package net.sourceforge.pmd.lang.apex.rule.security;

import com.google.common.base.Objects;
import com.google.common.collect.HashMultimap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import net.sourceforge.pmd.RuleContext;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBlockStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlDeleteStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlInsertStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlMergeStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlUndeleteStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlUpdateStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTDmlUpsertStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTField;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclarationStatements;
import net.sourceforge.pmd.lang.apex.ast.ASTForEachStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTIfElseBlockStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTMethod;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTNewKeyValueObjectExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTNewListInitExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTNewListLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTNewObjectExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTParameter;
import net.sourceforge.pmd.lang.apex.ast.ASTProperty;
import net.sourceforge.pmd.lang.apex.ast.ASTReferenceExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTReturnStatement;
import net.sourceforge.pmd.lang.apex.ast.ASTSoqlExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.AccessNode;
import net.sourceforge.pmd.lang.apex.ast.ApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
import net.sourceforge.pmd.lang.apex.rule.codestyle.FieldDeclarationsShouldBeAtStartRule;
import net.sourceforge.pmd.lang.ast.Node;
import net.sourceforge.pmd.properties.PropertyDescriptor;
import net.sourceforge.pmd.properties.PropertyFactory;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.class */
public class ApexCRUDViolationRule extends AbstractApexRule {
    private static final String IS_CREATEABLE = "isCreateable";
    private static final String IS_DELETABLE = "isDeletable";
    private static final String IS_UNDELETABLE = "isUndeletable";
    private static final String IS_UPDATEABLE = "isUpdateable";
    private static final String IS_MERGEABLE = "isMergeable";
    private static final String IS_ACCESSIBLE = "isAccessible";
    private static final String ANY = "ANY";
    private static final String GET_DESCRIBE = "getDescribe";
    private static final String ACCESS_LEVEL = "AccessLevel";
    private final Map<String, Pattern> compiledAuthMethodPatternCache = new HashMap();
    private Map<String, String> varToTypeMapping;
    private HashMultimap<String, String> typeToDMLOperationMapping;
    private Map<String, String> checkedTypeToDMLOperationViaESAPI;
    private HashMultimap<String, String> checkedTypeToDMLOperationsViaAuthPattern;
    private Map<String, ASTMethod> classMethods;
    private String className;
    private static final Pattern SELECT_FROM_PATTERN = Pattern.compile("[\\S|\\s]+?FROM[\\s]+?(\\w+)", 2);
    private static final String[] ESAPI_ISAUTHORIZED_TO_VIEW = {"ESAPI", "accessController", "isAuthorizedToView"};
    private static final String[] ESAPI_ISAUTHORIZED_TO_CREATE = {"ESAPI", "accessController", "isAuthorizedToCreate"};
    private static final String[] ESAPI_ISAUTHORIZED_TO_UPDATE = {"ESAPI", "accessController", "isAuthorizedToUpdate"};
    private static final String[] ESAPI_ISAUTHORIZED_TO_DELETE = {"ESAPI", "accessController", "isAuthorizedToDelete"};
    private static final String S_OBJECT_TYPE = "sObjectType";
    private static final String[] RESERVED_KEYS_FLS = {"Schema", S_OBJECT_TYPE};
    private static final Pattern WITH_SECURITY_ENFORCED = Pattern.compile("(?is).*[^']\\s*WITH\\s+SECURITY_ENFORCED\\s*[^']*");
    private static final Pattern WITH_USER_MODE = Pattern.compile("(?is).*[^']\\s*WITH\\s+USER_MODE\\s*[^']*");
    private static final Pattern WITH_SYSTEM_MODE = Pattern.compile("(?is).*[^']\\s*WITH\\s+SYSTEM_MODE\\s*[^']*");
    private static final PropertyDescriptor<String> CREATE_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("create");
    private static final PropertyDescriptor<String> READ_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("read");
    private static final PropertyDescriptor<String> UPDATE_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("update");
    private static final PropertyDescriptor<String> DELETE_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("delete");
    private static final PropertyDescriptor<String> UNDELETE_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("undelete");
    private static final PropertyDescriptor<String> MERGE_AUTH_METHOD_PATTERN_DESCRIPTOR = authMethodPatternProperty("merge");
    private static final PropertyDescriptor<Integer> CREATE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("create");
    private static final PropertyDescriptor<Integer> READ_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("read");
    private static final PropertyDescriptor<Integer> UPDATE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("update");
    private static final PropertyDescriptor<Integer> DELETE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("delete");
    private static final PropertyDescriptor<Integer> UNDELETE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("undelete");
    private static final PropertyDescriptor<Integer> MERGE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR = authMethodTypeParamIndexProperty("merge");
    private static final Map<PropertyDescriptor<String>, PropertyDescriptor<Integer>> AUTH_METHOD_TO_TYPE_PARAM_INDEX_MAP = new HashMap<PropertyDescriptor<String>, PropertyDescriptor<Integer>>() { // from class: net.sourceforge.pmd.lang.apex.rule.security.ApexCRUDViolationRule.1
        {
            put(ApexCRUDViolationRule.CREATE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.CREATE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
            put(ApexCRUDViolationRule.READ_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.READ_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
            put(ApexCRUDViolationRule.UPDATE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.UPDATE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
            put(ApexCRUDViolationRule.DELETE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.DELETE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
            put(ApexCRUDViolationRule.UNDELETE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.UNDELETE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
            put(ApexCRUDViolationRule.MERGE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.MERGE_AUTH_METHOD_TYPE_PARAM_INDEX_DESCRIPTOR);
        }
    };
    private static final Map<PropertyDescriptor<String>, String> AUTH_METHOD_TO_DML_OPERATION_MAP = new HashMap<PropertyDescriptor<String>, String>() { // from class: net.sourceforge.pmd.lang.apex.rule.security.ApexCRUDViolationRule.2
        {
            put(ApexCRUDViolationRule.CREATE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_CREATEABLE);
            put(ApexCRUDViolationRule.READ_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_ACCESSIBLE);
            put(ApexCRUDViolationRule.UPDATE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_UPDATEABLE);
            put(ApexCRUDViolationRule.DELETE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_DELETABLE);
            put(ApexCRUDViolationRule.UNDELETE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_UNDELETABLE);
            put(ApexCRUDViolationRule.MERGE_AUTH_METHOD_PATTERN_DESCRIPTOR, ApexCRUDViolationRule.IS_MERGEABLE);
        }
    };

