package org.sonar.python.checks.hotspots;

import com.ctc.wstx.api.ReaderConfig;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.plugins.python.api.PythonSubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionCheck;
import org.sonar.plugins.python.api.SubscriptionContext;
import org.sonar.plugins.python.api.tree.AssignmentStatement;
import org.sonar.plugins.python.api.tree.CallExpression;
import org.sonar.plugins.python.api.tree.Expression;
import org.sonar.plugins.python.api.tree.ListLiteral;
import org.sonar.plugins.python.api.tree.Name;
import org.sonar.plugins.python.api.tree.QualifiedExpression;
import org.sonar.plugins.python.api.tree.RegularArgument;
import org.sonar.plugins.python.api.tree.StringLiteral;
import org.sonar.plugins.python.api.tree.SubscriptionExpression;
import org.sonar.plugins.python.api.tree.Tree;
import org.sonar.plugins.python.api.types.v2.TriBool;
import org.sonar.python.checks.hotspots.CommonValidationUtils;
import org.sonar.python.semantic.SymbolUtils;
import org.sonar.python.tree.TreeUtils;
import org.sonar.python.types.v2.TypeCheckBuilder;
import org.sonar.python.types.v2.TypeCheckMap;

@Rule(key = "S5344")
/* loaded from: input_file:org/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck.class */
public class FastHashingOrPlainTextCheck extends PythonSubscriptionCheck {
    private static final String SCRYPT_PARAMETERS_MESSAGE = "Use strong scrypt parameters.";
    private static final String ARGON2_MESSAGE = "Use secure Argon2 parameters.";
    private static final String BCRYPT_MESSAGE = "Use strong bcrypt parameters.";
    private static final String DJANGO_MESSAGE = "Use a secure hashing algorithm to store passwords.";
    private TypeCheckBuilder argon2IDTypeChecker = null;
    private final CommonValidationUtils.CallValidator argon2Type = new CommonValidationUtils.ArgumentValidator(0, "type", (subscriptionContext, regularArgument) -> {
        if (this.argon2IDTypeChecker.check(regularArgument.expression().typeV2()) == TriBool.FALSE) {
            subscriptionContext.addIssue(regularArgument, "Use Argon2ID to improve the security of the passwords.");
        }
    });
    private TypeCheckBuilder argon2VersionTypeChecker = null;
    private final CommonValidationUtils.CallValidator argon2Version = new CommonValidationUtils.ArgumentValidator(1, "version", (subscriptionContext, regularArgument) -> {
        if (this.argon2VersionTypeChecker.check(regularArgument.expression().typeV2()) == TriBool.TRUE || CommonValidationUtils.isEqualTo(regularArgument.expression(), 19)) {
            return;
        }
        subscriptionContext.addIssue(regularArgument, "Use the latest version of Argon2 ID.");
    });
    private final Map<String, Collection<CommonValidationUtils.CallValidator>> callExpressionValidators = Map.ofEntries(Map.entry("scrypt.hash", List.of(SCRYPT_R, SCRYPT_BUFLEN, SCRYPT_N)), Map.entry("hashlib.scrypt", List.of(HASHLIB_R, HASHLIB_N, HASHLIB_DKLEN)), Map.entry("hashlib.pbkdf2_hmac", List.of(HASHLIB_PBKDF2)), Map.entry("cryptography.hazmat.primitives.kdf.scrypt.Scrypt", List.of(CRYPTOGRAPHY_R, CRYPTOGRAPHY_N, CRYPTOGRAPHY_LENGTH)), Map.entry("cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC", List.of(CRYPTOGRAPHY_PBKDF2)), Map.entry("passlib.handlers.scrypt.scrypt.using", List.of(PASSLIB_BLOCK_SIZE, PASSLIB_ROUNDS)), Map.entry("argon2.PasswordHasher", List.of(new