package com.h3xstream.findsecbugs.taintanalysis;

import com.h3xstream.findsecbugs.BCELUtil;
import com.h3xstream.findsecbugs.FindSecBugsGlobalConfig;
import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.data.TaintLocation;
import com.h3xstream.findsecbugs.taintanalysis.data.UnknownSource;
import com.h3xstream.findsecbugs.taintanalysis.data.UnknownSourceType;
import edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.InvalidBytecodeException;
import edu.umd.cs.findbugs.ba.generic.GenericSignatureParser;
import edu.umd.cs.findbugs.classfile.MethodDescriptor;
import edu.umd.cs.findbugs.util.ClassName;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.bcel.generic.AALOAD;
import org.apache.bcel.generic.AASTORE;
import org.apache.bcel.generic.ACONST_NULL;
import org.apache.bcel.generic.ANEWARRAY;
import org.apache.bcel.generic.ARETURN;
import org.apache.bcel.generic.BIPUSH;
import org.apache.bcel.generic.CHECKCAST;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.FieldInstruction;
import org.apache.bcel.generic.GETFIELD;
import org.apache.bcel.generic.GETSTATIC;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.INVOKESPECIAL;
import org.apache.bcel.generic.INVOKESTATIC;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;
import org.apache.bcel.generic.LDC2_W;
import org.apache.bcel.generic.LoadInstruction;
import org.apache.bcel.generic.MethodGen;
import org.apache.bcel.generic.NEW;
import org.apache.bcel.generic.ObjectType;
import org.apache.bcel.generic.PUTFIELD;
import org.apache.bcel.generic.PUTSTATIC;
import org.apache.bcel.generic.ReturnInstruction;
import org.apache.bcel.generic.SIPUSH;
import org.apache.bcel.generic.StoreInstruction;
import shaded.io.IOUtils;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/taintanalysis/TaintFrameModelingVisitor.class */
public class TaintFrameModelingVisitor extends AbstractFrameModelingVisitor<Taint, TaintFrame> {
    private static final Logger LOG;
    private static final Map<String, Taint.Tag> REPLACE_TAGS;
    private final MethodDescriptor methodDescriptor;
    private final TaintConfig taintConfig;
    private final TaintMethodConfig analyzedMethodConfig;
    private final List<TaintFrameAdditionalVisitor> visitors;
    private final MethodGen methodGen;
    private String regexValue;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/taintanalysis/TaintFrameModelingVisitor$ObjectConfiguration.class */
    public class ObjectConfiguration {
        private static final int JAVA_STRING_PARAMETER_INDEX = 1;
        private static final int KOTLIN_STRING_PARAMETER_INDEX = 4;
        private final String className;
        private final String methodName;

        private ObjectConfiguration(String str, String str2) {
            this.className = str;
            this.methodName = str2;
        }

        private boolean isJavaString() {
            return "java/lang/String".equals(this.className);
        }

        private boolean isKotlinString() {
            return "kotlin/text/StringsKt".equals(this.className);
        }

        private boolean isKotlinRegex() {
            return "kotlin/text/Regex".equals(this.className);
        }

        private boolean isConstructor() {
            return "<init>".equals(this.methodName);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isKotlinRegexMethodAndConstructorMethod() {
            return isKotlinRegex() && isConstructor();
        }

        private boolean isJavaStringWithSimpleReplace() {
            return isJavaString() && "replace".equals(this.methodName);
        }

        private boolean isKotlinStringWithSimpleReplace() {
            return isKotlinString() && "replace$default".equals(this.methodName);
        }

        private boolean isJavaStringWithRegexReplace() {
            return isJavaString() && "replaceAll".equals(this.methodName);
        }

        private boolean isKotlinRegexWithReplace() {
            return isKotlinRegex() && "replace".equals(this.methodName);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isAClassThatCanReplaceString() {
            return isJavaString() || isKotlinString() || isKotlinRegex();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isAReplaceMethod() {
            return isJavaStringWithRegexReplace() || isKotlinRegexWithReplace() || isJavaStringWithSimpleReplace() || isKotlinStringWithSimpleReplace();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isAReplaceMethodWithRegexParameter() {
            return isJavaStringWithRegexReplace() || isKotlinRegexWithReplace();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String getStringParameterForReplaceMethod() throws DataflowAnalysisException {
            if (isJavaString()) {
                return TaintFrameModelingVisitor.this.getFrame().getStackValue(1).getConstantValue();
            }
            if (isKotlinString()) {
                return TaintFrameModelingVisitor.this.getFrame().getStackValue(4).getConstantValue();
            }
            if (isKotlinRegexWithReplace()) {
                return TaintFrameModelingVisitor.this.getRegexValueFromAPreviousInstruction();
            }
            return null;
        }
    }

