package com.h3xstream.findsecbugs.injection;

import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.util.ClassName;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.bcel.Repository;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/injection/AbstractInjectionDetector.class */
public abstract class AbstractInjectionDetector extends AbstractTaintDetector {
    protected final Map<String, Set<InjectionSink>> injectionSinks;
    private final Map<MethodAndSink, Taint> sinkTaints;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractInjectionDetector(BugReporter bugReporter) {
        super(bugReporter);
        this.injectionSinks = new HashMap();
        this.sinkTaints = new HashMap();
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    public void report() {
        HashSet hashSet = new HashSet();
        Iterator<Set<InjectionSink>> it = this.injectionSinks.values().iterator();
        while (it.hasNext()) {
            Iterator<InjectionSink> it2 = it.next().iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next());
            }
        }
        Iterator it3 = hashSet.iterator();
        while (it3.hasNext()) {
            this.bugReporter.reportBug(((InjectionSink) it3.next()).generateBugInstance(false));
        }
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractTaintDetector
    protected void analyzeLocation(ClassContext classContext, Method method, InstructionHandle instructionHandle, ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame, String str) throws DataflowAnalysisException {
        checkSink(constantPoolGen, invokeInstruction, taintFrame, SourceLineAnnotation.fromVisitedInstruction(classContext, method, instructionHandle), str);
        InjectionPoint injectionPoint = getInjectionPoint(invokeInstruction, constantPoolGen, instructionHandle);
        for (int i : injectionPoint.getInjectableArguments()) {
            Taint taint = (Taint) taintFrame.getStackValue(i);
            int priority = getPriority(taint);
            if (priority != 5) {
                InjectionSink injectionSink = new InjectionSink(this, injectionPoint.getBugType(), priority, classContext, method, instructionHandle, injectionPoint.getInjectableMethod());
                injectionSink.addLines(taint.getLocations());
                if (!taint.hasParameters()) {
                    this.bugReporter.reportBug(injectionSink.generateBugInstance(true));
                    return;
                }
                Set<InjectionSink> set = this.injectionSinks.get(str);
                if (set == null) {
                    set = new HashSet();
                }
                if (!$assertionsDisabled && set.contains(injectionSink)) {
                    throw new AssertionError("duplicit sink");
                }
                set.add(injectionSink);
                this.injectionSinks.put(str, set);
                this.sinkTaints.put(new MethodAndSink(str, injectionSink), taint);
                return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getPriority(Taint taint) {
        if (taint.isTainted()) {
            return 1;
        }
        return !taint.isSafe() ? 2 : 5;
    }

    private void checkSink(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame, SourceLineAnnotation sourceLineAnnotation, String str) throws DataflowAnalysisException {
        for (MethodAndSink methodAndSink : getSinks(constantPoolGen, invokeInstruction, taintFrame)) {
            Taint taint = this.sinkTaints.get(methodAndSink);
            if (!$assertionsDisabled && taint == null) {
                throw new AssertionError("sink taint not stored in advance");
            }
            Set<Integer> parameters = taint.getParameters();
            Taint valueOf = Taint.valueOf(taint.getNonParametricState());
            Iterator<Integer> it = parameters.iterator();
            while (it.hasNext()) {
                valueOf = Taint.merge(valueOf, (Taint) taintFrame.getStackValue(it.next().intValue()));
            }
            if (valueOf != null) {
                if (!taint.isSafe() && taint.hasTags()) {
                    Iterator<Taint.Tag> it2 = taint.getTags().iterator();
                    while (it2.hasNext()) {
                        valueOf.addTag(it2.next());
                    }
                }
                if (taint.isRemovingTags()) {
                    Iterator<Taint.Tag> it3 = taint.getTagsToRemove().iterator();
                    while (it3.hasNext()) {
                        valueOf.removeTag(it3.next());
                    }
                }
                InjectionSink sink = methodAndSink.getSink();
                if (valueOf.hasParameters()) {
                    Set<InjectionSink> set = this.injectionSinks.get(str);
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.add(sink);
                    this.injectionSinks.put(str, set);
                    this.sinkTaints.put(new MethodAndSink(str, sink), valueOf);
                } else {
                    sink.updateSinkPriority(getPriority(valueOf));
                }
                if (!valueOf.isSafe()) {
                    sink.addLine(sourceLineAnnotation);
                    sink.addLines(valueOf.getLocations());
                }
            }
        }
    }

