package org.sonar.java.checks;

import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.MethodsHelper;
import org.sonar.java.matcher.MethodMatcher;
import org.sonar.java.matcher.MethodMatcherCollection;
import org.sonar.java.matcher.TypeCriteria;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.Tree;

/* JADX WARN: Classes with same name are omitted:
  input_file:META-INF/lib/sonar-java-plugin-4.6.0.8784.jar:META-INF/lib/java-checks-4.6.0.8784.jar:org/sonar/java/checks/SQLInjectionCheck.class
 */
@Rule(key = "S2077")
/* loaded from: input_file:META-INF/lib/java-checks-4.6.0.8784.jar:org/sonar/java/checks/SQLInjectionCheck.class */
public class SQLInjectionCheck extends AbstractInjectionChecker {
    private static final MethodMatcher HIBERNATE_SESSION_CREATE_QUERY_MATCHER = MethodMatcher.create().callSite(TypeCriteria.subtypeOf("org.hibernate.Session")).name("createQuery").withAnyParameters();
    private static final MethodMatcher STATEMENT_EXECUTE_QUERY_MATCHER = MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("java.sql.Statement")).name("executeQuery").withAnyParameters();
    private static final MethodMatcherCollection CONNECTION_MATCHERS = MethodMatcherCollection.create(MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("java.sql.Connection")).name("prepareStatement").withAnyParameters(), MethodMatcher.create().typeDefinition(TypeCriteria.subtypeOf("java.sql.Connection")).name("prepareCall").withAnyParameters());
    private static final MethodMatcher ENTITY_MANAGER_CREATE_NATIVE_QUERY_MATCHER = MethodMatcher.create().typeDefinition("javax.persistence.EntityManager").name("createNativeQuery").withAnyParameters();

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        boolean isHibernateCall = isHibernateCall(methodInvocationTree);
        if (isHibernateCall || isExecuteQueryOrPrepareStatement(methodInvocationTree) || isEntityManagerCreateNativeQuery(methodInvocationTree)) {
            ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.arguments().get(0);
            this.parameterName = "";
            if (isDynamicString(methodInvocationTree, expressionTree, null, true)) {
                String str = "\"" + this.parameterName + "\" is provided externally to the method and not sanitized before use.";
                if (isHibernateCall) {
                    str = "Use Hibernate's parameter binding instead of concatenation.";
                }
                reportIssue(MethodsHelper.methodName(methodInvocationTree), str);
            }
        }
    }

    private static boolean isExecuteQueryOrPrepareStatement(MethodInvocationTree methodInvocationTree) {
        return !methodInvocationTree.arguments().isEmpty() && (STATEMENT_EXECUTE_QUERY_MATCHER.matches(methodInvocationTree) || CONNECTION_MATCHERS.anyMatch(methodInvocationTree));
    }

    private static boolean isHibernateCall(MethodInvocationTree methodInvocationTree) {
        return HIBERNATE_SESSION_CREATE_QUERY_MATCHER.matches(methodInvocationTree);
    }

    private static boolean isEntityManagerCreateNativeQuery(MethodInvocationTree methodInvocationTree) {
        return ENTITY_MANAGER_CREATE_NATIVE_QUERY_MATCHER.matches(methodInvocationTree);
    }
}
