package org.sonar.java.checks.security;

import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.sonar.check.Rule;
import org.sonar.java.checks.helpers.ExpressionsHelper;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;
import org.sonar.plugins.java.api.tree.VariableTree;
import org.sonarsource.analyzer.commons.collections.SetUtils;

@Rule(key = "S5443")
/* loaded from: input_file:org/sonar/java/checks/security/PubliclyWritableDirectoriesCheck.class */
public class PubliclyWritableDirectoriesCheck extends IssuableSubscriptionVisitor {
    private static final String STRING_TYPE = "java.lang.String";
    private static final String MESSAGE = "Make sure publicly writable directories are used safely here.";
    private static final List<String> PUBLIC_WRITABLE_DIRS = Arrays.asList("/tmp", "/var/tmp", "/usr/tmp", "/dev/shm", "/dev/mqueue", "/run/lock", "/var/run/lock", "/Library/Caches", "/Users/Shared", "/private/tmp", "/private/var/tmp", "\\\\Windows\\\\Temp", "\\\\Temp", "\\\\TMP");
    private static final Set<String> TMP_DIR_ENV = SetUtils.immutableSetOf(new String[]{"TMP", "TMPDIR"});
    private static final String JAVA_NIO_FILE_PATHS = "java.nio.file.Paths";
    private static final String JAVA_NIO_FILE_PATH = "java.nio.file.Path";
    private static final MethodMatchers CREATE_FILE_MATCHERS = MethodMatchers.or(new MethodMatchers[]{MethodMatchers.create().ofTypes(new String[]{JAVA_NIO_FILE_PATHS, JAVA_NIO_FILE_PATH}).names(new String[]{"get"}).withAnyParameters().build(), MethodMatchers.create().ofTypes(new String[]{JAVA_NIO_FILE_PATH}).names(new String[]{"of"}).withAnyParameters().build()});
    private static final String JAVA_IO_FILE = "java.io.File";
    private static final MethodMatchers CREATE_FILE_CONSTRUCTOR_MATCHERS = MethodMatchers.create().ofTypes(new String[]{JAVA_IO_FILE, "java.io.FileReader"}).constructor().addParametersMatcher(new String[]{"java.lang.String"}).addParametersMatcher(new String[]{"java.lang.String", "java.lang.String"}).addParametersMatcher(new String[]{"java.lang.String", "java.nio.charset.Charset"}).build();
    private static final MethodMatchers TEMP_DIR_MATCHER = MethodMatchers.create().ofTypes(new String[]{JAVA_IO_FILE}).names(new String[]{"createTempFile"}).addParametersMatcher(new String[]{"java.lang.String", "java.lang.String"}).build();
    private static final String JAVA_NIO_FILE_FILES = "java.nio.file.Files";
    private static final MethodMatchers NIO_TEMP_DIR_MATCHER = MethodMatchers.create().ofTypes(new String[]{JAVA_NIO_FILE_FILES}).names(new String[]{"createTempDirectory"}).withAnyParameters().build();
    private static final MethodMatchers NIO_TEMP_FILE_MATCHER = MethodMatchers.create().ofTypes(new String[]{JAVA_NIO_FILE_FILES}).names(new String[]{"createTempFile"}).withAnyParameters().build();
    private static final MethodMatchers MAP_GET = MethodMatchers.create().ofSubTypes(new String[]{"java.util.Map"}).names(new String[]{"get"}).addParametersMatcher(new String[]{"java.lang.Object"}).build();
    private static final MethodMatchers SYSTEM_GETENV = MethodMatchers.create().ofSubTypes(new String[]{"java.lang.System"}).names(new String[]{"getenv"}).addWithoutParametersMatcher().build();

    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    public void visitNode(Tree tree) {
        if (!tree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION})) {
            NewClassTree newClassTree = (NewClassTree) tree;
            if (CREATE_FILE_CONSTRUCTOR_MATCHERS.matches(newClassTree) && isSensitiveFileName((ExpressionTree) newClassTree.arguments().get(0))) {
                reportIssue(tree, MESSAGE);
                return;
            }
            return;
        }
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        if (createdInTempDir(methodInvocationTree) || hasSensitiveFileName(methodInvocationTree) || usesSystemTempDir(methodInvocationTree)) {
            reportIssue(tree, MESSAGE);
        }
    }

    private static boolean hasSensitiveFileName(MethodInvocationTree methodInvocationTree) {
        return CREATE_FILE_MATCHERS.matches(methodInvocationTree) && isSensitiveFileName((ExpressionTree) methodInvocationTree.arguments().get(0));
    }

    private static boolean usesSystemTempDir(MethodInvocationTree methodInvocationTree) {
        return MAP_GET.matches(methodInvocationTree) && hasTMPAsArgument(methodInvocationTree) && isInitializedWithSystemGetEnv(methodInvocationTree);
    }

    private static boolean hasTMPAsArgument(MethodInvocationTree methodInvocationTree) {
        Optional asConstant = ((ExpressionTree) methodInvocationTree.arguments().get(0)).asConstant(String.class);
        Set<String> set = TMP_DIR_ENV;
        Objects.requireNonNull(set);
        return ((Boolean) asConstant.map((v1) -> {
            return r1.contains(v1);
        }).orElse(false)).booleanValue();
    }

    private static boolean createdInTempDir(MethodInvocationTree methodInvocationTree) {
        return TEMP_DIR_MATCHER.matches(methodInvocationTree) || (NIO_TEMP_DIR_MATCHER.matches(methodInvocationTree) && methodInvocationTree.arguments().size() == 1) || (NIO_TEMP_FILE_MATCHER.matches(methodInvocationTree) && methodInvocationTree.arguments().size() == 2);
    }

    private static boolean isSensitiveFileName(ExpressionTree expressionTree) {
        return expressionTree.asConstant(String.class).filter(str -> {
            Stream<String> stream = PUBLIC_WRITABLE_DIRS.stream();
            Objects.requireNonNull(str);
            return stream.anyMatch(str::startsWith);
        }).isPresent();
    }

    private static boolean isInitializedWithSystemGetEnv(MethodInvocationTree methodInvocationTree) {
        Optional filter = ExpressionsHelper.getInvokedSymbol(methodInvocationTree).filter(ExpressionsHelper::isNotReassigned).map((v0) -> {
            return v0.declaration();
        }).filter(tree -> {
            return tree.is(new Tree.Kind[]{Tree.Kind.VARIABLE});
        });
        Class<VariableTree> cls = VariableTree.class;
        Objects.requireNonNull(VariableTree.class);
        Optional filter2 = filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.initializer();
        }).map(ExpressionUtils::skipParentheses).filter(expressionTree -> {
            return expressionTree.is(new Tree.Kind[]{Tree.Kind.METHOD_INVOCATION});
        });
        Class<MethodInvocationTree> cls2 = MethodInvocationTree.class;
        Objects.requireNonNull(MethodInvocationTree.class);
        Optional map = filter2.map((v1) -> {
            return r1.cast(v1);
        });
        MethodMatchers methodMatchers = SYSTEM_GETENV;
        Objects.requireNonNull(methodMatchers);
        return ((Boolean) map.map(methodMatchers::matches).orElse(false)).booleanValue();
    }
}
