package com.h3xstream.findsecbugs;

import com.h3xstream.findsecbugs.common.StackUtils;
import com.h3xstream.findsecbugs.common.matcher.InstructionDSL;
import com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.OpcodeStack;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import edu.umd.cs.findbugs.classfile.FieldDescriptor;
import edu.umd.cs.findbugs.classfile.MethodDescriptor;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/ReDosDetector.class */
public class ReDosDetector extends OpcodeStackDetector {
    private static final String REDOS_TYPE = "REDOS";
    private static final InvokeMatcherBuilder PATTERN_COMPILE = InstructionDSL.invokeInstruction().atClass("java/util/regex/Pattern").atMethod("compile").withArgs("(Ljava/lang/String;)Ljava/util/regex/Pattern;");
    private static final InvokeMatcherBuilder STRING_MATCHES = InstructionDSL.invokeInstruction().atClass("java/lang/String").atMethod("matches").withArgs("(Ljava/lang/String;)Z");
    private BugReporter bugReporter;

    public ReDosDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.bcel.OpcodeStackDetector, edu.umd.cs.findbugs.visitclass.DismantleBytecode
    public void sawOpcode(int i) {
        if ((i == 184 && PATTERN_COMPILE.matches(this)) || (i == 182 && STRING_MATCHES.matches(this))) {
            OpcodeStack.Item stackItem = this.stack.getStackItem(0);
            if (StackUtils.isVariableString(stackItem)) {
                return;
            }
            String str = (String) stackItem.getConstant();
            RegexRedosAnalyzer regexRedosAnalyzer = new RegexRedosAnalyzer();
            regexRedosAnalyzer.analyseRegexString(str);
            if (regexRedosAnalyzer.isVulnerable()) {
                MethodDescriptor methodDescriptor = getMethodDescriptor();
                FieldDescriptor fieldDescriptor = getFieldDescriptor();
                BugInstance addClass = new BugInstance(this, REDOS_TYPE, 2).addString(str).addClass(this);
                if (methodDescriptor != null) {
                    addClass.addMethod(methodDescriptor);
                }
                if (fieldDescriptor != null) {
                    addClass.addField(fieldDescriptor);
                }
                try {
                    addClass.addSourceLine(this);
                } catch (IllegalStateException e) {
                }
                this.bugReporter.reportBug(addClass);
            }
        }
    }
}
