package com.h3xstream.findsecbugs.injection.redirect;

import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.injection.InjectionSource;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/injection/redirect/RedirectionSource.class */
public class RedirectionSource implements InjectionSource {
    private static final String UNVALIDATED_REDIRECT_TYPE = "UNVALIDATED_REDIRECT";

    @Override // com.h3xstream.findsecbugs.injection.InjectionSource
    public InjectionPoint getInjectableParameters(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        LDC ldc;
        Object value;
        if (invokeInstruction instanceof INVOKEINTERFACE) {
            String methodName = invokeInstruction.getMethodName(constantPoolGen);
            if (isHttpServletResponseOrResponseWrapperClass(invokeInstruction.getReferenceType(constantPoolGen).toString())) {
                if (methodName.equals("sendRedirect")) {
                    return new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE);
                }
                if ((methodName.equals("addHeader") || methodName.equals("setHeader")) && (ldc = (LDC) ByteCode.getPrevInstruction(instructionHandle, LDC.class)) != null && (value = ldc.getValue(constantPoolGen)) != null && "Location".equalsIgnoreCase((String) value)) {
                    return new InjectionPoint(new int[]{0}, UNVALIDATED_REDIRECT_TYPE);
                }
            }
        }
        return InjectionPoint.NONE;
    }

    private boolean isHttpServletResponseOrResponseWrapperClass(String str) {
        return str.equals("javax.servlet.http.HttpServletResponse") || str.equals("jakarta.servlet.http.HttpServletResponse") || str.equals("javax.servlet.http.HttpServletResponseWrapper") || str.equals("jakarta.servlet.http.HttpServletResponseWrapper");
    }
}