    public ApexCRUDViolationRule() {
        for (Map.Entry<PropertyDescriptor<String>, PropertyDescriptor<Integer>> entry : AUTH_METHOD_TO_TYPE_PARAM_INDEX_MAP.entrySet()) {
            PropertyDescriptor<String> key = entry.getKey();
            PropertyDescriptor<Integer> value = entry.getValue();
            definePropertyDescriptor(key);
            definePropertyDescriptor(value);
        }
    }

    public void start(RuleContext ruleContext) {
        this.varToTypeMapping = new HashMap();
        this.typeToDMLOperationMapping = HashMultimap.create();
        this.checkedTypeToDMLOperationViaESAPI = new HashMap();
        this.checkedTypeToDMLOperationsViaAuthPattern = HashMultimap.create();
        this.classMethods = new WeakHashMap();
        this.className = null;
        super.start(ruleContext);
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(aSTUserClass) || net.sourceforge.pmd.lang.apex.rule.internal.Helper.isSystemLevelClass(aSTUserClass)) {
            return obj;
        }
        this.className = aSTUserClass.getImage();
        for (ASTMethod aSTMethod : aSTUserClass.findDescendantsOfType(ASTMethod.class)) {
            this.classMethods.put(aSTMethod.getDefiningType() + ":" + aSTMethod.getCanonicalName() + ":" + aSTMethod.getArity(), aSTMethod);
        }
        return super.visit(aSTUserClass, (ASTUserClass) obj);
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        if (!net.sourceforge.pmd.lang.apex.rule.internal.Helper.isAnyDatabaseMethodCall(aSTMethodCallExpression)) {
            collectCRUDMethodLevelChecks(aSTMethodCallExpression);
        } else if (!hasAccessLevelArgument(aSTMethodCallExpression)) {
            String lowerCase = aSTMethodCallExpression.getMethodName().toLowerCase(Locale.ROOT);
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1335458389:
                    if (lowerCase.equals("delete")) {
                        z = 6;
                        break;
                    }
                    break;
                case -1183792455:
                    if (lowerCase.equals("insert")) {
                        z = false;
                        break;
                    }
                    break;
                case -1119989839:
                    if (lowerCase.equals("deleteasync")) {
                        z = 7;
                        break;
                    }
                    break;
                case -838846263:
                    if (lowerCase.equals("update")) {
                        z = 3;
                        break;
                    }
                    break;
                case -838395601:
                    if (lowerCase.equals("upsert")) {
                        z = 10;
                        break;
                    }
                    break;
                case -571613357:
                    if (lowerCase.equals("updateasync")) {
                        z = 4;
                        break;
                    }
                    break;
                case -448955004:
                    if (lowerCase.equals("undelete")) {
                        z = 9;
                        break;
                    }
                    break;
                case -101315741:
                    if (lowerCase.equals("insertasync")) {
                        z = true;
                        break;
                    }
                    break;
                case -97361306:
                    if (lowerCase.equals("deleteimmediate")) {
                        z = 8;
                        break;
                    }
                    break;
                case 103785528:
                    if (lowerCase.equals("merge")) {
                        z = 11;
                        break;
                    }
                    break;
                case 325931272:
                    if (lowerCase.equals("updateimmediate")) {
                        z = 5;
                        break;
                    }
                    break;
                case 1482749208:
                    if (lowerCase.equals("insertimmediate")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case AccessNode.PUBLIC /* 1 */:
                case AccessNode.PRIVATE /* 2 */:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_CREATEABLE);
                    break;
                case true:
                case AccessNode.PROTECTED /* 4 */:
                case true:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_UPDATEABLE);
                    break;
                case true:
                case true:
                case AccessNode.STATIC /* 8 */:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_DELETABLE);
                    break;
                case true:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_UNDELETABLE);
                    break;
                case true:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_CREATEABLE);
                    checkForCRUD(aSTMethodCallExpression, obj, IS_UPDATEABLE);
                    break;
                case true:
                    checkForCRUD(aSTMethodCallExpression, obj, IS_MERGEABLE);
                    break;
            }
        } else {
            return obj;
        }
        return obj;
    }