Argon2PasswordHasherValidator(0, 1, 2))), Map.entry("argon2.Parameters", List.of(new Argon2PasswordHasherValidator(4, 5, 6), this.argon2Type, this.argon2Version)), Map.entry("argon2.low_level.hash_secret", List.of(new Argon2PasswordHasherValidator(2, 3, 4))), Map.entry("argon2.low_level.hash_secret_raw", List.of(new Argon2PasswordHasherValidator(2, 3, 4))), Map.entry("passlib.handlers.argon2._Argon2Common.using", List.of(new Argon2PasswordHasherValidator(3, 4, 5))), Map.entry("bcrypt.gensalt", List.of(BCRYPT_GENSALT)), Map.entry("bcrypt.kdf", List.of(BCRYPT_KDF)), Map.entry("flask_bcrypt.generate_password_hash", List.of(FLASK_BCRYPT)));
    private TypeCheckBuilder argon2CheapestProfileTypeChecker = null;
    private TypeCheckBuilder flaskConfigTypeChecker = null;
    private TypeCheckMap<Collection<CommonValidationUtils.CallValidator>> typeCheckMap = new TypeCheckMap<>();
    private static final Set<String> PBKDF2_ALGOS = Set.of("sha1", "sha256", "sha512");
    private static final Set<String> DJANGO_FIRST_FORBIDDEN_HASHERS = Set.of("django.contrib.auth.hashers.SHA1PasswordHasher", "django.contrib.auth.hashers.MD5PasswordHasher", "django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher", "django.contrib.auth.hashers.UnsaltedMD5PasswordHasher", "django.contrib.auth.hashers.CryptPasswordHasher");
    private static final CommonValidationUtils.ArgumentValidator SCRYPT_R = new CommonValidationUtils.ArgumentValidator(3, "r", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 8)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator SCRYPT_BUFLEN = new CommonValidationUtils.ArgumentValidator(5, "buflen", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 32)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator SCRYPT_N = new CommonValidationUtils.ArgumentValidator(2, "N", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), (int) Math.pow(2.0d, 13.0d)) || CommonValidationUtils.isLessThanExponent(regularArgument.expression(), 13)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator HASHLIB_R = new CommonValidationUtils.ArgumentValidator(3, "r", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 8)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator HASHLIB_N = new CommonValidationUtils.ArgumentValidator(2, "n", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), (int) Math.pow(2.0d, 13.0d)) || CommonValidationUtils.isLessThanExponent(regularArgument.expression(), 13)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator HASHLIB_DKLEN = new CommonValidationUtils.ArgumentValidator(6, "dklen", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 32)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator CRYPTOGRAPHY_R = new CommonValidationUtils.ArgumentValidator(3, "r", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 8)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator CRYPTOGRAPHY_N = new CommonValidationUtils.ArgumentValidator(2, "n", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), (int) Math.pow(2.0d, 13.0d)) || CommonValidationUtils.isLessThanExponent(regularArgument.expression(), 13)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator CRYPTOGRAPHY_LENGTH = new CommonValidationUtils.ArgumentValidator(1, "length", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 32)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator PASSLIB_BLOCK_SIZE = new CommonValidationUtils.ArgumentValidator(3, "block_size", (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 8)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final String ROUNDS = "rounds";
