package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.apex.ast.ASTField;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexDangerousMethodsRule.class */
public class ApexDangerousMethodsRule extends AbstractApexRule {
    private static final String BOOLEAN = "boolean";
    private static final Pattern REGEXP = Pattern.compile("^.*?(pass|pwd|crypt|auth|session|token|saml)(?!id|user).*?$", 2);
    private static final String DISABLE_CRUD = "disableTriggerCRUDSecurity";
    private static final String CONFIGURATION = "Configuration";
    private static final String SYSTEM = "System";
    private static final String DEBUG = "debug";
    private final Set<String> whiteListedVariables = new HashSet();

    public ApexDangerousMethodsRule() {
        super.addRuleChainVisit(ASTUserClass.class);
        setProperty(CODECLIMATE_CATEGORIES, new String[]{"Security"});
        setProperty(CODECLIMATE_REMEDIATION_MULTIPLIER, 100);
        setProperty(CODECLIMATE_BLOCK_HIGHLIGHTING, false);
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (Helper.isTestMethodOrClass(aSTUserClass)) {
            return obj;
        }
        collectBenignVariables(aSTUserClass);
        for (ASTMethodCallExpression aSTMethodCallExpression : aSTUserClass.findDescendantsOfType(ASTMethodCallExpression.class)) {
            if (Helper.isMethodName(aSTMethodCallExpression, CONFIGURATION, DISABLE_CRUD)) {
                addViolation(obj, aSTMethodCallExpression);
            }
            if (Helper.isMethodName(aSTMethodCallExpression, SYSTEM, DEBUG)) {
                validateParameters(aSTMethodCallExpression, obj);
            }
        }
        this.whiteListedVariables.clear();
        return obj;
    }

    private void collectBenignVariables(ASTUserClass aSTUserClass) {
        for (ASTField aSTField : aSTUserClass.findDescendantsOfType(ASTField.class)) {
            if (BOOLEAN.equalsIgnoreCase(aSTField.getNode().getFieldInfo().getType().getApexName())) {
                this.whiteListedVariables.add(Helper.getFQVariableName(aSTField));
            }
        }
        for (ASTVariableDeclaration aSTVariableDeclaration : aSTUserClass.findDescendantsOfType(ASTVariableDeclaration.class)) {
            if (BOOLEAN.equalsIgnoreCase(aSTVariableDeclaration.getNode().getLocalInfo().getType().getApexName())) {
                this.whiteListedVariables.add(Helper.getFQVariableName(aSTVariableDeclaration));
            }
        }
    }

    private void validateParameters(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        for (ASTVariableExpression aSTVariableExpression : aSTMethodCallExpression.findDescendantsOfType(ASTVariableExpression.class)) {
            if (REGEXP.matcher(aSTVariableExpression.getNode().getIdentifier().getValue()).matches() && !this.whiteListedVariables.contains(Helper.getFQVariableName(aSTVariableExpression))) {
                addViolation(obj, aSTMethodCallExpression);
            }
        }
    }
}
