package com.h3xstream.findsecbugs.spring;

import com.mebigfatguy.fbcontrib.utils.Values;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.bcel.classfile.AnnotationEntry;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/spring/SpringUnvalidatedRedirectDetector.class */
public class SpringUnvalidatedRedirectDetector implements Detector {
    private static final String SPRING_UNVALIDATED_REDIRECT_TYPE = "SPRING_UNVALIDATED_REDIRECT";
    private static final List<String> REQUEST_MAPPING_ANNOTATION_TYPES = Arrays.asList("Lorg/springframework/web/bind/annotation/RequestMapping;", "Lorg/springframework/web/bind/annotation/GetMapping;", "Lorg/springframework/web/bind/annotation/PostMapping;", "Lorg/springframework/web/bind/annotation/PutMapping;", "Lorg/springframework/web/bind/annotation/DeleteMapping;", "Lorg/springframework/web/bind/annotation/PatchMapping;");
    private BugReporter reporter;

    public SpringUnvalidatedRedirectDetector(BugReporter bugReporter) {
        this.reporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        JavaClass javaClass = classContext.getJavaClass();
        if (hasRequestMapping(javaClass)) {
            for (Method method : javaClass.getMethods()) {
                try {
                    analyzeMethod(method, classContext);
                } catch (CFGBuilderException e) {
                }
            }
        }
    }

    private boolean hasRequestMapping(JavaClass javaClass) {
        for (Method method : javaClass.getMethods()) {
            for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) {
                if (REQUEST_MAPPING_ANNOTATION_TYPES.contains(annotationEntry.getAnnotationType())) {
                    return true;
                }
            }
        }
        return false;
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException {
        JavaClass javaClass = classContext.getJavaClass();
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator<Location> locationIterator = classContext.getCFG(method).locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            Instruction instruction = next.getHandle().getInstruction();
            if (instruction instanceof INVOKEVIRTUAL) {
                INVOKEVIRTUAL invokevirtual = (INVOKEVIRTUAL) instruction;
                if (Values.DOTTED_JAVA_LANG_STRINGBUILDER.equals(invokevirtual.getClassName(constantPoolGen)) && "append".equals(invokevirtual.getMethodName(constantPoolGen))) {
                    Instruction instruction2 = next.getHandle().getPrev().getInstruction();
                    if (instruction2 instanceof LDC) {
                        Object value = ((LDC) instruction2).getValue(constantPoolGen);
                        if ((value instanceof String) && "redirect:".equals((String) value)) {
                            BugInstance bugInstance = new BugInstance(this, SPRING_UNVALIDATED_REDIRECT_TYPE, 2);
                            bugInstance.addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, next);
                            this.reporter.reportBug(bugInstance);
                        }
                    }
                }
            }
        }
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }
}
