package org.sonar.javascript.checks;

import com.google.common.collect.ImmutableList;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import org.sonar.check.Priority;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.plugins.javascript.api.tree.Tree;
import org.sonar.plugins.javascript.api.tree.expression.LiteralTree;
import org.sonar.plugins.javascript.api.visitors.SubscriptionVisitorCheck;
import org.sonar.squidbridge.annotations.SqaleConstantRemediation;

@Rule(key = "S2611", name = "Untrusted content should not be included", priority = Priority.CRITICAL, tags = {"cwe", "security", "sans-top25-risky"})
@SqaleConstantRemediation("15min")
/* loaded from: input_file:org/sonar/javascript/checks/UntrustedContentCheck.class */
public class UntrustedContentCheck extends SubscriptionVisitorCheck {
    private static final String MESSAGE = "Remove this content from an untrusted source.";

    @RuleProperty(key = "domainsToIgnore", description = "Comma-delimited list of domains to ignore. Regexes may be used, e.g. (.*\\.)?example.com,foo.org")
    public String domainsToIgnore = "";
    private List<Pattern> patterns = null;

    @Override // org.sonar.plugins.javascript.api.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return ImmutableList.of(Tree.Kind.STRING_LITERAL);
    }

    @Override // org.sonar.plugins.javascript.api.visitors.SubscriptionVisitor
    public void visitFile(Tree tree) {
        this.patterns = new ArrayList();
        for (String str : this.domainsToIgnore.split(",")) {
            this.patterns.add(Pattern.compile(str));
        }
    }

    @Override // org.sonar.plugins.javascript.api.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        String value = ((LiteralTree) tree).value();
        String substring = value.substring(1, value.length() - 1);
        if (substring.matches("^http.*")) {
            try {
                if (isBad(new URI(substring))) {
                    addIssue(tree, MESSAGE);
                }
            } catch (URISyntaxException e) {
            }
        }
    }

    private boolean isBad(URI uri) {
        for (Pattern pattern : this.patterns) {
            String host = uri.getHost();
            if (host == null || pattern.matcher(host).matches()) {
                return false;
            }
        }
        return true;
    }
}
