package org.sonar.plugins.xml.checks.security.web;

import java.util.List;
import javax.xml.xpath.XPathExpression;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonarsource.analyzer.commons.xml.XPathBuilder;
import org.sonarsource.analyzer.commons.xml.XmlFile;
import org.w3c.dom.Node;

@Rule(key = "S3330")
/* loaded from: input_file:org/sonar/plugins/xml/checks/security/web/HttpOnlyOnCookiesCheck.class */
public class HttpOnlyOnCookiesCheck extends AbstractWebXmlCheck {
    private XPathExpression sessionConfigCookieConfigExpression = XPathBuilder.forExpression("/n:web-app/n:session-config/n:cookie-config").withNamespace("n", "http://xmlns.jcp.org/xml/ns/javaee").build();
    private XPathExpression httpOnlyExpression = XPathBuilder.forExpression("n:http-only").withNamespace("n", "http://xmlns.jcp.org/xml/ns/javaee").build();

    @Override // org.sonar.plugins.xml.checks.security.web.AbstractWebXmlCheck
    void scanWebXml(XmlFile xmlFile) {
        evaluateAsList(this.sessionConfigCookieConfigExpression, xmlFile.getDocument()).forEach(this::checkHttpOnly);
    }

    private void checkHttpOnly(Node node) {
        List<Node> evaluateAsList = evaluateAsList(this.httpOnlyExpression, node);
        if (evaluateAsList.isEmpty()) {
            reportIssue(node, "<http-only> tag is missing and should be set to true.");
        } else {
            evaluateAsList.stream().filter(HttpOnlyOnCookiesCheck::isNotSetToTrue).forEach(this::reportWrongValue);
        }
    }

    private static boolean isNotSetToTrue(Node node) {
        return !SchemaSymbols.ATTVAL_TRUE.equals(node.getTextContent());
    }

    private void reportWrongValue(Node node) {
        reportIssue(node, "<http-only> tag should be set to true.");
    }
}
