package edu.umd.cs.findbugs.detect;

import com.mebigfatguy.fbcontrib.utils.Values;
import edu.umd.cs.findbugs.BugAccumulator;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.BasicBlock;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.ba.SignatureParser;
import edu.umd.cs.findbugs.ba.XFactory;
import edu.umd.cs.findbugs.ba.XMethod;
import edu.umd.cs.findbugs.ba.constant.Constant;
import edu.umd.cs.findbugs.ba.constant.ConstantDataflow;
import edu.umd.cs.findbugs.ba.constant.ConstantFrame;
import edu.umd.cs.findbugs.ba.type.TopType;
import edu.umd.cs.findbugs.ba.type.TypeFrame;
import edu.umd.cs.findbugs.ba.vna.ValueNumber;
import edu.umd.cs.findbugs.ba.vna.ValueNumberAnalysis;
import edu.umd.cs.findbugs.ba.vna.ValueNumberDataflow;
import edu.umd.cs.findbugs.classfile.CheckedAnalysisException;
import edu.umd.cs.findbugs.classfile.Global;
import edu.umd.cs.findbugs.classfile.MethodDescriptor;
import edu.umd.cs.findbugs.detect.BuildStringPassthruGraph;
import edu.umd.cs.findbugs.visitclass.PreorderVisitor;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import net.sf.saxon.value.CalendarValue;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.AALOAD;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.GETFIELD;
import org.apache.bcel.generic.GETSTATIC;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;
import org.apache.bcel.generic.MethodGen;
import org.apache.bcel.generic.NOP;
import org.apache.bcel.generic.Type;

/* loaded from: input_file:META-INF/lib/spotbugs-4.6.0.jar:edu/umd/cs/findbugs/detect/FindSqlInjection.class */
public class FindSqlInjection implements Detector {
    BugReporter bugReporter;
    BugAccumulator bugAccumulator;
    final Map<MethodDescriptor, int[]> preparedStatementMethods;
    final Map<MethodDescriptor, int[]> executeMethods;
    final Set<MethodDescriptor> allMethods = new HashSet();
    Method method;
    ClassContext classContext;
    private static final String[] PREPARE_STATEMENT_SIGNATURES = {"(Ljava/lang/String;)Ljava/sql/PreparedStatement;", "(Ljava/lang/String;I)Ljava/sql/PreparedStatement;", "(Ljava/lang/String;II)Ljava/sql/PreparedStatement;", "(Ljava/lang/String;III)Ljava/sql/PreparedStatement;", "(Ljava/lang/String;[I)Ljava/sql/PreparedStatement;", "(Ljava/lang/String;[Ljava/lang/String;)Ljava/sql/PreparedStatement;"};
    private static final MethodDescriptor[] EXECUTE_METHODS = {new MethodDescriptor("java/sql/Statement", "executeQuery", "(Ljava/lang/String;)Ljava/sql/ResultSet;"), new MethodDescriptor("java/sql/Statement", "executeUpdate", "(Ljava/lang/String;)I"), new MethodDescriptor("java/sql/Statement", "executeUpdate", "(Ljava/lang/String;I)I"), new MethodDescriptor("java/sql/Statement", "executeUpdate", "(Ljava/lang/String;[I)I"), new MethodDescriptor("java/sql/Statement", "executeUpdate", "(Ljava/lang/String;[Ljava/lang/String;)I"), new MethodDescriptor("java/sql/Statement", "executeLargeUpdate", "(Ljava/lang/String;)J"), new MethodDescriptor("java/sql/Statement", "executeLargeUpdate", "(Ljava/lang/String;I)J"), new MethodDescriptor("java/sql/Statement", "executeLargeUpdate", "(Ljava/lang/String;[I)J"), new MethodDescriptor("java/sql/Statement", "executeLargeUpdate", "(Ljava/lang/String;[Ljava/lang/String;)J"), new MethodDescriptor("java/sql/Statement", "execute", "(Ljava/lang/String;)Z"), new MethodDescriptor("java/sql/Statement", "execute", "(Ljava/lang/String;I)Z"), new MethodDescriptor("java/sql/Statement", "execute", "(Ljava/lang/String;[I)Z"), new MethodDescriptor("java/sql/Statement", "execute", "(Ljava/lang/String;[Ljava/lang/String;)Z"), new MethodDescriptor("java/sql/Statement", "addBatch", "(Ljava/lang/String;)V")};
    static final Pattern openQuotePattern = Pattern.compile("((^')|[^\\p{Alnum}]')$");
    static final Pattern closeQuotePattern = Pattern.compile("^'($|[^\\p{Alnum}])");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/lib/spotbugs-4.6.0.jar:edu/umd/cs/findbugs/detect/FindSqlInjection$StringAppendState.class */
    public static class StringAppendState {
        int sawOpenQuote;
        int sawCloseQuote;
        int sawComma;
        int sawAppend;
        int sawUnsafeAppend;
        int sawTaint;
        int sawSeriousTaint;

