package net.sourceforge.pmd.lang.apex.rule.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.apex.ast.ASTAssignmentExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTBinaryExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTFieldDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTLiteralExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTMethod;
import net.sourceforge.pmd.lang.apex.ast.ASTMethodCallExpression;
import net.sourceforge.pmd.lang.apex.ast.ASTParameter;
import net.sourceforge.pmd.lang.apex.ast.ASTStandardCondition;
import net.sourceforge.pmd.lang.apex.ast.ASTUserClass;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableDeclaration;
import net.sourceforge.pmd.lang.apex.ast.ASTVariableExpression;
import net.sourceforge.pmd.lang.apex.ast.AbstractApexNode;
import net.sourceforge.pmd.lang.apex.ast.AccessNode;
import net.sourceforge.pmd.lang.apex.rule.AbstractApexRule;

/* loaded from: input_file:net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.class */
public class ApexSOQLInjectionRule extends AbstractApexRule {
    private static final String DOUBLE = "double";
    private static final String LONG = "long";
    private static final String DECIMAL = "decimal";
    private static final String BOOLEAN = "boolean";
    private static final String ID = "id";
    private static final String INTEGER = "integer";
    private static final String JOIN = "join";
    private static final String ESCAPE_SINGLE_QUOTES = "escapeSingleQuotes";
    private static final String STRING = "String";
    private static final String DATABASE = "Database";
    private static final String QUERY = "query";
    private static final Pattern SELECT_PATTERN = Pattern.compile("^select[\\s]+?.*?$", 2);
    private final Set<String> safeVariables = new HashSet();
    private final Map<String, Boolean> selectContainingVariables = new HashMap();

    public ApexSOQLInjectionRule() {
        setProperty(CODECLIMATE_CATEGORIES, new String[]{"Security"});
        setProperty(CODECLIMATE_REMEDIATION_MULTIPLIER, 100);
        setProperty(CODECLIMATE_BLOCK_HIGHLIGHTING, false);
    }

    @Override // net.sourceforge.pmd.lang.apex.rule.AbstractApexRule, net.sourceforge.pmd.lang.apex.ast.ApexParserVisitor
    public Object visit(ASTUserClass aSTUserClass, Object obj) {
        if (net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(aSTUserClass) || net.sourceforge.pmd.lang.apex.rule.internal.Helper.isSystemLevelClass(aSTUserClass)) {
            return obj;
        }
        Iterator it = aSTUserClass.findDescendantsOfType(ASTMethod.class).iterator();
        while (it.hasNext()) {
            findSafeVariablesInSignature((ASTMethod) it.next());
        }
        for (ASTFieldDeclaration aSTFieldDeclaration : aSTUserClass.findDescendantsOfType(ASTFieldDeclaration.class)) {
            findSanitizedVariables(aSTFieldDeclaration);
            findSelectContainingVariables(aSTFieldDeclaration);
        }
        for (ASTVariableDeclaration aSTVariableDeclaration : aSTUserClass.findDescendantsOfType(ASTVariableDeclaration.class)) {
            findSanitizedVariables(aSTVariableDeclaration);
            findSelectContainingVariables(aSTVariableDeclaration);
        }
        for (ASTAssignmentExpression aSTAssignmentExpression : aSTUserClass.findDescendantsOfType(ASTAssignmentExpression.class)) {
            findSanitizedVariables(aSTAssignmentExpression);
            findSelectContainingVariables(aSTAssignmentExpression);
        }
        for (ASTMethodCallExpression aSTMethodCallExpression : aSTUserClass.findDescendantsOfType(ASTMethodCallExpression.class)) {
            if (!net.sourceforge.pmd.lang.apex.rule.internal.Helper.isTestMethodOrClass(aSTMethodCallExpression) && net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression, DATABASE, QUERY)) {
                reportStrings(aSTMethodCallExpression, obj);
                reportVariables(aSTMethodCallExpression, obj);
            }
        }
        this.safeVariables.clear();
        this.selectContainingVariables.clear();
        return obj;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0033. Please report as an issue. */
    private void findSafeVariablesInSignature(ASTMethod aSTMethod) {
        for (ASTParameter aSTParameter : aSTMethod.findChildrenOfType(ASTParameter.class)) {
            String lowerCase = aSTParameter.getType().toLowerCase(Locale.ROOT);
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1325958191:
                    if (lowerCase.equals(DOUBLE)) {
                        z = 5;
                        break;
                    }
                    break;
                case 3355:
                    if (lowerCase.equals(ID)) {
                        z = false;
                        break;
                    }
                    break;
                case 3327612:
                    if (lowerCase.equals(LONG)) {
                        z = 4;
                        break;
                    }
                    break;
                case 64711720:
                    if (lowerCase.equals(BOOLEAN)) {
                        z = 2;
                        break;
                    }
                    break;
                case 1542263633:
                    if (lowerCase.equals(DECIMAL)) {
                        z = 3;
                        break;
                    }
                    break;
                case 1958052158:
                    if (lowerCase.equals(INTEGER)) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case AccessNode.PUBLIC /* 1 */:
                case AccessNode.PRIVATE /* 2 */:
                case true:
                case AccessNode.PROTECTED /* 4 */:
                case true:
                    this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTParameter));
                    break;
            }
        }
    }

