package org.openrewrite.java.security;

import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Recipe;
import org.openrewrite.Tree;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaType;
import org.openrewrite.java.tree.Space;

/* loaded from: input_file:org/openrewrite/java/security/FindTextDirectionChanges.class */
public class FindTextDirectionChanges extends Recipe {
    public static final char LRE = 8234;
    public static final char RLE = 8235;
    public static final char LRO = 8237;
    public static final char RLO = 8238;
    public static final char LRI = 8294;
    public static final char RLI = 8295;
    public static final char FSI = 8296;
    public static final char PDF = 8236;
    public static final char PDI = 8297;
    public static final Set<Character> sneakyCodes = (Set) Stream.of((Object[]) new Character[]{(char) 8234, (char) 8235, (char) 8237, (char) 8238, (char) 8294, (char) 8295, (char) 8296, (char) 8236, (char) 8297}).collect(Collectors.toSet());
    public static final Map<Character, String> charToText = new HashMap();

    public Duration getEstimatedEffortPerOccurrence() {
        return Duration.ofMinutes(5L);
    }

    public String getDisplayName() {
        return "Find text-direction changes";
    }

    public String getDescription() {
        return "Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/";
    }

    public Set<String> getTags() {
        return Collections.singleton("CVE-2021-42574");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: getVisitor, reason: merged with bridge method [inline-methods] */
    public JavaIsoVisitor<ExecutionContext> m1getVisitor() {
        return new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.FindTextDirectionChanges.1
            @Nullable
            public J visit(@Nullable Tree tree, ExecutionContext executionContext) {
                J visit = super.visit(tree, executionContext);
                Object pollMessage = getCursor().pollMessage("FOUND_SNEAKY_CODES");
                if (visit != null && pollMessage != null) {
                    visit = visit.withMarkers(visit.getMarkers().searchResult("Found text-direction altering unicode control characters: " + String.join(",", (Set) pollMessage)));
                }
                return visit;
            }

            public Space visitSpace(Space space, Space.Location location, ExecutionContext executionContext) {
                Set set = null;
                if (FindTextDirectionChanges.containsSneakyCodes(space.getWhitespace())) {
                    set = FindTextDirectionChanges.listSneakyCodes(space.getWhitespace());
                }
                if (FindTextDirectionChanges.containsSneakyCodes(space.getComments(), (v0) -> {
                    return v0.printComment();
                })) {
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.addAll(FindTextDirectionChanges.listSneakyCodes(space.getComments(), (v0) -> {
                        return v0.printComment();
                    }));
                }
                if (FindTextDirectionChanges.containsSneakyCodes(space.getComments(), (v0) -> {
                    return v0.getSuffix();
                })) {
                    if (set == null) {
                        set = new HashSet();
                    }
                    set.addAll(FindTextDirectionChanges.listSneakyCodes(space.getComments(), (v0) -> {
                        return v0.getSuffix();
                    }));
                }
                if (set != null) {
                    getCursor().putMessage("FOUND_SNEAKY_CODES", set);
                }
                return space;
            }

            /* renamed from: visitLiteral, reason: merged with bridge method [inline-methods] */
            public J.Literal m2visitLiteral(J.Literal literal, ExecutionContext executionContext) {
                J.Literal visitLiteral = super.visitLiteral(literal, executionContext);
                if (visitLiteral.getType() == JavaType.Primitive.String && visitLiteral.getValueSource() != null && FindTextDirectionChanges.containsSneakyCodes(visitLiteral.getValueSource())) {
                    visitLiteral = visitLiteral.withMarkers(visitLiteral.getMarkers().searchResult("Found text-direction altering unicode control characters: " + String.join(",", FindTextDirectionChanges.listSneakyCodes(visitLiteral.getValueSource()))));
                }
                return visitLiteral;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean containsSneakyCodes(String str) {
        for (char c : str.toCharArray()) {
            if (sneakyCodes.contains(Character.valueOf(c))) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public static <T> boolean containsSneakyCodes(Collection<T> collection, Function<T, String> function) {
        return collection.stream().map(function).anyMatch(FindTextDirectionChanges::containsSneakyCodes);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Set<String> listSneakyCodes(String str) {
        HashSet hashSet = new HashSet();
        for (char c : str.toCharArray()) {
            if (sneakyCodes.contains(Character.valueOf(c))) {
                hashSet.add(charToText.get(Character.valueOf(c)));
            }
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public static <T> Set<String> listSneakyCodes(Collection<T> collection, Function<T, String> function) {
        return (Set) collection.stream().map(function).flatMap(str -> {
            return listSneakyCodes(str).stream();
        }).collect(Collectors.toSet());
    }

    static {
        charToText.put((char) 8234, "LRE");
        charToText.put((char) 8235, "RLE");
        charToText.put((char) 8237, "LRO");
        charToText.put((char) 8238, "RLO");
        charToText.put((char) 8294, "LRI");
        charToText.put((char) 8295, "RLI");
        charToText.put((char) 8296, "FSI");
        charToText.put((char) 8236, "PDF");
        charToText.put((char) 8297, "PDI");
    }
}
