package org.sonar.plugins.xml.checks.security.web;

import java.util.regex.Pattern;
import javax.xml.xpath.XPathExpression;
import org.sonar.check.Rule;
import org.sonarsource.analyzer.commons.xml.XPathBuilder;
import org.sonarsource.analyzer.commons.xml.XmlFile;

@Rule(key = "S5122")
/* loaded from: input_file:org/sonar/plugins/xml/checks/security/web/CrossOriginResourceSharingCheck.class */
public class CrossOriginResourceSharingCheck extends AbstractWebXmlCheck {
    private static final Pattern STAR_IN_COMMA_SEPARATED_LIST_REGEX = Pattern.compile("(^|,)\\*(,|$)");
    private XPathExpression corsAllowedOrigins = XPathBuilder.forExpression("/j:web-app/j:filter[j:filter-class='org.apache.catalina.filters.CorsFilter']/j:init-param[j:param-name='cors.allowed.origins']/j:param-value/text()").withNamespace("j", "http://xmlns.jcp.org/xml/ns/javaee").build();

    @Override // org.sonar.plugins.xml.checks.security.web.AbstractWebXmlCheck
    void scanWebXml(XmlFile xmlFile) {
        evaluateAsList(this.corsAllowedOrigins, xmlFile.getDocument()).stream().filter(node -> {
            return STAR_IN_COMMA_SEPARATED_LIST_REGEX.matcher(node.getNodeValue()).find();
        }).forEach(node2 -> {
            reportIssue(node2, "Make sure this permissive CORS policy is safe here.");
        });
    }
}
