package io.jenkins.plugins.safebatch;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.EnvVars;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.Launcher;
import hudson.model.Descriptor;
import hudson.model.Run;
import hudson.tasks.BatchFile;
import io.jenkins.plugins.environment_filter_utils.matchers.run.RunMatcher;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.filters.EnvVarsFilterException;
import jenkins.tasks.filters.EnvVarsFilterGlobalRule;
import jenkins.tasks.filters.EnvVarsFilterRuleContext;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.jvnet.localizer.Localizable;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:io/jenkins/plugins/safebatch/BatchSanitizerGlobalRule.class */
public class BatchSanitizerGlobalRule implements EnvVarsFilterGlobalRule {
    private static final Logger LOGGER = Logger.getLogger(BatchSanitizerGlobalRule.class.getName());

    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "Accessible via System Groovy Scripts")
    private static String DANGEROUS_CHARACTERS = System.getProperty(BatchSanitizerGlobalRule.class.getName() + ".DANGEROUS_CHARACTERS", "|^&%\"<>");
    private EnvironmentSanitizerStandardMode mode = EnvironmentSanitizerStandardMode.FAIL;
    private List<RunMatcher> jobExclusionList = new ArrayList();

    @Extension(ordinal = 1000.0d)
    @Symbol({"batchSanitizer"})
    /* loaded from: input_file:io/jenkins/plugins/safebatch/BatchSanitizerGlobalRule$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<EnvVarsFilterGlobalRule> {
        public static final int ORDER = 1000;

        public DescriptorImpl() {
            load();
        }

        @Nonnull
        public String getDisplayName() {
            return Messages.BatchSanitizerGlobalRule_DisplayName();
        }

        public static ExtensionList<Descriptor<RunMatcher>> getAllJobExclusions() {
            return Jenkins.get().getDescriptorList(RunMatcher.class);
        }
    }

    /* loaded from: input_file:io/jenkins/plugins/safebatch/BatchSanitizerGlobalRule$EnvironmentSanitizerStandardMode.class */
    public enum EnvironmentSanitizerStandardMode {
        FAIL(Messages._DangerousCharacterMode_FAIL()) { // from class: io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode.1
            @Override // io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode
            public boolean actOnDangerousVariable(BatchSanitizerGlobalRule batchSanitizerGlobalRule, EnvVars envVars, String str, String str2, String str3, EnvVarsFilterRuleContext envVarsFilterRuleContext) throws EnvVarsFilterException {
                EnvironmentSanitizerStandardMode.jobAndSystemLog(String.format("%s: Unsafe environment variable %s: Metacharacter [%s] present, failing this build step", batchSanitizerGlobalRule.getDescriptor().getDisplayName(), str, str3), envVarsFilterRuleContext, Level.FINE);
                throw new EnvVarsFilterException("Failing the build step").withVariable(str).withRule(batchSanitizerGlobalRule);
            }
        },
        REPLACE(Messages._DangerousCharacterMode_REPLACE()) { // from class: io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode.2
            @Override // io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode
            public boolean actOnDangerousVariable(BatchSanitizerGlobalRule batchSanitizerGlobalRule, EnvVars envVars, String str, String str2, String str3, EnvVarsFilterRuleContext envVarsFilterRuleContext) {
                envVars.put(str, "REDACTED");
                EnvironmentSanitizerStandardMode.jobAndSystemLog(String.format("%s: Unsafe environment variable %s: Metacharacter [%s] present, replaced value with: REDACTED", batchSanitizerGlobalRule.getDescriptor().getDisplayName(), str, str3), envVarsFilterRuleContext, Level.FINE);
                return true;
            }
        },
        WARN(Messages._DangerousCharacterMode_WARN()) { // from class: io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode.3
            @Override // io.jenkins.plugins.safebatch.BatchSanitizerGlobalRule.EnvironmentSanitizerStandardMode
            public boolean actOnDangerousVariable(BatchSanitizerGlobalRule batchSanitizerGlobalRule, EnvVars envVars, String str, String str2, String str3, EnvVarsFilterRuleContext envVarsFilterRuleContext) {
                EnvironmentSanitizerStandardMode.jobAndSystemLog(String.format("%s: Unsafe environment variable %s: Metacharacter [%s] present", batchSanitizerGlobalRule.getDescriptor().getDisplayName(), str, str3), envVarsFilterRuleContext, Level.WARNING);
                return false;
            }
        };

        public final Localizable label;