    private void findSanitizedVariables(AbstractApexNode<?> abstractApexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) abstractApexNode.getFirstChildOfType(ASTLiteralExpression.class);
        ASTMethodCallExpression aSTMethodCallExpression = (ASTMethodCallExpression) abstractApexNode.getFirstChildOfType(ASTMethodCallExpression.class);
        if (aSTLiteralExpression != null && aSTVariableExpression != null) {
            if (aSTLiteralExpression.isInteger() || aSTLiteralExpression.isBoolean() || aSTLiteralExpression.isDouble()) {
                this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression));
            }
            if (aSTLiteralExpression.isString()) {
                if (SELECT_PATTERN.matcher(aSTLiteralExpression.getImage()).matches()) {
                    this.selectContainingVariables.put(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression), Boolean.TRUE);
                } else {
                    this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression));
                }
            }
        }
        if (aSTMethodCallExpression != null && net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression, STRING, ESCAPE_SINGLE_QUOTES) && aSTVariableExpression != null) {
            this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression));
        }
        if (abstractApexNode instanceof ASTVariableDeclaration) {
            String lowerCase = ((ASTVariableDeclaration) abstractApexNode).getType().toLowerCase(Locale.ROOT);
            boolean z = -1;
            switch (lowerCase.hashCode()) {
                case -1325958191:
                    if (lowerCase.equals(DOUBLE)) {
                        z = 5;
                        break;
                    }
                    break;
                case 3355:
                    if (lowerCase.equals(ID)) {
                        z = true;
                        break;
                    }
                    break;
                case 3327612:
                    if (lowerCase.equals(LONG)) {
                        z = 4;
                        break;
                    }
                    break;
                case 64711720:
                    if (lowerCase.equals(BOOLEAN)) {
                        z = 2;
                        break;
                    }
                    break;
                case 1542263633:
                    if (lowerCase.equals(DECIMAL)) {
                        z = 3;
                        break;
                    }
                    break;
                case 1958052158:
                    if (lowerCase.equals(INTEGER)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case AccessNode.PUBLIC /* 1 */:
                case AccessNode.PRIVATE /* 2 */:
                case true:
                case AccessNode.PROTECTED /* 4 */:
                case true:
                    this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression));
                    return;
                default:
                    return;
            }
        }
    }

    private void findSelectContainingVariables(AbstractApexNode<?> abstractApexNode) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) abstractApexNode.getFirstChildOfType(ASTVariableExpression.class);
        ASTBinaryExpression aSTBinaryExpression = (ASTBinaryExpression) abstractApexNode.getFirstChildOfType(ASTBinaryExpression.class);
        if (aSTVariableExpression == null || aSTBinaryExpression == null) {
            return;
        }
        recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression);
    }