    private boolean hasAccessLevelArgument(ASTMethodCallExpression aSTMethodCallExpression) {
        for (int i = 0; i < aSTMethodCallExpression.getNumChildren(); i++) {
            ApexNode child = aSTMethodCallExpression.getChild(i);
            if ((child instanceof ASTVariableExpression) && child.getFirstChildOfType(ASTReferenceExpression.class) != null) {
                List<String> names = child.getFirstChildOfType(ASTReferenceExpression.class).getNames();
                if (names.size() == 1 && ACCESS_LEVEL.equalsIgnoreCase(names.get(0))) {
                    return true;
                }
                if (names.size() == 2 && "System".equalsIgnoreCase(names.get(0)) && ACCESS_LEVEL.equalsIgnoreCase(names.get(1))) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlInsertStatement aSTDmlInsertStatement, Object obj) {
        checkForCRUD(aSTDmlInsertStatement, obj, IS_CREATEABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlDeleteStatement aSTDmlDeleteStatement, Object obj) {
        checkForCRUD(aSTDmlDeleteStatement, obj, IS_DELETABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlUndeleteStatement aSTDmlUndeleteStatement, Object obj) {
        checkForCRUD(aSTDmlUndeleteStatement, obj, IS_UNDELETABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlUpdateStatement aSTDmlUpdateStatement, Object obj) {
        checkForCRUD(aSTDmlUpdateStatement, obj, IS_UPDATEABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlUpsertStatement aSTDmlUpsertStatement, Object obj) {
        checkForCRUD(aSTDmlUpsertStatement, obj, IS_CREATEABLE);
        checkForCRUD(aSTDmlUpsertStatement, obj, IS_UPDATEABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTDmlMergeStatement aSTDmlMergeStatement, Object obj) {
        checkForCRUD(aSTDmlMergeStatement, obj, IS_MERGEABLE);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTAssignmentExpression aSTAssignmentExpression, Object obj) {
        ASTSoqlExpression aSTSoqlExpression = (ASTSoqlExpression) aSTAssignmentExpression.getFirstChildOfType(ASTSoqlExpression.class);
        if (aSTSoqlExpression != null) {
            checkForAccessibility(aSTSoqlExpression, obj);
        }
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTVariableDeclaration aSTVariableDeclaration, Object obj) {
        addVariableToMapping(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableDeclaration), aSTVariableDeclaration.getType());
        ASTSoqlExpression aSTSoqlExpression = (ASTSoqlExpression) aSTVariableDeclaration.getFirstChildOfType(ASTSoqlExpression.class);
        if (aSTSoqlExpression != null) {
            checkForAccessibility(aSTSoqlExpression, obj);
        }
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTParameter aSTParameter, Object obj) {
        addVariableToMapping(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTParameter), aSTParameter.getType());
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTFieldDeclaration aSTFieldDeclaration, Object obj) {
        ASTFieldDeclarationStatements firstParentOfType = aSTFieldDeclaration.getFirstParentOfType(ASTFieldDeclarationStatements.class);
        if (firstParentOfType != null) {
            String typeName = firstParentOfType.getTypeName();
            String lowerCase = typeName.toLowerCase(Locale.ROOT);
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case 107868:
                    if (lowerCase.equals("map")) {
                        z = true;
                        break;
                    }
                    break;
                case 3322014:
                    if (lowerCase.equals("list")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case AccessNode.PUBLIC /* 1 */:
                    Iterator<String> it = firstParentOfType.getTypeArguments().iterator();
                    while (it.hasNext()) {
                        this.varToTypeMapping.put(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTFieldDeclaration), it.next());
                    }
                    break;
                default:
                    this.varToTypeMapping.put(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTFieldDeclaration), getSimpleType(typeName));
                    break;
            }
        }
        ASTSoqlExpression aSTSoqlExpression = (ASTSoqlExpression) aSTFieldDeclaration.getFirstChildOfType(ASTSoqlExpression.class);
        if (aSTSoqlExpression != null) {
            checkForAccessibility(aSTSoqlExpression, obj);
        }
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTReturnStatement aSTReturnStatement, Object obj) {
        ASTSoqlExpression aSTSoqlExpression = (ASTSoqlExpression) aSTReturnStatement.getFirstChildOfType(ASTSoqlExpression.class);
        if (aSTSoqlExpression != null) {
            checkForAccessibility(aSTSoqlExpression, obj);
        }
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTForEachStatement aSTForEachStatement, Object obj) {
        ASTSoqlExpression aSTSoqlExpression = (ASTSoqlExpression) aSTForEachStatement.getFirstChildOfType(ASTSoqlExpression.class);
        if (aSTSoqlExpression != null) {
            checkForAccessibility(aSTSoqlExpression, obj);
        }
        return super.visit(aSTForEachStatement, (ASTForEachStatement) obj);
    }