        private StringAppendState() {
            this.sawOpenQuote = CalendarValue.MISSING_TIMEZONE;
            this.sawCloseQuote = CalendarValue.MISSING_TIMEZONE;
            this.sawComma = CalendarValue.MISSING_TIMEZONE;
            this.sawAppend = CalendarValue.MISSING_TIMEZONE;
            this.sawUnsafeAppend = CalendarValue.MISSING_TIMEZONE;
            this.sawTaint = CalendarValue.MISSING_TIMEZONE;
            this.sawSeriousTaint = CalendarValue.MISSING_TIMEZONE;
        }

        public boolean getSawOpenQuote(InstructionHandle instructionHandle) {
            return this.sawOpenQuote <= instructionHandle.getPosition();
        }

        public boolean getSawCloseQuote(InstructionHandle instructionHandle) {
            return this.sawCloseQuote <= instructionHandle.getPosition();
        }

        public boolean getSawComma(InstructionHandle instructionHandle) {
            return this.sawComma <= instructionHandle.getPosition();
        }

        public boolean getSawAppend(InstructionHandle instructionHandle) {
            return this.sawAppend <= instructionHandle.getPosition();
        }

        public boolean getSawUnsafeAppend(InstructionHandle instructionHandle) {
            return this.sawUnsafeAppend <= instructionHandle.getPosition();
        }

        public boolean getSawTaint(InstructionHandle instructionHandle) {
            return this.sawTaint <= instructionHandle.getPosition();
        }

        public boolean getSawSeriousTaint(InstructionHandle instructionHandle) {
            return this.sawSeriousTaint <= instructionHandle.getPosition();
        }

        public void setSawOpenQuote(InstructionHandle instructionHandle) {
            this.sawOpenQuote = Math.min(this.sawOpenQuote, instructionHandle.getPosition());
        }

        public void setSawCloseQuote(InstructionHandle instructionHandle) {
            this.sawCloseQuote = Math.min(this.sawCloseQuote, instructionHandle.getPosition());
        }

        public void setSawComma(InstructionHandle instructionHandle) {
            this.sawComma = Math.min(this.sawComma, instructionHandle.getPosition());
        }

        public void setSawAppend(InstructionHandle instructionHandle) {
            this.sawAppend = Math.min(this.sawAppend, instructionHandle.getPosition());
        }

        public void setSawUnsafeAppend(InstructionHandle instructionHandle) {
            this.sawUnsafeAppend = Math.min(this.sawUnsafeAppend, instructionHandle.getPosition());
        }

        public void setSawSeriousTaint(InstructionHandle instructionHandle) {
            this.sawSeriousTaint = Math.min(this.sawSeriousTaint, instructionHandle.getPosition());
        }

        public void setSawTaint(InstructionHandle instructionHandle) {
            this.sawTaint = Math.min(this.sawTaint, instructionHandle.getPosition());
        }

        public void setSawInitialTaint() {
            this.sawTaint = 0;
        }
    }

    public FindSqlInjection(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
        this.bugAccumulator = new BugAccumulator(bugReporter);
        HashSet hashSet = new HashSet();
        for (MethodDescriptor methodDescriptor : EXECUTE_METHODS) {
            hashSet.add(new BuildStringPassthruGraph.MethodParameter(methodDescriptor, 0));
        }
        this.executeMethods = ((BuildStringPassthruGraph.StringPassthruDatabase) Global.getAnalysisCache().getDatabase(BuildStringPassthruGraph.StringPassthruDatabase.class)).findLinkedMethods(hashSet);
        HashSet hashSet2 = new HashSet();
        for (String str : PREPARE_STATEMENT_SIGNATURES) {
            hashSet2.add(new BuildStringPassthruGraph.MethodParameter(new MethodDescriptor("java/sql/Connection", "prepareStatement", str), 0));
        }
        this.preparedStatementMethods = ((BuildStringPassthruGraph.StringPassthruDatabase) Global.getAnalysisCache().getDatabase(BuildStringPassthruGraph.StringPassthruDatabase.class)).findLinkedMethods(hashSet2);
        this.allMethods.addAll(this.executeMethods.keySet());
        this.allMethods.addAll(this.preparedStatementMethods.keySet());
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        JavaClass javaClass = classContext.getJavaClass();
        if (PreorderVisitor.hasInterestingMethod(javaClass.getConstantPool(), this.allMethods)) {
            for (Method method : javaClass.getMethods()) {
                if (classContext.getMethodGen(method) != null) {
                    try {
                        analyzeMethod(classContext, method);
                    } catch (CFGBuilderException e) {
                        this.bugReporter.logError("FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e);
                    } catch (DataflowAnalysisException e2) {
                        this.bugReporter.logError("FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e2);
                    } catch (RuntimeException e3) {
                        this.bugReporter.logError("FindSqlInjection caught exception while analyzing " + classContext.getFullyQualifiedMethodName(method), e3);
                    }
                }
            }
        }
    }

