package com.h3xstream.findsecbugs.injection;

import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintDataflow;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import com.h3xstream.findsecbugs.taintanalysis.TaintLocation;
import com.h3xstream.findsecbugs.taintanalysis.TaintSink;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.BCELUtil;
import edu.umd.cs.findbugs.classfile.CheckedAnalysisException;
import edu.umd.cs.findbugs.classfile.Global;
import edu.umd.cs.findbugs.util.ClassName;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.MethodGen;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/TaintDetector.class */
public abstract class TaintDetector implements Detector {
    private final BugReporter bugReporter;
    private final Map<String, Set<TaintSink>> methodsWithSinks = new HashMap();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public TaintDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        ArrayList arrayList = new ArrayList();
        for (InjectionSource injectionSource : getInjectionSource()) {
            if (injectionSource.isCandidate(constantPoolGen)) {
                arrayList.add(injectionSource);
            }
        }
        if (arrayList.isEmpty()) {
        }
        for (Method method : classContext.getMethodsInCallOrder()) {
            if (classContext.getMethodGen(method) != null) {
                try {
                    analyzeMethod(classContext, method, arrayList);
                } catch (RuntimeException e) {
                    logException(classContext, method, e);
                } catch (CheckedAnalysisException e2) {
                    logException(classContext, method, e2);
                }
            }
        }
    }

    private void analyzeMethod(ClassContext classContext, Method method, Collection<InjectionSource> collection) throws DataflowAnalysisException, CheckedAnalysisException {
        TaintDataflow taintDataFlow = getTaintDataFlow(classContext, method);
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        String fullMethodName = getFullMethodName(classContext.getMethodGen(method));
        Iterator<Location> locationIterator = getLocationIterator(classContext, method);
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            InstructionHandle handle = next.getHandle();
            InvokeInstruction instruction = handle.getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = instruction;
                TaintFrame taintFrame = (TaintFrame) taintDataFlow.getFactAtLocation(next);
                if (!$assertionsDisabled && taintFrame == null) {
                    throw new AssertionError();
                }
                if (taintFrame.isValid()) {
                    SourceLineAnnotation fromVisitedInstruction = SourceLineAnnotation.fromVisitedInstruction(classContext, method, handle);
                    checkTaintSink(getFullMethodName(constantPoolGen, invokeInstruction), taintFrame, fromVisitedInstruction, fullMethodName);
                    InjectionPoint injectionPoint = getInjectionPoint(invokeInstruction, constantPoolGen, handle, collection);
                    for (int i : injectionPoint.getInjectableArguments()) {
                        Taint taint = (Taint) taintFrame.getStackValue(i);
                        int priority = getPriority(taint);
                        if (priority != 5) {
                            BugInstance bugInstance = new BugInstance(this, injectionPoint.getBugType(), priority);
                            bugInstance.addClassAndMethod(classContext.getJavaClass(), method);
                            bugInstance.addSourceLine(fromVisitedInstruction);
                            if (injectionPoint.getInjectableMethod() != null) {
                                bugInstance.addString(injectionPoint.getInjectableMethod());
                            }
                            reportBug(bugInstance, taint, fullMethodName);
                        }
                    }
                }
            }
        }
    }

    private static Iterator<Location> getLocationIterator(ClassContext classContext, Method method) throws CheckedAnalysisException {
        try {
            return classContext.getCFG(method).locationIterator();
        } catch (CFGBuilderException e) {
            throw new CheckedAnalysisException("cannot get control flow graph", e);
        }
    }

    private void checkTaintSink(String str, TaintFrame taintFrame, SourceLineAnnotation sourceLineAnnotation, String str2) throws DataflowAnalysisException {
        if (this.methodsWithSinks.containsKey(str)) {
            for (TaintSink taintSink : this.methodsWithSinks.get(str)) {
                Taint taint = taintSink.getTaint();
                Set<Integer> parameters = taint.getParameters();
                Taint valueOf = Taint.valueOf(taint.getNonParametricState());
                Iterator<Integer> it = parameters.iterator();
                while (it.hasNext()) {
                    valueOf = Taint.merge(valueOf, (Taint) taintFrame.getStackValue(it.next().intValue()));
                }
                if (valueOf != null) {
                    if (valueOf.isTainted()) {
                        BugInstance bugInstance = taintSink.getBugInstance();
                        bugInstance.setPriority(1);
                        bugInstance.addSourceLine(sourceLineAnnotation);
                    } else if (!valueOf.hasParameters()) {
                        continue;
                    } else {
                        if (!$assertionsDisabled && !valueOf.isUnknown()) {
                            throw new AssertionError();
                        }
                        BugInstance bugInstance2 = taintSink.getBugInstance();
                        bugInstance2.addSourceLine(sourceLineAnnotation);
                        delayBugToReport(str2, valueOf, bugInstance2);
                    }
                }
            }
        }
    }