    private void addVariableToMapping(String str, String str2) {
        String lowerCase = str2.toLowerCase(Locale.ROOT);
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case 107868:
                if (lowerCase.equals("map")) {
                    z = true;
                    break;
                }
                break;
            case 3322014:
                if (lowerCase.equals("list")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case AccessNode.PUBLIC /* 1 */:
                return;
            default:
                this.varToTypeMapping.put(str, getSimpleType(str2));
                return;
        }
    }

    private String getSimpleType(String str) {
        String str2 = str;
        Matcher matcher = Pattern.compile("^[list<]?list<(\\S+?)>[>]?$", 2).matcher(str2);
        if (matcher.find()) {
            str2 = matcher.group(1);
        }
        return str2;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTProperty aSTProperty, Object obj) {
        ASTField firstChildOfType = aSTProperty.getFirstChildOfType(ASTField.class);
        if (firstChildOfType != null) {
            addVariableToMapping(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(firstChildOfType), firstChildOfType.getType());
        }
        return obj;
    }

    private void collectCRUDMethodLevelChecks(ASTMethodCallExpression aSTMethodCallExpression) {
        String methodName = aSTMethodCallExpression.getMethodName();
        ASTReferenceExpression firstChildOfType = aSTMethodCallExpression.getFirstChildOfType(ASTReferenceExpression.class);
        if (firstChildOfType == null) {
            return;
        }
        List<String> names = firstChildOfType.getNames();
        if (names.isEmpty()) {
            if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodCallChain(aSTMethodCallExpression, ESAPI_ISAUTHORIZED_TO_VIEW)) {
                extractObjectTypeFromESAPI(aSTMethodCallExpression, IS_ACCESSIBLE);
            }
            if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodCallChain(aSTMethodCallExpression, ESAPI_ISAUTHORIZED_TO_CREATE)) {
                extractObjectTypeFromESAPI(aSTMethodCallExpression, IS_CREATEABLE);
            }
            if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodCallChain(aSTMethodCallExpression, ESAPI_ISAUTHORIZED_TO_UPDATE)) {
                extractObjectTypeFromESAPI(aSTMethodCallExpression, IS_UPDATEABLE);
            }
            if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodCallChain(aSTMethodCallExpression, ESAPI_ISAUTHORIZED_TO_DELETE)) {
                extractObjectTypeFromESAPI(aSTMethodCallExpression, IS_DELETABLE);
            }
            ASTMethodCallExpression aSTMethodCallExpression2 = (ASTMethodCallExpression) firstChildOfType.getFirstChildOfType(ASTMethodCallExpression.class);
            if (aSTMethodCallExpression2 != null && isLastMethodName(aSTMethodCallExpression2, S_OBJECT_TYPE, GET_DESCRIBE)) {
                String type = getType(aSTMethodCallExpression2);
                if (!this.typeToDMLOperationMapping.get(type).contains(methodName)) {
                    this.typeToDMLOperationMapping.put(type, methodName);
                }
            }
        } else {
            extractObjectAndFields(names, methodName, aSTMethodCallExpression.getDefiningType());
        }
        Iterator<PropertyDescriptor<String>> it = AUTH_METHOD_TO_TYPE_PARAM_INDEX_MAP.keySet().iterator();
        while (it.hasNext()) {
            extractObjectTypeFromConfiguredMethodPatternInvocation(aSTMethodCallExpression, it.next());
        }
    }

    private boolean isLastMethodName(ASTMethodCallExpression aSTMethodCallExpression, String str, String str2) {
        ASTReferenceExpression firstChildOfType = aSTMethodCallExpression.getFirstChildOfType(ASTReferenceExpression.class);
        return firstChildOfType != null && !firstChildOfType.getNames().isEmpty() && firstChildOfType.getNames().get(firstChildOfType.getNames().size() - 1).equalsIgnoreCase(str) && net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression, str2);
    }