    public TaintFrameModelingVisitor(ConstantPoolGen constantPoolGen, MethodDescriptor methodDescriptor, TaintConfig taintConfig, List<TaintFrameAdditionalVisitor> list, MethodGen methodGen) {
        super(constantPoolGen);
        if (methodDescriptor == null) {
            throw new NullPointerException("null method descriptor");
        }
        if (taintConfig == null) {
            throw new NullPointerException("null taint config");
        }
        this.methodDescriptor = methodDescriptor;
        this.taintConfig = taintConfig;
        this.analyzedMethodConfig = new TaintMethodConfig(false);
        this.analyzedMethodConfig.setTypeSignature(this.methodDescriptor.getClassDescriptor().getClassName() + "." + this.methodDescriptor.getName() + this.methodDescriptor.getSignature());
        this.visitors = list;
        this.methodGen = methodGen;
    }

    private Collection<Integer> getMutableStackIndices(String str) {
        if (!$assertionsDisabled && (str == null || str.isEmpty())) {
            throw new AssertionError();
        }
        ArrayList arrayList = new ArrayList();
        int i = 0;
        Iterator<String> parameterSignatureIterator = new GenericSignatureParser(str).parameterSignatureIterator();
        while (parameterSignatureIterator.hasNext()) {
            String next = parameterSignatureIterator.next();
            if ((next.startsWith("L") || next.startsWith("[")) && !this.taintConfig.isClassImmutable(next)) {
                arrayList.add(Integer.valueOf(i));
            }
            i = (next.equals("D") || next.equals("J")) ? i + 2 : i + 1;
        }
        for (int i2 = 0; i2 < arrayList.size(); i2++) {
            int intValue = (i - ((Integer) arrayList.get(i2)).intValue()) - 1;
            if (!$assertionsDisabled && intValue < 0) {
                throw new AssertionError();
            }
            arrayList.set(i2, Integer.valueOf(intValue));
        }
        return arrayList;
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor
    public void analyzeInstruction(Instruction instruction) throws DataflowAnalysisException {
        if (FindSecBugsGlobalConfig.getInstance().isDebugPrintInvocationVisited() && (instruction instanceof InvokeInstruction)) {
            ByteCode.printOpCode(instruction, this.cpg);
        } else if (FindSecBugsGlobalConfig.getInstance().isDebugPrintInstructionVisited()) {
            ByteCode.printOpCode(instruction, this.cpg);
        }
        super.analyzeInstruction(instruction);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor
    public Taint getDefaultValue() {
        return new Taint(Taint.State.UNKNOWN);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitLDC(LDC ldc) {
        Taint taint = new Taint(Taint.State.SAFE);
        Object value = ldc.getValue(this.cpg);
        if (value instanceof String) {
            taint.setConstantValue((String) value);
        }
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            if (value instanceof String) {
                taint.setDebugInfo("\"" + value + "\"");
            } else {
                taint.setDebugInfo("LDC " + ldc.getType(this.cpg).getSignature());
            }
        }
        getFrame().pushValue(taint);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitLDC2_W(LDC2_W ldc2_w) {
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            pushSafeDebug("partial long/double");
            pushSafeDebug("partial long/double");
        } else {
            pushSafe();
            pushSafe();
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitBIPUSH(BIPUSH bipush) {
        Taint taint = new Taint(Taint.State.SAFE);
        taint.setConstantValue(String.valueOf((char) bipush.getValue().byteValue()));
        getFrame().pushValue(taint);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitSIPUSH(SIPUSH sipush) {
        Taint taint = new Taint(Taint.State.SAFE);
        taint.setConstantValue(String.valueOf((char) sipush.getValue().shortValue()));
        getFrame().pushValue(taint);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitGETSTATIC(GETSTATIC getstatic) {