    private boolean isStringAppend(Instruction instruction, ConstantPoolGen constantPoolGen) {
        if (!(instruction instanceof INVOKEVIRTUAL)) {
            return false;
        }
        INVOKEVIRTUAL invokevirtual = (INVOKEVIRTUAL) instruction;
        if (!"append".equals(invokevirtual.getMethodName(constantPoolGen)) || !invokevirtual.getClassName(constantPoolGen).startsWith("java.lang.StringB")) {
            return false;
        }
        char charAt = invokevirtual.getSignature(constantPoolGen).charAt(1);
        return charAt == '[' || charAt == 'L';
    }

    private boolean isConstantStringLoad(Location location, ConstantPoolGen constantPoolGen) {
        Instruction instruction = location.getHandle().getInstruction();
        return (instruction instanceof LDC) && (((LDC) instruction).getValue(constantPoolGen) instanceof String);
    }

    public static boolean isOpenQuote(String str) {
        return openQuotePattern.matcher(str).find();
    }

    public static boolean isCloseQuote(String str) {
        return closeQuotePattern.matcher(str).find();
    }

    private StringAppendState updateStringAppendState(Location location, ConstantPoolGen constantPoolGen, StringAppendState stringAppendState) {
        InstructionHandle handle = location.getHandle();
        Instruction instruction = handle.getInstruction();
        if (!isConstantStringLoad(location, constantPoolGen)) {
            throw new IllegalArgumentException("instruction must be LDC");
        }
        String trim = ((String) ((LDC) instruction).getValue(constantPoolGen)).trim();
        if (trim.startsWith(",") || trim.endsWith(",")) {
            stringAppendState.setSawComma(handle);
        }
        if (isCloseQuote(trim) && stringAppendState.getSawOpenQuote(handle)) {
            stringAppendState.setSawCloseQuote(handle);
        }
        if (isOpenQuote(trim)) {
            stringAppendState.setSawOpenQuote(handle);
        }
        return stringAppendState;
    }

