package com.h3xstream.findsecbugs.serial;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.FieldAnnotation;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.bcel.classfile.AnnotationEntry;
import org.apache.bcel.classfile.ElementValuePair;
import org.apache.bcel.classfile.Field;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.MethodGen;
import org.eclipse.jdt.internal.compiler.util.SuffixConstants;

/* loaded from: input_file:findsecbugs-plugin.jar:com/h3xstream/findsecbugs/serial/UnsafeJacksonDeserializationDetector.class */
public class UnsafeJacksonDeserializationDetector implements Detector {
    private static final String DESERIALIZATION_TYPE = "JACKSON_UNSAFE_DESERIALIZATION";
    private BugReporter bugReporter;
    private static final List<String> ANNOTATION_TYPES = Arrays.asList("Lcom/fasterxml/jackson/annotation/JsonTypeInfo;");
    private static final List<String> VULNERABLE_USE_NAMES = Arrays.asList(SuffixConstants.EXTENSION_CLASS, "MINIMAL_CLASS");
    private static final List<String> OBJECT_MAPPER_CLASSES = Arrays.asList("com.fasterxml.jackson.databind.ObjectMapper", "org.codehaus.jackson.map.ObjectMapper");

    public UnsafeJacksonDeserializationDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        JavaClass javaClass = classContext.getJavaClass();
        if (OBJECT_MAPPER_CLASSES.contains(javaClass.getClassName())) {
            return;
        }
        for (Field field : javaClass.getFields()) {
            analyzeField(field, javaClass);
        }
        for (Method method : javaClass.getMethods()) {
            try {
                analyzeMethod(method, classContext);
            } catch (CFGBuilderException | DataflowAnalysisException e) {
            }
        }
    }

    private void analyzeField(Field field, JavaClass javaClass) {
        for (AnnotationEntry annotationEntry : field.getAnnotationEntries()) {
            if (ANNOTATION_TYPES.contains(annotationEntry.getAnnotationType()) || annotationEntry.getAnnotationType().contains("JsonTypeInfo")) {
                for (ElementValuePair elementValuePair : annotationEntry.getElementValuePairs()) {
                    if ("use".equals(elementValuePair.getNameString()) && VULNERABLE_USE_NAMES.contains(elementValuePair.getValue().stringifyValue())) {
                        this.bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, 1).addClass(javaClass).addString(javaClass.getClassName() + " on field " + field.getName() + " of type " + field.getType() + " annotated with " + annotationEntry.toShortString()).addField(FieldAnnotation.fromBCELField(javaClass, field)).addString(""));
                    }
                }
            }
        }
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        MethodGen methodGen = classContext.getMethodGen(method);
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(method);
        if (methodGen == null || methodGen.getInstructionList() == null) {
            return;
        }
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            Instruction instruction = next.getHandle().getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                if ("enableDefaultTyping".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                    JavaClass javaClass = classContext.getJavaClass();
                    this.bugReporter.reportBug(new BugInstance(this, DESERIALIZATION_TYPE, 1).addClass(javaClass).addMethod(javaClass, method).addCalledMethod(constantPoolGen, invokeInstruction).addSourceLine(classContext, method, next));
                }
            }
        }
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }
}