    private static InjectionPoint getInjectionPoint(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle, Collection<InjectionSource> collection) {
        InjectionPoint injectionPoint = null;
        Iterator<InjectionSource> it = collection.iterator();
        while (it.hasNext()) {
            injectionPoint = it.next().getInjectableParameters(invokeInstruction, constantPoolGen, instructionHandle);
            if (injectionPoint != InjectionPoint.NONE) {
                break;
            }
        }
        if (injectionPoint == null) {
            injectionPoint = InjectionPoint.NONE;
        }
        return injectionPoint;
    }

    private void reportBug(BugInstance bugInstance, Taint taint, String str) {
        addSourceLines(taint.getLocations(), bugInstance);
        if (bugInstance.getPriority() == 2 && taint.hasParameters()) {
            delayBugToReport(str, taint, bugInstance);
        } else {
            this.bugReporter.reportBug(bugInstance);
        }
    }

    private void delayBugToReport(String str, Taint taint, BugInstance bugInstance) {
        TaintSink taintSink = new TaintSink(taint, bugInstance);
        Set<TaintSink> set = this.methodsWithSinks.get(str);
        if (set == null) {
            set = new HashSet();
        }
        set.add(taintSink);
        this.methodsWithSinks.put(str, set);
    }

    private int getPriority(Taint taint) {
        if (taint.isTainted()) {
            return 1;
        }
        return !taint.isSafe() ? 2 : 5;
    }

    private static void addSourceLines(Collection<TaintLocation> collection, BugInstance bugInstance) {
        LinkedList linkedList = new LinkedList();
        for (TaintLocation taintLocation : collection) {
            linkedList.add(SourceLineAnnotation.fromVisitedInstruction(taintLocation.getMethodDescriptor(), taintLocation.getPosition()));
        }
        Collections.sort(linkedList);
        SourceLineAnnotation sourceLineAnnotation = null;
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            SourceLineAnnotation sourceLineAnnotation2 = sourceLineAnnotation;
            sourceLineAnnotation = (SourceLineAnnotation) it.next();
            if (sourceLineAnnotation2 != null && sourceLineAnnotation2.getClassName().equals(sourceLineAnnotation.getClassName()) && sourceLineAnnotation2.getStartLine() == sourceLineAnnotation.getStartLine()) {
                it.remove();
            }
        }
        Iterator it2 = linkedList.iterator();
        while (it2.hasNext()) {
            bugInstance.addSourceLine((SourceLineAnnotation) it2.next());
        }
    }

    private static TaintDataflow getTaintDataFlow(ClassContext classContext, Method method) throws CheckedAnalysisException {
        return (TaintDataflow) Global.getAnalysisCache().getMethodAnalysis(TaintDataflow.class, BCELUtil.getMethodDescriptor(classContext.getJavaClass(), method));
    }

    private void logException(ClassContext classContext, Method method, Exception exc) {
        this.bugReporter.logError("Exception while analyzing " + classContext.getFullyQualifiedMethodName(method), exc);
    }

    private static String getFullMethodName(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction) {
        StringBuilder sb = new StringBuilder(ClassName.toSlashedClassName(invokeInstruction.getReferenceType(constantPoolGen).toString()));
        sb.append(".").append(invokeInstruction.getMethodName(constantPoolGen)).append(invokeInstruction.getSignature(constantPoolGen));
        return sb.toString();
    }

    private static String getFullMethodName(MethodGen methodGen) {
        return methodGen.getClassName().replace('.', '/') + "." + (methodGen.getName() + methodGen.getSignature());
    }

    public void report() {
        HashSet hashSet = new HashSet();
        Iterator<Set<TaintSink>> it = this.methodsWithSinks.values().iterator();
        while (it.hasNext()) {
            Iterator<TaintSink> it2 = it.next().iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().getBugInstance());
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            this.bugReporter.reportBug((BugInstance) it3.next());
        }
    }

    public abstract InjectionSource[] getInjectionSource();

    static {
        $assertionsDisabled = !TaintDetector.class.desiredAssertionStatus();
    }
}
