package org.openrewrite.java.security;

import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.jetbrains.annotations.NotNull;
import org.openrewrite.Cursor;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Recipe;
import org.openrewrite.SourceFile;
import org.openrewrite.Tree;
import org.openrewrite.TreeVisitor;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.JavaTemplate;
import org.openrewrite.java.JavaVisitor;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.cleanup.RemoveUnusedLocalVariables;
import org.openrewrite.java.dataflow.Dataflow;
import org.openrewrite.java.dataflow.LocalFlowSpec;
import org.openrewrite.java.dataflow.internal.InvocationMatcher;
import org.openrewrite.java.search.UsesAllMethods;
import org.openrewrite.java.security.ZipSlip;
import org.openrewrite.java.security.internal.CursorUtil;
import org.openrewrite.java.security.internal.FileSeparatorUtil;
import org.openrewrite.java.tree.Expression;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaSourceFile;
import org.openrewrite.java.tree.JavaType;

/* loaded from: input_file:org/openrewrite/java/security/PartialPathTraversalVulnerability.class */
public class PartialPathTraversalVulnerability extends Recipe {
    private static final MethodMatcher getCanonicalPathMatcher = new MethodMatcher("java.io.File getCanonicalPath()");
    private static final MethodMatcher startsWithMatcher = new MethodMatcher("java.lang.String startsWith(java.lang.String)");
    private static final InvocationMatcher startsWithInvocationMatcher = InvocationMatcher.fromInvocationMatchers(new MethodMatcher[]{startsWithMatcher});

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openrewrite/java/security/PartialPathTraversalVulnerability$PartialPathTraversalVulnerabilityVisitor.class */
    public static class PartialPathTraversalVulnerabilityVisitor<P> extends JavaIsoVisitor<P> {
        private final JavaTemplate toPathGetCanonicalFileTemplate = JavaTemplate.builder(this::getCursor, "#{any(java.io.File)}.getCanonicalFile().toPath()").build();
        private final JavaTemplate pathStartsWithPathTemplate = JavaTemplate.builder(this::getCursor, "#{any(java.nio.file.Path)}.startsWith(#{any(java.nio.file.Path)})").build();
        private final JavaTemplate pathStartsWithStringTemplate = JavaTemplate.builder(this::getCursor, "#{any(java.nio.file.Path)}.startsWith(#{any(String)})").build();
        private final JavaTemplate pathCreationNormalizeTemplate = JavaTemplate.builder(this::getCursor, "Paths.get(#{any(String)}).normalize()").imports(new String[]{"java.nio.file.Paths"}).build();
        static final /* synthetic */ boolean $assertionsDisabled;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/openrewrite/java/security/PartialPathTraversalVulnerability$PartialPathTraversalVulnerabilityVisitor$ExpressionWithTry.class */
        public static final class ExpressionWithTry {
            private final Expression expression;

            @Nullable
            private final J.Try maybeTryStatement;

            public ExpressionWithTry(Expression expression, J.Try r5) {
                this.expression = expression;
                this.maybeTryStatement = r5;
            }

            public Expression getExpression() {
                return this.expression;
            }

            public J.Try getMaybeTryStatement() {
                return this.maybeTryStatement;
            }

            public boolean equals(Object obj) {
                if (obj == this) {
                    return true;
                }
                if (!(obj instanceof ExpressionWithTry)) {
                    return false;
                }
                ExpressionWithTry expressionWithTry = (ExpressionWithTry) obj;
                Expression expression = getExpression();
                Expression expression2 = expressionWithTry.getExpression();
                if (expression == null) {
                    if (expression2 != null) {
                        return false;
                    }
                } else if (!expression.equals(expression2)) {
                    return false;
                }
                J.Try maybeTryStatement = getMaybeTryStatement();
                J.Try maybeTryStatement2 = expressionWithTry.getMaybeTryStatement();
                return maybeTryStatement == null ? maybeTryStatement2 == null : maybeTryStatement.equals(maybeTryStatement2);
            }

            public int hashCode() {
                Expression expression = getExpression();
                int hashCode = (1 * 59) + (expression == null ? 43 : expression.hashCode());
                J.Try maybeTryStatement = getMaybeTryStatement();
                return (hashCode * 59) + (maybeTryStatement == null ? 43 : maybeTryStatement.hashCode());
            }

