package io.codemodder.codemods;

import io.codemodder.Codemod;
import io.codemodder.DependencyGAV;
import io.codemodder.Importance;
import io.codemodder.RegexFileChanger;
import io.codemodder.ReviewGuidance;
import java.util.List;
import java.util.regex.Pattern;

@Codemod(id = "pixee:java/encode-jsp-scriptlet", importance = Importance.HIGH, reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW)
/* loaded from: input_file:io/codemodder/codemods/JSPScriptletXSSCodemod.class */
public final class JSPScriptletXSSCodemod extends RegexFileChanger {
    private static final Pattern scriptlet = Pattern.compile("<%(\\s*)=(\\s*)request(\\s*).(\\s*)get((Header|Parameter)(\\s*)\\((\\s*)\".*\"(\\s*)\\)|QueryString\\((\\s*)\\))(\\s*)%>", 8);

    public JSPScriptletXSSCodemod() {
        super(path -> {
            return path.getFileName().toString().toLowerCase().endsWith(".jsp");
        }, scriptlet, true, List.of(DependencyGAV.OWASP_XSS_JAVA_ENCODER));
    }

    public String getReplacementFor(String str) {
        return "<%=org.owasp.encoder.Encode.forHtml(" + str.substring(str.indexOf(61) + 1, str.length() - 2) + ")%>";
    }
}
