package com.h3xstream.findsecbugs.injection;

import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import com.h3xstream.findsecbugs.taintanalysis.TaintLocation;
import com.h3xstream.findsecbugs.taintanalysis.TaintSink;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.util.ClassName;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import org.apache.bcel.Repository;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/AbstractInjectionDetector.class */
public abstract class AbstractInjectionDetector extends AbstractTaintDetector {
    protected final Map<String, Set<TaintSink>> methodsWithSinks;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractInjectionDetector(BugReporter bugReporter) {
        super(bugReporter);
        this.methodsWithSinks = new HashMap();
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    public void report() {
        HashSet hashSet = new HashSet();
        Iterator<Set<TaintSink>> it = this.methodsWithSinks.values().iterator();
        while (it.hasNext()) {
            Iterator<TaintSink> it2 = it.next().iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().getBugInstance());
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            this.bugReporter.reportBug((BugInstance) it3.next());
        }
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    protected void analyzeLocation(ClassContext classContext, Method method, InstructionHandle instructionHandle, ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame, String str) throws DataflowAnalysisException {
        SourceLineAnnotation fromVisitedInstruction = SourceLineAnnotation.fromVisitedInstruction(classContext, method, instructionHandle);
        checkTaintSink(constantPoolGen, invokeInstruction, taintFrame, fromVisitedInstruction, str);
        InjectionPoint injectionPoint = getInjectionPoint(invokeInstruction, constantPoolGen, instructionHandle);
        for (int i : injectionPoint.getInjectableArguments()) {
            Taint taint = (Taint) taintFrame.getStackValue(i);
            int priority = getPriority(taint);
            if (priority != 5) {
                BugInstance bugInstance = new BugInstance(this, injectionPoint.getBugType(), priority);
                bugInstance.addClassAndMethod(classContext.getJavaClass(), method);
                bugInstance.addSourceLine(fromVisitedInstruction);
                if (injectionPoint.getInjectableMethod() != null) {
                    bugInstance.addString(injectionPoint.getInjectableMethod());
                }
                reportBug(bugInstance, taint, str);
            }
        }
    }

    protected int getPriority(Taint taint) {
        if (taint.isTainted()) {
            return 1;
        }
        return !taint.isSafe() ? 2 : 5;
    }

    private void checkTaintSink(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame, SourceLineAnnotation sourceLineAnnotation, String str) throws DataflowAnalysisException {
        for (TaintSink taintSink : getSinks(constantPoolGen, invokeInstruction, taintFrame)) {
            Taint taint = taintSink.getTaint();
            Set<Integer> parameters = taint.getParameters();
            Taint valueOf = Taint.valueOf(taint.getNonParametricState());
            Iterator<Integer> it = parameters.iterator();
            while (it.hasNext()) {
                valueOf = Taint.merge(valueOf, (Taint) taintFrame.getStackValue(it.next().intValue()));
            }
            if (valueOf != null && (valueOf.isTainted() || valueOf.hasParameters())) {
                BugInstance bugInstance = taintSink.getBugInstance();
                bugInstance.addSourceLine(sourceLineAnnotation);
                addSourceLines(valueOf.getLocations(), bugInstance);
                if (valueOf.isTainted()) {
                    bugInstance.setPriority(getPriority(valueOf));
                } else {
                    if (!$assertionsDisabled && !valueOf.isUnknown()) {
                        throw new AssertionError();
                    }
                    delayBugToReport(str, valueOf, bugInstance);
                }
            }
        }
    }

    private Set<TaintSink> getSinks(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame) {
        String instanceClassName = getInstanceClassName(constantPoolGen, invokeInstruction, taintFrame);
        String str = "." + invokeInstruction.getMethodName(constantPoolGen) + invokeInstruction.getSignature(constantPoolGen);
        Set<TaintSink> set = this.methodsWithSinks.get(instanceClassName.concat(str));
        if (set != null) {
            return set;
        }
        try {
            JavaClass lookupClass = Repository.lookupClass(instanceClassName);
            if ($assertionsDisabled || lookupClass != null) {
                return getSuperSinks(lookupClass, str);
            }
            throw new AssertionError();
        } catch (ClassNotFoundException e) {
            AnalysisContext.reportMissingClass(e);
            return Collections.emptySet();
        }
    }

