package com.atlassian.bitbucket.internal.secretscanning.rules;

import com.atlassian.bitbucket.internal.secretscanning.scan.SecretLocation;
import com.atlassian.bitbucket.repository.Repository;
import com.atlassian.bitbucket.util.BuilderSupport;
import com.google.common.collect.ImmutableList;
import com.google.re2j.Matcher;
import com.google.re2j.Pattern;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/rules/SecretScanningRule.class */
public class SecretScanningRule {
    private static final double LOG_2 = Math.log(2.0d);
    private final SecretScanningAllowlist allowlist;
    private final String description;
    private final Double entropy;
    private final String id;
    private final Pattern regex;
    private final int secretGroup;
    private final List<String> tags;
    private final Pattern path;

    /* loaded from: input_file:com/atlassian/bitbucket/internal/secretscanning/rules/SecretScanningRule$Builder.class */
    public static class Builder extends BuilderSupport {
        private final String id;
        private final ImmutableList.Builder<String> tags = new ImmutableList.Builder<>();
        private SecretScanningAllowlist allowlist;
        private String description;
        private String regex;
        private String path;
        private Double entropy;
        private Integer secretGroup;

        public Builder(String str) {
            this.id = requireNonBlank(str, "id");
        }

        public Builder allowlist(@Nullable SecretScanningAllowlist secretScanningAllowlist) {
            this.allowlist = secretScanningAllowlist;
            return this;
        }

        public SecretScanningRule build() {
            if (this.regex == null && this.path == null) {
                throw new IllegalArgumentException("A regex or path must be provided.");
            }
            if (this.secretGroup != null && this.regex == null) {
                throw new IllegalArgumentException("A secret group can only be provided if there is a regex.");
            }
            if (this.entropy == null || this.regex != null) {
                return new SecretScanningRule(this);
            }
            throw new IllegalArgumentException("The entropy can only be provided if there is a regex.");
        }

        public Builder description(@Nullable String str) {
            this.description = StringUtils.stripToNull(str);
            return this;
        }

        public Builder entropy(@Nullable Double d) {
            this.entropy = d;
            return this;
        }

        public Builder path(@Nullable String str) {
            this.path = StringUtils.stripToNull(str);
            return this;
        }

        public Builder regex(@Nullable String str) {
            this.regex = StringUtils.stripToNull(str);
            return this;
        }

        public Builder secretGroup(@Nullable Integer num) {
            this.secretGroup = num;
            return this;
        }

        public Builder tag(@Nullable String str) {
            if (StringUtils.isNotBlank(StringUtils.stripToNull(str))) {
                this.tags.add(str);
            }
            return this;
        }
    }

    private SecretScanningRule(Builder builder) {
        this.allowlist = builder.allowlist;
        this.description = builder.description;
        this.entropy = builder.entropy;
        this.id = builder.id;
        this.path = builder.path == null ? null : Pattern.compile(builder.path);
        this.regex = builder.regex == null ? null : Pattern.compile(builder.regex);
        this.secretGroup = builder.secretGroup == null ? 0 : builder.secretGroup.intValue();
        this.tags = builder.tags.build();
    }

    public Optional<String> getDescription() {
        return Optional.ofNullable(this.description);
    }

    public String getId() {
        return this.id;
    }

    public List<String> getTags() {
        return this.tags;
    }

    @Nullable
    public SecretLocation matches(Repository repository, int i, String str, CharSequence charSequence, CharSequence charSequence2) {
        if (this.allowlist != null && this.allowlist.containsCommit(str)) {
            return null;
        }
        if (this.path != null && !this.path.matcher(charSequence2).matches()) {
            return null;
        }
        if (this.regex != null) {
            Matcher matcher = this.regex.matcher(charSequence);
            if (!matcher.matches()) {
                return null;
            }
            if (this.entropy != null && calculateEntropy(matcher) <= this.entropy.doubleValue()) {
                return null;
            }
        }
        if (isAllowed(charSequence2, charSequence)) {
            return null;
        }
        return new SecretLocation(repository, str, i, charSequence2.toString(), this.id, this.description);
    }

    Optional<SecretScanningAllowlist> getAllowlist() {
        return Optional.ofNullable(this.allowlist);
    }

    Optional<Double> getEntropy() {
        return Optional.ofNullable(this.entropy);
    }

    Optional<Pattern> getPath() {
        return Optional.ofNullable(this.path);
    }

    Optional<Pattern> getRegex() {
        return Optional.ofNullable(this.regex);
    }

    int getSecretGroup() {
        return this.secretGroup;
    }

    private double calculateEntropy(Matcher matcher) {
        Map map = (Map) matcher.group(getSecretGroup()).chars().mapToObj(i -> {
            return Character.valueOf((char) i);
        }).collect(Collectors.groupingBy(ch -> {
            return ch;
        }, Collectors.counting()));
        return map.values().stream().map(l -> {
            double longValue = l.longValue() / map.size();
            return Double.valueOf((-longValue) * (Math.log(longValue) / LOG_2));
        }).mapToDouble((v0) -> {
            return v0.doubleValue();
        }).sum();
    }

    private boolean isAllowed(CharSequence charSequence, CharSequence charSequence2) {
        if (this.allowlist == null) {
            return false;
        }
        return this.allowlist.getPaths().stream().anyMatch(pattern -> {
            return pattern.matcher(charSequence).matches();
        }) || this.allowlist.getRegexes().stream().anyMatch(pattern2 -> {
            return pattern2.matcher(charSequence2).matches();
        });
    }
}
