package io.codemodder.codemods;

import com.github.javaparser.Range;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.expr.MethodCallExpr;
import io.codemodder.Codemod;
import io.codemodder.CodemodChange;
import io.codemodder.CodemodExecutionPriority;
import io.codemodder.CodemodFileScanningResult;
import io.codemodder.CodemodInvocationContext;
import io.codemodder.FixOnlyCodeChanger;
import io.codemodder.Importance;
import io.codemodder.ReviewGuidance;
import io.codemodder.codetf.DetectionTool;
import io.codemodder.codetf.DetectorFinding;
import io.codemodder.codetf.DetectorRule;
import io.codemodder.javaparser.JavaParserChanger;
import io.codemodder.providers.defectdojo.DefectDojoScan;
import io.codemodder.providers.defectdojo.Finding;
import io.codemodder.providers.defectdojo.RuleFindings;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import javax.inject.Inject;

@Codemod(id = "defectdojo:java/sql-injection", reviewGuidance = ReviewGuidance.MERGE_AFTER_REVIEW, executionPriority = CodemodExecutionPriority.HIGH, importance = Importance.HIGH)
/* loaded from: input_file:io/codemodder/codemods/DefectDojoSqlInjectionCodemod.class */
public final class DefectDojoSqlInjectionCodemod extends JavaParserChanger implements FixOnlyCodeChanger {
    private final RuleFindings findings;

    @Inject
    public DefectDojoSqlInjectionCodemod(@DefectDojoScan(ruleId = "java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli") RuleFindings ruleFindings) {
        this.findings = (RuleFindings) Objects.requireNonNull(ruleFindings);
    }

    public DetectionTool getDetectionTool() {
        return new DetectionTool("DefectDojo", new DetectorRule("java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli", "java.lang.security.audit.sqli.jdbc-sqli.jdbc-sqli", (String) null), List.of());
    }

    public CodemodFileScanningResult visit(CodemodInvocationContext codemodInvocationContext, CompilationUnit compilationUnit) {
        List findAll = compilationUnit.findAll(MethodCallExpr.class);
        List<Finding> forPath = this.findings.getForPath(codemodInvocationContext.path());
        if (forPath.isEmpty()) {
            return CodemodFileScanningResult.none();
        }
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (Finding finding : forPath) {
            String valueOf = String.valueOf(finding.getId());
            Integer line = finding.getLine();
            if (line == null) {
                arrayList.add(new DetectorFinding(valueOf, false, "No line number provided"));
            } else {
                List list = findAll.stream().filter(methodCallExpr -> {
                    return ((Range) methodCallExpr.getRange().get()).begin.line == line.intValue();
                }).filter(SQLParameterizer::isSupportedJdbcMethodCall).toList();
                if (list.isEmpty()) {
                    arrayList.add(new DetectorFinding(valueOf, false, "No supported SQL methods found on the given line"));
                } else if (list.size() > 1) {
                    arrayList.add(new DetectorFinding(valueOf, false, "Multiple supported SQL methods found on the given line"));
                } else if (SQLParameterizerWithCleanup.checkAndFix((MethodCallExpr) list.get(0))) {
                    arrayList.add(new DetectorFinding(valueOf, true, (String) null));
                    arrayList2.add(CodemodChange.from(line.intValue(), "Fixes issue " + valueOf + " by parameterizing SQL"));
                } else {
                    arrayList.add(new DetectorFinding(valueOf, false, "Fixing may have side effects"));
                }
            }
        }
        return CodemodFileScanningResult.from(arrayList2, arrayList);
    }
}