        if (getstatic.getLoadClassType(getCPG()).getSignature().equals("Lscala/collection/immutable/Nil$;")) {
            if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
                getFrame().pushValue(new Taint(Taint.State.NULL).setDebugInfo("NULL"));
                return;
            } else {
                getFrame().pushValue(new Taint(Taint.State.NULL));
                return;
            }
        }
        String str = BCELUtil.getSlashedClassName(this.cpg, getstatic) + "." + getstatic.getName(this.cpg);
        Taint.State fieldTaintState = this.taintConfig.getFieldTaintState(str, Taint.State.INVALID);
        if (fieldTaintState == Taint.State.INVALID) {
            fieldTaintState = this.taintConfig.getClassTaintState(getstatic.getSignature(this.cpg), Taint.State.INVALID);
        }
        Taint staticFieldTaint = fieldTaintState == Taint.State.INVALID ? this.taintConfig.getStaticFieldTaint(str, getDefaultValue()) : new Taint(fieldTaintState);
        if (!fieldTaintState.equals(Taint.State.SAFE)) {
            staticFieldTaint.addLocation(getTaintLocation(), false);
        }
        staticFieldTaint.addSource(new UnknownSource(UnknownSourceType.FIELD, fieldTaintState).setSignatureField(str));
        int numWordsConsumed = getNumWordsConsumed(getstatic);
        int numWordsProduced = getNumWordsProduced(getstatic);
        modelInstruction(getstatic, numWordsConsumed, numWordsProduced, staticFieldTaint);
        notifyAdditionalVisitorField(getstatic, this.methodGen, getFrame(), staticFieldTaint, numWordsProduced);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitACONST_NULL(ACONST_NULL aconst_null) {
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            getFrame().pushValue(new Taint(Taint.State.NULL).setDebugInfo("NULL"));
        } else {
            getFrame().pushValue(new Taint(Taint.State.NULL));
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitICONST(ICONST iconst) {
        Taint taint = new Taint(Taint.State.SAFE);
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            taint.setDebugInfo("" + iconst.getValue().intValue());
        }
        getFrame().pushValue(taint);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitGETFIELD(GETFIELD getfield) {
        String str = BCELUtil.getSlashedClassName(this.cpg, getfield) + "." + getfield.getName(this.cpg);
        Taint.State fieldTaintState = this.taintConfig.getFieldTaintState(str, Taint.State.INVALID);
        if (fieldTaintState == Taint.State.INVALID) {
            fieldTaintState = this.taintConfig.getClassTaintState(getfield.getSignature(this.cpg), Taint.State.INVALID);
        }
        if (fieldTaintState == Taint.State.INVALID) {
            fieldTaintState = Taint.State.UNKNOWN;
        }
        Taint taint = new Taint(fieldTaintState);
        if (!fieldTaintState.equals(Taint.State.SAFE)) {
            taint.addLocation(getTaintLocation(), false);
        }
        taint.addSource(new UnknownSource(UnknownSourceType.FIELD, fieldTaintState).setSignatureField(str));
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            taint.setDebugInfo("." + getfield.getFieldName(this.cpg));
        }
        int numWordsConsumed = getNumWordsConsumed(getfield);
        int numWordsProduced = getNumWordsProduced(getfield);
        modelInstruction(getfield, numWordsConsumed, numWordsProduced, taint);
        notifyAdditionalVisitorField(getfield, this.methodGen, getFrame(), taint, numWordsProduced);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitPUTFIELD(PUTFIELD putfield) {
        visitPutFieldOp(putfield);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitPUTSTATIC(PUTSTATIC putstatic) {
        try {
            String str = BCELUtil.getSlashedClassName(this.cpg, putstatic) + "." + putstatic.getName(this.cpg);
            this.taintConfig.putStaticFieldTaint(str, Taint.merge(getFrame().getTopValue(), this.taintConfig.getStaticFieldTaint(str, null)));
        } catch (DataflowAnalysisException e) {
        }
        visitPutFieldOp(putstatic);
    }

