package io.codemodder.codemods;

import com.contrastsecurity.sarif.Location;
import com.contrastsecurity.sarif.Result;
import com.contrastsecurity.sarif.Run;
import com.contrastsecurity.sarif.SarifSchema210;
import com.github.javaparser.Range;
import com.github.javaparser.ast.CompilationUnit;
import com.github.javaparser.ast.NodeList;
import com.github.javaparser.ast.expr.BooleanLiteralExpr;
import com.github.javaparser.ast.expr.Expression;
import com.github.javaparser.ast.expr.MethodCallExpr;
import com.github.javaparser.ast.expr.StringLiteralExpr;
import com.github.javaparser.ast.stmt.BlockStmt;
import com.github.javaparser.ast.stmt.ExpressionStmt;
import com.github.javaparser.ast.stmt.Statement;
import io.codemodder.Codemod;
import io.codemodder.CodemodInvocationContext;
import io.codemodder.Importance;
import io.codemodder.RegionNodeMatcher;
import io.codemodder.ReviewGuidance;
import io.codemodder.RuleSarif;
import io.codemodder.SarifPluginJavaParserChanger;
import io.codemodder.javaparser.ChangesResult;
import io.codemodder.providers.sarif.semgrep.SemgrepRunner;
import io.codemodder.providers.sarif.semgrep.SemgrepScan;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import javax.inject.Inject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Codemod(id = "pixee:java/harden-xmlreader", importance = Importance.HIGH, reviewGuidance = ReviewGuidance.MERGE_WITHOUT_REVIEW)
/* loaded from: input_file:io/codemodder/codemods/HardenXMLReaderCodemod.class */
public final class HardenXMLReaderCodemod extends SarifPluginJavaParserChanger<MethodCallExpr> {
    private final SemgrepRunner semgrepRunner;
    private static final Logger log = LoggerFactory.getLogger(HardenXMLReaderCodemod.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject.class */
    public static final class SettingsNeededToInject extends Record {
        private final boolean externalGeneralEntities;
        private final boolean externalParameterEntities;

        SettingsNeededToInject(boolean z, boolean z2) {
            this.externalGeneralEntities = z;
            this.externalParameterEntities = z2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SettingsNeededToInject.class), SettingsNeededToInject.class, "externalGeneralEntities;externalParameterEntities", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalGeneralEntities:Z", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalParameterEntities:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SettingsNeededToInject.class), SettingsNeededToInject.class, "externalGeneralEntities;externalParameterEntities", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalGeneralEntities:Z", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalParameterEntities:Z").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SettingsNeededToInject.class, Object.class), SettingsNeededToInject.class, "externalGeneralEntities;externalParameterEntities", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalGeneralEntities:Z", "FIELD:Lio/codemodder/codemods/HardenXMLReaderCodemod$SettingsNeededToInject;->externalParameterEntities:Z").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public boolean externalGeneralEntities() {
            return this.externalGeneralEntities;
        }

        public boolean externalParameterEntities() {
            return this.externalParameterEntities;
        }
    }

    @Inject
    public HardenXMLReaderCodemod(@SemgrepScan(ruleId = "harden-xmlreader") RuleSarif ruleSarif) {
        super(ruleSarif, MethodCallExpr.class, RegionNodeMatcher.MATCHES_START);
        this.semgrepRunner = SemgrepRunner.createDefault();
    }