    private Set<TaintSink> getSuperSinks(JavaClass javaClass, String str) throws ClassNotFoundException {
        for (JavaClass javaClass2 : javaClass.getSuperClasses()) {
            Set<TaintSink> set = this.methodsWithSinks.get(javaClass2.getClassName().replace('.', '/').concat(str));
            if (set != null) {
                return set;
            }
        }
        for (JavaClass javaClass3 : javaClass.getAllInterfaces()) {
            Set<TaintSink> set2 = this.methodsWithSinks.get(javaClass3.getClassName().replace('.', '/').concat(str));
            if (set2 != null) {
                return set2;
            }
        }
        return Collections.emptySet();
    }

    private void reportBug(BugInstance bugInstance, Taint taint, String str) {
        addSourceLines(taint.getLocations(), bugInstance);
        if (shouldBugBeDelayed(taint, bugInstance)) {
            delayBugToReport(str, taint, bugInstance);
        } else {
            this.bugReporter.reportBug(bugInstance);
        }
    }

    private boolean shouldBugBeDelayed(Taint taint, BugInstance bugInstance) {
        return taint.hasParameters() && bugInstance.getPriority() == getPriority(new Taint(Taint.State.UNKNOWN));
    }

    private void delayBugToReport(String str, Taint taint, BugInstance bugInstance) {
        TaintSink taintSink = new TaintSink(taint, bugInstance);
        Set<TaintSink> set = this.methodsWithSinks.get(str);
        if (set == null) {
            set = new HashSet();
        }
        set.add(taintSink);
        this.methodsWithSinks.put(str, set);
    }

    private static void addSourceLines(Collection<TaintLocation> collection, BugInstance bugInstance) {
        LinkedList linkedList = new LinkedList();
        for (TaintLocation taintLocation : collection) {
            linkedList.add(SourceLineAnnotation.fromVisitedInstruction(taintLocation.getMethodDescriptor(), taintLocation.getPosition()));
        }
        Collections.sort(linkedList);
        SourceLineAnnotation sourceLineAnnotation = null;
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            SourceLineAnnotation sourceLineAnnotation2 = sourceLineAnnotation;
            sourceLineAnnotation = (SourceLineAnnotation) it.next();
            if (sourceLineAnnotation2 != null && sourceLineAnnotation2.getClassName().equals(sourceLineAnnotation.getClassName()) && sourceLineAnnotation2.getStartLine() == sourceLineAnnotation.getStartLine()) {
                it.remove();
            }
        }
        Iterator it2 = linkedList.iterator();
        while (it2.hasNext()) {
            bugInstance.addSourceLine((SourceLineAnnotation) it2.next());
        }
    }

    private static String getInstanceClassName(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame) {
        try {
            int numArgumentsIncludingObjectInstance = taintFrame.getNumArgumentsIncludingObjectInstance(invokeInstruction, constantPoolGen) - 1;
            if (numArgumentsIncludingObjectInstance != -1) {
                if (!$assertionsDisabled && numArgumentsIncludingObjectInstance >= taintFrame.getStackDepth()) {
                    throw new AssertionError();
                }
                String realInstanceClassName = ((Taint) taintFrame.getStackValue(numArgumentsIncludingObjectInstance)).getRealInstanceClassName();
                if (realInstanceClassName != null) {
                    return realInstanceClassName;
                }
            }
        } catch (DataflowAnalysisException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError(e.getMessage());
            }
        }
        return ClassName.toSlashedClassName(invokeInstruction.getReferenceType(constantPoolGen).toString());
    }

    protected abstract InjectionPoint getInjectionPoint(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle);

    static {
        $assertionsDisabled = !AbstractInjectionDetector.class.desiredAssertionStatus();
    }
}
