package org.sonar.java.checks.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.java.EndOfAnalysisCheck;
import org.sonar.java.model.DefaultJavaFileScannerContext;
import org.sonar.java.model.ExpressionUtils;
import org.sonar.java.reporting.AnalyzerMessage;
import org.sonar.plugins.java.api.IssuableSubscriptionVisitor;
import org.sonar.plugins.java.api.semantic.MethodMatchers;
import org.sonar.plugins.java.api.tree.ExpressionTree;
import org.sonar.plugins.java.api.tree.IdentifierTree;
import org.sonar.plugins.java.api.tree.MemberSelectExpressionTree;
import org.sonar.plugins.java.api.tree.MethodInvocationTree;
import org.sonar.plugins.java.api.tree.NewClassTree;
import org.sonar.plugins.java.api.tree.Tree;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/sonar-java-plugin-7.7.0.28547.jar:org/sonar/java/checks/security/ExcessiveContentRequestCheck.class
 */
@Rule(key = "S5693")
/* loaded from: input_file:WEB-INF/lib/java-checks-7.7.0.28547.jar:org/sonar/java/checks/security/ExcessiveContentRequestCheck.class */
public class ExcessiveContentRequestCheck extends IssuableSubscriptionVisitor implements EndOfAnalysisCheck {
    private static final long BYTES_PER_KB = 1024;
    private static final long BYTES_PER_MB = 1048576;
    private static final long BYTES_PER_GB = 1073741824;
    private static final long BYTES_PER_TB = 1099511627776L;
    private static final long DEFAULT_MAX = 8388608;
    private static final String MESSAGE_EXCEED_SIZE = "The content length limit of %d bytes is greater than the defined limit of %d; make sure it is safe here.";
    private static final String MESSAGE_SIZE_NOT_SET = "Make sure not setting any maximum content length limit is safe here.";
    private static final Pattern DATA_SIZE_PATTERN = Pattern.compile("^([+\\-]?\\d+)([a-zA-Z]{0,2})$");
    private static final String MULTIPART_RESOLVER = "org.springframework.web.multipart.commons.CommonsMultipartResolver";
    private static final String MULTIPART_CONFIG = "org.springframework.boot.web.servlet.MultipartConfigFactory";
    private static final MethodMatchers METHODS_SETTING_MAX_SIZE = MethodMatchers.or(MethodMatchers.create().ofSubTypes(MULTIPART_RESOLVER).names("setMaxUploadSize").addParametersMatcher(SchemaSymbols.ATTVAL_LONG).build(), MethodMatchers.create().ofSubTypes(MULTIPART_CONFIG).names("setMaxFileSize", "setMaxRequestSize").addParametersMatcher(SchemaSymbols.ATTVAL_LONG).addParametersMatcher("java.lang.String").build());
    private static final MethodMatchers MULTIPART_CONSTRUCTOR = MethodMatchers.create().ofSubTypes(MULTIPART_RESOLVER, MULTIPART_CONFIG).constructor().withAnyParameters().build();
    private static final String DATA_SIZE = "org.springframework.util.unit.DataSize";
    private static final MethodMatchers DATA_SIZE_OF_SOMETHING = MethodMatchers.create().ofSubTypes(DATA_SIZE).name(str -> {
        return str.startsWith("of");
    }).addParametersMatcher(SchemaSymbols.ATTVAL_LONG).build();
    private static final MethodMatchers DATA_SIZE_WITH_UNIT = MethodMatchers.create().ofSubTypes(DATA_SIZE).names("parse", "of").addParametersMatcher("*", "org.springframework.util.unit.DataUnit").build();
    private static final MethodMatchers DATA_SIZE_PARSE = MethodMatchers.create().ofSubTypes(DATA_SIZE).names("parse").addParametersMatcher("java.lang.CharSequence").build();

    @RuleProperty(key = "fileUploadSizeLimit", description = "The maximum size of HTTP requests handling file uploads (in bytes).", defaultValue = "8388608")
    public long fileUploadSizeLimit = 8388608;
    private final List<AnalyzerMessage> multipartConstructorIssues = new ArrayList();
    private boolean sizeSetSomewhere = false;

    @Override // org.sonar.java.EndOfAnalysisCheck
    public void endOfAnalysis() {
        if (!this.sizeSetSomewhere && this.context != null) {
            DefaultJavaFileScannerContext defaultJavaFileScannerContext = (DefaultJavaFileScannerContext) this.context;
            List<AnalyzerMessage> list = this.multipartConstructorIssues;
            Objects.requireNonNull(defaultJavaFileScannerContext);
            list.forEach(defaultJavaFileScannerContext::reportIssue);
        }
        this.multipartConstructorIssues.clear();
        this.sizeSetSomewhere = false;
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public List<Tree.Kind> nodesToVisit() {
        return Arrays.asList(Tree.Kind.METHOD_INVOCATION, Tree.Kind.NEW_CLASS);
    }