    private boolean isWithSecurityEnforced(ApexNode<?> apexNode) {
        return (apexNode instanceof ASTSoqlExpression) && WITH_SECURITY_ENFORCED.matcher(((ASTSoqlExpression) apexNode).getQuery()).matches();
    }

    private boolean isWithUserMode(ApexNode<?> apexNode) {
        return (apexNode instanceof ASTSoqlExpression) && WITH_USER_MODE.matcher(((ASTSoqlExpression) apexNode).getQuery()).matches();
    }

    private boolean isWithSystemMode(ApexNode<?> apexNode) {
        return (apexNode instanceof ASTSoqlExpression) && WITH_SYSTEM_MODE.matcher(((ASTSoqlExpression) apexNode).getQuery()).matches();
    }

    private String getType(ASTMethodCallExpression aSTMethodCallExpression) {
        ASTReferenceExpression firstChildOfType = aSTMethodCallExpression.getFirstChildOfType(ASTReferenceExpression.class);
        return !firstChildOfType.getNames().isEmpty() ? firstChildOfType.getDefiningType() + ":" + firstChildOfType.getNames().get(0) : "";
    }

    private void extractObjectAndFields(List<String> list, String str, String str2) {
        int lastIndexOfSubList = Collections.lastIndexOfSubList(list, Arrays.asList(RESERVED_KEYS_FLS));
        if (lastIndexOfSubList != -1) {
            String str3 = list.get(lastIndexOfSubList + RESERVED_KEYS_FLS.length);
            if (this.typeToDMLOperationMapping.get(str2 + ":" + str3).contains(str)) {
                return;
            }
            this.typeToDMLOperationMapping.put(str2 + ":" + str3, str);
        }
    }

    private void checkForCRUD(ApexNode<?> apexNode, Object obj, String str) {
        String str2;
        Iterator<ASTMethodCallExpression> it = getPreviousMethodCalls(apexNode).iterator();
        while (it.hasNext()) {
            collectCRUDMethodLevelChecks(it.next());
        }
        ASTMethod firstParentOfType = apexNode.getFirstParentOfType(ASTMethod.class);
        ASTUserClass firstParentOfType2 = apexNode.getFirstParentOfType(ASTUserClass.class);
        if (firstParentOfType2 == null || !net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(firstParentOfType2)) {
            if (firstParentOfType == null || !net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(firstParentOfType)) {
                checkInlineObject(apexNode, obj, str);
                checkInlineNonArgsObject(apexNode, obj, str);
                ASTVariableExpression firstChildOfType = apexNode.getFirstChildOfType(ASTVariableExpression.class);
                if (firstChildOfType != null && (str2 = this.varToTypeMapping.get(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(firstChildOfType))) != null) {
                    validateCRUDCheckPresent(apexNode, obj, str, apexNode.getDefiningType() + ":" + str2);
                }
                ASTNewListLiteralExpression firstChildOfType2 = apexNode.getFirstChildOfType(ASTNewListLiteralExpression.class);
                if (firstChildOfType2 != null) {
                    checkInlineObject(firstChildOfType2, obj, str);
                    checkInlineNonArgsObject(firstChildOfType2, obj, str);
                }
                ASTNewListInitExpression firstChildOfType3 = apexNode.getFirstChildOfType(ASTNewListInitExpression.class);
                if (firstChildOfType3 != null) {
                    checkInlineObject(firstChildOfType3, obj, str);
                    checkInlineNonArgsObject(firstChildOfType3, obj, str);
                }
            }
        }
    }

    private void checkInlineObject(ApexNode<?> apexNode, Object obj, String str) {
        ASTNewKeyValueObjectExpression firstChildOfType = apexNode.getFirstChildOfType(ASTNewKeyValueObjectExpression.class);
        if (firstChildOfType != null) {
            validateCRUDCheckPresent(apexNode, obj, str, net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(firstChildOfType));
        }
    }

    private void checkInlineNonArgsObject(ApexNode<?> apexNode, Object obj, String str) {
        ASTNewObjectExpression firstChildOfType = apexNode.getFirstChildOfType(ASTNewObjectExpression.class);
        if (firstChildOfType != null) {
            validateCRUDCheckPresent(apexNode, obj, str, net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(firstChildOfType));
        }
    }