            public String toString() {
                return "PartialPathTraversalVulnerability.PartialPathTraversalVulnerabilityVisitor.ExpressionWithTry(expression=" + getExpression() + ", maybeTryStatement=" + getMaybeTryStatement() + ")";
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/openrewrite/java/security/PartialPathTraversalVulnerability$PartialPathTraversalVulnerabilityVisitor$GetCanonicalPathToStartsWithLocalFlow.class */
        public static final class GetCanonicalPathToStartsWithLocalFlow extends LocalFlowSpec<J.MethodInvocation, Expression> {
            Expression currentStartsWithSelect;

            public boolean isSource(J.MethodInvocation methodInvocation, Cursor cursor) {
                return PartialPathTraversalVulnerability.getCanonicalPathMatcher.matches(methodInvocation);
            }

            public boolean isSink(Expression expression, Cursor cursor) {
                return this.currentStartsWithSelect == expression;
            }

            public GetCanonicalPathToStartsWithLocalFlow(Expression expression) {
                this.currentStartsWithSelect = expression;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/openrewrite/java/security/PartialPathTraversalVulnerability$PartialPathTraversalVulnerabilityVisitor$NotSafePartialPathTraversalLocalFlow.class */
        public static final class NotSafePartialPathTraversalLocalFlow extends LocalFlowSpec<Expression, Expression> {
            private NotSafePartialPathTraversalLocalFlow() {
            }

            public boolean isSource(Expression expression, Cursor cursor) {
                return isSourceFilter(expression, cursor);
            }

            public boolean isSink(Expression expression, Cursor cursor) {
                return PartialPathTraversalVulnerability.startsWithInvocationMatcher.advanced().isAnyArgument(cursor);
            }

            static boolean isSourceFilter(Expression expression, Cursor cursor) {
                if (cursor.firstEnclosing(J.Import.class) != null) {
                    return false;
                }
                return expression instanceof J.Literal ? expression.getType() != JavaType.Primitive.Null : (PartialPathTraversalVulnerability.isSafePartialPathExpression(expression) || (expression instanceof J.Identifier) || (expression instanceof J.Assignment) || (expression instanceof J.AssignmentOperation) || (expression instanceof J.Primitive) || (expression instanceof J.Empty)) ? false : true;
            }
        }

        public J.Block visitBlock(J.Block block, P p) {
            J.Block visitBlock = super.visitBlock(block, p);
            return visitBlock == block ? visitBlock : new RemoveUnusedLocalVariables(new String[0]).getVisitor().visitNonNull(visitBlock, (ExecutionContext) p, getCursor().getParentOrThrow());
        }

        public J.MethodInvocation visitMethodInvocation(J.MethodInvocation methodInvocation, P p) {
            J.MethodInvocation visitStartsWithMethodInvocation;
            Cursor cursor = getCursor();
            Class<SourceFile> cls = SourceFile.class;
            Objects.requireNonNull(SourceFile.class);
            return (!PartialPathTraversalVulnerability.startsWithMatcher.matches(methodInvocation) || (visitStartsWithMethodInvocation = visitStartsWithMethodInvocation(methodInvocation, cursor.dropParentUntil(cls::isInstance))) == null) ? super.visitMethodInvocation(methodInvocation, p) : visitStartsWithMethodInvocation;
        }

        @Nullable
        private J.MethodInvocation visitStartsWithMethodInvocation(J.MethodInvocation methodInvocation, Cursor cursor) {
            if (!$assertionsDisabled && methodInvocation.getSelect() == null) {
                throw new AssertionError("Select is null for `startsWith`");
            }
            J.MethodInvocation unwrap = Expression.unwrap(methodInvocation.getSelect());
            Expression unwrap2 = Expression.unwrap((Expression) methodInvocation.getArguments().get(0));
            if ((PartialPathTraversalVulnerability.isSafePartialPathExpression(unwrap2) || (unwrap2 instanceof J.Identifier)) && !computeUnsafeArguments().contains(unwrap2)) {
                return null;
            }
            if (PartialPathTraversalVulnerability.getCanonicalPathMatcher.matches(unwrap)) {
                return replaceWithPathStartsWithMethodInvocation(methodInvocation, unwrap2, replaceGetCanonicalPath(unwrap));
            }
            Set<ExpressionWithTry> computeAlternateSelects = computeAlternateSelects(unwrap);
            if (computeAlternateSelects.size() == 1) {
                ExpressionWithTry next = computeAlternateSelects.iterator().next();
                if (next.maybeTryStatement == findNearestRelevantTry(getCursor())) {
                    return replaceWithPathStartsWithMethodInvocation(methodInvocation, unwrap2, methodInvocation.getSelect().withTemplate(this.toPathGetCanonicalFileTemplate, ((J.Identifier) unwrap).getCoordinates().replace(), new Object[]{next.expression}));
                }
            }
            if (computeAlternateSelects.isEmpty()) {
                return null;
            }
            maybeAddImport("java.nio.file.Paths");
            return replaceWithPathStartsWithMethodInvocation(methodInvocation, unwrap2, methodInvocation.getSelect().withTemplate(this.pathCreationNormalizeTemplate, ((J.Identifier) unwrap).getCoordinates().replace(), new Object[]{methodInvocation.getSelect()}));
        }

