package org.openrewrite.java.security;

import java.util.Collections;
import java.util.Set;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Preconditions;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.search.UsesMethod;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.TypeUtils;
import org.openrewrite.marker.SearchResult;

/* loaded from: input_file:org/openrewrite/java/security/ImproperPrivilegeManagement.class */
public class ImproperPrivilegeManagement extends Recipe {
    public String getDisplayName() {
        return "Improper privilege management";
    }

    public String getDescription() {
        return "Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.";
    }

    public Set<String> getTags() {
        return Collections.singleton("CWE-269");
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        final MethodMatcher methodMatcher = new MethodMatcher("java.security.AccessController doPrivileged(..)");
        return Preconditions.check(new UsesMethod(methodMatcher), new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.ImproperPrivilegeManagement.1
            /* renamed from: visitClassDeclaration, reason: merged with bridge method [inline-methods] */
            public J.ClassDeclaration m3visitClassDeclaration(J.ClassDeclaration classDeclaration, ExecutionContext executionContext) {
                return TypeUtils.isAssignableTo("java.security.PrivilegedAction", classDeclaration.getType()) ? SearchResult.found(classDeclaration) : super.visitClassDeclaration(classDeclaration, executionContext);
            }

            /* renamed from: visitMethodInvocation, reason: merged with bridge method [inline-methods] */
            public J.MethodInvocation m2visitMethodInvocation(J.MethodInvocation methodInvocation, ExecutionContext executionContext) {
                return methodMatcher.matches(methodInvocation) ? SearchResult.found(methodInvocation) : super.visitMethodInvocation(methodInvocation, executionContext);
            }
        });
    }
}
