package org.sonar.java.checks.spring;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Stream;
import org.apache.hc.client5.http.classic.methods.HttpDelete;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpHead;
import org.apache.hc.client5.http.classic.methods.HttpOptions;
import org.apache.hc.client5.http.classic.methods.HttpPatch;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.classic.methods.HttpPut;
import org.apache.hc.client5.http.classic.methods.HttpTrace;
import org.sonar.check.Rule;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.Symbol;
import org.sonar.plugins.java.api.semantic.SymbolMetadata;
import org.sonar.plugins.java.api.semantic.Type;
import org.sonar.plugins.java.api.tree.AnnotationTree;
import org.sonar.plugins.java.api.tree.AssignmentExpressionTree;
import org.sonar.plugins.java.api.tree.BaseTreeVisitor;
import org.sonar.plugins.java.api.tree.ClassTree;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MethodTree;
import org.sonar.plugins.java.api.tree.ModifiersTree;
import org.sonar.plugins.java.api.tree.Tree;

@Rule(key = "S3752")
/* loaded from: input_file:org/sonar/java/checks/spring/SpringRequestMappingMethodCheck.class */
public class SpringRequestMappingMethodCheck extends IssuableSubscriptionVisitor {
    private static final String REQUEST_MAPPING_CLASS = "org.springframework.web.bind.annotation.RequestMapping";
    private static final String REQUEST_METHOD = "method";
    public static final String MESSAGE = "Make sure allowing safe and unsafe HTTP methods is safe here.";

    /* loaded from: input_file:org/sonar/java/checks/spring/SpringRequestMappingMethodCheck$HttpMethodVisitor.class */
    private static class HttpMethodVisitor extends BaseTreeVisitor {
        private static final Set<String> SAFE_METHODS = new HashSet(Arrays.asList(HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpOptions.METHOD_NAME, HttpTrace.METHOD_NAME));
        private static final Set<String> UNSAFE_METHODS = new HashSet(Arrays.asList(HttpDelete.METHOD_NAME, HttpPatch.METHOD_NAME, HttpPost.METHOD_NAME, HttpPut.METHOD_NAME));
        private boolean hasSafeMethods = false;
        private boolean hasUnsafeMethods = false;

        private HttpMethodVisitor() {
        }

        @Override // org.sonar.plugins.java.api.tree.BaseTreeVisitor, org.sonar.plugins.java.api.tree.TreeVisitor
        public void visitIdentifier(IdentifierTree identifierTree) {
            this.hasSafeMethods |= SAFE_METHODS.contains(identifierTree.name());
            this.hasUnsafeMethods |= UNSAFE_METHODS.contains(identifierTree.name());
        }
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Collections.singletonList(Tree.Kind.CLASS);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        ClassTree classTree = (ClassTree) tree;
        findRequestMappingAnnotation(classTree.modifiers()).flatMap(SpringRequestMappingMethodCheck::findRequestMethods).filter(SpringRequestMappingMethodCheck::mixSafeAndUnsafeMethods).ifPresent(expressionTree -> {
            reportIssue(expressionTree, MESSAGE);
        });
        classTree.members().stream().filter(tree2 -> {
            return tree2.is(Tree.Kind.METHOD);
        }).forEach(tree3 -> {
            checkMethod((MethodTree) tree3, classTree.symbol());
        });
    }

    private void checkMethod(MethodTree methodTree, Symbol.TypeSymbol typeSymbol) {
        Optional<AnnotationTree> findRequestMappingAnnotation = findRequestMappingAnnotation(methodTree.modifiers());
        Optional<U> flatMap = findRequestMappingAnnotation.flatMap(SpringRequestMappingMethodCheck::findRequestMethods);
        if (flatMap.isPresent()) {
            flatMap.filter(SpringRequestMappingMethodCheck::mixSafeAndUnsafeMethods).ifPresent(expressionTree -> {
                reportIssue(expressionTree, MESSAGE);
            });
        } else {
            if (!findRequestMappingAnnotation.isPresent() || inheritRequestMethod(typeSymbol)) {
                return;
            }
            reportIssue(findRequestMappingAnnotation.get().annotationType(), MESSAGE);
        }
    }

    private static Optional<AnnotationTree> findRequestMappingAnnotation(ModifiersTree modifiersTree) {
        return modifiersTree.annotations().stream().filter(annotationTree -> {
            return annotationTree.symbolType().is(REQUEST_MAPPING_CLASS);
        }).findFirst();
    }

    private static Optional<ExpressionTree> findRequestMethods(AnnotationTree annotationTree) {
        Stream filter = annotationTree.arguments().stream().filter(expressionTree -> {
            return expressionTree.is(Tree.Kind.ASSIGNMENT);
        });
        Class<AssignmentExpressionTree> cls = AssignmentExpressionTree.class;
        Objects.requireNonNull(AssignmentExpressionTree.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(assignmentExpressionTree -> {
            return "method".equals(((IdentifierTree) assignmentExpressionTree.variable()).name());
        }).map((v0) -> {
            return v0.expression();
        }).findFirst();
    }

    private static boolean inheritRequestMethod(Symbol.TypeSymbol typeSymbol) {
        List<SymbolMetadata.AnnotationValue> valuesForAnnotation = typeSymbol.metadata().valuesForAnnotation(REQUEST_MAPPING_CLASS);
        if (valuesForAnnotation != null && valuesForAnnotation.stream().anyMatch(annotationValue -> {
            return "method".equals(annotationValue.name());
        })) {
            return true;
        }
        Type superClass = typeSymbol.superClass();
        if (superClass != null && inheritRequestMethod(superClass.symbol())) {
            return true;
        }
        Iterator<Type> it = typeSymbol.interfaces().iterator();
        while (it.hasNext()) {
            if (inheritRequestMethod(it.next().symbol())) {
                return true;
            }
        }
        return false;
    }

    private static boolean mixSafeAndUnsafeMethods(ExpressionTree expressionTree) {
        HttpMethodVisitor httpMethodVisitor = new HttpMethodVisitor();
        expressionTree.accept(httpMethodVisitor);
        return httpMethodVisitor.hasSafeMethods && httpMethodVisitor.hasUnsafeMethods;
    }
}
