package com.google.mu.errorprone;

import com.google.auto.service.AutoService;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.errorprone.BugPattern;
import com.google.errorprone.VisitorState;
import com.google.errorprone.bugpatterns.BugChecker;
import com.google.errorprone.matchers.Matcher;
import com.google.errorprone.matchers.Matchers;
import com.google.errorprone.util.ASTHelpers;
import com.google.mu.errorprone.AbstractBugChecker;
import com.google.mu.util.Substring;
import com.google.mu.util.stream.BiStream;
import com.google.mu.util.stream.MoreStreams;
import com.sun.source.tree.ExpressionTree;
import com.sun.source.tree.MethodInvocationTree;
import com.sun.tools.javac.code.Symbol;
import com.sun.tools.javac.code.Type;
import java.util.List;

@BugPattern(summary = "Checks that string placeholders in SQL template strings are quoted.", link = "go/java-tips/024#preventing-sql-injection", linkType = BugPattern.LinkType.CUSTOM, severity = BugPattern.SeverityLevel.ERROR)
@AutoService({BugChecker.class})
/* loaded from: input_file:com/google/mu/errorprone/SafeQueryArgsCheck.class */
public final class SafeQueryArgsCheck extends AbstractBugChecker implements AbstractBugChecker.MethodInvocationCheck {
    private static final Matcher<ExpressionTree> STRING_FORMAT_TO_METHOD_MATCHER = Matchers.anyOf(new Matcher[]{Matchers.anyMethod().onDescendantOf("com.google.mu.util.StringFormat.To"), Matchers.anyMethod().onDescendantOf("com.google.mu.util.StringFormat.Template")});
    private static final TypeName SAFE_QUERY_TYPE = new TypeName("com.google.mu.safesql.SafeQuery");
    private static final ImmutableSet<TypeName> ARG_TYPES_THAT_SHOULD_NOT_BE_QUOTED = ImmutableSet.of(new TypeName("com.google.storage.googlesql.safesql.TrustedSqlString"), SAFE_QUERY_TYPE, new TypeName("com.google.protobuf.Timestamp"));
    private static final ImmutableSet<TypeName> ARG_TYPES_THAT_MUST_BE_QUOTED = ImmutableSet.of(TypeName.of(String.class), TypeName.of(Character.class), TypeName.of(Character.TYPE));

    @Override // com.google.mu.errorprone.AbstractBugChecker.MethodInvocationCheck
    public void checkMethodInvocation(MethodInvocationTree methodInvocationTree, VisitorState visitorState) throws AbstractBugChecker.ErrorReport {
        String orElse;
        Symbol.MethodSymbol symbol = ASTHelpers.getSymbol(methodInvocationTree);
        if (SAFE_QUERY_TYPE.isSameType(symbol.getReturnType(), visitorState) && isTemplateFormatMethod(symbol, visitorState)) {
            int stringTemplateParamIndex = getStringTemplateParamIndex(symbol, visitorState);
            String str = (String) ASTHelpers.constValue(ASTHelpers.stripParentheses((ExpressionTree) methodInvocationTree.getArguments().get(stringTemplateParamIndex)), String.class);
            if (str == null) {
                return;
            }
            checkQuotes((List) FormatStringUtils.PLACEHOLDER_PATTERN.repeatedly().match(str).collect(ImmutableList.toImmutableList()), methodInvocationTree.getArguments().subList(stringTemplateParamIndex + 1, methodInvocationTree.getArguments().size()), visitorState);
            return;
        }
        if (STRING_FORMAT_TO_METHOD_MATCHER.matches(methodInvocationTree, visitorState) && SAFE_QUERY_TYPE.isSameType(ASTHelpers.getType(methodInvocationTree), visitorState) && symbol.isVarArgs() && symbol.getParameters().size() == 1 && (orElse = FormatStringUtils.findFormatString(ASTHelpers.getReceiver(methodInvocationTree), visitorState).orElse(null)) != null && FormatStringUtils.looksLikeSql(orElse)) {
            checkQuotes((List) FormatStringUtils.PLACEHOLDER_PATTERN.repeatedly().match(orElse).collect(ImmutableList.toImmutableList()), methodInvocationTree.getArguments(), visitorState);
        }
    }

    private void checkQuotes(List<Substring.Match> list, List<? extends ExpressionTree> list2, VisitorState visitorState) throws AbstractBugChecker.ErrorReport {
        if (list.size() != list2.size()) {
            return;
        }
        for (int i = 0; i < list.size(); i++) {
            Substring.Match match = list.get(i);
            if (!match.isImmediatelyBetween("`", "`")) {
                ExpressionTree expressionTree = list2.get(i);
                Type type = ASTHelpers.getType(expressionTree);
                if (match.isImmediatelyBetween("'", "'") || match.isImmediatelyBetween("\"", "\"")) {
                    checkingOn(expressionTree).require(ARG_TYPES_THAT_SHOULD_NOT_BE_QUOTED.stream().noneMatch(typeName -> {
                        return typeName.isSameType(type, visitorState);
                    }), "argument of type %s should not be quoted in the template string: '%s'", type, match);
                } else {
                    checkingOn(expressionTree).require(ARG_TYPES_THAT_MUST_BE_QUOTED.stream().noneMatch(typeName2 -> {
                        return typeName2.isSameType(type, visitorState);
                    }), "argument of type %s must be quoted in the template string (for example '%s' for string literals or `%s` for identifiers)", type, match, match);
                }
            }
        }
    }

    private static boolean isTemplateFormatMethod(Symbol symbol, VisitorState visitorState) {
        return ASTHelpers.hasAnnotation(symbol, "com.google.mu.annotations.TemplateFormatMethod", visitorState);
    }

    private static int getStringTemplateParamIndex(Symbol.MethodSymbol methodSymbol, VisitorState visitorState) {
        return ((Integer) BiStream.zip(MoreStreams.indexesFrom(0), methodSymbol.getParameters().stream()).filterValues(varSymbol -> {
            return ASTHelpers.hasAnnotation(varSymbol, "com.google.mu.annotations.TemplateString", visitorState);
        }).keys().findFirst().orElse(0)).intValue();
    }
}
