package io.codemodder.codemods;

import com.contrastsecurity.sarif.Result;
import com.github.javaparser.StaticJavaParser;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.body.VariableDeclarator;
import com.github.javaparser.ast.expr.Expression;
import com.github.javaparser.ast.expr.MethodCallExpr;
import com.github.javaparser.ast.expr.NameExpr;
import com.github.javaparser.ast.expr.ObjectCreationExpr;
import com.github.javaparser.ast.stmt.ExpressionStmt;
import com.github.javaparser.ast.stmt.Statement;
import com.github.javaparser.ast.type.ClassOrInterfaceType;
import com.github.zafarkhaja.semver.Version;
import io.codemodder.Codemod;
import io.codemodder.CodemodInvocationContext;
import io.codemodder.DependencyGAV;
import io.codemodder.Importance;
import io.codemodder.RegionNodeMatcher;
import io.codemodder.ReviewGuidance;
import io.codemodder.RuleSarif;
import io.codemodder.SarifPluginJavaParserChanger;
import io.codemodder.ast.ASTTransforms;
import io.codemodder.javaparser.ChangesResult;
import io.codemodder.providers.sarif.semgrep.SemgrepScan;
import java.util.List;
import java.util.Optional;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Codemod(id = "pixee:java/harden-xstream", importance = Importance.HIGH, reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW)
/* loaded from: input_file:io/codemodder/codemods/HardenXStreamCodemod.class */
public final class HardenXStreamCodemod extends SarifPluginJavaParserChanger<VariableDeclarator> {
    private static final DependencyGAV JAVA_SECURITY_TOOLKIT_XSTREAM = DependencyGAV.createDefault("io.github.pixee", "java-security-toolkit-xstream", "1.0.2", "This library holds security APIs for hardening XStream operations.", "MIT", "https://github.com/pixee/java-security-toolkit-xstream", true);
    private static final Logger LOG = LoggerFactory.getLogger(HardenXStreamCodemod.class);

    @Inject
    public HardenXStreamCodemod(@SemgrepScan(ruleId = "harden-xstream") RuleSarif ruleSarif) {
        super(ruleSarif, VariableDeclarator.class, RegionNodeMatcher.MATCHES_START);
    }

    public ChangesResult onResultFound(CodemodInvocationContext codemodInvocationContext, CompilationUnit compilationUnit, VariableDeclarator variableDeclarator, Result result) {
        Optional findAncestor = variableDeclarator.findAncestor(new Class[]{Statement.class});
        if (findAncestor.isEmpty()) {
            return ChangesResult.noChanges;
        }
        Statement statement = (Statement) findAncestor.get();
        String nameAsString = variableDeclarator.getNameAsString();
        if (canUseDenyTypesByWildcard(codemodInvocationContext)) {
            ASTTransforms.addStatementAfterStatement(statement, StaticJavaParser.parseStatement("UnwantedTypes.dangerousClassNameTokens().forEach( token -> { " + nameAsString + ".denyTypesByWildcard(new String[] { \"*\" + token + \"*\" });});"));
            ASTTransforms.addImportIfMissing(compilationUnit, "io.github.pixee.security.UnwantedTypes");
            return ChangesResult.changesAppliedWith(List.of(DependencyGAV.JAVA_SECURITY_TOOLKIT));
        }
        ASTTransforms.addStatementAfterStatement(statement, buildFixStatement(nameAsString));
        ASTTransforms.addImportIfMissing(compilationUnit, "io.github.pixee.security.xstream.HardeningConverter");
        return ChangesResult.changesAppliedWith(List.of(JAVA_SECURITY_TOOLKIT_XSTREAM));
    }

    private boolean canUseDenyTypesByWildcard(CodemodInvocationContext codemodInvocationContext) {
        Optional<DependencyGAV> xstreamDependency = getXstreamDependency(codemodInvocationContext);
        if (xstreamDependency.isEmpty()) {
            return false;
        }
        try {
            return Version.valueOf(xstreamDependency.get().version()).greaterThanOrEqualTo(Version.valueOf("1.4.8"));
        } catch (Exception e) {
            LOG.error("Error while parsing dependency version", e);
            return false;
        }
    }

    private static Statement buildFixStatement(String str) {
        ExpressionStmt expressionStmt = new ExpressionStmt();
        Expression objectCreationExpr = new ObjectCreationExpr();
        objectCreationExpr.setType(new ClassOrInterfaceType("HardeningConverter"));
        MethodCallExpr methodCallExpr = new MethodCallExpr("registerConverter", new Expression[]{objectCreationExpr});
        expressionStmt.setExpression(methodCallExpr);
        methodCallExpr.setScope(new NameExpr(str));
        return expressionStmt;
    }

    private Optional<DependencyGAV> getXstreamDependency(CodemodInvocationContext codemodInvocationContext) {
        return codemodInvocationContext.dependencies().stream().filter(dependencyGAV -> {
            return "com.thoughtworks.xstream".equals(dependencyGAV.group()) && "xstream".equals(dependencyGAV.artifact());
        }).findFirst();
    }
}
