package org.sonar.python.checks.hotspots;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Objects;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.AnnotatedAssignment;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.DictionaryLiteral;
import org.sonar.plugins.python.api.tree.DictionaryLiteralElement;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.KeyValuePair;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.ParameterList;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.python.checks.utils.Expressions;
import org.sonarsource.analyzer.commons.ShannonEntropy;

@Rule(key = "S6418")
/* loaded from: input_file:org/sonar/python/checks/hotspots/HardCodedCredentialsEntropyCheck.class */
public class HardCodedCredentialsEntropyCheck extends PythonSubscriptionCheck {
    private static final String DEFAULT_SECRET_KEYWORDS = "api[_.-]?key,auth,credential,secret,token";
    private static final String DEFAULT_RANDOMNESS_SENSIBILITY = "3.0";
    private static final Pattern POSTVALIDATION_PATTERN = Pattern.compile("[a-zA-Z0-9_.+/~$-]([a-zA-Z0-9_.+/=~$-]|\\\\\\\\(?![ntr\"])){14,1022}[a-zA-Z0-9_.+/=~$-]");
    private static final String MESSAGE = "\"%s\" detected here, make sure this is not a hard-coded secret.";
    private Collection<Pattern> patterns = null;

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential credentials", defaultValue = DEFAULT_SECRET_KEYWORDS)
    public String secretKeyWords = DEFAULT_SECRET_KEYWORDS;

    @RuleProperty(key = "randomnessSensibility", description = "Allows to tune the Randomness Sensibility (from 0 to 10)", defaultValue = DEFAULT_RANDOMNESS_SENSIBILITY)
    public double randomnessSensibility = Double.parseDouble(DEFAULT_RANDOMNESS_SENSIBILITY);

    @Override // org.sonar.plugins.python.api.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, this::checkAssignment);
        context.registerSyntaxNodeConsumer(Tree.Kind.ANNOTATED_ASSIGNMENT, this::checkAnnotatedAssignment);
        context.registerSyntaxNodeConsumer(Tree.Kind.PARAMETER_LIST, this::checkParameterList);
        context.registerSyntaxNodeConsumer(Tree.Kind.REGULAR_ARGUMENT, this::checkRegularArgument);
        context.registerSyntaxNodeConsumer(Tree.Kind.DICTIONARY_LITERAL, this::checkDictionaryLiteral);
    }

    private void patternMatch(Name name, Tree tree, String str, SubscriptionContext subscriptionContext) {
        patternMatch(name.name(), tree, str, subscriptionContext);
    }

    private void patternMatch(String str, Tree tree, String str2, SubscriptionContext subscriptionContext) {
        if (valuePassesPostValidation(str2) && entropyShouldRaise(str2)) {
            patterns().stream().filter(pattern -> {
                return pattern.matcher(str).matches();
            }).findFirst().ifPresent(pattern2 -> {
                subscriptionContext.addIssue(tree, String.format(MESSAGE, str));
            });
        }
    }

    private void checkParameterList(SubscriptionContext subscriptionContext) {
        ((ParameterList) subscriptionContext.syntaxNode()).nonTuple().stream().filter(parameter -> {
            return parameter.name() != null;
        }).filter(parameter2 -> {
            return parameter2.defaultValue() != null;
        }).filter(parameter3 -> {
            return parameter3.defaultValue().is(Tree.Kind.STRING_LITERAL);
        }).forEach(parameter4 -> {
            patternMatch(parameter4.name(), parameter4.defaultValue(), ((StringLiteral) parameter4.defaultValue()).trimmedQuotesValue(), subscriptionContext);
        });
    }

    private void checkDictionaryLiteral(SubscriptionContext subscriptionContext) {
        Stream<DictionaryLiteralElement> filter = ((DictionaryLiteral) subscriptionContext.syntaxNode()).elements().stream().filter(dictionaryLiteralElement -> {
            return dictionaryLiteralElement.is(Tree.Kind.KEY_VALUE_PAIR);
        });
        Class<KeyValuePair> cls = KeyValuePair.class;
        Objects.requireNonNull(KeyValuePair.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(keyValuePair -> {
            return keyValuePair.value().is(Tree.Kind.STRING_LITERAL);
        }).filter(keyValuePair2 -> {
            return keyValuePair2.key().is(Tree.Kind.STRING_LITERAL);
        }).forEach(keyValuePair3 -> {
            patternMatch(((StringLiteral) keyValuePair3.key()).trimmedQuotesValue(), keyValuePair3.value(), ((StringLiteral) keyValuePair3.value()).trimmedQuotesValue(), subscriptionContext);
        });
    }

    private void checkRegularArgument(SubscriptionContext subscriptionContext) {
        RegularArgument regularArgument = (RegularArgument) subscriptionContext.syntaxNode();
        Name keywordArgument = regularArgument.keywordArgument();
        if (keywordArgument != null) {
            Expression expression = regularArgument.expression();
            if (expression instanceof StringLiteral) {
                patternMatch(keywordArgument, regularArgument, ((StringLiteral) expression).trimmedQuotesValue(), subscriptionContext);
            }
        }
    }

    private void checkAnnotatedAssignment(SubscriptionContext subscriptionContext) {
        AnnotatedAssignment annotatedAssignment = (AnnotatedAssignment) subscriptionContext.syntaxNode();
        Expression assignedValue = annotatedAssignment.assignedValue();
        Expression variable = annotatedAssignment.variable();
        if (assignedValue instanceof StringLiteral) {
            StringLiteral stringLiteral = (StringLiteral) assignedValue;
            if (variable instanceof Name) {
                patternMatch((Name) variable, assignedValue, stringLiteral.trimmedQuotesValue(), subscriptionContext);
            }
        }
    }

    private void checkAssignment(SubscriptionContext subscriptionContext) {
        ArrayList arrayList = new ArrayList();
        Expression assignedValue = ((AssignmentStatement) subscriptionContext.syntaxNode()).assignedValue();
        if (assignedValue.is(Tree.Kind.TUPLE)) {
            arrayList.addAll(Expressions.getExpressionsFromRhs(assignedValue));
        } else {
            arrayList.add(assignedValue);
        }
        Stream stream = arrayList.stream();
        Class<StringLiteral> cls = StringLiteral.class;
        Objects.requireNonNull(StringLiteral.class);
        Stream filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<StringLiteral> cls2 = StringLiteral.class;
        Objects.requireNonNull(StringLiteral.class);
        filter.map((v1) -> {
            return r1.cast(v1);
        }).forEach(stringLiteral -> {
            Expressions.getAssignedName(stringLiteral).ifPresent(name -> {
                patternMatch(name, stringLiteral, stringLiteral.trimmedQuotesValue(), subscriptionContext);
            });
        });
    }

    private static boolean valuePassesPostValidation(String str) {
        return POSTVALIDATION_PATTERN.matcher(str).matches();
    }

    private boolean entropyShouldRaise(String str) {
        return ShannonEntropy.calculate(str) > this.randomnessSensibility;
    }

    private Collection<Pattern> patterns() {
        if (this.patterns == null) {
            this.patterns = Stream.of((Object[]) this.secretKeyWords.split(",")).map(str -> {
                return Pattern.compile("(" + str + ")", 2);
            }).toList();
        }
        return this.patterns;
    }
}
