package io.codemodder.codemods;

import com.contrastsecurity.sarif.Location;
import com.contrastsecurity.sarif.Result;
import com.contrastsecurity.sarif.Run;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.github.javaparser.Range;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.stmt.Statement;
import com.theokanning.openai.completion.chat.ChatCompletionChoice;
import com.theokanning.openai.completion.chat.ChatCompletionRequest;
import com.theokanning.openai.completion.chat.ChatMessage;
import com.theokanning.openai.completion.chat.ChatMessageRole;
import io.codemodder.Codemod;
import io.codemodder.CodemodChange;
import io.codemodder.CodemodFileScanningResult;
import io.codemodder.CodemodInvocationContext;
import io.codemodder.Importance;
import io.codemodder.ReviewGuidance;
import io.codemodder.RuleSarif;
import io.codemodder.javaparser.JavaParserChanger;
import io.codemodder.plugins.llm.OpenAIService;
import io.codemodder.providers.sarif.semgrep.SemgrepScan;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
import javax.inject.Inject;

@Codemod(id = "pixee:java/sensitive-data-logging", importance = Importance.HIGH, reviewGuidance = ReviewGuidance.MERGE_AFTER_REVIEW)
/* loaded from: input_file:io/codemodder/codemods/SensitiveDataLoggingCodemod.class */
public final class SensitiveDataLoggingCodemod extends JavaParserChanger {
    private final RuleSarif sarif;
    private final OpenAIService service;
    private final ObjectReader reader = new ObjectMapper().readerFor(SensitivityAndFixAnalysisDTO.class);
    private static final int CONTEXT = 10;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysis.class */
    public interface SensitivityAndFixAnalysis {
        String sensitiveAnalysisText();

        boolean isSensitiveAndDirectlyLogged();
    }

    /* loaded from: input_file:io/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO.class */
    private static final class SensitivityAndFixAnalysisDTO extends Record implements SensitivityAndFixAnalysis {

        @JsonProperty("sensitive_analysis_text")
        private final String sensitiveAnalysisText;

        @JsonProperty("is_data_directly_logged")
        private final String isDataDirectlyLogged;

        @JsonProperty("is_it_sensitive_and_directly_logged")
        private final boolean isSensitiveAndDirectlyLogged;

        private SensitivityAndFixAnalysisDTO(@JsonProperty("sensitive_analysis_text") String str, @JsonProperty("is_data_directly_logged") String str2, @JsonProperty("is_it_sensitive_and_directly_logged") boolean z) {
            this.sensitiveAnalysisText = str;
            this.isDataDirectlyLogged = str2;
            this.isSensitiveAndDirectlyLogged = z;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SensitivityAndFixAnalysisDTO.class), SensitivityAndFixAnalysisDTO.class, "sensitiveAnalysisText;isDataDirectlyLogged;isSensitiveAndDirectlyLogged", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->sensitiveAnalysisText:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isDataDirectlyLogged:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isSensitiveAndDirectlyLogged:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SensitivityAndFixAnalysisDTO.class), SensitivityAndFixAnalysisDTO.class, "sensitiveAnalysisText;isDataDirectlyLogged;isSensitiveAndDirectlyLogged", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->sensitiveAnalysisText:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isDataDirectlyLogged:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isSensitiveAndDirectlyLogged:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SensitivityAndFixAnalysisDTO.class, Object.class), SensitivityAndFixAnalysisDTO.class, "sensitiveAnalysisText;isDataDirectlyLogged;isSensitiveAndDirectlyLogged", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->sensitiveAnalysisText:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isDataDirectlyLogged:Ljava/lang/String;", "FIELD:Lio/codemodder/codemods/SensitiveDataLoggingCodemod$SensitivityAndFixAnalysisDTO;->isSensitiveAndDirectlyLogged:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        @Override // io.codemodder.codemods.SensitiveDataLoggingCodemod.SensitivityAndFixAnalysis
        @JsonProperty("sensitive_analysis_text")
        public String sensitiveAnalysisText() {
            return this.sensitiveAnalysisText;
        }

        @JsonProperty("is_data_directly_logged")
        public String isDataDirectlyLogged() {
            return this.isDataDirectlyLogged;
        }

        @Override // io.codemodder.codemods.SensitiveDataLoggingCodemod.SensitivityAndFixAnalysis
        @JsonProperty("is_it_sensitive_and_directly_logged")
        public boolean isSensitiveAndDirectlyLogged() {
            return this.isSensitiveAndDirectlyLogged;
        }
    }