    private static final CommonValidationUtils.ArgumentValidator PASSLIB_ROUNDS = new CommonValidationUtils.ArgumentValidator(2, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 12)) {
            subscriptionContext.addIssue(regularArgument, SCRYPT_PARAMETERS_MESSAGE);
        }
    });
    private static final CommonValidationUtils.ArgumentValidator PASSLIB_PBKDF2 = new CommonValidationUtils.ArgumentValidator(2, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), ReaderConfig.DEFAULT_MAX_ENTITY_COUNT)) {
            subscriptionContext.addIssue(regularArgument, PBKDF2_MESSAGE);
        }
    });
    private static final CommonValidationUtils.CallValidator CRYPTOGRAPHY_PBKDF2 = new PBKDF2Validator(0, "algorithm", 3, "iterations");
    private static final CommonValidationUtils.CallValidator HASHLIB_PBKDF2 = new PBKDF2Validator(0, "hash_name", 3, "iterations");
    private static final String PBKDF2_MESSAGE = "Use at least 100 000 iterations.";
    private static final CommonValidationUtils.CallValidator PASSLIB_MISSING_ROUNDS = new MissingArgumentValidator(2, ROUNDS, PBKDF2_MESSAGE);
    private static final CommonValidationUtils.CallValidator BCRYPT_GENSALT = new CommonValidationUtils.ArgumentValidator(0, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 12)) {
            subscriptionContext.addIssue(regularArgument, BCRYPT_MESSAGE);
        }
    });
    private static final CommonValidationUtils.CallValidator BCRYPT_KDF = new CommonValidationUtils.ArgumentValidator(3, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 4096) || CommonValidationUtils.isLessThanExponent(regularArgument.expression(), 12)) {
            subscriptionContext.addIssue(regularArgument, BCRYPT_MESSAGE);
        }
    });
    private static final CommonValidationUtils.CallValidator PASSLIB_BCRYPT = new CommonValidationUtils.ArgumentValidator(3, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 12)) {
            subscriptionContext.addIssue(regularArgument, BCRYPT_MESSAGE);
        }
    });
    private static final CommonValidationUtils.CallValidator FLASK_BCRYPT = new CommonValidationUtils.ArgumentValidator(1, ROUNDS, (subscriptionContext, regularArgument) -> {
        if (CommonValidationUtils.isLessThan(regularArgument.expression(), 12)) {
            subscriptionContext.addIssue(regularArgument, BCRYPT_MESSAGE);
        }
    });
    private static final Map<String, Collection<CommonValidationUtils.CallValidator>> CALL_EXPRESSION_VALIDATORS_V1 = Map.ofEntries(Map.entry("flask_bcrypt.Bcrypt.generate_password_hash", List.of(FLASK_BCRYPT)));
    private static final Map<String, Collection<CommonValidationUtils.CallValidator>> QUALIFIED_EXPR_VALIDATOR = Map.of("passlib.hash.pbkdf2_sha1.using", List.of(PASSLIB_PBKDF2), "passlib.hash.pbkdf2_sha256.using", List.of(PASSLIB_PBKDF2, PASSLIB_MISSING_ROUNDS), "passlib.hash.pbkdf2_sha512.using", List.of(PASSLIB_PBKDF2, PASSLIB_MISSING_ROUNDS), "passlib.hash.bcrypt.using", List.of(PASSLIB_BCRYPT));

