package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethod;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTParameter;
import net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.ApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
import net.sourceforge.pmd.lang.apex.rule.internal.Helper;
import net.sourceforge.pmd.lang.rule.RuleTargetSelector;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.class */
public class ApexSOQLInjectionRule extends AbstractApexRule {
    private static final String JOIN = "join";
    private static final String ESCAPE_SINGLE_QUOTES = "escapeSingleQuotes";
    private static final String STRING = "String";
    private static final String DATABASE = "Database";
    private static final String QUERY = "query";
    private static final String COUNT_QUERY = "countQuery";
    private final Set<String> safeVariables = new HashSet();
    private final Map<String, Boolean> selectContainingVariables = new HashMap();
    private static final Set<String> SAFE_VARIABLE_TYPES = Collections.unmodifiableSet((Set) Stream.of((Object[]) new String[]{"double", "long", "decimal", "boolean", "id", "integer", "sobjecttype", "schema.sobjecttype", "sobjectfield", "schema.sobjectfield"}).collect(Collectors.toSet()));
    private static final Pattern SELECT_PATTERN = Pattern.compile("^select[\\s]+?.*?$", 2);

    protected RuleTargetSelector buildTargetSelector() {
        return RuleTargetSelector.forTypes(ASTUserClass.class, new Class[0]);
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (Helper.isTestMethodOrClass(aSTUserClass) || Helper.isSystemLevelClass(aSTUserClass)) {
            return obj;
        }
        Iterator it = aSTUserClass.descendants(ASTMethod.class).iterator();
        while (it.hasNext()) {
            findSafeVariablesInSignature((ASTMethod) it.next());
        }
        for (ASTFieldDeclaration aSTFieldDeclaration : aSTUserClass.descendants(ASTFieldDeclaration.class)) {
            findSanitizedVariables(aSTFieldDeclaration);
            findSelectContainingVariables(aSTFieldDeclaration);
        }
        for (ASTVariableDeclaration aSTVariableDeclaration : aSTUserClass.descendants(ASTVariableDeclaration.class)) {
            findSanitizedVariables(aSTVariableDeclaration);
            findSelectContainingVariables(aSTVariableDeclaration);
        }
        for (ASTAssignmentExpression aSTAssignmentExpression : aSTUserClass.descendants(ASTAssignmentExpression.class)) {
            findSanitizedVariables(aSTAssignmentExpression);
            findSelectContainingVariables(aSTAssignmentExpression);
        }
        for (ASTMethodCallExpression aSTMethodCallExpression : aSTUserClass.descendants(ASTMethodCallExpression.class)) {
            if (!Helper.isTestMethodOrClass(aSTMethodCallExpression) && isQueryMethodCall(aSTMethodCallExpression)) {
                reportStrings(aSTMethodCallExpression, obj);
                reportVariables(aSTMethodCallExpression, obj);
            }
        }
        this.safeVariables.clear();
        this.selectContainingVariables.clear();
        return obj;
    }

    private boolean isQueryMethodCall(ASTMethodCallExpression aSTMethodCallExpression) {
        return Helper.isMethodName(aSTMethodCallExpression, DATABASE, QUERY) || Helper.isMethodName(aSTMethodCallExpression, DATABASE, COUNT_QUERY);
    }

    private boolean isSafeVariableType(String str) {
        return SAFE_VARIABLE_TYPES.contains(str.toLowerCase(Locale.ROOT));
    }

    private void findSafeVariablesInSignature(ASTMethod aSTMethod) {
        for (ASTParameter aSTParameter : aSTMethod.children(ASTParameter.class)) {
            if (isSafeVariableType(aSTParameter.getType())) {
                this.safeVariables.add(Helper.getFQVariableName(aSTParameter));
            }
        }
    }