    public void visitPutFieldOp(FieldInstruction fieldInstruction) {
        int numWordsProduced = getNumWordsProduced(fieldInstruction);
        try {
            Taint topValue = getFrame().getTopValue();
            handleNormalInstruction(fieldInstruction);
            notifyAdditionalVisitorField(fieldInstruction, this.methodGen, getFrame(), topValue, numWordsProduced);
        } catch (DataflowAnalysisException e) {
        }
    }

    private void notifyAdditionalVisitorField(FieldInstruction fieldInstruction, MethodGen methodGen, TaintFrame taintFrame, Taint taint, int i) {
        for (TaintFrameAdditionalVisitor taintFrameAdditionalVisitor : this.visitors) {
            try {
                taintFrameAdditionalVisitor.visitField(fieldInstruction, methodGen, taintFrame, taint, i, this.cpg);
            } catch (Throwable th) {
                LOG.log(Level.SEVERE, "Error while executing " + taintFrameAdditionalVisitor.getClass().getName(), th);
            }
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitNEW(NEW r5) {
        Taint taint = new Taint(Taint.State.SAFE);
        ObjectType loadClassType = r5.getLoadClassType(this.cpg);
        taint.setRealInstanceClass(loadClassType);
        if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
            taint.setDebugInfo("new " + loadClassType.getClassName() + "()");
        }
        getFrame().pushValue(taint);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor
    public void handleStoreInstruction(StoreInstruction storeInstruction) {
        try {
            int consumeStack = storeInstruction.consumeStack(this.cpg);
            if (consumeStack == -2) {
                throw new InvalidBytecodeException("Unpredictable stack consumption");
            }
            int index = storeInstruction.getIndex();
            while (true) {
                int i = consumeStack;
                consumeStack--;
                if (i <= 0) {
                    return;
                }
                Taint taint = new Taint(getFrame().popValue());
                taint.setVariableIndex(index);
                int i2 = index;
                index++;
                getFrame().setValue(i2, taint);
            }
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException(e.toString(), e);
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor
    public void handleLoadInstruction(LoadInstruction loadInstruction) {
        int produceStack = loadInstruction.produceStack(this.cpg);
        int i = produceStack;
        if (i == -2) {
            throw new InvalidBytecodeException("Unpredictable stack production");
        }
        int index = loadInstruction.getIndex() + i;
        while (true) {
            int i2 = i;
            i--;
            if (i2 <= 0) {
                for (TaintFrameAdditionalVisitor taintFrameAdditionalVisitor : this.visitors) {
                    try {
                        taintFrameAdditionalVisitor.visitLoad(loadInstruction, this.methodGen, getFrame(), produceStack, this.cpg);
                    } catch (Throwable th) {
                        LOG.log(Level.SEVERE, "Error while executing " + taintFrameAdditionalVisitor.getClass().getName(), th);
                    }
                }
                return;
            }
            index--;
            Taint value = getFrame().getValue(index);
            if (!value.hasValidVariableIndex()) {
                throw new RuntimeException("index not set in " + this.methodDescriptor);
            }
            if (index != value.getVariableIndex()) {
                throw new RuntimeException("bad index in " + this.methodDescriptor);
            }
            getFrame().pushValue(value);
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitINVOKEINTERFACE(INVOKEINTERFACE invokeinterface) {
        visitInvoke(invokeinterface);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitINVOKESPECIAL(INVOKESPECIAL invokespecial) {
        visitInvoke(invokespecial);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitINVOKESTATIC(INVOKESTATIC invokestatic) {
        visitInvoke(invokestatic);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitINVOKEVIRTUAL(INVOKEVIRTUAL invokevirtual) {
        visitInvoke(invokevirtual);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitANEWARRAY(ANEWARRAY anewarray) {
        try {
            getFrame().popValue();
            if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
                pushSafeDebug("new " + anewarray.getLoadClassType(this.cpg).getClassName() + "[]");
            } else {
                pushSafe();
            }
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException("Array length not in the stack", e);
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitAASTORE(AASTORE aastore) {
        try {
            Taint popValue = getFrame().popValue();
            getFrame().popValue();
            Taint popValue2 = getFrame().popValue();
            Taint merge = Taint.merge(popValue, popValue2);
            setLocalVariableTaint(merge, popValue2);
            Taint taint = null;
            if (getFrame().getStackDepth() > 0) {
                taint = getFrame().getTopValue();
            }
            if (popValue2.equals(taint)) {
                getFrame().popValue();
                getFrame().pushValue(new Taint(merge));
            }
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException("Not enough values on the stack", e);
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitAALOAD(AALOAD aaload) {
        try {
            getFrame().popValue();
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException("Not enough values on the stack", e);
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitCHECKCAST(CHECKCAST checkcast) {
        ObjectType loadClassType = checkcast.getLoadClassType(this.cpg);
        if (loadClassType == null) {
            return;
        }
        if (this.taintConfig.isClassTaintSafe(loadClassType.getSignature())) {
            try {
                getFrame().popValue();
                pushSafe();
            } catch (DataflowAnalysisException e) {
                throw new InvalidBytecodeException("empty stack for checkcast", e);
            }
        }
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitReturnInstruction(ReturnInstruction returnInstruction) {
        ArrayList arrayList = new ArrayList();
        GenericSignatureParser genericSignatureParser = new GenericSignatureParser(this.methodDescriptor.getSignature());
        int i = 0;
        if (!this.methodDescriptor.isStatic()) {
            i = 0 + 1;
        }
        Iterator<String> parameterSignatureIterator = genericSignatureParser.parameterSignatureIterator();
        while (parameterSignatureIterator.hasNext()) {
            String next = parameterSignatureIterator.next();
            switch (next.charAt(0)) {
                case 'D':
                case 'J':
                    i++;
                    break;
                case 'L':
                    if (!this.taintConfig.isClassImmutable(next)) {
                        arrayList.add(Integer.valueOf(i));
                        break;
                    } else {
                        Taint value = getFrame().getValue(i);
                        if (!value.hasTags() && !value.isRemovingTags()) {
                            break;
                        } else {
                            arrayList.add(Integer.valueOf(i));
                            break;
                        }
                    }
                case '[':
                    arrayList.add(Integer.valueOf(i));
                    break;
            }
            i++;
        }
        int i2 = i;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            int intValue = ((Integer) it.next()).intValue();
            Taint value2 = getFrame().getValue(intValue);
            int i3 = (i2 - 1) - intValue;
            if (!value2.isUnknown()) {
                this.analyzedMethodConfig.setParameterOutputTaint(i3, value2);
            } else if (value2.getNonParametricState() != Taint.State.INVALID) {
                this.analyzedMethodConfig.setParameterOutputTaint(i3, value2);
            } else if (value2.hasTags() || value2.isRemovingTags()) {
                this.analyzedMethodConfig.setParameterOutputTaint(i3, value2);
            } else if (value2.getParameters().size() > 1) {
                this.analyzedMethodConfig.setParameterOutputTaint(i3, value2);
            }
        }
        this.analyzedMethodConfig.setParametersOutputTaintsProcessed(true);
        super.visitReturnInstruction(returnInstruction);
    }