    /* loaded from: input_file:org/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator.class */
    static final class Argon2PasswordHasherValidator extends Record implements CommonValidationUtils.CallValidator {
        private final int timeCostPosition;
        private final int memoryCostPosition;
        private final int parallelismPosition;

        Argon2PasswordHasherValidator(int i, int i2, int i3) {
            this.timeCostPosition = i;
            this.memoryCostPosition = i2;
            this.parallelismPosition = i3;
        }

        @Override // org.sonar.python.checks.hotspots.CommonValidationUtils.CallValidator
        public void validate(SubscriptionContext subscriptionContext, CallExpression callExpression) {
            RegularArgument nthArgumentOrKeyword = TreeUtils.nthArgumentOrKeyword(this.timeCostPosition, "time_cost", callExpression.arguments());
            RegularArgument nthArgumentOrKeyword2 = TreeUtils.nthArgumentOrKeyword(this.memoryCostPosition, "memory_cost", callExpression.arguments());
            RegularArgument nthArgumentOrKeyword3 = TreeUtils.nthArgumentOrKeyword(this.parallelismPosition, "parallelism", callExpression.arguments());
            boolean z = nthArgumentOrKeyword != null && CommonValidationUtils.isLessThan(nthArgumentOrKeyword.expression(), 5);
            boolean z2 = nthArgumentOrKeyword2 != null && CommonValidationUtils.isLessThan(nthArgumentOrKeyword2.expression(), 7168);
            boolean z3 = nthArgumentOrKeyword3 != null && CommonValidationUtils.isEqualTo(nthArgumentOrKeyword3.expression(), 1);
            if (z2 && z && z3) {
                subscriptionContext.addIssue(callExpression.callee(), FastHashingOrPlainTextCheck.ARGON2_MESSAGE);
            }
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Argon2PasswordHasherValidator.class), Argon2PasswordHasherValidator.class, "timeCostPosition;memoryCostPosition;parallelismPosition", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->timeCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->memoryCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->parallelismPosition:I").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Argon2PasswordHasherValidator.class), Argon2PasswordHasherValidator.class, "timeCostPosition;memoryCostPosition;parallelismPosition", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->timeCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->memoryCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->parallelismPosition:I").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Argon2PasswordHasherValidator.class, Object.class), Argon2PasswordHasherValidator.class, "timeCostPosition;memoryCostPosition;parallelismPosition", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->timeCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->memoryCostPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$Argon2PasswordHasherValidator;->parallelismPosition:I").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public int timeCostPosition() {
            return this.timeCostPosition;
        }

        public int memoryCostPosition() {
            return this.memoryCostPosition;
        }

        public int parallelismPosition() {
            return this.parallelismPosition;
        }
    }

    /* loaded from: input_file:org/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator.class */
    static final class MissingArgumentValidator extends Record implements CommonValidationUtils.CallValidator {
        private final int position;
        private final String keywordName;
        private final String message;

        MissingArgumentValidator(int i, String str, String str2) {
            this.position = i;
            this.keywordName = str;
            this.message = str2;
        }

        @Override // org.sonar.python.checks.hotspots.CommonValidationUtils.CallValidator
        public void validate(SubscriptionContext subscriptionContext, CallExpression callExpression) {
            TreeUtils.nthArgumentOrKeywordOptional(this.position, this.keywordName, callExpression.arguments()).ifPresentOrElse(regularArgument -> {
            }, () -> {
                subscriptionContext.addIssue(callExpression.callee(), this.message);
            });
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, MissingArgumentValidator.class), MissingArgumentValidator.class, "position;keywordName;message", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->position:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->keywordName:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->message:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, MissingArgumentValidator.class), MissingArgumentValidator.class, "position;keywordName;message", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->position:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->keywordName:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->message:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, MissingArgumentValidator.class, Object.class), MissingArgumentValidator.class, "position;keywordName;message", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->position:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->keywordName:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$MissingArgumentValidator;->message:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public int position() {
            return this.position;
        }

        public String keywordName() {
            return this.keywordName;
        }

        public String message() {
            return this.message;
        }
    }

    /* loaded from: input_file:org/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator.class */
    static final class PBKDF2Validator extends Record implements CommonValidationUtils.CallValidator {
        private final int algoPosition;
        private final String algoKeyword;
        private final int iterationsPosition;
        private final String iterationsKeyword;

        PBKDF2Validator(int i, String str, int i2, String str2) {
            this.algoPosition = i;
            this.algoKeyword = str;
            this.iterationsPosition = i2;
            this.iterationsKeyword = str2;
        }

