package com.h3xstream.findsecbugs;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;

/* loaded from: input_file:com/h3xstream/findsecbugs/ObjectDeserializationDetector.class */
public class ObjectDeserializationDetector extends OpcodeStackDetector {
    private final BugReporter bugReporter;

    public ObjectDeserializationDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void sawOpcode(int i) {
        if (i == 182) {
            if (("java/io/ObjectInputStream".equals(getClassConstantOperand()) || getClassConstantOperand().contains("InputStream")) && getNameConstantOperand().equals("readObject")) {
                this.bugReporter.reportBug(new BugInstance(this, "OBJECT_DESERIALIZATION", 1).addClassAndMethod(this).addSourceLine(this));
            }
        }
    }
}
