsKey(str);
        }
    }

    @Override // org.sonar.plugins.python.api.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, subscriptionContext -> {
            AssignmentStatement assignmentStatement = (AssignmentStatement) subscriptionContext.syntaxNode();
            getSubscriptionToCookies(assignmentStatement.lhsExpressions()).forEach(subscriptionExpression -> {
                if (isSettingFlag(subscriptionExpression, flagName()) && Expressions.isFalsy(assignmentStatement.assignedValue())) {
                    subscriptionContext.addIssue(assignmentStatement, message());
                }
            });
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, subscriptionContext2 -> {
            verifyCallExpression(subscriptionContext2, (CallExpression) subscriptionContext2.syntaxNode());
        });
    }

    private void verifyCallExpression(SubscriptionContext subscriptionContext, CallExpression callExpression) {
        if (callExpression.arguments().stream().anyMatch(argument -> {
            return argument.is(Tree.Kind.UNPACKING_EXPR);
        })) {
            return;
        }
        MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry = methodArgumentsToCheckRegistry();
        String callExpressionMethodName = getCallExpressionMethodName(callExpression);
        String callExpressionMethodFqn = getCallExpressionMethodFqn(callExpression);
        if ((callExpressionMethodName == null || !methodArgumentsToCheckRegistry.hasMethodName(callExpressionMethodName)) && (callExpressionMethodFqn == null || !methodArgumentsToCheckRegistry.hasMethodFqn(callExpressionMethodFqn))) {
            return;
        }
        findMethodArgumentToCheck(callExpression, callExpressionMethodFqn, callExpressionMethodName).ifPresent(methodArgumentsToCheck -> {
            if (methodArgumentsToCheck.invalidArgumentPredicate().test(TreeUtils.nthArgumentOrKeyword(methodArgumentsToCheck.argumentPosition(), methodArgumentsToCheck.argumentName(), callExpression.arguments()))) {
                subscriptionContext.addIssue(callExpression.callee(), message());
            }
        });
    }

    private Optional<MethodArgumentsToCheck> findMethodArgumentToCheck(CallExpression callExpression, @Nullable String str, @Nullable String str2) {
        Optional ofNullable = Optional.ofNullable(str);
        MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry = methodArgumentsToCheckRegistry();
        Objects.requireNonNull(methodArgumentsToCheckRegistry);
        return ofNullable.map(methodArgumentsToCheckRegistry::getByMethodFqn).or(() -> {
            Optional ofNullable2 = Optional.ofNullable(str2);
            MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry2 = methodArgumentsToCheckRegistry();
            Objects.requireNonNull(methodArgumentsToCheckRegistry2);
            return ofNullable2.map(methodArgumentsToCheckRegistry2::getByMethodName).stream().flatMap((v0) -> {
                return v0.stream();
            }).filter(methodArgumentsToCheck -> {
                return canBeOrExtendMatches(callExpression, methodArgumentsToCheck).booleanValue();
            }).findFirst();
        });
    }

    private static Boolean canBeOrExtendMatches(CallExpression callExpression, MethodArgumentsToCheck methodArgumentsToCheck) {
        return (Boolean) Optional.of(callExpression).map((v0) -> {
            return v0.callee();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(QualifiedExpression.class)).map((v0) -> {
            return v0.qualifier();
        }).map((v0) -> {
            return v0.type();
        }).map(inferredType -> {
            return Boolean.valueOf(inferredType.mustBeOrExtend(methodArgumentsToCheck.calleeFqn()));
        }).orElse(false);
    }

    private static String getCallExpressionMethodName(CallExpression callExpression) {
        return (String) Optional.of(callExpression).map((v0) -> {
            return v0.calleeSymbol();
        }).map((v0) -> {
            return v0.name();
        }).orElse(null);
    }

    private static String getCallExpressionMethodFqn(CallExpression callExpression) {
        return (String) Optional.of(callExpression).map((v0) -> {
            return v0.calleeSymbol();
        }).map((v0) -> {
            return v0.fullyQualifiedName();
        }).orElse(null);
    }

