package com.h3xstream.findsecbugs.injection.command;

import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.injection.InjectionSource;
import org.apache.bcel.classfile.ConstantUtf8;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/command/CommandInjectionSource.class */
public class CommandInjectionSource implements InjectionSource {
    private static final String COMMAND_INJECTION_TYPE = "COMMAND_INJECTION";

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public boolean isCandidate(ConstantPoolGen constantPoolGen) {
        for (int i = 0; i < constantPoolGen.getSize(); i++) {
            ConstantUtf8 constant = constantPoolGen.getConstant(i);
            if ((constant instanceof ConstantUtf8) && constant.getBytes().startsWith("java/lang/Runtime")) {
                return true;
            }
        }
        return false;
    }

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public InjectionPoint getInjectableParameters(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        if (invokeInstruction instanceof INVOKEVIRTUAL) {
            String methodName = invokeInstruction.getMethodName(constantPoolGen);
            String className = invokeInstruction.getClassName(constantPoolGen);
            if (className.equals("java.lang.Runtime") && methodName.equals("exec")) {
                InjectionPoint injectionPoint = new InjectionPoint(new int[]{0}, COMMAND_INJECTION_TYPE);
                injectionPoint.setInjectableMethod("Runtime.exec(...)");
                return injectionPoint;
            }
            if (className.equals("java.lang.ProcessBuilder") && methodName.equals("command")) {
                InjectionPoint injectionPoint2 = new InjectionPoint(new int[]{0}, COMMAND_INJECTION_TYPE);
                injectionPoint2.setInjectableMethod("ProcessBuilder.command(...)");
                return injectionPoint2;
            }
        }
        return InjectionPoint.NONE;
    }
}
