package com.h3xstream.findsecbugs.csrf;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.ClassContext;
import java.util.Arrays;
import java.util.List;
import org.apache.bcel.classfile.AnnotationEntry;
import org.apache.bcel.classfile.ArrayElementValue;
import org.apache.bcel.classfile.ElementValue;
import org.apache.bcel.classfile.ElementValuePair;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.classic.methods.HttpHead;
import org.apache.hc.client5.http.classic.methods.HttpOptions;
import org.apache.hc.client5.http.classic.methods.HttpTrace;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/csrf/SpringCsrfUnrestrictedRequestMappingDetector.class */
public class SpringCsrfUnrestrictedRequestMappingDetector implements Detector {
    private static final String SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING_TYPE = "SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING";
    private static final String REQUEST_MAPPING_ANNOTATION_TYPE = "Lorg/springframework/web/bind/annotation/RequestMapping;";
    private static final String METHOD_ANNOTATION_ATTRIBUTE_KEY = "method";
    private static final List<String> UNPROTECTED_HTTP_REQUEST_METHODS = Arrays.asList(HttpGet.METHOD_NAME, HttpHead.METHOD_NAME, HttpTrace.METHOD_NAME, HttpOptions.METHOD_NAME);
    private BugReporter bugReporter;

    public SpringCsrfUnrestrictedRequestMappingDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        JavaClass javaClass = classContext.getJavaClass();
        for (Method method : javaClass.getMethods()) {
            if (isVulnerable(method)) {
                this.bugReporter.reportBug(new BugInstance(this, SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING_TYPE, 1).addClassAndMethod(javaClass, method));
            }
        }
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }

    private static boolean isVulnerable(Method method) {
        AnnotationEntry findRequestMappingAnnotation = findRequestMappingAnnotation(method);
        if (findRequestMappingAnnotation == null) {
            return false;
        }
        ElementValuePair findMethodAnnotationAttribute = findMethodAnnotationAttribute(findRequestMappingAnnotation);
        if (findMethodAnnotationAttribute == null) {
            return true;
        }
        ElementValue value = findMethodAnnotationAttribute.getValue();
        if (isEmptyArray(value)) {
            return true;
        }
        return isMixOfUnprotectedAndProtectedHttpRequestMethods(value);
    }

    private static AnnotationEntry findRequestMappingAnnotation(Method method) {
        for (AnnotationEntry annotationEntry : method.getAnnotationEntries()) {
            if (REQUEST_MAPPING_ANNOTATION_TYPE.equals(annotationEntry.getAnnotationType())) {
                return annotationEntry;
            }
        }
        return null;
    }

    private static ElementValuePair findMethodAnnotationAttribute(AnnotationEntry annotationEntry) {
        for (ElementValuePair elementValuePair : annotationEntry.getElementValuePairs()) {
            if ("method".equals(elementValuePair.getNameString())) {
                return elementValuePair;
            }
        }
        return null;
    }

    private static boolean isEmptyArray(ElementValue elementValue) {
        return (elementValue instanceof ArrayElementValue) && ((ArrayElementValue) elementValue).getElementValuesArraySize() == 0;
    }

    private static boolean isMixOfUnprotectedAndProtectedHttpRequestMethods(ElementValue elementValue) {
        if (!(elementValue instanceof ArrayElementValue)) {
            return false;
        }
        ArrayElementValue arrayElementValue = (ArrayElementValue) elementValue;
        if (arrayElementValue.getElementValuesArraySize() <= 1) {
            return false;
        }
        boolean z = false;
        boolean z2 = false;
        for (ElementValue elementValue2 : arrayElementValue.getElementValuesArray()) {
            if (UNPROTECTED_HTTP_REQUEST_METHODS.contains(elementValue2.stringifyValue())) {
                z = true;
            } else {
                z2 = true;
            }
            if (z && z2) {
                return true;
            }
        }
        return false;
    }
}
