package com.h3xstream.findsecbugs.injection;

import com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation;
import com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource;
import com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.StringAnnotation;
import edu.umd.cs.findbugs.ba.ClassContext;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.InstructionHandle;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/injection/InjectionSink.class */
public class InjectionSink {
    private final Detector detector;
    private final String bugType;
    private final int originalPriority;
    private final ClassContext classContext;
    private final Method method;
    private final InstructionHandle instructionHandle;
    private final String sinkMethod;
    private static final int UNKNOWN_SINK_PRIORITY = Integer.MAX_VALUE;
    private final int parameterOffset;
    private int sinkPriority = UNKNOWN_SINK_PRIORITY;
    private final List<SourceLineAnnotation> lines = new LinkedList();
    private final List<UnknownSource> sources = new LinkedList();
    private List<String> excludeSources = Arrays.asList("java/lang/StringBuilder.", "java/lang/String.", "java/util/HashMap.", "java/util/List.", "java/util/LinkedList.", "java/util/ArrayList.", "java/util/Vector.", "java/util/Set.", "kotlin/text/StringsKt.", "kotlin/text/Regex.");

    public InjectionSink(Detector detector, String str, int i, ClassContext classContext, Method method, InstructionHandle instructionHandle, String str2, int i2) {
        Objects.requireNonNull(detector, "detector");
        Objects.requireNonNull(str, "bugType");
        Objects.requireNonNull(classContext, "classContext");
        Objects.requireNonNull(method, "method");
        Objects.requireNonNull(instructionHandle, "instructionHandle");
        this.detector = detector;
        this.bugType = str;
        this.originalPriority = i;
        this.classContext = classContext;
        this.method = method;
        this.instructionHandle = instructionHandle;
        this.sinkMethod = str2 == null ? "unknown" : str2;
        this.parameterOffset = i2;
    }

    public boolean updateSinkPriority(int i) {
        if (i >= this.sinkPriority) {
            return false;
        }
        this.sinkPriority = i;
        return true;
    }

    public void addLine(SourceLineAnnotation sourceLineAnnotation) {
        Objects.requireNonNull(sourceLineAnnotation, "line");
        this.lines.add(sourceLineAnnotation);
    }

    public void addLines(Collection<TaintLocation> collection) {
        Objects.requireNonNull(this.detector, "locations");
        for (TaintLocation taintLocation : collection) {
            this.lines.add(SourceLineAnnotation.fromVisitedInstruction(taintLocation.getMethodDescriptor(), taintLocation.getPosition()));
        }
    }

    public BugInstance generateBugInstance(boolean z) {
        BugInstance bugInstance = new BugInstance(this.detector, this.bugType, this.originalPriority);
        bugInstance.addClassAndMethod(this.classContext.getJavaClass(), this.method);
        bugInstance.addSourceLine(SourceLineAnnotation.fromVisitedInstruction(this.classContext, this.method, this.instructionHandle));
        addMessage(bugInstance, "Sink method", this.sinkMethod);
        addMessage(bugInstance, "Sink parameter", String.valueOf(this.parameterOffset));
        for (UnknownSource unknownSource : this.sources) {
            if (unknownSource.getSourceType() == UnknownSourceType.FIELD) {
                addMessage(bugInstance, "Unknown source", unknownSource.getSignatureField());
            } else if (unknownSource.getSourceType() == UnknownSourceType.RETURN && !isExclude(unknownSource.getSignatureMethod())) {
                addMessage(bugInstance, "Unknown source", unknownSource.getSignatureMethod());
            }
        }
        if (this.sinkPriority != UNKNOWN_SINK_PRIORITY) {
            if (this.sinkPriority < this.originalPriority) {
                bugInstance.setPriority(this.sinkPriority);
                addMessage(bugInstance, "Method usage", "with tainted arguments detected");
            } else if (this.sinkPriority > this.originalPriority) {
                bugInstance.setPriority(3);
                addMessage(bugInstance, "Method usage", "detected only with safe arguments");
            }
        } else if (!z) {
            addMessage(bugInstance, "Method usage", "not detected");
        }
        Collections.sort(this.lines);
        SourceLineAnnotation sourceLineAnnotation = null;
        Iterator<SourceLineAnnotation> it = this.lines.iterator();
        while (it.hasNext()) {
            SourceLineAnnotation sourceLineAnnotation2 = sourceLineAnnotation;
            sourceLineAnnotation = it.next();
            if (sourceLineAnnotation2 != null && sourceLineAnnotation2.getClassName().equals(sourceLineAnnotation.getClassName()) && sourceLineAnnotation2.getStartLine() == sourceLineAnnotation.getStartLine()) {
                it.remove();
            }
        }
        Iterator<SourceLineAnnotation> it2 = this.lines.iterator();
        while (it2.hasNext()) {
            bugInstance.addSourceLine(it2.next());
        }
        return bugInstance;
    }

    private boolean isExclude(String str) {
        Iterator<String> it = this.excludeSources.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    private void addMessage(BugInstance bugInstance, String str, String str2) {
        StringAnnotation stringAnnotation = new StringAnnotation(str2);
        stringAnnotation.setDescription(str);
        bugInstance.add(stringAnnotation);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !(obj instanceof InjectionSink)) {
            return false;
        }
        InjectionSink injectionSink = (InjectionSink) obj;
        return this.bugType.equals(injectionSink.bugType) && this.originalPriority == injectionSink.originalPriority && this.classContext.getClassDescriptor().equals(injectionSink.classContext.getClassDescriptor()) && this.method.getName().equals(injectionSink.method.getName()) && this.method.getSignature().equals(injectionSink.method.getSignature()) && this.method.getReturnType().equals(injectionSink.method.getReturnType()) && this.instructionHandle.getInstruction().getOpcode() == injectionSink.instructionHandle.getInstruction().getOpcode() && this.instructionHandle.getPosition() == injectionSink.instructionHandle.getPosition();
    }

    public int hashCode() {
        return (67 * ((67 * ((67 * ((67 * ((67 * ((67 * ((67 * ((67 * 7) + this.bugType.hashCode())) + this.originalPriority)) + this.classContext.getClassDescriptor().hashCode())) + this.method.getName().hashCode())) + this.method.getSignature().hashCode())) + this.method.getReturnType().hashCode())) + this.instructionHandle.getInstruction().getOpcode())) + this.instructionHandle.getPosition();
    }

    public void addSources(Set<UnknownSource> set) {
        this.sources.addAll(set);
    }
}