    @Override // edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor, org.apache.bcel.generic.Visitor
    public void visitARETURN(ARETURN areturn) {
        try {
            Taint topValue = getFrame().getTopValue();
            this.analyzedMethodConfig.setOuputTaint(Taint.merge(topValue, this.analyzedMethodConfig.getOutputTaint()));
            handleNormalInstruction(areturn);
            for (TaintFrameAdditionalVisitor taintFrameAdditionalVisitor : this.visitors) {
                try {
                    taintFrameAdditionalVisitor.visitReturn(this.methodGen, topValue, this.cpg);
                } catch (Throwable th) {
                    LOG.log(Level.SEVERE, "Error while executing " + taintFrameAdditionalVisitor.getClass().getName(), th);
                }
            }
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException("empty stack before reference return", e);
        }
    }

    private void visitInvoke(InvokeInstruction invokeInstruction) {
        if (!$assertionsDisabled && invokeInstruction == null) {
            throw new AssertionError();
        }
        try {
            TaintMethodConfig methodConfig = getMethodConfig(invokeInstruction);
            Taint methodTaint = getMethodTaint(methodConfig);
            if (!$assertionsDisabled && methodTaint == null) {
                throw new AssertionError();
            }
            if (FindSecBugsGlobalConfig.getInstance().isDebugTaintState()) {
                methodTaint.setDebugInfo(invokeInstruction.getMethodName(this.cpg) + "()");
            }
            methodTaint.addSource(new UnknownSource(UnknownSourceType.RETURN, methodTaint.getState()).setSignatureMethod(BCELUtil.getSlashedClassName(this.cpg, invokeInstruction) + "." + invokeInstruction.getMethodName(this.cpg) + invokeInstruction.getSignature(this.cpg)));
            taintMutableArguments(methodConfig, invokeInstruction);
            transferTaintToMutables(methodConfig, methodTaint);
            methodTaint.setRealInstanceClass((methodConfig == null || methodConfig.getOutputTaint() == null) ? null : methodConfig.getOutputTaint().getRealInstanceClass());
            TaintFrame frame = getFrame();
            int stackDepth = frame.getStackDepth();
            int numWordsConsumed = getNumWordsConsumed(invokeInstruction);
            ArrayList arrayList = new ArrayList(numWordsConsumed);
            for (int i = 0; i < Math.min(stackDepth, numWordsConsumed); i++) {
                arrayList.add(new Taint(frame.getStackValue(i)));
            }
            modelInstruction(invokeInstruction, getNumWordsConsumed(invokeInstruction), getNumWordsProduced(invokeInstruction), methodTaint);
            for (TaintFrameAdditionalVisitor taintFrameAdditionalVisitor : this.visitors) {
                try {
                    taintFrameAdditionalVisitor.visitInvoke(invokeInstruction, this.methodGen, getFrame(), arrayList, this.cpg);
                } catch (Throwable th) {
                    LOG.log(Level.SEVERE, "Error while executing " + taintFrameAdditionalVisitor.getClass().getName(), th);
                }
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to call " + ClassName.toSlashedClassName(invokeInstruction.getReferenceType(this.cpg).toString()) + '.' + invokeInstruction.getMethodName(this.cpg) + invokeInstruction.getSignature(this.cpg), e);
        }
    }