    @Inject
    public SensitiveDataLoggingCodemod(@SemgrepScan(ruleId = "sensitive-data-logging") RuleSarif ruleSarif, OpenAIService openAIService) {
        this.sarif = (RuleSarif) Objects.requireNonNull(ruleSarif);
        this.service = (OpenAIService) Objects.requireNonNull(openAIService);
    }

    public CodemodFileScanningResult visit(CodemodInvocationContext codemodInvocationContext, CompilationUnit compilationUnit) {
        Path path = codemodInvocationContext.path();
        try {
            List<String> readNumberedLines = readNumberedLines(path);
            List resultsByLocationPath = this.sarif.getResultsByLocationPath(path);
            ArrayList arrayList = new ArrayList();
            Iterator it = resultsByLocationPath.iterator();
            while (it.hasNext()) {
                Integer startLine = ((Location) ((Result) it.next()).getLocations().get(0)).getPhysicalLocation().getRegion().getStartLine();
                Optional<Statement> singleStatement = getSingleStatement(compilationUnit, startLine);
                if (!singleStatement.isEmpty()) {
                    try {
                        SensitivityAndFixAnalysis performSensitivityAnalysis = performSensitivityAnalysis(readNumberedLines, startLine);
                        if (performSensitivityAnalysis.isSensitiveAndDirectlyLogged()) {
                            singleStatement.get().remove();
                            arrayList.add(CodemodChange.from(startLine.intValue(), performSensitivityAnalysis.sensitiveAnalysisText()));
                        }
                    } catch (IOException e) {
                        throw new UncheckedIOException("Couldn't perform sensitivity analysis", e);
                    }
                }
            }
            return CodemodFileScanningResult.from(arrayList, List.of());
        } catch (IOException e2) {
            throw new UncheckedIOException("Couldn't read source file", e2);
        }
    }

    private SensitivityAndFixAnalysis performSensitivityAnalysis(List<String> list, Integer num) throws IOException {
        String content = ((ChatCompletionChoice) this.service.createChatCompletion(ChatCompletionRequest.builder().temperature(Double.valueOf(0.0d)).model("gpt-4o-2024-05-13").n(1).messages(List.of(new ChatMessage(ChatMessageRole.USER.value(), "A tool has cited line %d of the code for possibly logging sensitive data:\n\n%s\n\nRespond ONLY in the form of JSON with the following keys, in this order:\n\nsensitive_analysis_text: a careful, thorough analysis of whether the data is sensitive (specifically a password, session ID, security token, SSN, etc -- not a username)\nis_data_directly_logged: a careful, thorough analysis of whether the data is definitely and directly logged (e.g., not just passed to another method inside to the scope, unless that's a method that obviously returns the given string)\nis_it_sensitive_and_directly_logged: a boolean dictating whether it is sensitive and definitely and directly logged\n".formatted(num, snippet(list, num.intValue()))))).build()).getChoices().get(0)).getMessage().getContent();
        if (content.startsWith("```json") && content.endsWith("```")) {
            content = content.substring("```json".length(), content.length() - "```".length());
        }
        return (SensitivityAndFixAnalysis) this.reader.readValue(content);
    }

    private static Optional<Statement> getSingleStatement(CompilationUnit compilationUnit, Integer num) {
        return compilationUnit.findAll(Statement.class).stream().filter(statement -> {
            return statement.getRange().isPresent();
        }).filter(statement2 -> {
            return ((Range) statement2.getRange().get()).begin.line == num.intValue();
        }).findFirst();
    }

    public boolean shouldRun() {
        List runs = this.sarif.rawDocument().getRuns();
        return (runs == null || runs.isEmpty() || ((Run) runs.get(0)).getResults().isEmpty()) ? false : true;
    }

    private static List<String> readNumberedLines(Path path) throws IOException {
        AtomicInteger atomicInteger = new AtomicInteger();
        Stream<String> lines = Files.lines(path);
        try {
            List<String> list = lines.map(str -> {
                return atomicInteger.incrementAndGet() + ": " + str;
            }).toList();
            if (lines != null) {
                lines.close();
            }
            return list;
        } catch (Throwable th) {
            if (lines != null) {
                try {
                    lines.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private static String snippet(List<String> list, int i) {
        return String.join("\n", list.subList(Math.max(0, i - CONTEXT), Math.min(list.size(), i + CONTEXT + 1)));
    }
}
