package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.AbstractApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexInsecureEndpointRule.class */
public class ApexInsecureEndpointRule extends AbstractApexRule {
    private static final String SET_ENDPOINT = "setEndpoint";
    private static final Pattern PATTERN = Pattern.compile("^http://.+?$", 2);
    private final Set<String> httpEndpointStrings = new HashSet();

    public ApexInsecureEndpointRule() {
        setProperty(CODECLIMATE_CATEGORIES, new String[]{"Security"});
        setProperty(CODECLIMATE_REMEDIATION_MULTIPLIER, 100);
        setProperty(CODECLIMATE_BLOCK_HIGHLIGHTING, false);
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTAssignmentExpression aSTAssignmentExpression, Object obj) {
        findInsecureEndpoints(aSTAssignmentExpression);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTVariableDeclaration aSTVariableDeclaration, Object obj) {
        findInsecureEndpoints(aSTVariableDeclaration);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTFieldDeclaration aSTFieldDeclaration, Object obj) {
        findInsecureEndpoints(aSTFieldDeclaration);
        return obj;
    }

    private void findInsecureEndpoints(AbstractApexNode<?> abstractApexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        findInnerInsecureEndpoints(abstractApexNode, aSTVariableExpression);
        ASTBinaryExpression aSTBinaryExpression = (ASTBinaryExpression) abstractApexNode.getFirstChildOfType(ASTBinaryExpression.class);
        if (aSTBinaryExpression != null) {
            findInnerInsecureEndpoints(aSTBinaryExpression, aSTVariableExpression);
        }
    }

    private void findInnerInsecureEndpoints(AbstractApexNode<?> abstractApexNode, ASTVariableExpression aSTVariableExpression) {
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) abstractApexNode.getFirstChildOfType(ASTLiteralExpression.class);
        if (aSTLiteralExpression == null || aSTVariableExpression == null) {
            return;
        }
        Object literal = aSTLiteralExpression.getNode().getLiteral();
        if (literal instanceof String) {
            if (PATTERN.matcher((String) literal).matches()) {
                this.httpEndpointStrings.add(Helper.getFQVariableName(aSTVariableExpression));
            }
        }
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        processInsecureEndpoint(aSTMethodCallExpression, obj);
        return obj;
    }

    private void processInsecureEndpoint(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        if (Helper.isMethodName(aSTMethodCallExpression, SET_ENDPOINT)) {
            ASTBinaryExpression aSTBinaryExpression = (ASTBinaryExpression) aSTMethodCallExpression.getFirstChildOfType(ASTBinaryExpression.class);
            if (aSTBinaryExpression != null) {
                runChecks(aSTBinaryExpression, obj);
            }
            runChecks(aSTMethodCallExpression, obj);
        }
    }

    private void runChecks(AbstractApexNode<?> abstractApexNode, Object obj) {
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) abstractApexNode.getFirstChildOfType(ASTLiteralExpression.class);
        if (aSTLiteralExpression != null) {
            Object literal = aSTLiteralExpression.getNode().getLiteral();
            if (literal instanceof String) {
                if (PATTERN.matcher((String) literal).matches()) {
                    addViolation(obj, aSTLiteralExpression);
                }
            }
        }
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        if (aSTVariableExpression == null || !this.httpEndpointStrings.contains(Helper.getFQVariableName(aSTVariableExpression))) {
            return;
        }
        addViolation(obj, aSTVariableExpression);
    }
}
