package com.h3xstream.findsecbugs.injection;

import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintDataflow;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.BCELUtil;
import edu.umd.cs.findbugs.classfile.CheckedAnalysisException;
import edu.umd.cs.findbugs.classfile.Global;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/TaintDetector.class */
public abstract class TaintDetector implements Detector {
    private final BugReporter bugReporter;

    /* JADX INFO: Access modifiers changed from: protected */
    public TaintDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        ArrayList arrayList = new ArrayList();
        for (InjectionSource injectionSource : getInjectionSource()) {
            if (injectionSource.isCandidate(constantPoolGen)) {
                arrayList.add(injectionSource);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        for (Method method : classContext.getJavaClass().getMethods()) {
            if (classContext.getMethodGen(method) != null) {
                try {
                    analyzeMethod(classContext, method, arrayList);
                } catch (CheckedAnalysisException e) {
                    logException(classContext, method, e);
                } catch (RuntimeException e2) {
                    logException(classContext, method, e2);
                }
            }
        }
    }

    private void analyzeMethod(ClassContext classContext, Method method, List<InjectionSource> list) throws DataflowAnalysisException, CFGBuilderException, CheckedAnalysisException {
        TaintDataflow taintDataFlow = getTaintDataFlow(classContext.getJavaClass(), method);
        CFG cfg = classContext.getCFG(method);
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location location = (Location) locationIterator.next();
            InstructionHandle handle = location.getHandle();
            InvokeInstruction instruction = handle.getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = instruction;
                InjectionPoint injectionPoint = null;
                Iterator<InjectionSource> it = list.iterator();
                while (it.hasNext()) {
                    injectionPoint = it.next().getInjectableParameters(invokeInstruction, constantPoolGen, handle);
                    if (injectionPoint != InjectionPoint.NONE) {
                        break;
                    }
                }
                if (injectionPoint != null && injectionPoint != InjectionPoint.NONE) {
                    TaintFrame taintFrame = (TaintFrame) taintDataFlow.getFactAtLocation(location);
                    if (taintFrame.isValid()) {
                        for (int i : injectionPoint.getInjectableArguments()) {
                            reportBug(injectionPoint, classContext, method, location, (Taint) taintFrame.getStackValue(i));
                        }
                    }
                }
            }
        }
    }

    private void reportBug(InjectionPoint injectionPoint, ClassContext classContext, Method method, Location location, Taint taint) {
        BugInstance bugInstance = getBugInstance(injectionPoint, taint);
        JavaClass javaClass = classContext.getJavaClass();
        bugInstance.addClass(javaClass).addMethod(javaClass, method);
        bugInstance.addSourceLine(classContext, method, location);
        if (injectionPoint.getInjectableMethod() != null) {
            bugInstance.addString(injectionPoint.getInjectableMethod());
        }
        if (taint.hasTaintedLocations()) {
            addSourceLines(classContext, method, taint.getTaintedLocations(), bugInstance);
        } else {
            addSourceLines(classContext, method, taint.getPossibleTaintedLocations(), bugInstance);
        }
        this.bugReporter.reportBug(bugInstance);
    }

    private BugInstance getBugInstance(InjectionPoint injectionPoint, Taint taint) {
        return new BugInstance(this, injectionPoint.getBugType(), taint.isTainted() ? 1 : !taint.isSafe() ? 2 : 3);
    }

    private void addSourceLines(ClassContext classContext, Method method, Collection<Location> collection, BugInstance bugInstance) {
        Iterator<Location> it = collection.iterator();
        while (it.hasNext()) {
            bugInstance.addSourceLine(SourceLineAnnotation.fromVisitedInstruction(classContext, method, it.next()));
        }
    }

    private TaintDataflow getTaintDataFlow(JavaClass javaClass, Method method) throws CheckedAnalysisException {
        return (TaintDataflow) Global.getAnalysisCache().getMethodAnalysis(TaintDataflow.class, BCELUtil.getMethodDescriptor(javaClass, method));
    }

    private void logException(ClassContext classContext, Method method, Exception exc) {
        this.bugReporter.logError("Exception while analyzing " + classContext.getFullyQualifiedMethodName(method), exc);
    }

    public void report() {
    }

    public abstract InjectionSource[] getInjectionSource();
}