    private Set<ASTMethodCallExpression> getPreviousMethodCalls(ApexNode<?> apexNode) {
        HashSet hashSet = new HashSet();
        ASTMethod firstParentOfType = apexNode.getFirstParentOfType(ASTMethod.class);
        if (firstParentOfType != null) {
            recursivelyEvaluateCRUDMethodCalls(apexNode, hashSet, (ASTBlockStatement) firstParentOfType.getFirstChildOfType(ASTBlockStatement.class));
            Iterator<ASTMethod> it = findConstructorMethods().iterator();
            while (it.hasNext()) {
                hashSet.addAll(it.next().findDescendantsOfType(ASTMethodCallExpression.class));
            }
            mapCallToMethodDecl(apexNode, hashSet, new ArrayList(hashSet));
        }
        return hashSet;
    }

    private void recursivelyEvaluateCRUDMethodCalls(ApexNode<?> apexNode, Set<ASTMethodCallExpression> set, ASTBlockStatement aSTBlockStatement) {
        if (aSTBlockStatement != null) {
            int numChildren = aSTBlockStatement.getNumChildren();
            for (int i = 0; i < numChildren; i++) {
                Node child = aSTBlockStatement.getChild(i);
                if (child instanceof ASTIfElseBlockStatement) {
                    Iterator it = child.findDescendantsOfType(ASTBlockStatement.class).iterator();
                    while (it.hasNext()) {
                        recursivelyEvaluateCRUDMethodCalls(apexNode, set, (ASTBlockStatement) it.next());
                    }
                }
                if (Objects.equal(child.getFirstDescendantOfType(apexNode.getClass()), apexNode)) {
                    return;
                }
                ASTMethodCallExpression firstDescendantOfType = child.getFirstDescendantOfType(ASTMethodCallExpression.class);
                if (firstDescendantOfType != null) {
                    mapCallToMethodDecl(apexNode, set, Arrays.asList(firstDescendantOfType));
                }
            }
        }
    }

    private void mapCallToMethodDecl(ApexNode<?> apexNode, Set<ASTMethodCallExpression> set, List<ASTMethodCallExpression> list) {
        for (ASTMethodCallExpression aSTMethodCallExpression : list) {
            if (Objects.equal(aSTMethodCallExpression, apexNode)) {
                return;
            }
            ASTMethod resolveMethodCalls = resolveMethodCalls(aSTMethodCallExpression);
            if (resolveMethodCalls != null) {
                set.addAll(resolveMethodCalls.findDescendantsOfType(ASTMethodCallExpression.class));
            } else if (isAuthMethodInvocation(aSTMethodCallExpression)) {
                set.add(aSTMethodCallExpression);
            }
        }
    }

    private List<ASTMethod> findConstructorMethods() {
        ArrayList arrayList = new ArrayList();
        Iterator it = ((Set) this.classMethods.keySet().stream().filter(str -> {
            return str.contains("<init>") || str.contains(FieldDeclarationsShouldBeAtStartRule.STATIC_INITIALIZER_METHOD_NAME) || str.startsWith(new StringBuilder().append(this.className).append(":").append(this.className).append(":").toString());
        }).collect(Collectors.toSet())).iterator();
        while (it.hasNext()) {
            arrayList.add(this.classMethods.get((String) it.next()));
        }
        return arrayList;
    }

    private ASTMethod resolveMethodCalls(ASTMethodCallExpression aSTMethodCallExpression) {
        return this.classMethods.get(aSTMethodCallExpression.getDefiningType() + ":" + aSTMethodCallExpression.getMethodName() + ":" + aSTMethodCallExpression.getInputParametersSize());
    }

    private boolean isProperESAPICheckForDML(String str, String str2) {
        if (!this.checkedTypeToDMLOperationViaESAPI.containsKey(str)) {
            return false;
        }
        if (ANY.equals(str2)) {
            return true;
        }
        return this.checkedTypeToDMLOperationViaESAPI.get(str).equals(str2);
    }

    private void extractObjectTypeFromESAPI(ASTMethodCallExpression aSTMethodCallExpression, String str) {
        ASTReferenceExpression firstChildOfType;
        ASTVariableExpression firstChildOfType2 = aSTMethodCallExpression.getFirstChildOfType(ASTVariableExpression.class);
        if (firstChildOfType2 == null || (firstChildOfType = firstChildOfType2.getFirstChildOfType(ASTReferenceExpression.class)) == null) {
            return;
        }
        List<String> names = firstChildOfType.getNames();
        if (names.size() == 1) {
            this.checkedTypeToDMLOperationViaESAPI.put(aSTMethodCallExpression.getDefiningType() + ":" + names.get(0), str);
        }
    }

