package org.sonarsource.slang.checks;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.jetbrains.kotlin.psi.KtCodeFragment;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonarsource.slang.api.AssignmentExpressionTree;
import org.sonarsource.slang.api.StringLiteralTree;
import org.sonarsource.slang.api.Tree;
import org.sonarsource.slang.api.VariableDeclarationTree;
import org.sonarsource.slang.checks.api.CheckContext;
import org.sonarsource.slang.checks.api.InitContext;
import org.sonarsource.slang.checks.api.SlangCheck;
import org.sonarsource.slang.checks.utils.ExpressionUtils;

@Rule(key = "S2068")
/* loaded from: input_file:org/sonarsource/slang/checks/HardcodedCredentialsCheck.class */
public class HardcodedCredentialsCheck implements SlangCheck {
    private static final String DEFAULT_VALUE = "password,passwd,pwd,passphrase";
    private static final Pattern URI_PREFIX = Pattern.compile("^\\w{1,8}://");

    @RuleProperty(key = "credentialWords", description = "Comma separated list of words identifying potential credentials", defaultValue = DEFAULT_VALUE)
    public String credentialWords = DEFAULT_VALUE;
    private List<Pattern> variablePatterns;
    private List<Pattern> literalPatterns;

    @Override // org.sonarsource.slang.checks.api.SlangCheck
    public void initialize(InitContext initContext) {
        initContext.register(AssignmentExpressionTree.class, (checkContext, assignmentExpressionTree) -> {
            Tree leftHandSide = assignmentExpressionTree.leftHandSide();
            ExpressionUtils.getMemberSelectOrIdentifierName(leftHandSide).ifPresent(str -> {
                checkVariable(checkContext, leftHandSide, str, assignmentExpressionTree.statementOrExpression());
            });
        });
        initContext.register(VariableDeclarationTree.class, (checkContext2, variableDeclarationTree) -> {
            checkVariable(checkContext2, variableDeclarationTree.identifier(), variableDeclarationTree.identifier().name(), variableDeclarationTree.initializer());
        });
        initContext.register(StringLiteralTree.class, (checkContext3, stringLiteralTree) -> {
            String content = stringLiteralTree.content();
            if (isURIWithCredentials(content)) {
                checkContext3.reportIssue(stringLiteralTree, "Review this hard-coded URL, which may contain a credential.");
            } else {
                literalPatterns().map(pattern -> {
                    return pattern.matcher(content);
                }).filter((v0) -> {
                    return v0.find();
                }).map(matcher -> {
                    return matcher.group(1);
                }).filter(str -> {
                    return !isQuery(content, str);
                }).forEach(str2 -> {
                    report(checkContext3, stringLiteralTree, str2);
                });
            }
        });
    }

    private static boolean isURIWithCredentials(String str) {
        if (!URI_PREFIX.matcher(str).find()) {
            return false;
        }
        try {
            String userInfo = new URI(str).getUserInfo();
            if (userInfo == null) {
                return false;
            }
            String[] split = userInfo.split(":");
            if (split.length > 1) {
                if (!split[0].equals(split[1])) {
                    return true;
                }
            }
            return false;
        } catch (URISyntaxException e) {
            return false;
        }
    }

    private static boolean isNotEmptyString(@Nullable Tree tree) {
        return (tree instanceof StringLiteralTree) && !((StringLiteralTree) tree).content().isEmpty();
    }

    private static boolean isQuery(String str, String str2) {
        String substring = str.substring(str.indexOf(str2) + str2.length());
        return substring.startsWith("=?") || substring.startsWith("=%") || substring.startsWith("=:") || substring.startsWith("={") || substring.equals("='");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void report(CheckContext checkContext, Tree tree, String str) {
        checkContext.reportIssue(tree, String.format("\"%s\" detected here, make sure this is not a hard-coded credential.", str));
    }

    private void checkVariable(CheckContext checkContext, Tree tree, String str, @Nullable Tree tree2) {
        if (isNotEmptyString(tree2)) {
            variablePatterns().map(pattern -> {
                return pattern.matcher(str);
            }).filter((v0) -> {
                return v0.find();
            }).forEach(matcher -> {
                checkAssignedValue(checkContext, matcher, tree, ((StringLiteralTree) tree2).value());
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkAssignedValue(CheckContext checkContext, Matcher matcher, Tree tree, String str) {
        if (matcher.pattern().matcher(str).find()) {
            return;
        }
        report(checkContext, tree, matcher.group(1));
    }

    private Stream<Pattern> variablePatterns() {
        if (this.variablePatterns == null) {
            this.variablePatterns = toPatterns("");
        }
        return this.variablePatterns.stream();
    }

    private Stream<Pattern> literalPatterns() {
        if (this.literalPatterns == null) {
            this.literalPatterns = toPatterns("=\\S");
        }
        return this.literalPatterns.stream();
    }

    private List<Pattern> toPatterns(String str) {
        return (List) Stream.of((Object[]) this.credentialWords.split(KtCodeFragment.IMPORT_SEPARATOR)).map((v0) -> {
            return v0.trim();
        }).map(str2 -> {
            return Pattern.compile("(" + str2 + ")" + str, 2);
        }).collect(Collectors.toList());
    }
}
