package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.ApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;
import net.sourceforge.pmd.lang.apex.rule.internal.Helper;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexInsecureEndpointRule.class */
public class ApexInsecureEndpointRule extends AbstractApexRule {
    private static final String SET_ENDPOINT = "setEndpoint";
    private static final Pattern PATTERN = Pattern.compile("^http://.+?$", 2);
    private final Set<String> httpEndpointStrings = new HashSet();

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTAssignmentExpression aSTAssignmentExpression, Object obj) {
        findInsecureEndpoints(aSTAssignmentExpression);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTVariableDeclaration aSTVariableDeclaration, Object obj) {
        findInsecureEndpoints(aSTVariableDeclaration);
        return obj;
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTFieldDeclaration aSTFieldDeclaration, Object obj) {
        findInsecureEndpoints(aSTFieldDeclaration);
        return obj;
    }

    private void findInsecureEndpoints(ApexNode<?> apexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) apexNode.firstChild(ASTVariableExpression.class);
        findInnerInsecureEndpoints(apexNode, aSTVariableExpression);
        ASTBinaryExpression firstChild = apexNode.firstChild(ASTBinaryExpression.class);
        if (firstChild != null) {
            findInnerInsecureEndpoints(firstChild, aSTVariableExpression);
        }
    }

    private void findInnerInsecureEndpoints(ApexNode<?> apexNode, ASTVariableExpression aSTVariableExpression) {
        ASTLiteralExpression firstChild = apexNode.firstChild(ASTLiteralExpression.class);
        if (firstChild == null || aSTVariableExpression == null || !firstChild.isString()) {
            return;
        }
        if (PATTERN.matcher(firstChild.getImage()).matches()) {
            this.httpEndpointStrings.add(Helper.getFQVariableName(aSTVariableExpression));
        }
    }

    @Override // net.sourceforge.pmd.lang.apex.ast.ApexVisitor
    public Object visit(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        processInsecureEndpoint(aSTMethodCallExpression, obj);
        return obj;
    }

    private void processInsecureEndpoint(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        if (Helper.isMethodName(aSTMethodCallExpression, SET_ENDPOINT)) {
            ASTBinaryExpression firstChild = aSTMethodCallExpression.firstChild(ASTBinaryExpression.class);
            if (firstChild != null) {
                runChecks(firstChild, obj);
            }
            runChecks(aSTMethodCallExpression, obj);
        }
    }

    private void runChecks(ApexNode<?> apexNode, Object obj) {
        ASTLiteralExpression firstChild = apexNode.firstChild(ASTLiteralExpression.class);
        if (firstChild != null && firstChild.isString()) {
            if (PATTERN.matcher(firstChild.getImage()).matches()) {
                asCtx(obj).addViolation(firstChild);
            }
        }
        ASTVariableExpression firstChild2 = apexNode.firstChild(ASTVariableExpression.class);
        if (firstChild2 == null || !this.httpEndpointStrings.contains(Helper.getFQVariableName(firstChild2))) {
            return;
        }
        asCtx(obj).addViolation(firstChild2);
    }
}