        EnvironmentSanitizerStandardMode(Localizable localizable) {
            this.label = localizable;
        }

        public static EnvironmentSanitizerStandardMode getDefault() {
            return FAIL;
        }

        public abstract boolean actOnDangerousVariable(BatchSanitizerGlobalRule batchSanitizerGlobalRule, EnvVars envVars, String str, String str2, String str3, EnvVarsFilterRuleContext envVarsFilterRuleContext) throws EnvVarsFilterException;

        /* JADX INFO: Access modifiers changed from: private */
        public static void jobAndSystemLog(@Nonnull String str, @Nonnull EnvVarsFilterRuleContext envVarsFilterRuleContext, @Nonnull Level level) {
            envVarsFilterRuleContext.getTaskListener().getLogger().println(str);
            BatchSanitizerGlobalRule.LOGGER.log(level, str);
        }
    }

    @DataBoundConstructor
    public BatchSanitizerGlobalRule() {
    }

    @DataBoundSetter
    public void setMode(@Nonnull EnvironmentSanitizerStandardMode environmentSanitizerStandardMode) {
        this.mode = environmentSanitizerStandardMode;
    }

    @Nonnull
    public EnvironmentSanitizerStandardMode getMode() {
        return this.mode;
    }

    @DataBoundSetter
    public void setJobExclusionList(List<RunMatcher> list) {
        this.jobExclusionList = list;
    }

    public List<RunMatcher> getJobExclusionList() {
        return this.jobExclusionList;
    }

    public boolean isApplicable(@CheckForNull Run<?, ?> run, @Nonnull Object obj, @Nonnull Launcher launcher) {
        if (run == null || !this.jobExclusionList.stream().anyMatch(runMatcher -> {
            return runMatcher.test(run);
        })) {
            return (obj instanceof BatchFile) || obj.getClass().getName().equals("org.jenkinsci.plugins.workflow.steps.durable_task.BatchScriptStep");
        }
        LOGGER.log(Level.CONFIG, "Not applicable because the job {0} is excluded.", run.getParent().getFullName());
        return false;
    }

    public void filter(@Nonnull EnvVars envVars, @Nonnull EnvVarsFilterRuleContext envVarsFilterRuleContext) throws EnvVarsFilterException {
        String str = DANGEROUS_CHARACTERS;
        if (StringUtils.isBlank(str)) {
            return;
        }
        analyzeVariables(str.split(""), envVars, this.mode, envVarsFilterRuleContext);
    }

    private void analyzeVariables(String[] strArr, EnvVars envVars, EnvironmentSanitizerStandardMode environmentSanitizerStandardMode, @Nonnull EnvVarsFilterRuleContext envVarsFilterRuleContext) throws EnvVarsFilterException {
        Map map = EnvVars.masterEnvVars;
        for (Map.Entry entry : envVars.entrySet()) {
            String str = (String) entry.getKey();
            String str2 = (String) entry.getValue();
            String str3 = (String) map.get(str);
            if (str3 == null || !str3.equals(str2)) {
                analyzeSingleVariable(strArr, envVars, environmentSanitizerStandardMode, envVarsFilterRuleContext, str, str2);
            }
        }
    }

    private void analyzeSingleVariable(String[] strArr, EnvVars envVars, EnvironmentSanitizerStandardMode environmentSanitizerStandardMode, @Nonnull EnvVarsFilterRuleContext envVarsFilterRuleContext, String str, String str2) throws EnvVarsFilterException {
        boolean z = false;
        for (int i = 0; i < strArr.length && !z; i++) {
            String str3 = strArr[i];
            if (str2.contains(str3)) {
                z = environmentSanitizerStandardMode.actOnDangerousVariable(this, envVars, str, str2, str3, envVarsFilterRuleContext);
            }
        }
    }
}
