package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.AbstractApexNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.class */
public class ApexSOQLInjectionRule extends AbstractApexRule {
    private static final String JOIN = "join";
    private static final String ESCAPE_SINGLE_QUOTES = "escapeSingleQuotes";
    private static final String STRING = "String";
    private static final String DATABASE = "Database";
    private static final String QUERY = "query";
    private static final Pattern SELECT_PATTERN = Pattern.compile("^select[\\s]+?.*?$", 2);
    private final HashSet<String> safeVariables = new HashSet<>();
    private final HashMap<String, Boolean> selectContainingVariables = new HashMap<>();

    public ApexSOQLInjectionRule() {
        setProperty(CODECLIMATE_CATEGORIES, new String[]{"Security"});
        setProperty(CODECLIMATE_REMEDIATION_MULTIPLIER, 100);
        setProperty(CODECLIMATE_BLOCK_HIGHLIGHTING, false);
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (Helper.isTestMethodOrClass(aSTUserClass)) {
            return obj;
        }
        for (ASTFieldDeclaration aSTFieldDeclaration : aSTUserClass.findDescendantsOfType(ASTFieldDeclaration.class)) {
            findSanitizedVariables(aSTFieldDeclaration);
            findSelectContainingVariables(aSTFieldDeclaration);
        }
        for (ASTVariableDeclaration aSTVariableDeclaration : aSTUserClass.findDescendantsOfType(ASTVariableDeclaration.class)) {
            findSanitizedVariables(aSTVariableDeclaration);
            findSelectContainingVariables(aSTVariableDeclaration);
        }
        for (ASTAssignmentExpression aSTAssignmentExpression : aSTUserClass.findDescendantsOfType(ASTAssignmentExpression.class)) {
            findSanitizedVariables(aSTAssignmentExpression);
            findSelectContainingVariables(aSTAssignmentExpression);
        }
        for (ASTMethodCallExpression aSTMethodCallExpression : aSTUserClass.findDescendantsOfType(ASTMethodCallExpression.class)) {
            if (!Helper.isTestMethodOrClass(aSTMethodCallExpression) && Helper.isMethodName(aSTMethodCallExpression, DATABASE, QUERY)) {
                reportStrings(aSTMethodCallExpression, obj);
                reportVariables(aSTMethodCallExpression, obj);
            }
        }
        this.safeVariables.clear();
        this.selectContainingVariables.clear();
        return obj;
    }

    private void findSanitizedVariables(AbstractApexNode<?> abstractApexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) abstractApexNode.getFirstChildOfType(ASTLiteralExpression.class);
        ASTMethodCallExpression aSTMethodCallExpression = (ASTMethodCallExpression) abstractApexNode.getFirstChildOfType(ASTMethodCallExpression.class);
        if (aSTLiteralExpression != null && aSTVariableExpression != null) {
            Object literal = aSTLiteralExpression.getNode().getLiteral();
            if ((literal instanceof Integer) || (literal instanceof Boolean) || (literal instanceof Double)) {
                this.safeVariables.add(Helper.getFQVariableName(aSTVariableExpression));
            }
            if (literal instanceof String) {
                if (SELECT_PATTERN.matcher((String) literal).matches()) {
                    this.selectContainingVariables.put(Helper.getFQVariableName(aSTVariableExpression), Boolean.TRUE);
                } else {
                    this.safeVariables.add(Helper.getFQVariableName(aSTVariableExpression));
                }
            }
        }
        if (aSTMethodCallExpression == null || !Helper.isMethodName(aSTMethodCallExpression, STRING, ESCAPE_SINGLE_QUOTES) || aSTVariableExpression == null) {
            return;
        }
        this.safeVariables.add(Helper.getFQVariableName(aSTVariableExpression));
    }

    private void findSelectContainingVariables(AbstractApexNode<?> abstractApexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        ASTBinaryExpression aSTBinaryExpression = (ASTBinaryExpression) abstractApexNode.getFirstChildOfType(ASTBinaryExpression.class);
        if (aSTVariableExpression == null || aSTBinaryExpression == null) {
            return;
        }
        recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression);
    }

    private void recursivelyCheckForSelect(ASTVariableExpression aSTVariableExpression, ASTBinaryExpression aSTBinaryExpression) {
        ASTBinaryExpression aSTBinaryExpression2 = (ASTBinaryExpression) aSTBinaryExpression.getFirstChildOfType(ASTBinaryExpression.class);
        if (aSTBinaryExpression2 != null) {
            recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression2);
        }
        ASTVariableExpression aSTVariableExpression2 = (ASTVariableExpression) aSTBinaryExpression.getFirstChildOfType(ASTVariableExpression.class);
        boolean z = false;
        if (aSTVariableExpression2 != null && this.safeVariables.contains(Helper.getFQVariableName(aSTVariableExpression2))) {
            z = true;
        }
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) aSTBinaryExpression.getFirstChildOfType(ASTLiteralExpression.class);
        if (aSTLiteralExpression == null) {
            if (z) {
                return;
            }
            this.selectContainingVariables.put(Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
        } else {
            Object literal = aSTLiteralExpression.getNode().getLiteral();
            if ((literal instanceof String) && SELECT_PATTERN.matcher((String) literal).matches() && !z) {
                this.selectContainingVariables.put(Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
            }
        }
    }

    private void reportStrings(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        Iterator it = aSTMethodCallExpression.findChildrenOfType(ASTBinaryExpression.class).iterator();
        while (it.hasNext()) {
            for (ASTVariableExpression aSTVariableExpression : ((ASTBinaryExpression) it.next()).findDescendantsOfType(ASTVariableExpression.class)) {
                String fQVariableName = Helper.getFQVariableName(aSTVariableExpression);
                if (!this.selectContainingVariables.containsKey(fQVariableName) || !this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                    if (!this.safeVariables.contains(fQVariableName)) {
                        ASTMethodCallExpression aSTMethodCallExpression2 = (ASTMethodCallExpression) aSTVariableExpression.getFirstParentOfType(ASTMethodCallExpression.class);
                        if (!(Helper.isMethodName(aSTMethodCallExpression2, STRING, ESCAPE_SINGLE_QUOTES) || Helper.isMethodName(aSTMethodCallExpression2, STRING, JOIN))) {
                            addViolation(obj, aSTVariableExpression);
                        }
                    }
                }
            }
        }
    }

    private void reportVariables(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) aSTMethodCallExpression.getFirstChildOfType(ASTVariableExpression.class);
        if (aSTVariableExpression != null) {
            String fQVariableName = Helper.getFQVariableName(aSTVariableExpression);
            if (!this.selectContainingVariables.containsKey(fQVariableName) || this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                return;
            }
            addViolation(obj, aSTVariableExpression);
        }
    }
}