    private StringAppendState getStringAppendState(CFG cfg, ConstantPoolGen constantPoolGen) throws CFGBuilderException {
        StringAppendState stringAppendState = new StringAppendState();
        String signature = this.method.getSignature();
        if (signature.substring(0, signature.indexOf(41)).indexOf("java/lang/String") >= 0) {
            stringAppendState.setSawInitialTaint();
        }
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            InstructionHandle handle = next.getHandle();
            Instruction instruction = handle.getInstruction();
            if (isConstantStringLoad(next, constantPoolGen)) {
                stringAppendState = updateStringAppendState(next, constantPoolGen, stringAppendState);
            } else if (isStringAppend(instruction, constantPoolGen)) {
                stringAppendState.setSawAppend(handle);
                Location previousLocation = getPreviousLocation(cfg, next, true);
                if (previousLocation != null && !isSafeValue(previousLocation, constantPoolGen)) {
                    stringAppendState.setSawUnsafeAppend(handle);
                }
            } else if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                String signature2 = invokeInstruction.getSignature(constantPoolGen);
                if (signature2.substring(signature2.indexOf(41)).indexOf("java/lang/String") >= 0) {
                    String methodName = invokeInstruction.getMethodName(constantPoolGen);
                    String className = invokeInstruction.getClassName(constantPoolGen);
                    if ("valueOf".equals(methodName) && "java.lang.String".equals(className) && "(Ljava/lang/Object;)Ljava/lang/String;".equals(signature2)) {
                        try {
                            TypeFrame factAtLocation = this.classContext.getTypeDataflow(this.method).getFactAtLocation(next);
                            if (factAtLocation.isValid()) {
                                Type topValue = factAtLocation.getTopValue();
                                if (!topValue.equals(TopType.instance())) {
                                    if (!Values.SIG_JAVA_LANG_STRING.equals(topValue.getSignature())) {
                                        stringAppendState.setSawTaint(handle);
                                    }
                                }
                            }
                        } catch (CheckedAnalysisException e) {
                            stringAppendState.setSawTaint(handle);
                        }
                    } else if (!className.startsWith("java.lang.String") && !"java.lang.Long".equals(className) && !"java.lang.Integer".equals(className) && !"java.lang.Float".equals(className) && !"java.lang.Double".equals(className) && !"java.lang.Short".equals(className) && !"java.lang.Byte".equals(className) && !"java.lang.Character".equals(className) && (!methodName.startsWith("to") || !methodName.endsWith("String") || methodName.length() <= 8)) {
                        if (className.startsWith("javax.servlet") && methodName.startsWith("get")) {
                            stringAppendState.setSawTaint(handle);
                            stringAppendState.setSawSeriousTaint(handle);
                        } else {
                            stringAppendState.setSawTaint(handle);
                        }
                    }
                }
            } else if ((instruction instanceof GETFIELD) && ((GETFIELD) instruction).getSignature(constantPoolGen).indexOf("java/lang/String") >= 0) {
                stringAppendState.setSawTaint(handle);
            }
        }
        return stringAppendState;
    }

    private boolean isSafeValue(Location location, ConstantPoolGen constantPoolGen) throws CFGBuilderException {
        CFG cfg;
        Location previousLocation;
        Location previousLocation2;
        Instruction instruction = location.getHandle().getInstruction();
        if ((instruction instanceof LDC) || (instruction instanceof GETSTATIC)) {
            return true;
        }
        if (instruction instanceof InvokeInstruction) {
            String methodName = ((InvokeInstruction) instruction).getMethodName(constantPoolGen);
            if (methodName.startsWith("to") && methodName.endsWith("String") && methodName.length() > 8) {
                return true;
            }
        }
        return (instruction instanceof AALOAD) && (previousLocation = getPreviousLocation((cfg = this.classContext.getCFG(this.method)), location, true)) != null && (previousLocation2 = getPreviousLocation(cfg, previousLocation, true)) != null && (previousLocation2.getHandle().getInstruction() instanceof GETSTATIC) && "[Ljava/lang/String;".equals(((GETSTATIC) previousLocation2.getHandle().getInstruction()).getSignature(constantPoolGen));
    }

    @CheckForNull
    private InstructionHandle getPreviousInstruction(InstructionHandle instructionHandle, boolean z) {
        while (instructionHandle.getPrev() != null) {
            instructionHandle = instructionHandle.getPrev();
            if (!(instructionHandle.getInstruction() instanceof NOP) || !z) {
                return instructionHandle;
            }
        }
        return null;
    }

    @CheckForNull
    private Location getPreviousLocation(CFG cfg, Location location, boolean z) {
        InstructionHandle lastInstruction;
        InstructionHandle previousInstruction = getPreviousInstruction(location.getHandle(), z);
        if (previousInstruction != null) {
            return new Location(previousInstruction, location.getBasicBlock());
        }
        BasicBlock basicBlock = location.getBasicBlock();
        do {
            basicBlock = cfg.getPredecessorWithEdgeType(basicBlock, 0);
            if (basicBlock == null) {
                return null;
            }
            lastInstruction = basicBlock.getLastInstruction();
        } while (lastInstruction == null);
        return new Location(lastInstruction, basicBlock);
    }

    private BugInstance generateBugInstance(JavaClass javaClass, MethodGen methodGen, InstructionHandle instructionHandle, StringAppendState stringAppendState, boolean z) {
        int i = 3;
        boolean z2 = false;
        if (stringAppendState.getSawAppend(instructionHandle)) {
            if (stringAppendState.getSawOpenQuote(instructionHandle) && stringAppendState.getSawCloseQuote(instructionHandle)) {
                i = 1;
            } else if (stringAppendState.getSawComma(instructionHandle)) {
                i = 2;
            }
            if (!stringAppendState.getSawUnsafeAppend(instructionHandle)) {
                i += 2;
            } else if (stringAppendState.getSawSeriousTaint(instructionHandle)) {
                i--;
                z2 = true;
            } else if (!stringAppendState.getSawTaint(instructionHandle)) {
                i++;
            }
        }
        BugInstance bugInstance = new BugInstance(this, z ? "SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE" : "SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING", i);
        bugInstance.addClassAndMethod(methodGen, javaClass.getSourceFileName());
        if (z2) {
            bugInstance.addString("non-constant SQL string involving HTTP taint");
        }
        return bugInstance;
    }

