package com.google.mu.errorprone;

import com.google.auto.service.AutoService;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.errorprone.BugPattern;
import com.google.errorprone.VisitorState;
import com.google.errorprone.bugpatterns.BugChecker;
import com.google.errorprone.matchers.Matchers;
import com.google.errorprone.matchers.method.MethodMatchers;
import com.google.errorprone.util.ASTHelpers;
import com.google.mu.errorprone.AbstractBugChecker;
import com.google.mu.util.Substring;
import com.sun.source.tree.ExpressionTree;
import com.sun.source.tree.MethodInvocationTree;
import com.sun.tools.javac.code.Symbol;
import com.sun.tools.javac.code.Type;

@BugPattern(summary = "Checks that string placeholders in SQL template strings are quoted.", link = "go/java-tips/024#preventing-sql-injection", linkType = BugPattern.LinkType.CUSTOM, severity = BugPattern.SeverityLevel.ERROR)
@AutoService({BugChecker.class})
/* loaded from: input_file:com/google/mu/errorprone/SafeQueryArgsCheck.class */
public final class SafeQueryArgsCheck extends AbstractBugChecker implements AbstractBugChecker.MethodInvocationCheck {
    private static final MethodMatchers.MethodClassMatcher MATCHER = Matchers.anyMethod().onDescendantOf("com.google.mu.util.StringFormat.To");
    private static final TypeName SAFE_QUERY_TYPE = new TypeName("com.google.mu.safesql.SafeQuery");
    private static final ImmutableSet<TypeName> ARG_TYPES_THAT_SHOULD_NOT_BE_QUOTED = ImmutableSet.of(new TypeName("com.google.storage.googlesql.safesql.TrustedSqlString"), new TypeName("com.google.mu.safesql.SafeQuery"), new TypeName("com.google.protobuf.Timestamp"));
    private static final ImmutableSet<TypeName> ARG_TYPES_THAT_MUST_BE_QUOTED = ImmutableSet.of(TypeName.of(String.class), TypeName.of(Character.class), TypeName.of(Character.TYPE));

    @Override // com.google.mu.errorprone.AbstractBugChecker.MethodInvocationCheck
    public void checkMethodInvocation(MethodInvocationTree methodInvocationTree, VisitorState visitorState) throws AbstractBugChecker.ErrorReport {
        String orElse;
        if (MATCHER.matches(methodInvocationTree, visitorState) && SAFE_QUERY_TYPE.isSameType(ASTHelpers.getType(methodInvocationTree), visitorState)) {
            Symbol.MethodSymbol symbol = ASTHelpers.getSymbol(methodInvocationTree);
            if (symbol.isVarArgs() && symbol.getParameters().size() == 1 && (orElse = FormatStringUtils.findFormatString(ASTHelpers.getReceiver(methodInvocationTree), visitorState).orElse(null)) != null && FormatStringUtils.looksLikeSql(orElse)) {
                ImmutableList immutableList = (ImmutableList) FormatStringUtils.PLACEHOLDER_PATTERN.repeatedly().match(orElse).collect(ImmutableList.toImmutableList());
                if (immutableList.size() != methodInvocationTree.getArguments().size()) {
                    return;
                }
                for (int i = 0; i < immutableList.size(); i++) {
                    Substring.Match match = (Substring.Match) immutableList.get(i);
                    if (!match.isImmediatelyBetween("`", "`")) {
                        ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.getArguments().get(i);
                        Type type = ASTHelpers.getType(expressionTree);
                        if (match.isImmediatelyBetween("'", "'") || match.isImmediatelyBetween("\"", "\"")) {
                            checkingOn(expressionTree).require(ARG_TYPES_THAT_SHOULD_NOT_BE_QUOTED.stream().noneMatch(typeName -> {
                                return typeName.isSameType(type, visitorState);
                            }), "argument of type %s should not be quoted: '%s'", type, match);
                        } else {
                            checkingOn(expressionTree).require(ARG_TYPES_THAT_MUST_BE_QUOTED.stream().noneMatch(typeName2 -> {
                                return typeName2.isSameType(type, visitorState);
                            }), "argument of type %s must be quoted (for example '%s' for string literals or `%s` for identifiers)", type, match, match);
                        }
                    }
                }
            }
        }
    }
}