    private TaintMethodConfig getMethodConfig(InvokeInstruction invokeInstruction) {
        String signature = invokeInstruction.getSignature(this.cpg);
        String returnType = getReturnType(signature);
        String instanceClassName = getInstanceClassName(invokeInstruction);
        String methodName = invokeInstruction.getMethodName(this.cpg);
        TaintMethodConfig methodConfig = this.taintConfig.getMethodConfig(getFrame(), this.methodDescriptor, instanceClassName, "." + methodName + signature);
        if (methodConfig != null) {
            methodConfig = getConfigWithReplaceTags(methodConfig, instanceClassName, methodName);
        }
        if (methodConfig != null && methodConfig.isConfigured()) {
            return methodConfig;
        }
        if (this.taintConfig.isClassTaintSafe(returnType)) {
            return TaintMethodConfig.SAFE_CONFIG;
        }
        if (methodConfig != null) {
            return methodConfig;
        }
        String str = "L" + instanceClassName + ";";
        if (!"<init>".equals(methodName) || this.taintConfig.isClassTaintSafe(str)) {
            return null;
        }
        try {
            TaintMethodConfig defaultConstructorConfig = TaintMethodConfig.getDefaultConstructorConfig(getFrame().getNumArgumentsIncludingObjectInstance(invokeInstruction, this.cpg));
            defaultConstructorConfig.setTypeSignature(instanceClassName + "<init>()V");
            return defaultConstructorConfig;
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException(e.getMessage(), e);
        }
    }

    private TaintMethodConfig getConfigWithReplaceTags(TaintMethodConfig taintMethodConfig, String str, String str2) {
        ObjectConfiguration objectConfiguration = new ObjectConfiguration(str, str2);
        if (!objectConfiguration.isAClassThatCanReplaceString()) {
            return taintMethodConfig;
        }
        if (objectConfiguration.isKotlinRegexMethodAndConstructorMethod()) {
            saveRegexValueForNextInstruction();
            return taintMethodConfig;
        }
        if (!objectConfiguration.isAReplaceMethod()) {
            return taintMethodConfig;
        }
        try {
            String stringParameterForReplaceMethod = objectConfiguration.getStringParameterForReplaceMethod();
            if (stringParameterForReplaceMethod == null) {
                return taintMethodConfig;
            }
            Taint outputTaint = taintMethodConfig.getOutputTaint();
            for (Map.Entry<String, Taint.Tag> entry : REPLACE_TAGS.entrySet()) {
                String key = entry.getKey();
                if ((objectConfiguration.isAReplaceMethodWithRegexParameter() && stringParameterForReplaceMethod.contains(key)) || stringParameterForReplaceMethod.equals(key)) {
                    outputTaint.addTag(entry.getValue());
                }
            }
            TaintMethodConfig taintMethodConfig2 = new TaintMethodConfig(taintMethodConfig);
            taintMethodConfig2.setOuputTaint(outputTaint);
            return taintMethodConfig2;
        } catch (DataflowAnalysisException e) {
            throw new InvalidBytecodeException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getRegexValueFromAPreviousInstruction() {
        String str = this.regexValue;
        this.regexValue = null;
        return str;
    }

    private void saveRegexValueForNextInstruction() {
        this.regexValue = getFrame().getValue(getFrame().getNumSlots() - 1).getConstantValue();
    }

    private String getInstanceClassName(InvokeInstruction invokeInstruction) {
        try {
            int numArgumentsIncludingObjectInstance = getFrame().getNumArgumentsIncludingObjectInstance(invokeInstruction, this.cpg) - 1;
            if (numArgumentsIncludingObjectInstance != -1) {
                if (!$assertionsDisabled && numArgumentsIncludingObjectInstance >= getFrame().getStackDepth()) {
                    throw new AssertionError();
                }
                String realInstanceClassName = getFrame().getStackValue(numArgumentsIncludingObjectInstance).getRealInstanceClassName();
                if (realInstanceClassName != null) {
                    return realInstanceClassName;
                }
            }
        } catch (DataflowAnalysisException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError(e.getMessage());
            }
        }
        return BCELUtil.getSlashedClassName(this.cpg, invokeInstruction);
    }

    private static String getReturnType(String str) {
        if ($assertionsDisabled || (str != null && str.contains(")"))) {
            return str.substring(str.indexOf(41) + 1);
        }
        throw new AssertionError();
    }

    private Taint getMethodTaint(TaintMethodConfig taintMethodConfig) {
        if (taintMethodConfig == null || taintMethodConfig.getOutputTaint() == null) {
            return getDefaultValue();
        }
        Taint outputTaint = taintMethodConfig.getOutputTaint();
        if (!$assertionsDisabled && outputTaint == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && outputTaint == taintMethodConfig.getOutputTaint()) {
            throw new AssertionError("defensive copy not made");
        }
        Taint mergeTaintWithStack = mergeTaintWithStack(outputTaint);
        if (mergeTaintWithStack.isTainted()) {
            mergeTaintWithStack.addLocation(getTaintLocation(), true);
        } else if (mergeTaintWithStack.isUnknown()) {
            mergeTaintWithStack.addLocation(getTaintLocation(), false);
        }
        return mergeTaintWithStack;
    }

