package com.h3xstream.findsecbugs.injection.redirect;

import com.google.common.net.HttpHeaders;
import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.injection.InjectionSource;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/injection/redirect/RedirectionSource.class */
public class RedirectionSource implements InjectionSource {
    private static final String UNVALIDATED_REDIRECT_TYPE = "UNVALIDATED_REDIRECT";

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public InjectionPoint getInjectableParameters(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        LDC ldc;
        Object value;
        if (invokeInstruction instanceof INVOKEINTERFACE) {
            String methodName = invokeInstruction.getMethodName(constantPoolGen);
            String referenceType = invokeInstruction.getReferenceType(constantPoolGen).toString();
            if (referenceType.equals("javax.servlet.http.HttpServletResponse") || referenceType.equals("javax.servlet.http.HttpServletResponseWrapper")) {
                if (methodName.equals("sendRedirect")) {
                    InjectionPoint injectionPoint = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE);
                    injectionPoint.setInjectableMethod(invokeInstruction.getSignature(constantPoolGen));
                    return injectionPoint;
                }
                if ((methodName.equals("addHeader") || methodName.equals("setHeader")) && (ldc = (LDC) ByteCode.getPrevInstruction(instructionHandle, LDC.class)) != null && (value = ldc.getValue(constantPoolGen)) != null && HttpHeaders.LOCATION.equalsIgnoreCase((String) value)) {
                    InjectionPoint injectionPoint2 = new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE);
                    injectionPoint2.setInjectableMethod(invokeInstruction.getSignature(constantPoolGen));
                    return injectionPoint2;
                }
            }
        }
        return InjectionPoint.NONE;
    }
}