    public ChangesResult onResultFound(CodemodInvocationContext codemodInvocationContext, CompilationUnit compilationUnit, MethodCallExpr methodCallExpr, Result result) {
        try {
            SettingsNeededToInject gatherRequiredSettings = gatherRequiredSettings(codemodInvocationContext, methodCallExpr);
            Optional scope = methodCallExpr.getScope();
            if (scope.isEmpty()) {
                return ChangesResult.noChanges;
            }
            Expression expression = (Expression) scope.get();
            ArrayList arrayList = new ArrayList();
            if (gatherRequiredSettings.externalGeneralEntities) {
                MethodCallExpr methodCallExpr2 = new MethodCallExpr(expression, "setFeature");
                methodCallExpr2.addArgument(new StringLiteralExpr("http://xml.org/sax/features/external-general-entities"));
                methodCallExpr2.addArgument(new BooleanLiteralExpr(false));
                arrayList.add(new ExpressionStmt(methodCallExpr2));
            }
            if (gatherRequiredSettings.externalParameterEntities) {
                MethodCallExpr methodCallExpr3 = new MethodCallExpr(expression, "setFeature");
                methodCallExpr3.addArgument(new StringLiteralExpr("http://xml.org/sax/features/external-parameter-entities"));
                methodCallExpr3.addArgument(new BooleanLiteralExpr(false));
                arrayList.add(new ExpressionStmt(methodCallExpr3));
            }
            Optional findAncestor = methodCallExpr.findAncestor(new Class[]{Statement.class});
            if (findAncestor.isEmpty()) {
                return ChangesResult.noChanges;
            }
            Statement statement = (Statement) findAncestor.get();
            Optional findAncestor2 = statement.findAncestor(new Class[]{BlockStmt.class});
            if (findAncestor2.isEmpty()) {
                return ChangesResult.noChanges;
            }
            NodeList statements = ((BlockStmt) findAncestor2.get()).getStatements();
            statements.addAll(statements.indexOf(statement), arrayList);
            return ChangesResult.changesApplied;
        } catch (IOException e) {
            log.warn("issue running semgrep to figure out needed calls", e);
            return ChangesResult.noChanges;
        }
    }

    private SettingsNeededToInject gatherRequiredSettings(CodemodInvocationContext codemodInvocationContext, MethodCallExpr methodCallExpr) throws IOException {
        Path createRuleFile = createRuleFile("harden-xmlreader-needs-both.yaml");
        Path createRuleFile2 = createRuleFile("harden-xmlreader-just-needs-general.yaml");
        Path createRuleFile3 = createRuleFile("harden-xmlreader-just-needs-parameter.yaml");
        try {
            SettingsNeededToInject settingsNeededToInject = getSettingsNeededToInject(codemodInvocationContext, methodCallExpr, createRuleFile, createRuleFile2, createRuleFile3);
            createRuleFile.toFile().delete();
            createRuleFile2.toFile().delete();
            createRuleFile3.toFile().delete();
            return settingsNeededToInject;
        } catch (Throwable th) {
            createRuleFile.toFile().delete();
            createRuleFile2.toFile().delete();
            createRuleFile3.toFile().delete();
            throw th;
        }
    }

    private SettingsNeededToInject getSettingsNeededToInject(CodemodInvocationContext codemodInvocationContext, MethodCallExpr methodCallExpr, Path path, Path path2, Path path3) throws IOException {
        Path asPath = codemodInvocationContext.codeDirectory().asPath();
        List of = List.of(codemodInvocationContext.path().toString());
        SarifSchema210 run = this.semgrepRunner.run(List.of(path), asPath, of, List.of());
        path.toFile().delete();
        if (hasParseCallInResults(run, methodCallExpr)) {
            return new SettingsNeededToInject(true, true);
        }
        SarifSchema210 run2 = this.semgrepRunner.run(List.of(path2), asPath, of, List.of());
        path2.toFile().delete();
        if (hasParseCallInResults(run2, methodCallExpr)) {
            return new SettingsNeededToInject(true, false);
        }
        SarifSchema210 run3 = this.semgrepRunner.run(List.of(path3), asPath, of, List.of());
        path3.toFile().delete();
        if (hasParseCallInResults(run3, methodCallExpr)) {
            return new SettingsNeededToInject(false, true);
        }
        log.warn("We matched the parse call but can't determine which settings are needed. Defaulting to both. Are all the YAML patterns aligned?");
        return new SettingsNeededToInject(true, true);
    }

    private Path createRuleFile(String str) throws IOException {
        Path createTempFile = Files.createTempFile("xxe", ".yaml", new FileAttribute[0]);
        createTempFile.toFile().deleteOnExit();
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("io/codemodder/codemods/" + str);
        try {
            Files.copy(resourceAsStream, createTempFile, StandardCopyOption.REPLACE_EXISTING);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return createTempFile;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private boolean hasParseCallInResults(SarifSchema210 sarifSchema210, MethodCallExpr methodCallExpr) {
        return ((Run) sarifSchema210.getRuns().get(0)).getResults().stream().map(result -> {
            return (Location) result.getLocations().get(0);
        }).anyMatch(location -> {
            return location.getPhysicalLocation().getRegion().getStartLine().intValue() == ((Range) methodCallExpr.getRange().get()).begin.line;
        });
    }
}