    private Taint mergeTaintWithStack(Taint taint) {
        if (!$assertionsDisabled && taint == null) {
            throw new AssertionError();
        }
        Taint taint2 = taint;
        if (taint.isUnknown() && taint.hasParameters()) {
            Taint mergeTransferParameters = mergeTransferParameters(taint.getParameters());
            if (!$assertionsDisabled && mergeTransferParameters == null) {
                throw new AssertionError();
            }
            taint2 = taint.getNonParametricState() != Taint.State.INVALID ? Taint.merge(Taint.valueOf(taint.getNonParametricState()), mergeTransferParameters) : mergeTransferParameters;
            taint2.addAllSources(taint.getSources());
            Iterator<TaintLocation> it = taint.getUnknownLocations().iterator();
            while (it.hasNext()) {
                taint2.addLocation(it.next(), false);
            }
            Iterator<TaintLocation> it2 = taint.getTaintedLocations().iterator();
            while (it2.hasNext()) {
                taint2.addLocation(it2.next(), true);
            }
            if (!taint2.isSafe() && taint.hasTags()) {
                Iterator<Taint.Tag> it3 = taint.getTags().iterator();
                while (it3.hasNext()) {
                    taint2.addTag(it3.next());
                }
            }
            if (taint.isRemovingTags()) {
                Iterator<Taint.Tag> it4 = taint.getTagsToRemove().iterator();
                while (it4.hasNext()) {
                    taint2.removeTag(it4.next());
                }
            }
        }
        return taint2;
    }

    private void taintMutableArguments(TaintMethodConfig taintMethodConfig, InvokeInstruction invokeInstruction) {
        if (taintMethodConfig == null || !taintMethodConfig.isConfigured()) {
            if (taintMethodConfig == null || !taintMethodConfig.isParametersOutputTaintsProcessed()) {
                for (Integer num : getMutableStackIndices(invokeInstruction.getSignature(this.cpg))) {
                    if (!$assertionsDisabled && (num.intValue() < 0 || num.intValue() >= getFrame().getStackDepth())) {
                        throw new AssertionError();
                    }
                    try {
                        Taint stackValue = getFrame().getStackValue(num.intValue());
                        Taint merge = Taint.merge(stackValue, getDefaultValue());
                        if (stackValue.hasValidVariableIndex()) {
                            merge.setVariableIndex(stackValue.getVariableIndex());
                        }
                        merge.setRealInstanceClass(stackValue.getRealInstanceClass());
                        merge.addLocation(getTaintLocation(), false);
                        getFrame().setValue(getFrame().getStackLocation(num.intValue()), merge);
                        setLocalVariableTaint(merge, merge);
                    } catch (DataflowAnalysisException e) {
                        throw new InvalidBytecodeException("Not enough values on the stack", e);
                    }
                }
                return;
            }
            for (Map.Entry<Integer, Taint> entry : taintMethodConfig.getParametersOutputTaints().entrySet()) {
                int intValue = entry.getKey().intValue();
                if (!$assertionsDisabled && (intValue < 0 || intValue >= getFrame().getStackDepth())) {
                    throw new AssertionError();
                }
                Taint value = entry.getValue();
                if (!$assertionsDisabled && value == null) {
                    throw new AssertionError();
                }
                try {
                    Taint mergeTaintWithStack = mergeTaintWithStack(new Taint(value));
                    Taint stackValue2 = getFrame().getStackValue(intValue);
                    if (stackValue2.hasValidVariableIndex()) {
                        mergeTaintWithStack.setVariableIndex(stackValue2.getVariableIndex());
                    }
                    mergeTaintWithStack.setRealInstanceClass(stackValue2.getRealInstanceClass());
                    getFrame().setValue(getFrame().getStackLocation(intValue), mergeTaintWithStack);
                    setLocalVariableTaint(mergeTaintWithStack, stackValue2);
                } catch (DataflowAnalysisException e2) {
                    throw new InvalidBytecodeException("Not enough values on the stack", e2);
                }
            }
        }
    }

    private Taint mergeTransferParameters(Collection<Integer> collection) {
        if (!$assertionsDisabled && (collection == null || collection.isEmpty())) {
            throw new AssertionError();
        }
        Taint taint = null;
        Taint taint2 = null;
        Iterator<Integer> it = collection.iterator();
        while (it.hasNext()) {
            try {
                Taint stackValue = getFrame().getStackValue(it.next().intValue());
                if (stackValue.isSafe()) {
                    taint2 = Taint.merge(taint2, stackValue);
                } else {
                    taint = Taint.merge(taint, stackValue);
                }
            } catch (DataflowAnalysisException e) {
                throw new RuntimeException("Bad transfer parameter specification", e);
            }
        }
        if (!$assertionsDisabled && taint == null && taint2 == null) {
            throw new AssertionError();
        }
        return taint == null ? taint2 : taint;
    }