        /* JADX INFO: Access modifiers changed from: private */
        @Nullable
        public static J.Try findNearestRelevantTry(Cursor cursor) {
            Objects.requireNonNull(cursor);
            Iterable<Cursor> iterable = cursor::getPathAsCursors;
            for (Cursor cursor2 : iterable) {
                Object value = cursor2.getValue();
                if (value instanceof J.Try) {
                    return (J.Try) value;
                }
                if (value instanceof J.MethodDeclaration) {
                    return null;
                }
                if ((value instanceof J.Block) && J.Block.isStaticOrInitBlock(cursor2)) {
                    return null;
                }
            }
            return null;
        }

        private Set<ExpressionWithTry> computeAlternateSelects(Expression expression) {
            return (Set) CursorUtil.findOuterExecutableBlock(getCursor()).map(cursor -> {
                HashSet hashSet = new HashSet();
                new JavaIsoVisitor<Set<ExpressionWithTry>>() { // from class: org.openrewrite.java.security.PartialPathTraversalVulnerability.PartialPathTraversalVulnerabilityVisitor.1
                    /* renamed from: visitMethodInvocation, reason: merged with bridge method [inline-methods] */
                    public J.MethodInvocation m8visitMethodInvocation(J.MethodInvocation methodInvocation, Set<ExpressionWithTry> set) {
                        if (PartialPathTraversalVulnerability.getCanonicalPathMatcher.matches(methodInvocation)) {
                            Dataflow.startingAt(getCursor()).findSinks(new GetCanonicalPathToStartsWithLocalFlow(expression)).ifPresent(sinkFlow -> {
                                set.add(new ExpressionWithTry(sinkFlow.getSource().getSelect(), PartialPathTraversalVulnerabilityVisitor.findNearestRelevantTry(getCursor())));
                            });
                        }
                        return super.visitMethodInvocation(methodInvocation, set);
                    }
                }.visit((Tree) cursor.getValue(), hashSet, cursor.getParentOrThrow());
                return hashSet;
            }).orElse(Collections.emptySet());
        }

        private List<Expression> computeUnsafeArguments() {
            return (List) CursorUtil.findOuterExecutableBlock(getCursor()).map(cursor -> {
                return (List) cursor.computeMessageIfAbsent("EXPENSIVE_COMPUTE_UNSAFE_ARGUMENTS", str -> {
                    ArrayList arrayList = new ArrayList();
                    new JavaIsoVisitor<List<Expression>>() { // from class: org.openrewrite.java.security.PartialPathTraversalVulnerability.PartialPathTraversalVulnerabilityVisitor.2
                        /* renamed from: visitExpression, reason: merged with bridge method [inline-methods] */
                        public Expression m9visitExpression(Expression expression, List<Expression> list) {
                            if (NotSafePartialPathTraversalLocalFlow.isSourceFilter(expression, getCursor())) {
                                Dataflow.startingAt(getCursor()).findSinks(new NotSafePartialPathTraversalLocalFlow()).ifPresent(sinkFlow -> {
                                    if (sinkFlow.isEmpty()) {
                                        return;
                                    }
                                    list.addAll(sinkFlow.getSinks());
                                });
                            }
                            return super.visitExpression(expression, list);
                        }
                    }.visit((Tree) cursor.getValue(), arrayList, cursor.getParentOrThrow());
                    return arrayList;
                });
            }).orElse(Collections.emptyList());
        }