    private static Stream<SubscriptionExpression> getSubscriptionToCookies(List<ExpressionList> list) {
        Stream filter = list.stream().flatMap(expressionList -> {
            return expressionList.expressions().stream();
        }).filter(expression -> {
            if (expression.is(Tree.Kind.SUBSCRIPTION)) {
                return getObject(((SubscriptionExpression) expression).object()).type().canOnlyBe("http.cookies.SimpleCookie");
            }
            return false;
        });
        Class<SubscriptionExpression> cls = SubscriptionExpression.class;
        Objects.requireNonNull(SubscriptionExpression.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        });
    }

    private static boolean isSettingFlag(SubscriptionExpression subscriptionExpression, String str) {
        List<ExpressionList> subscripts = getSubscripts(subscriptionExpression);
        if (subscripts.size() == 1) {
            return false;
        }
        return subscripts.stream().skip(1L).anyMatch(expressionList -> {
            return expressionList.expressions().size() == 1 && isFlagNameStringLiteral(expressionList.expressions().get(0), str);
        });
    }

    private static List<ExpressionList> getSubscripts(SubscriptionExpression subscriptionExpression) {
        ArrayDeque arrayDeque = new ArrayDeque();
        arrayDeque.addFirst(subscriptionExpression.subscripts());
        Expression object = subscriptionExpression.object();
        while (true) {
            Expression expression = object;
            if (!expression.is(Tree.Kind.SUBSCRIPTION)) {
                return new ArrayList(arrayDeque);
            }
            arrayDeque.addFirst(((SubscriptionExpression) expression).subscripts());
            object = ((SubscriptionExpression) expression).object();
        }
    }

    private static boolean isFlagNameStringLiteral(Expression expression, String str) {
        return expression.is(Tree.Kind.STRING_LITERAL) && ((StringLiteral) expression).trimmedQuotesValue().equalsIgnoreCase(str);
    }

    private static Expression getObject(Expression expression) {
        return expression.is(Tree.Kind.SUBSCRIPTION) ? getObject(((SubscriptionExpression) expression).object()) : expression;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInvalidHeaderArgument(@Nullable RegularArgument regularArgument) {
        return ((Boolean) Optional.ofNullable(regularArgument).map((v0) -> {
            return v0.expression();
        }).map(this::isDictWithSensitiveEntry).orElse(false)).booleanValue();
    }

    private boolean isDictWithSensitiveEntry(Expression expression) {
        return ((Boolean) TreeUtils.toOptionalInstanceOf(Name.class, expression).flatMap(Expressions::singleAssignedNonNameValue).map(this::isDictWithSensitiveEntry).or(() -> {
            return TreeUtils.toOptionalInstanceOf(DictionaryLiteral.class, expression).map(this::hasInvalidEntry);
        }).orElse(false)).booleanValue();
    }

    private boolean hasInvalidEntry(DictionaryLiteral dictionaryLiteral) {
        Stream<DictionaryLiteralElement> stream = dictionaryLiteral.elements().stream();
        Class<KeyValuePair> cls = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        Stream<DictionaryLiteralElement> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<KeyValuePair> cls2 = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(keyValuePair -> {
            return isSensitiveKey(keyValuePair.key());
        }).map((v0) -> {
            return v0.value();
        }).anyMatch(this::invalidValue);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isSensitiveKey(Expression expression) {
        String str = "set-cookie";
        return TreeUtils.toOptionalInstanceOf(StringLiteral.class, expression).map((v0) -> {
            return v0.trimmedQuotesValue();
        }).filter(str::equalsIgnoreCase).isPresent();
    }

    private boolean invalidValue(Expression expression) {
        return TreeUtils.toOptionalInstanceOf(StringLiteral.class, expression).map((v0) -> {
            return v0.trimmedQuotesValue();
        }).filter(Predicate.not(str -> {
            return str.matches(headerValueRegex());
        })).isPresent();
    }

    protected abstract String headerValueRegex();

    abstract String flagName();

    abstract String message();

    abstract MethodArgumentsToCheckRegistry methodArgumentsToCheckRegistry();
}