    private void transferTaintToMutables(TaintMethodConfig taintMethodConfig, Taint taint) {
        if (!$assertionsDisabled && taint == null) {
            throw new AssertionError();
        }
        if (taintMethodConfig == null || !taintMethodConfig.hasMutableStackIndices()) {
            return;
        }
        try {
            int stackDepth = getFrame().getStackDepth();
            for (Integer num : taintMethodConfig.getMutableStackIndices()) {
                if (!$assertionsDisabled && num.intValue() < 0) {
                    throw new AssertionError();
                }
                if (num.intValue() < stackDepth) {
                    Taint stackValue = getFrame().getStackValue(num.intValue());
                    setLocalVariableTaint(taint, stackValue);
                    Taint taint2 = new Taint(taint);
                    taint2.setRealInstanceClass(stackValue.getRealInstanceClass());
                    getFrame().setValue(getFrame().getStackLocation(num.intValue()), taint2);
                } else if (!"<init>".equals(this.methodDescriptor.getName()) && !"<clinit>".equals(this.methodDescriptor.getName()) && !$assertionsDisabled) {
                    throw new AssertionError("Out of bounds mutables in " + this.methodDescriptor + " Method Config: " + taintMethodConfig.toString());
                }
            }
        } catch (DataflowAnalysisException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError(e.getMessage());
            }
        }
    }

    private void setLocalVariableTaint(Taint taint, Taint taint2) {
        if (!$assertionsDisabled && (taint == null || taint2 == null)) {
            throw new AssertionError();
        }
        if (taint2.hasValidVariableIndex()) {
            int variableIndex = taint2.getVariableIndex();
            if (variableIndex >= getFrame().getNumLocals()) {
                if (!$assertionsDisabled) {
                    throw new AssertionError("Out of bounds local variable index in " + this.methodDescriptor);
                }
                return;
            }
            if (taint.hasValidVariableIndex() && taint.getVariableIndex() != variableIndex) {
                taint = new Taint(taint);
            }
            taint.setVariableIndex(variableIndex);
            getFrame().setValue(variableIndex, taint);
        }
    }

    private void pushSafe() {
        getFrame().pushValue(new Taint(Taint.State.SAFE));
    }

    private void pushSafeDebug(String str) {
        getFrame().pushValue(new Taint(Taint.State.SAFE).setDebugInfo(str));
    }

    private TaintLocation getTaintLocation() {
        return new TaintLocation(this.methodDescriptor, getLocation().getHandle().getPosition());
    }

    public void finishAnalysis() {
        if (!$assertionsDisabled && this.analyzedMethodConfig == null) {
            throw new AssertionError();
        }
        Taint outputTaint = this.analyzedMethodConfig.getOutputTaint();
        if (outputTaint != null) {
            if (getReturnType(this.methodDescriptor.getSignature()).equals("L" + outputTaint.getRealInstanceClassName() + ";")) {
                outputTaint.setRealInstanceClass(null);
                this.analyzedMethodConfig.setOuputTaint(outputTaint);
            }
        }
        String slashedClassName = this.methodDescriptor.getSlashedClassName();
        String str = "." + this.methodDescriptor.getName() + this.methodDescriptor.getSignature();
        if (this.analyzedMethodConfig.isInformative() || this.taintConfig.getSuperMethodConfig(slashedClassName, str) != null) {
            String concat = slashedClassName.concat(str);
            if (this.taintConfig.containsKey(concat)) {
                return;
            }
            this.taintConfig.put(concat, this.analyzedMethodConfig);
        }
    }

    static {
        $assertionsDisabled = !TaintFrameModelingVisitor.class.desiredAssertionStatus();
        LOG = Logger.getLogger(TaintFrameModelingVisitor.class.getName());
        REPLACE_TAGS = new HashMap();
        REPLACE_TAGS.put("\r", Taint.Tag.CR_ENCODED);
        REPLACE_TAGS.put(IOUtils.LINE_SEPARATOR_UNIX, Taint.Tag.LF_ENCODED);
        REPLACE_TAGS.put("\"", Taint.Tag.QUOTE_ENCODED);
        REPLACE_TAGS.put("'", Taint.Tag.APOSTROPHE_ENCODED);
        REPLACE_TAGS.put("<", Taint.Tag.LT_ENCODED);
    }
}