        @NotNull
        private J.MethodInvocation replaceWithPathStartsWithMethodInvocation(J.MethodInvocation methodInvocation, Expression expression, J.MethodInvocation methodInvocation2) {
            if (PartialPathTraversalVulnerability.getCanonicalPathMatcher.matches(expression)) {
                return methodInvocation.withTemplate(this.pathStartsWithPathTemplate, methodInvocation.getCoordinates().replace(), new Object[]{methodInvocation2, replaceGetCanonicalPath((J.MethodInvocation) expression)});
            }
            return FileSeparatorUtil.isFileSeparatorExpression(expression) ? methodInvocation : methodInvocation.withTemplate(this.pathStartsWithStringTemplate, methodInvocation.getCoordinates().replace(), new Object[]{methodInvocation2, expression});
        }

        private J.MethodInvocation replaceGetCanonicalPath(J.MethodInvocation methodInvocation) {
            return methodInvocation.withTemplate(this.toPathGetCanonicalFileTemplate, methodInvocation.getCoordinates().replace(), new Object[]{methodInvocation.getSelect()});
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* renamed from: visitMethodInvocation, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ J m6visitMethodInvocation(J.MethodInvocation methodInvocation, Object obj) {
            return visitMethodInvocation(methodInvocation, (J.MethodInvocation) obj);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* renamed from: visitBlock, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ J m7visitBlock(J.Block block, Object obj) {
            return visitBlock(block, (J.Block) obj);
        }

        static {
            $assertionsDisabled = !PartialPathTraversalVulnerability.class.desiredAssertionStatus();
        }
    }

    public String getDisplayName() {
        return "Partial path traversal vulnerability";
    }

    public String getDescription() {
        return "Replaces `dir.getCanonicalPath().startsWith(parent.getCanonicalPath()`, which is vulnerable to partial path traversal attacks, with the more secure `dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath())`.\n\nTo demonstrate this vulnerability, consider `\"/usr/outnot\".startsWith(\"/usr/out\")`. The check is bypassed although `/outnot` is not under the `/out` directory. It's important to understand that the terminating slash may be removed when using various `String` representations of the `File` object. For example, on Linux, `println(new File(\"/var\"))` will print `/var`, but `println(new File(\"/var\", \"/\")` will print `/var/`; however, `println(new File(\"/var\", \"/\").getCanonicalPath())` will print `/var`.";
    }

    public Set<String> getTags() {
        return Collections.singleton("CWE-22");
    }

    public Duration getEstimatedEffortPerOccurrence() {
        return Duration.ofMinutes(10L);
    }

    @Nullable
    protected TreeVisitor<?, ExecutionContext> getSingleSourceApplicableTest() {
        return new JavaVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.PartialPathTraversalVulnerability.1
            public J visitJavaSourceFile(JavaSourceFile javaSourceFile, ExecutionContext executionContext) {
                doAfterVisit(new UsesAllMethods(new MethodMatcher[]{PartialPathTraversalVulnerability.getCanonicalPathMatcher, PartialPathTraversalVulnerability.startsWithMatcher}));
                return javaSourceFile;
            }
        };
    }

    protected TreeVisitor<?, ExecutionContext> getVisitor() {
        return new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.PartialPathTraversalVulnerability.2
            /* renamed from: visitCompilationUnit, reason: merged with bridge method [inline-methods] */
            public J.CompilationUnit m4visitCompilationUnit(J.CompilationUnit compilationUnit, ExecutionContext executionContext) {
                return compilationUnit != ((J.CompilationUnit) new ZipSlip.ZipSlipComplete(false, false).visitNonNull(compilationUnit, executionContext, getCursor().getParentOrThrow())) ? compilationUnit : new PartialPathTraversalVulnerabilityVisitor().visitNonNull(compilationUnit, executionContext, getCursor().getParentOrThrow());
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSafePartialPathExpression(@Nullable Expression expression) {
        if (!(expression instanceof J.Binary)) {
            return false;
        }
        J.Binary binary = (J.Binary) expression;
        if (J.Binary.Type.Addition.equals(binary.getOperator())) {
            return FileSeparatorUtil.isFileSeparatorExpression(binary.getRight());
        }
        return false;
    }
}
