package com.atlassian.xwork.interceptors;

import com.atlassian.xwork.ParameterSafe;
import com.opensymphony.xwork2.interceptor.ParametersInterceptor;
import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/xwork/interceptors/SafeParametersInterceptor.class */
public class SafeParametersInterceptor extends ParametersInterceptor {
    public static final Logger log = LoggerFactory.getLogger(SafeParametersInterceptor.class);
    private static final Pattern MAP_PARAMETER_PATTERN = Pattern.compile(".*\\['\\w+']");

    protected boolean isAcceptableParameter(String str, Object obj) {
        return super.isAcceptableParameter(str, obj) && isSafeComplexParameter(str, obj);
    }

    public static boolean isSafeComplexParameter(String str, Object obj) {
        if (!isComplexParameter(str)) {
            return true;
        }
        try {
            BeanInfo beanInfo = Introspector.getBeanInfo(obj.getClass());
            String extractOperatingParameterName = extractOperatingParameterName(str);
            for (PropertyDescriptor propertyDescriptor : beanInfo.getPropertyDescriptors()) {
                if (propertyDescriptor.getName().equals(extractOperatingParameterName)) {
                    if (isMethodDesignatedSafe(propertyDescriptor.getReadMethod())) {
                        return true;
                    }
                    log.warn("Attempt to call unsafe property setter {} on {}", str, obj);
                    return false;
                }
            }
            return false;
        } catch (IntrospectionException e) {
            log.warn("Error introspecting action parameter {} for action {}", new Object[]{str, obj, e});
            return false;
        }
    }

    private static boolean isComplexParameter(String str) {
        return str.contains(".") || MAP_PARAMETER_PATTERN.matcher(str).matches();
    }

    private static String extractOperatingParameterName(String str) {
        return (!str.contains("[") || (str.indexOf(".") > 0 && str.indexOf("[") > str.indexOf("."))) ? str.substring(0, str.indexOf(".")) : str.substring(0, str.indexOf("["));
    }

    private static boolean isMethodDesignatedSafe(Method method) {
        if (method == null) {
            return false;
        }
        return (method.getAnnotation(ParameterSafe.class) != null) || (method.getReturnType().getAnnotation(ParameterSafe.class) != null);
    }
}