        @Override // org.sonar.python.checks.hotspots.CommonValidationUtils.CallValidator
        public void validate(SubscriptionContext subscriptionContext, CallExpression callExpression) {
            if (FastHashingOrPlainTextCheck.PBKDF2_ALGOS.contains((String) TreeUtils.nthArgumentOrKeywordOptional(this.algoPosition, this.algoKeyword, callExpression.arguments()).map((v0) -> {
                return v0.expression();
            }).map(CommonValidationUtils::singleAssignedString).orElse(""))) {
                TreeUtils.nthArgumentOrKeywordOptional(this.iterationsPosition, this.iterationsKeyword, callExpression.arguments()).filter(regularArgument -> {
                    return CommonValidationUtils.isLessThan(regularArgument.expression(), ReaderConfig.DEFAULT_MAX_ENTITY_COUNT);
                }).ifPresent(regularArgument2 -> {
                    subscriptionContext.addIssue(regularArgument2, FastHashingOrPlainTextCheck.PBKDF2_MESSAGE);
                });
            }
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, PBKDF2Validator.class), PBKDF2Validator.class, "algoPosition;algoKeyword;iterationsPosition;iterationsKeyword", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoKeyword:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsKeyword:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, PBKDF2Validator.class), PBKDF2Validator.class, "algoPosition;algoKeyword;iterationsPosition;iterationsKeyword", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoKeyword:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsKeyword:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, PBKDF2Validator.class, Object.class), PBKDF2Validator.class, "algoPosition;algoKeyword;iterationsPosition;iterationsKeyword", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->algoKeyword:Ljava/lang/String;", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsPosition:I", "FIELD:Lorg/sonar/python/checks/hotspots/FastHashingOrPlainTextCheck$PBKDF2Validator;->iterationsKeyword:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public int algoPosition() {
            return this.algoPosition;
        }

        public String algoKeyword() {
            return this.algoKeyword;
        }

        public int iterationsPosition() {
            return this.iterationsPosition;
        }

        public String iterationsKeyword() {
            return this.iterationsKeyword;
        }
    }

    @Override // org.sonar.plugins.python.api.SubscriptionCheck
    public void initialize(SubscriptionCheck.Context context) {
        context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, this::registerTypeCheckers);
        context.registerSyntaxNodeConsumer(Tree.Kind.FILE_INPUT, subscriptionContext -> {
            if ("settings.py".equals(subscriptionContext.pythonFile().fileName())) {
                context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, FastHashingOrPlainTextCheck::checkDjangoHasher);
            }
        });
        context.registerSyntaxNodeConsumer(Tree.Kind.CALL_EXPR, this::checkCallExpr);
        context.registerSyntaxNodeConsumer(Tree.Kind.NAME, this::checkName);
        context.registerSyntaxNodeConsumer(Tree.Kind.ASSIGNMENT_STMT, subscriptionContext2 -> {
            checkAssignment(subscriptionContext2, this.flaskConfigTypeChecker);
        });
    }

    private static void checkDjangoHasher(SubscriptionContext subscriptionContext) {
        AssignmentStatement assignmentStatement = (AssignmentStatement) subscriptionContext.syntaxNode();
        Optional filter = assignmentStatement.lhsExpressions().stream().findFirst().map((v0) -> {
            return v0.expressions();
        }).flatMap(list -> {
            return list.stream().findFirst();
        }).filter(expression -> {
            return expression.is(Tree.Kind.NAME);
        }).filter(expression2 -> {
            return "PASSWORD_HASHERS".equals(((Name) expression2).name());
        });
        Optional filter2 = Optional.of(assignmentStatement.assignedValue()).flatMap(TreeUtils.toOptionalInstanceOfMapper(ListLiteral.class)).map((v0) -> {
            return v0.elements();
        }).map((v0) -> {
            return v0.expressions();
        }).map((v0) -> {
            return v0.stream();
        }).flatMap((v0) -> {
            return v0.findFirst();
        }).flatMap(TreeUtils.toOptionalInstanceOfMapper(StringLiteral.class)).filter(stringLiteral -> {
            return DJANGO_FIRST_FORBIDDEN_HASHERS.contains(stringLiteral.trimmedQuotesValue());
        });
        if (filter.isPresent() && filter2.isPresent()) {
            subscriptionContext.addIssue((Tree) filter2.get(), DJANGO_MESSAGE);
        }
    }