    private Set<MethodAndSink> getSinks(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame) {
        String instanceClassName = getInstanceClassName(constantPoolGen, invokeInstruction, taintFrame);
        String str = "." + invokeInstruction.getMethodName(constantPoolGen) + invokeInstruction.getSignature(constantPoolGen);
        String concat = instanceClassName.concat(str);
        Set<InjectionSink> set = this.injectionSinks.get(concat);
        if (set != null) {
            if ($assertionsDisabled || !set.isEmpty()) {
                return getMethodAndSinks(concat, set);
            }
            throw new AssertionError("empty set of sinks");
        }
        try {
            if (instanceClassName.endsWith("]")) {
                return Collections.emptySet();
            }
            JavaClass lookupClass = Repository.lookupClass(instanceClassName);
            if ($assertionsDisabled || lookupClass != null) {
                return getSuperSinks(lookupClass, str);
            }
            throw new AssertionError();
        } catch (ClassNotFoundException e) {
            AnalysisContext.reportMissingClass(e);
            return Collections.emptySet();
        }
    }

    private Set<MethodAndSink> getMethodAndSinks(String str, Set<InjectionSink> set) {
        HashSet hashSet = new HashSet();
        Iterator<InjectionSink> it = set.iterator();
        while (it.hasNext()) {
            hashSet.add(new MethodAndSink(str, it.next()));
        }
        return hashSet;
    }

    private Set<MethodAndSink> getSuperSinks(JavaClass javaClass, String str) throws ClassNotFoundException {
        for (JavaClass javaClass2 : javaClass.getSuperClasses()) {
            String concat = javaClass2.getClassName().replace('.', '/').concat(str);
            Set<InjectionSink> set = this.injectionSinks.get(concat);
            if (set != null) {
                return getMethodAndSinks(concat, set);
            }
        }
        for (JavaClass javaClass3 : javaClass.getAllInterfaces()) {
            String concat2 = javaClass3.getClassName().replace('.', '/').concat(str);
            Set<InjectionSink> set2 = this.injectionSinks.get(concat2);
            if (set2 != null) {
                return getMethodAndSinks(concat2, set2);
            }
        }
        return Collections.emptySet();
    }

    private static String getInstanceClassName(ConstantPoolGen constantPoolGen, InvokeInstruction invokeInstruction, TaintFrame taintFrame) {
        try {
            int numArgumentsIncludingObjectInstance = taintFrame.getNumArgumentsIncludingObjectInstance(invokeInstruction, constantPoolGen) - 1;
            if (numArgumentsIncludingObjectInstance != -1) {
                if (!$assertionsDisabled && numArgumentsIncludingObjectInstance >= taintFrame.getStackDepth()) {
                    throw new AssertionError();
                }
                String realInstanceClassName = ((Taint) taintFrame.getStackValue(numArgumentsIncludingObjectInstance)).getRealInstanceClassName();
                if (realInstanceClassName != null) {
                    return realInstanceClassName;
                }
            }
        } catch (DataflowAnalysisException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError(e.getMessage());
            }
        }
        return ClassName.toSlashedClassName(invokeInstruction.getReferenceType(constantPoolGen).toString());
    }

    protected abstract InjectionPoint getInjectionPoint(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle);

    static {
        $assertionsDisabled = !AbstractInjectionDetector.class.desiredAssertionStatus();
    }
}