    private void findSanitizedVariables(ApexNode<?> apexNode) {
        ASTVariableExpression firstChild = apexNode.firstChild(ASTVariableExpression.class);
        ASTLiteralExpression firstChild2 = apexNode.firstChild(ASTLiteralExpression.class);
        ASTMethodCallExpression firstChild3 = apexNode.firstChild(ASTMethodCallExpression.class);
        if (firstChild2 != null && firstChild != null) {
            if (firstChild2.isInteger() || firstChild2.isBoolean() || firstChild2.isDouble()) {
                this.safeVariables.add(Helper.getFQVariableName(firstChild));
            }
            if (firstChild2.isString()) {
                if (SELECT_PATTERN.matcher(firstChild2.getImage()).matches()) {
                    this.selectContainingVariables.put(Helper.getFQVariableName(firstChild), Boolean.TRUE);
                } else {
                    this.safeVariables.add(Helper.getFQVariableName(firstChild));
                }
            }
        }
        if (firstChild3 != null && Helper.isMethodName(firstChild3, STRING, ESCAPE_SINGLE_QUOTES) && firstChild != null) {
            this.safeVariables.add(Helper.getFQVariableName(firstChild));
        }
        if ((apexNode instanceof ASTVariableDeclaration) && isSafeVariableType(((ASTVariableDeclaration) apexNode).getType())) {
            this.safeVariables.add(Helper.getFQVariableName(firstChild));
        }
    }

    private void findSelectContainingVariables(ApexNode<?> apexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) apexNode.firstChild(ASTVariableExpression.class);
        ASTBinaryExpression aSTBinaryExpression = (ASTBinaryExpression) apexNode.firstChild(ASTBinaryExpression.class);
        if (aSTVariableExpression == null || aSTBinaryExpression == null) {
            return;
        }
        recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression);
    }

    private void recursivelyCheckForSelect(ASTVariableExpression aSTVariableExpression, ASTBinaryExpression aSTBinaryExpression) {
        ASTBinaryExpression aSTBinaryExpression2 = (ASTBinaryExpression) aSTBinaryExpression.firstChild(ASTBinaryExpression.class);
        if (aSTBinaryExpression2 != null) {
            recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression2);
        }
        ASTVariableExpression firstChild = aSTBinaryExpression.firstChild(ASTVariableExpression.class);
        boolean z = false;
        if (firstChild != null && this.safeVariables.contains(Helper.getFQVariableName(firstChild))) {
            z = true;
        }
        ASTMethodCallExpression firstChild2 = aSTBinaryExpression.firstChild(ASTMethodCallExpression.class);
        if (firstChild2 != null && Helper.isMethodName(firstChild2, STRING, ESCAPE_SINGLE_QUOTES)) {
            z = true;
        }
        ASTLiteralExpression firstChild3 = aSTBinaryExpression.firstChild(ASTLiteralExpression.class);
        if (firstChild3 == null) {
            if (z) {
                return;
            }
            this.selectContainingVariables.put(Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
        } else if (firstChild3.isString() && SELECT_PATTERN.matcher(firstChild3.getImage()).matches()) {
            if (z) {
                this.safeVariables.add(Helper.getFQVariableName(aSTVariableExpression));
            } else {
                this.selectContainingVariables.put(Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
            }
        }
    }

    private void reportStrings(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        HashSet hashSet = new HashSet();
        Iterator it = aSTMethodCallExpression.descendants(ASTStandardCondition.class).iterator();
        while (it.hasNext()) {
            hashSet.addAll(((ASTStandardCondition) it.next()).descendants(ASTVariableExpression.class).toList());
        }
        Iterator it2 = aSTMethodCallExpression.children(ASTBinaryExpression.class).iterator();
        while (it2.hasNext()) {
            for (ASTVariableExpression aSTVariableExpression : ((ASTBinaryExpression) it2.next()).descendants(ASTVariableExpression.class)) {
                String fQVariableName = Helper.getFQVariableName(aSTVariableExpression);
                if (!this.selectContainingVariables.containsKey(fQVariableName) || !this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                    if (!hashSet.contains(aSTVariableExpression) && !this.safeVariables.contains(fQVariableName)) {
                        ASTMethodCallExpression first = aSTVariableExpression.ancestors(ASTMethodCallExpression.class).first();
                        if (!(Helper.isMethodName(first, STRING, ESCAPE_SINGLE_QUOTES) || Helper.isMethodName(first, STRING, JOIN))) {
                            asCtx(obj).addViolation(aSTVariableExpression);
                        }
                    }
                }
            }
        }
    }

    private void reportVariables(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        ASTVariableExpression firstChild = aSTMethodCallExpression.firstChild(ASTVariableExpression.class);
        if (firstChild != null) {
            String fQVariableName = Helper.getFQVariableName(firstChild);
            if (!this.selectContainingVariables.containsKey(fQVariableName) || this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                return;
            }
            asCtx(obj).addViolation(firstChild);
        }
    }
}