    private void registerTypeCheckers(SubscriptionContext subscriptionContext) {
        this.argon2CheapestProfileTypeChecker = subscriptionContext.typeChecker().typeCheckBuilder().isTypeWithFqn("argon2.profiles.CHEAPEST");
        this.flaskConfigTypeChecker = subscriptionContext.typeChecker().typeCheckBuilder().isInstanceOf("flask.config.Config");
        this.argon2IDTypeChecker = subscriptionContext.typeChecker().typeCheckBuilder().isTypeWithFqn("argon2.low_level.Type.ID");
        this.argon2VersionTypeChecker = subscriptionContext.typeChecker().typeCheckBuilder().isTypeWithFqn("argon2.low_level.ARGON2_VERSION");
        this.typeCheckMap = new TypeCheckMap<>();
        this.callExpressionValidators.forEach((str, collection) -> {
            this.typeCheckMap.put(subscriptionContext.typeChecker().typeCheckBuilder().isTypeWithFqn(str), collection);
        });
    }

    private static void checkAssignment(SubscriptionContext subscriptionContext, TypeCheckBuilder typeCheckBuilder) {
        AssignmentStatement assignmentStatement = (AssignmentStatement) subscriptionContext.syntaxNode();
        if (!assignmentStatement.lhsExpressions().stream().findFirst().map((v0) -> {
            return v0.expressions();
        }).flatMap(list -> {
            return list.stream().findFirst();
        }).filter(expression -> {
            return subscriptionIsFlaskBcryptConfig(expression, typeCheckBuilder);
        }).isEmpty() && CommonValidationUtils.isLessThan(assignmentStatement.assignedValue(), 12)) {
            subscriptionContext.addIssue(assignmentStatement.assignedValue(), BCRYPT_MESSAGE);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean subscriptionIsFlaskBcryptConfig(Expression expression, TypeCheckBuilder typeCheckBuilder) {
        if (!expression.is(Tree.Kind.SUBSCRIPTION)) {
            return false;
        }
        SubscriptionExpression subscriptionExpression = (SubscriptionExpression) expression;
        if (typeCheckBuilder.check(subscriptionExpression.object().typeV2()) != TriBool.TRUE) {
            return false;
        }
        return subscriptionExpression.subscripts().expressions().stream().findFirst().filter(expression2 -> {
            return "BCRYPT_LOG_ROUNDS".equals(CommonValidationUtils.singleAssignedString(expression2));
        }).isPresent();
    }

    private void checkName(SubscriptionContext subscriptionContext) {
        Name name = (Name) subscriptionContext.syntaxNode();
        if (this.argon2CheapestProfileTypeChecker.check(name.typeV2()) != TriBool.TRUE) {
            return;
        }
        AssignmentStatement assignmentStatement = (AssignmentStatement) TreeUtils.firstAncestorOfKind(name, Tree.Kind.ASSIGNMENT_STMT);
        if (assignmentStatement == null || !isChildOf(assignmentStatement, name)) {
            subscriptionContext.addIssue(name, "Use a secure Argon2 profile.");
        }
    }

    private static boolean isChildOf(AssignmentStatement assignmentStatement, Name name) {
        return assignmentStatement.lhsExpressions().stream().flatMap(expressionList -> {
            return expressionList.children().stream();
        }).anyMatch(tree -> {
            return tree == name;
        });
    }

    private void checkCallExpr(SubscriptionContext subscriptionContext) {
        CallExpression callExpression = (CallExpression) subscriptionContext.syntaxNode();
        String qualifiedNameOrEmpty = SymbolUtils.qualifiedNameOrEmpty(callExpression);
        this.typeCheckMap.getOptionalForType(callExpression.callee().typeV2()).orElse(List.of()).forEach(callValidator -> {
            callValidator.validate(subscriptionContext, callExpression);
        });
        CALL_EXPRESSION_VALIDATORS_V1.getOrDefault(qualifiedNameOrEmpty, List.of()).forEach(callValidator2 -> {
            callValidator2.validate(subscriptionContext, callExpression);
        });
        if (callExpression.callee().is(Tree.Kind.QUALIFIED_EXPR)) {
            QUALIFIED_EXPR_VALIDATOR.getOrDefault(TreeUtils.fullyQualifiedNameFromQualifiedExpression((QualifiedExpression) callExpression.callee()).orElse(""), List.of()).forEach(callValidator3 -> {
                callValidator3.validate(subscriptionContext, callExpression);
            });
        }
    }
}