    private void analyzeMethod(ClassContext classContext, Method method) throws DataflowAnalysisException, CFGBuilderException {
        boolean z;
        int i;
        Location valueNumberCreationLocation;
        JavaClass javaClass = classContext.getJavaClass();
        ValueNumberDataflow valueNumberDataflow = classContext.getValueNumberDataflow(method);
        Set<ValueNumber> passthruParams = getPassthruParams(valueNumberDataflow, method, javaClass);
        this.method = method;
        this.classContext = classContext;
        MethodGen methodGen = classContext.getMethodGen(method);
        if (methodGen == null) {
            return;
        }
        ConstantPoolGen constantPool = methodGen.getConstantPool();
        CFG cfg = classContext.getCFG(method);
        StringAppendState stringAppendState = getStringAppendState(cfg, constantPool);
        ConstantDataflow constantDataflow = classContext.getConstantDataflow(method);
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            Instruction instruction = next.getHandle().getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                MethodDescriptor methodDescriptor = new MethodDescriptor(invokeInstruction, constantPool);
                int[] iArr = this.preparedStatementMethods.get(methodDescriptor);
                if (iArr != null) {
                    z = false;
                    i = iArr[0];
                } else {
                    int[] iArr2 = this.executeMethods.get(methodDescriptor);
                    if (iArr2 != null) {
                        z = true;
                        i = iArr2[0];
                    }
                }
                ConstantFrame factAtLocation = constantDataflow.getFactAtLocation(next);
                SignatureParser signatureParser = new SignatureParser(invokeInstruction.getSignature(constantPool));
                Constant argument = factAtLocation.getArgument(invokeInstruction, constantPool, i, signatureParser);
                ValueNumber argument2 = valueNumberDataflow.getFactAtLocation(next).getArgument(invokeInstruction, constantPool, i, signatureParser);
                if (!argument.isConstantString() && !passthruParams.contains(argument2) && ((valueNumberCreationLocation = getValueNumberCreationLocation(valueNumberDataflow, argument2)) == null || !isSafeValue(valueNumberCreationLocation, constantPool))) {
                    this.bugAccumulator.accumulateBug(generateBugInstance(javaClass, methodGen, next.getHandle(), stringAppendState, z), SourceLineAnnotation.fromVisitedInstruction(classContext, methodGen, javaClass.getSourceFileName(), next.getHandle()));
                }
            }
        }
        this.bugAccumulator.reportAccumulatedBugs();
    }

    private Location getValueNumberCreationLocation(ValueNumberDataflow valueNumberDataflow, ValueNumber valueNumber) {
        ConstantPoolGen constantPool = valueNumberDataflow.getCFG().getMethodGen().getConstantPool();
        Iterator<Location> locationIterator = valueNumberDataflow.getCFG().locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            if (next.getHandle().getInstruction().produceStack(constantPool) == 1) {
                try {
                    if (valueNumberDataflow.getFactAfterLocation(next).getTopValue().equals(valueNumber)) {
                        return next;
                    }
                } catch (DataflowAnalysisException e) {
                    AnalysisContext.logError("While analyzing " + valueNumberDataflow.getCFG().getMethodGen() + " at " + next, e);
                }
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Set<ValueNumber> getPassthruParams(ValueNumberDataflow valueNumberDataflow, Method method, JavaClass javaClass) {
        XMethod createXMethod = XFactory.createXMethod(javaClass, method);
        HashSet hashSet = new HashSet();
        int[] iArr = this.preparedStatementMethods.get(createXMethod);
        if (iArr != null) {
            for (int i : iArr) {
                hashSet.add(((ValueNumberAnalysis) valueNumberDataflow.getAnalysis()).getEntryValueForParameter(i));
            }
        }
        int[] iArr2 = this.executeMethods.get(createXMethod);
        if (iArr2 != null) {
            for (int i2 : iArr2) {
                hashSet.add(((ValueNumberAnalysis) valueNumberDataflow.getAnalysis()).getEntryValueForParameter(i2));
            }
        }
        return hashSet;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }
}
