package com.h3xstream.findsecbugs.injection.sql;

import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.injection.InjectionSource;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.INVOKESPECIAL;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/sql/SpringJdbcInjectionSource.class */
public class SpringJdbcInjectionSource implements InjectionSource {
    protected static final String SQL_INJECTION_TYPE = "SQL_INJECTION_SPRING_JDBC";

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public boolean isCandidate(ConstantPoolGen constantPoolGen) {
        return true;
    }

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public InjectionPoint getInjectableParameters(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        String methodName = invokeInstruction.getMethodName(constantPoolGen);
        String signature = invokeInstruction.getSignature(constantPoolGen);
        String className = invokeInstruction.getClassName(constantPoolGen);
        if (invokeInstruction instanceof INVOKESPECIAL) {
            if (className.equals("org.springframework.jdbc.core.PreparedStatementCreatorFactory") && methodName.equals("<init>")) {
                if (signature.equals("(Ljava/lang/String;)V")) {
                    return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                }
                if (signature.equals("(Ljava/lang/String;[I)V") || signature.equals("(Ljava/lang/String;Ljava/util/List;)V")) {
                    return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                }
            }
        } else if (((invokeInstruction instanceof INVOKEVIRTUAL) && className.equals("org.springframework.jdbc.core.JdbcTemplate")) || ((invokeInstruction instanceof INVOKEINTERFACE) && className.equals("org.springframework.jdbc.core.JdbcOperations"))) {
            if (methodName.equals("execute")) {
                if (signature.equals("(Ljava/lang/String;)V")) {
                    return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                }
                if (signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/PreparedStatementCallback;)Ljava/lang/Object;")) {
                    return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                }
                if (signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/CallableStatementCallback;)Ljava/lang/Object;")) {
                    return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                }
            } else {
                if (methodName.equals("batchUpdate")) {
                    if (signature.equals("([Ljava/lang/String;)[I")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (!signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/BatchPreparedStatementSetter;)[I") && !signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/BatchPreparedStatementSetter;)[I")) {
                        if (signature.equals("(Ljava/lang/String;Ljava/util/Collection;ILorg/springframework/jdbc/core/ParameterizedPreparedStatementSetter;)[[I")) {
                            return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                        }
                        if (signature.equals("(Ljava/lang/String;Ljava/util/List;)[I")) {
                            return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                        }
                        if (signature.equals("(Ljava/lang/String;Ljava/util/List;[I)[I")) {
                            return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                        }
                    }
                    return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                }
                if (methodName.equals("queryForObject")) {
                    if (signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/RowMapper;)Ljava/lang/Object;")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/RowMapper;[Ljava/lang/Object;)Ljava/lang/Object;")) {
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;Ljava/lang/Class;)Ljava/lang/Object;")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (!signature.equals("(Ljava/lang/String;Ljava/lang/Class;[Ljava/lang/Object;)Ljava/lang/Object;") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Ljava/lang/Class;)Ljava/lang/Object;")) {
                        if (!signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILjava/lang/Class;)Ljava/lang/Object;") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILorg/springframework/jdbc/core/RowMapper;)Ljava/lang/Object;")) {
                            if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Lorg/springframework/jdbc/core/RowMapper;)Ljava/lang/Object;")) {
                                return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                            }
                        }
                        return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                    }
                    return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                }
                if (methodName.equals("query")) {
                    if (!signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/ResultSetExtractor;)Ljava/lang/Object;") && !signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/RowCallbackHandler;)V") && !signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/RowMapper;)Ljava/util/List;")) {
                        if (!signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/PreparedStatementSetter;Lorg/springframework/jdbc/core/ResultSetExtractor;)Ljava/lang/Object;") && !signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/PreparedStatementSetter;Lorg/springframework/jdbc/core/RowCallbackHandler;)V") && !signature.equals("(Ljava/lang/String;Lorg/springframework/jdbc/core/PreparedStatementSetter;Lorg/springframework/jdbc/core/RowMapper;)Ljava/util/List;") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Lorg/springframework/jdbc/core/RowMapper;)Ljava/util/List;") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Lorg/springframework/jdbc/core/RowCallbackHandler;)V") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Lorg/springframework/jdbc/core/ResultSetExtractor;)Ljava/lang/Object;")) {
                            if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILorg/springframework/jdbc/core/ResultSetExtractor;)Ljava/lang/Object;")) {
                                return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                            }
                            if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILorg/springframework/jdbc/core/RowMapper;)Ljava/util/List;")) {
                                return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                            }
                            if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILorg/springframework/jdbc/core/RowCallbackHandler;)V")) {
                                return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                            }
                        }
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                    return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                }
                if (methodName.equals("queryForList")) {
                    if (signature.equals("(Ljava/lang/String;)Ljava/util/List;")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;Ljava/lang/Class;)Ljava/util/List;")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (!signature.equals("(Ljava/lang/String;[Ljava/lang/Object;Ljava/lang/Class;)Ljava/util/List;") && !signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[I)Ljava/util/List;")) {
                        if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[ILjava/lang/Class;)Ljava/util/List;")) {
                            return new InjectionPoint(new int[]{3}, SQL_INJECTION_TYPE);
                        }
                        if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;)Ljava/util/List;")) {
                            return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                        }
                    }
                    return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                }
                if (methodName.equals("queryForMap")) {
                    if (signature.equals("(Ljava/lang/String;)Ljava/util/Map;")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;)Ljava/util/Map;")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[I)Ljava/util/Map;")) {
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                } else if (methodName.equals("queryForRowSet")) {
                    if (signature.equals("(Ljava/lang/String;)Lorg/springframework/jdbc/support/rowset/SqlRowSet;")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;)Lorg/springframework/jdbc/support/rowset/SqlRowSet;")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[I)Lorg/springframework/jdbc/support/rowset/SqlRowSet;")) {
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                } else if (methodName.equals("queryForInt")) {
                    if (signature.equals("(Ljava/lang/String;)I")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;)I")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[I)I")) {
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                } else if (methodName.equals("queryForLong")) {
                    if (signature.equals("(Ljava/lang/String;)J")) {
                        return new InjectionPoint(new int[]{0}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;)J")) {
                        return new InjectionPoint(new int[]{1}, SQL_INJECTION_TYPE);
                    }
                    if (signature.equals("(Ljava/lang/String;[Ljava/lang/Object;[I)J")) {
                        return new InjectionPoint(new int[]{2}, SQL_INJECTION_TYPE);
                    }
                }
            }
        }
        return InjectionPoint.NONE;
    }
}