    private boolean validateCRUDCheckPresent(ApexNode<?> apexNode, Object obj, String str, String str2) {
        boolean z = !this.typeToDMLOperationMapping.containsKey(str2);
        boolean z2 = (isProperESAPICheckForDML(str2, str) || isProperAuthPatternBasedCheckForDML(str2, str)) ? false : true;
        boolean z3 = !isWithSecurityEnforced(apexNode);
        boolean z4 = !isWithUserMode(apexNode);
        boolean z5 = !isWithSystemMode(apexNode);
        if (z) {
            if (!z2 || !z3 || !z4 || !z5) {
                return false;
            }
            addViolation(obj, apexNode);
            return true;
        }
        boolean z6 = false;
        Iterator it = this.typeToDMLOperationMapping.get(str2).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((String) it.next()).equalsIgnoreCase(str)) {
                z6 = true;
                break;
            }
            if (ANY.equals(str)) {
                z6 = true;
                break;
            }
        }
        if (z6) {
            return false;
        }
        addViolation(obj, apexNode);
        return true;
    }

    private void checkForAccessibility(ASTSoqlExpression aSTSoqlExpression, Object obj) {
        ASTForEachStatement firstParentOfType;
        ASTVariableExpression firstChildOfType;
        Set<String> typesFromSOQLQuery = getTypesFromSOQLQuery(aSTSoqlExpression);
        Iterator<ASTMethodCallExpression> it = getPreviousMethodCalls(aSTSoqlExpression).iterator();
        while (it.hasNext()) {
            collectCRUDMethodLevelChecks(it.next());
        }
        String str = null;
        ASTMethod aSTMethod = (ASTMethod) aSTSoqlExpression.getFirstParentOfType(ASTMethod.class);
        ASTUserClass firstParentOfType2 = aSTSoqlExpression.getFirstParentOfType(ASTUserClass.class);
        if (firstParentOfType2 == null || !net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(firstParentOfType2)) {
            if (aSTMethod == null || !net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(aSTMethod)) {
                if (aSTMethod != null) {
                    str = getReturnType(aSTMethod);
                }
                boolean z = false;
                ASTVariableDeclaration firstParentOfType3 = aSTSoqlExpression.getFirstParentOfType(ASTVariableDeclaration.class);
                if (firstParentOfType3 != null) {
                    StringBuilder append = new StringBuilder().append(firstParentOfType3.getDefiningType()).append(":").append(getSimpleType(firstParentOfType3.getType()));
                    if (typesFromSOQLQuery.isEmpty()) {
                        z = validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, append.toString());
                    } else {
                        Iterator<String> it2 = typesFromSOQLQuery.iterator();
                        while (it2.hasNext()) {
                            z |= validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, it2.next());
                        }
                    }
                }
                if (z) {
                    return;
                }
                ASTAssignmentExpression firstParentOfType4 = aSTSoqlExpression.getFirstParentOfType(ASTAssignmentExpression.class);
                if (firstParentOfType4 != null && (firstChildOfType = firstParentOfType4.getFirstChildOfType(ASTVariableExpression.class)) != null) {
                    String fQVariableName = net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(firstChildOfType);
                    if (this.varToTypeMapping.containsKey(fQVariableName)) {
                        String str2 = this.varToTypeMapping.get(fQVariableName);
                        if (typesFromSOQLQuery.isEmpty()) {
                            z = validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, str2);
                        } else {
                            Iterator<String> it3 = typesFromSOQLQuery.iterator();
                            while (it3.hasNext()) {
                                z |= validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, it3.next());
                            }
                        }
                    }
                }
                if (z) {
                    return;
                }
                if (aSTSoqlExpression.getFirstParentOfType(ASTReturnStatement.class) != null) {
                    if (typesFromSOQLQuery.isEmpty()) {
                        z = validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, str);
                    } else {
                        Iterator<String> it4 = typesFromSOQLQuery.iterator();
                        while (it4.hasNext()) {
                            z |= validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, it4.next());
                        }
                    }
                }
                if (z || (firstParentOfType = aSTSoqlExpression.getFirstParentOfType(ASTForEachStatement.class)) == null) {
                    return;
                }
                if (!typesFromSOQLQuery.isEmpty()) {
                    Iterator<String> it5 = typesFromSOQLQuery.iterator();
                    while (it5.hasNext()) {
                        validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, it5.next());
                    }
                } else {
                    ASTVariableDeclaration firstParentOfType5 = firstParentOfType.getFirstParentOfType(ASTVariableDeclaration.class);
                    if (firstParentOfType5 != null) {
                        validateCRUDCheckPresent(aSTSoqlExpression, obj, ANY, firstParentOfType5.getDefiningType() + ":" + getSimpleType(firstParentOfType5.getType()));
                    }
                }
            }
        }
    }

    private Set<String> getTypesFromSOQLQuery(ASTSoqlExpression aSTSoqlExpression) {
        HashSet hashSet = new HashSet();
        Matcher matcher = SELECT_FROM_PATTERN.matcher(aSTSoqlExpression.getCanonicalQuery());
        while (matcher.find()) {
            hashSet.add(new StringBuffer().append(aSTSoqlExpression.getDefiningType()).append(":").append(matcher.group(1)).toString());
        }
        return hashSet;
    }

