package org.openrewrite.java.security;

import java.time.Duration;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Incubating;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaType;

@Incubating(since = "1.15.0")
/* loaded from: input_file:org/openrewrite/java/security/RegularExpressionDenialOfService.class */
public class RegularExpressionDenialOfService extends Recipe {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openrewrite/java/security/RegularExpressionDenialOfService$KnownVulnerableRegex.class */
    public enum KnownVulnerableRegex {
        URL_VALIDATOR("/^(?:(?:(?:https?|ftp):)?\\/\\/)(?:\\S+(?::\\S*)?@)?(?:(?!(?:10|127)(?:\\.\\d{1,3}){3})(?!(?:169\\.254|192\\.168)(?:\\.\\d{1,3}){2})(?!172\\.(?:1[6-9]|2\\d|3[0-1])(?:\\.\\d{1,3}){2})(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}(?:\\.(?:[1-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))|(?:(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)(?:\\.(?:[a-z\\u00a1-\\uffff0-9]-*)*[a-z\\u00a1-\\uffff0-9]+)*(?:\\.(?:[a-z\\u00a1-\\uffff]{2,})).?)(?::\\d{2,5})?(?:[/?#]\\S*)?$/i", "/^(?:(?:(?:https?|ftp):)?\\/\\/)(?:\\S+(?::\\S*)?@)?(?:(?!(?:10|127)(?:\\.\\d{1,3}){3})(?!(?:169\\.254|192\\.168)(?:\\.\\d{1,3}){2})(?!172\\.(?:1[6-9]|2\\d|3[0-1])(?:\\.\\d{1,3}){2})(?:[1-9]\\d?|1\\d\\d|2[01]\\d|22[0-3])(?:\\.(?:1?\\d{1,2}|2[0-4]\\d|25[0-5])){2}(?:\\.(?:[1-9]\\d?|1\\d\\d|2[0-4]\\d|25[0-4]))|(?:(?:[a-z0-9\\u00a1-\\uffff][a-z0-9\\u00a1-\\uffff_-]{0,62})?[a-z0-9\\u00a1-\\uffff]\\.)+(?:[a-z\\u00a1-\\uffff]{2,}\\.?))(?::\\d{2,5})?(?:[/?#]\\S*)?$/i"),
        ANY_NEWLINE("(.|\\s)*", "(.|\\n|\\r)*"),
        SKIP_FIRST_BIT_OF_CSV_LIST("(?:.*,)*", "(?:^|,)"),
        SELECT_ALL_NEWLINE_TYPES_ONE_OR_MORE("(\\r\\n|\\r|\\n)+", "(\\r|\\n)+"),
        SELECT_ALL_NEWLINE_TYPES_NONE_OR_MORE("(\\r\\n|\\r|\\n)*", "(\\r|\\n)*"),
        SELECT_ALL_INCLUDING_ESCAPED_CHARACTERS("(\\?.)*", ".*"),
        PARTIAL_EMAIL_VALIDATOR("([^@\\s]+\\.)+", "([^@\\s.]+\\.)+"),
        DECIMAL_NUMBER_VALIDATOR("(\\d+\\.?)*", "((\\d+\\.)*|\\d*)"),
        HTML_COMMENT_MATCHING("<!--([^-]+|[-][^-]+)*-->", "<!---->|<!--(?:-?[^>-])(?:-?[^-])*-->"),
        BOLD_TEXT_MARKDOWN("(?:__|[\\s\\S])+", "(?:[^_]|__)+"),
        COMMENT_MATCHING_IN_JAVASCRIPT("(\\s|\\/\\*.*?\\*\\/)*", "(\\s|\\/\\*([^*]|\\*(?!\\/))*?\\*\\/)*"),
        EMAIL_VALIDATION("^((([a-z]|\\d|[!#\\$%&'\\*\\+\\-\\/=\\?\\^_`{\\|}~]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])+(\\.([a-z]|\\d|[!#\\$%&'\\*\\+\\-\\/=\\?\\^_`{\\|}~]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])+)*)|((\\x22)((((\\x20|\\x09)*(\\x0d\\x0a))?(\\x20|\\x09)+)?(([\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x7f]|\\x21|[\\x23-\\x5b]|[\\x5d-\\x7e]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])|(\\\\([\\x01-\\x09\\x0b\\x0c\\x0d-\\x7f]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF]))))*(((\\x20|\\x09)*(\\x0d\\x0a))?(\\x20|\\x09)+)?(\\x22)))@((([a-z]|\\d|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])|(([a-z]|\\d|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])([a-z]|\\d|-|\\.|_|~|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])*([a-z]|\\d|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])))\\.)+(([a-z]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])|(([a-z]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])([a-z]|\\d|-|\\.|_|~|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])*([a-z]|[\\u00A0-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFEF])))\\.?$", "^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$");

        final String bad;
        final String good;

        KnownVulnerableRegex(String str, String str2) {
            this.bad = str;
            this.good = str2;
        }
    }

    /* loaded from: input_file:org/openrewrite/java/security/RegularExpressionDenialOfService$RegularExpressionDenialOfServiceVisitor.class */
    private static class RegularExpressionDenialOfServiceVisitor<P> extends JavaIsoVisitor<P> {
        private RegularExpressionDenialOfServiceVisitor() {
        }

        public J.Literal visitLiteral(J.Literal literal, P p) {
            if (literal.getType() == JavaType.Primitive.String) {
                for (KnownVulnerableRegex knownVulnerableRegex : KnownVulnerableRegex.values()) {
                    if (literal.getValue() != null && literal.getValue().toString().contains(knownVulnerableRegex.bad)) {
                        String replace = literal.getValue().toString().replace(knownVulnerableRegex.bad, knownVulnerableRegex.good.replace("\\", "\\\\"));
                        return literal.withValue(replace).withValueSource("\"" + replace + "\"");
                    }
                }
            }
            return super.visitLiteral(literal, p);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* renamed from: visitLiteral, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ J m17visitLiteral(J.Literal literal, Object obj) {
            return visitLiteral(literal, (J.Literal) obj);
        }
    }

    public String getDisplayName() {
        return "Regular Expression Denial of Service (ReDOS)";
    }

    public String getDescription() {
        return "ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack [here](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) for more details.";
    }

    public Duration getEstimatedEffortPerOccurrence() {
        return Duration.ofMinutes(15L);
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        return new RegularExpressionDenialOfServiceVisitor();
    }
}