    @Override // org.sonar.java.ast.visitors.SubscriptionVisitor
    public void visitNode(Tree tree) {
        DefaultJavaFileScannerContext defaultJavaFileScannerContext = (DefaultJavaFileScannerContext) this.context;
        if (tree.is(Tree.Kind.NEW_CLASS)) {
            NewClassTree newClassTree = (NewClassTree) tree;
            if (MULTIPART_CONSTRUCTOR.matches(newClassTree)) {
                this.multipartConstructorIssues.add(defaultJavaFileScannerContext.createAnalyzerMessage(this, newClassTree, MESSAGE_SIZE_NOT_SET));
                return;
            }
            return;
        }
        MethodInvocationTree methodInvocationTree = (MethodInvocationTree) tree;
        if (METHODS_SETTING_MAX_SIZE.matches(methodInvocationTree)) {
            this.sizeSetSomewhere = true;
            Optional<U> map = getIfExceedSize((ExpressionTree) methodInvocationTree.arguments().get(0)).map(l -> {
                return defaultJavaFileScannerContext.createAnalyzerMessage(this, methodInvocationTree, String.format(MESSAGE_EXCEED_SIZE, l, Long.valueOf(this.fileUploadSizeLimit)));
            });
            Objects.requireNonNull(defaultJavaFileScannerContext);
            map.ifPresent(defaultJavaFileScannerContext::reportIssue);
        }
    }

    private Optional<Long> getIfExceedSize(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.METHOD_INVOCATION) ? getSizeFromDataSize((MethodInvocationTree) expressionTree).filter(l -> {
            return l.longValue() > this.fileUploadSizeLimit;
        }) : getNumberOfBytes(expressionTree).filter(l2 -> {
            return l2.longValue() > this.fileUploadSizeLimit;
        });
    }

    private static Optional<Long> getSizeFromDataSize(MethodInvocationTree methodInvocationTree) {
        if (DATA_SIZE_PARSE.matches(methodInvocationTree)) {
            return getNumberOfBytes((ExpressionTree) methodInvocationTree.arguments().get(0));
        }
        if (DATA_SIZE_OF_SOMETHING.matches(methodInvocationTree)) {
            return getNumberOfBytes((ExpressionTree) methodInvocationTree.arguments().get(0)).map(l -> {
                return Long.valueOf(l.longValue() * getMultiplierFromName(ExpressionUtils.methodName(methodInvocationTree).name()).longValue());
            });
        }
        if (DATA_SIZE_WITH_UNIT.matches(methodInvocationTree)) {
            Optional<U> map = getIdentifierName((ExpressionTree) methodInvocationTree.arguments().get(1)).map(ExcessiveContentRequestCheck::getMultiplierFromName);
            if (map.isPresent()) {
                return getNumberOfBytes((ExpressionTree) methodInvocationTree.arguments().get(0)).map(l2 -> {
                    return Long.valueOf(l2.longValue() * ((Long) map.get()).longValue());
                });
            }
        }
        return Optional.empty();
    }

    private static Optional<Long> getNumberOfBytes(ExpressionTree expressionTree) {
        Optional asConstant = expressionTree.asConstant(Integer.class);
        if (asConstant.isPresent()) {
            return Optional.of(Long.valueOf(((Integer) asConstant.get()).longValue()));
        }
        Optional asConstant2 = expressionTree.asConstant(String.class);
        return asConstant2.isPresent() ? getLongValueFromString((String) asConstant2.get()) : expressionTree.asConstant(Long.class);
    }

    private static Optional<Long> getLongValueFromString(String str) {
        Matcher matcher = DATA_SIZE_PATTERN.matcher(str);
        return matcher.matches() ? Optional.of(Long.valueOf(Long.parseLong(matcher.group(1)) * getMultiplierFromName(matcher.group(2)).longValue())) : Optional.empty();
    }

    private static Long getMultiplierFromName(String str) {
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1687559016:
                if (upperCase.equals("OFGIGABYTES")) {
                    z = 6;
                    break;
                }
                break;
            case -1227377895:
                if (upperCase.equals("MEGABYTES")) {
                    z = 4;
                    break;
                }
                break;
            case -918331404:
                if (upperCase.equals("OFTERABYTES")) {
                    z = 9;
                    break;
                }
                break;
            case -591278961:
                if (upperCase.equals("GIGABYTES")) {
                    z = 7;
                    break;
                }
                break;
            case 2267:
                if (upperCase.equals("GB")) {
                    z = 8;
                    break;
                }
                break;
            case 2391:
                if (upperCase.equals("KB")) {
                    z = 2;
                    break;
                }
                break;
            case 2453:
                if (upperCase.equals("MB")) {
                    z = 5;
                    break;
                }
                break;
            case 2670:
                if (upperCase.equals("TB")) {
                    z = 11;
                    break;
                }
                break;
            case 177948651:
                if (upperCase.equals("TERABYTES")) {
                    z = 10;
                    break;
                }
                break;
            case 215916947:
                if (upperCase.equals("OFKILOBYTES")) {
                    z = false;
                    break;
                }
                break;
            case 1312197002:
                if (upperCase.equals("KILOBYTES")) {
                    z = true;
                    break;
                }
                break;
            case 1971309346:
                if (upperCase.equals("OFMEGABYTES")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
                return 1024L;
            case true:
            case true:
            case true:
                return 1048576L;
            case true:
            case true:
            case true:
                return 1073741824L;
            case true:
            case true:
            case true:
                return 1099511627776L;
            default:
                return 1L;
        }
    }

    private static Optional<String> getIdentifierName(ExpressionTree expressionTree) {
        return expressionTree.is(Tree.Kind.IDENTIFIER) ? Optional.of(((IdentifierTree) expressionTree).name()) : expressionTree.is(Tree.Kind.MEMBER_SELECT) ? Optional.of(((MemberSelectExpressionTree) expressionTree).identifier().name()) : Optional.empty();
    }
}