    private void recursivelyCheckForSelect(ASTVariableExpression aSTVariableExpression, ASTBinaryExpression aSTBinaryExpression) {
        ASTBinaryExpression aSTBinaryExpression2 = (ASTBinaryExpression) aSTBinaryExpression.getFirstChildOfType(ASTBinaryExpression.class);
        if (aSTBinaryExpression2 != null) {
            recursivelyCheckForSelect(aSTVariableExpression, aSTBinaryExpression2);
        }
        ASTVariableExpression aSTVariableExpression2 = (ASTVariableExpression) aSTBinaryExpression.getFirstChildOfType(ASTVariableExpression.class);
        boolean z = false;
        if (aSTVariableExpression2 != null && this.safeVariables.contains(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression2))) {
            z = true;
        }
        ASTMethodCallExpression aSTMethodCallExpression = (ASTMethodCallExpression) aSTBinaryExpression.getFirstChildOfType(ASTMethodCallExpression.class);
        if (aSTMethodCallExpression != null && net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression, STRING, ESCAPE_SINGLE_QUOTES)) {
            z = true;
        }
        ASTLiteralExpression aSTLiteralExpression = (ASTLiteralExpression) aSTBinaryExpression.getFirstChildOfType(ASTLiteralExpression.class);
        if (aSTLiteralExpression == null) {
            if (z) {
                return;
            }
            this.selectContainingVariables.put(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
        } else if (aSTLiteralExpression.isString() && SELECT_PATTERN.matcher(aSTLiteralExpression.getImage()).matches()) {
            if (z) {
                this.safeVariables.add(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression));
            } else {
                this.selectContainingVariables.put(net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression), Boolean.FALSE);
            }
        }
    }

    private void reportStrings(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        HashSet hashSet = new HashSet();
        Iterator it = aSTMethodCallExpression.findDescendantsOfType(ASTStandardCondition.class).iterator();
        while (it.hasNext()) {
            hashSet.addAll(((ASTStandardCondition) it.next()).findDescendantsOfType(ASTVariableExpression.class));
        }
        Iterator it2 = aSTMethodCallExpression.findChildrenOfType(ASTBinaryExpression.class).iterator();
        while (it2.hasNext()) {
            for (ASTVariableExpression aSTVariableExpression : ((ASTBinaryExpression) it2.next()).findDescendantsOfType(ASTVariableExpression.class)) {
                String fQVariableName = net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression);
                if (!this.selectContainingVariables.containsKey(fQVariableName) || !this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                    if (!hashSet.contains(aSTVariableExpression) && !this.safeVariables.contains(fQVariableName)) {
                        ASTMethodCallExpression aSTMethodCallExpression2 = (ASTMethodCallExpression) aSTVariableExpression.getFirstParentOfType(ASTMethodCallExpression.class);
                        if (!(net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression2, STRING, ESCAPE_SINGLE_QUOTES) || net.sourceforge.pmd.lang.apex.rule.internal.Helper.isMethodName(aSTMethodCallExpression2, STRING, JOIN))) {
                            addViolation(obj, aSTVariableExpression);
                        }
                    }
                }
            }
        }
    }

    private void reportVariables(ASTMethodCallExpression aSTMethodCallExpression, Object obj) {
        ASTVariableExpression aSTVariableExpression = (ASTVariableExpression) aSTMethodCallExpression.getFirstChildOfType(ASTVariableExpression.class);
        if (aSTVariableExpression != null) {
            String fQVariableName = net.sourceforge.pmd.lang.apex.rule.internal.Helper.getFQVariableName(aSTVariableExpression);
            if (!this.selectContainingVariables.containsKey(fQVariableName) || this.selectContainingVariables.get(fQVariableName).booleanValue()) {
                return;
            }
            addViolation(obj, aSTVariableExpression);
        }
    }
}