    private String getReturnType(ASTMethod aSTMethod) {
        return aSTMethod.getDefiningType() + ":" + aSTMethod.getReturnType();
    }

    private static PropertyDescriptor<String> authMethodPatternProperty(String str) {
        return PropertyFactory.stringProperty(str + "AuthMethodPattern").desc("A regular expression for one or more custom " + str + " authorization method name patterns.").defaultValue("").build();
    }

    private static PropertyDescriptor<Integer> authMethodTypeParamIndexProperty(String str) {
        return PropertyFactory.intProperty(str + "AuthMethodTypeParamIndex").desc("The 0-based index of the sObjectType parameter for the custom " + str + " authorization method. Defaults to 0.").defaultValue(0).build();
    }

    private boolean isAuthMethodInvocation(ASTMethodCallExpression aSTMethodCallExpression) {
        Iterator<PropertyDescriptor<String>> it = AUTH_METHOD_TO_TYPE_PARAM_INDEX_MAP.keySet().iterator();
        while (it.hasNext()) {
            if (isAuthMethodInvocation(aSTMethodCallExpression, it.next())) {
                return true;
            }
        }
        return false;
    }

    private void extractObjectTypeFromConfiguredMethodPatternInvocation(ASTMethodCallExpression aSTMethodCallExpression, PropertyDescriptor<String> propertyDescriptor) {
        ASTReferenceExpression firstChildOfType;
        if (isAuthMethodInvocation(aSTMethodCallExpression, propertyDescriptor)) {
            PropertyDescriptor<Integer> propertyDescriptor2 = AUTH_METHOD_TO_TYPE_PARAM_INDEX_MAP.get(propertyDescriptor);
            Integer num = propertyDescriptor2 != null ? (Integer) getProperty(propertyDescriptor2) : 0;
            int inputParametersSize = aSTMethodCallExpression.getInputParametersSize();
            if (inputParametersSize > num.intValue()) {
                ArrayList arrayList = new ArrayList(inputParametersSize);
                int numChildren = aSTMethodCallExpression.getNumChildren();
                for (int i = 0; i < numChildren; i++) {
                    ApexNode child = aSTMethodCallExpression.getChild(i);
                    if (child instanceof ASTVariableExpression) {
                        arrayList.add((ASTVariableExpression) child);
                    }
                }
                ASTVariableExpression aSTVariableExpression = arrayList.size() > num.intValue() ? (ASTVariableExpression) arrayList.get(num.intValue()) : null;
                if (aSTVariableExpression == null || !S_OBJECT_TYPE.equalsIgnoreCase(aSTVariableExpression.getImage()) || (firstChildOfType = aSTVariableExpression.getFirstChildOfType(ASTReferenceExpression.class)) == null) {
                    return;
                }
                String image = firstChildOfType.getImage();
                if (StringUtils.isNotBlank(image)) {
                    String str = aSTMethodCallExpression.getDefiningType() + ":" + image;
                    String str2 = AUTH_METHOD_TO_DML_OPERATION_MAP.get(propertyDescriptor);
                    if (StringUtils.isNotBlank(str2)) {
                        this.checkedTypeToDMLOperationsViaAuthPattern.put(str, str2);
                    }
                }
            }
        }
    }

    private boolean isAuthMethodInvocation(ASTMethodCallExpression aSTMethodCallExpression, PropertyDescriptor<String> propertyDescriptor) {
        Pattern compiledAuthMethodPattern = getCompiledAuthMethodPattern((String) getProperty(propertyDescriptor));
        return compiledAuthMethodPattern != null && compiledAuthMethodPattern.matcher(aSTMethodCallExpression.getFullMethodName()).matches();
    }

    private Pattern getCompiledAuthMethodPattern(String str) {
        Pattern pattern = null;
        if (StringUtils.isNotBlank(str)) {
            if (this.compiledAuthMethodPatternCache.containsKey(str)) {
                pattern = this.compiledAuthMethodPatternCache.get(str);
            } else {
                try {
                    pattern = Pattern.compile(str, 2);
                    this.compiledAuthMethodPatternCache.put(str, pattern);
                } catch (IllegalArgumentException e) {
                    this.compiledAuthMethodPatternCache.put(str, null);
                    throw e;
                }
            }
        }
        return pattern;
    }

    private boolean isProperAuthPatternBasedCheckForDML(String str, String str2) {
        if (!this.checkedTypeToDMLOperationsViaAuthPattern.containsKey(str)) {
            return false;
        }
        if (ANY.equals(str2)) {
            return true;
        }
        return this.checkedTypeToDMLOperationsViaAuthPattern.get(str).contains(str2);
    }
}
