package com.h3xstream.findsecbugs.xml;

import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import javax.xml.XMLConstants;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/xml/SchemaFactoryDetector.class */
public class SchemaFactoryDetector extends OpcodeStackDetector {
    private static final String XXE_SCHEMA_FACTORY_TYPE = "XXE_SCHEMA_FACTORY";
    private static final String SCHEMA_FACTORY_CLASS_NAME = "javax/xml/validation/SchemaFactory";
    private static final String SET_FEATURE_METHOD = "setFeature";
    private static final String SET_PROPERTY_METHOD = "setProperty";
    private static final String NEW_SCHEMA_METHOD_NAME = "newSchema";
    private static final Number BOOLEAN_TRUE_VALUE = 1;
    private static final String EXTERNAL_REFERENCES_DISABLED = "";
    private final BugReporter bugReporter;

    public SchemaFactoryDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.bcel.OpcodeStackDetector, edu.umd.cs.findbugs.visitclass.DismantleBytecode
    public void sawOpcode(int i) {
        if (isNotNewSchemaMethod(i)) {
            return;
        }
        ClassContext classContext = getClassContext();
        try {
            CFG cfg = classContext.getCFG(getMethod());
            ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            for (Location location : cfg.locations()) {
                if (isSecureProcessingEnabled(location, constantPoolGen)) {
                    z = true;
                } else if (isAccessPropertyDisabled(location, constantPoolGen, "http://javax.xml.XMLConstants/property/accessExternalDTD")) {
                    z2 = true;
                } else if (isAccessPropertyDisabled(location, constantPoolGen, "http://javax.xml.XMLConstants/property/accessExternalSchema")) {
                    z3 = true;
                }
            }
            if (z) {
                return;
            }
            if (z2 && z3) {
                return;
            }
            this.bugReporter.reportBug(new BugInstance(this, XXE_SCHEMA_FACTORY_TYPE, 1).addClass(this).addMethod(this).addSourceLine(this));
        } catch (CFGBuilderException e) {
            AnalysisContext.logError("Cannot get CFG", e);
        }
    }

    private boolean isNotNewSchemaMethod(int i) {
        boolean z = true;
        if (182 == i) {
            String classConstantOperand = getClassConstantOperand();
            String nameConstantOperand = getNameConstantOperand();
            if (SCHEMA_FACTORY_CLASS_NAME.equals(classConstantOperand) && NEW_SCHEMA_METHOD_NAME.equals(nameConstantOperand)) {
                z = false;
            }
        }
        return z;
    }

    private boolean isSecureProcessingEnabled(Location location, ConstantPoolGen constantPoolGen) {
        boolean z = false;
        Instruction instruction = location.getHandle().getInstruction();
        if (instruction instanceof INVOKEVIRTUAL) {
            String methodName = ((InvokeInstruction) instruction).getMethodName(constantPoolGen);
            InstructionHandle handle = location.getHandle();
            if (SET_FEATURE_METHOD.equals(methodName) && XMLConstants.FEATURE_SECURE_PROCESSING.equals(getLdcValue(handle, constantPoolGen))) {
                ICONST iconst = (ICONST) ByteCode.getPrevInstruction(handle, ICONST.class);
                z = iconst != null && BOOLEAN_TRUE_VALUE.equals(iconst.getValue());
            }
        }
        return z;
    }

    private boolean isAccessPropertyDisabled(Location location, ConstantPoolGen constantPoolGen, String str) {
        boolean z = false;
        Instruction instruction = location.getHandle().getInstruction();
        if (instruction instanceof INVOKEVIRTUAL) {
            String methodName = ((InvokeInstruction) instruction).getMethodName(constantPoolGen);
            InstructionHandle handle = location.getHandle();
            if ("setProperty".equals(methodName)) {
                Object ldcValue = getLdcValue(handle.getPrev(), constantPoolGen);
                Object ldcValue2 = getLdcValue(handle, constantPoolGen);
                if (str.equals(ldcValue)) {
                    z = "".equals(ldcValue2);
                }
            }
        }
        return z;
    }

    private Object getLdcValue(InstructionHandle instructionHandle, ConstantPoolGen constantPoolGen) {
        LDC ldc = (LDC) ByteCode.getPrevInstruction(instructionHandle, LDC.class);
        if (ldc == null) {
            return null;
        }
        return ldc.getValue(constantPoolGen);
    }
}
