package com.h3xstream.findsecbugs.file;

import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.GETSTATIC;
import org.apache.bcel.generic.INVOKESTATIC;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:com/h3xstream/findsecbugs/file/OverlyPermissiveFilePermissionDetector.class */
public class OverlyPermissiveFilePermissionDetector implements Detector {
    private static final boolean DEBUG = false;
    public static final String OVERLY_PERMISSIVE_FILE_PERMISSION = "OVERLY_PERMISSIVE_FILE_PERMISSION";
    private final BugReporter bugReporter;

    public OverlyPermissiveFilePermissionDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        Method[] methods = classContext.getJavaClass().getMethods();
        int length = methods.length;
        for (int i = DEBUG; i < length; i++) {
            try {
                analyzeMethod(methods[i], classContext);
            } catch (CFGBuilderException | DataflowAnalysisException e) {
                AnalysisContext.logError("Cannot analyze method", e);
            }
        }
    }

    public void report() {
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        LDC ldc;
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        CFG cfg = classContext.getCFG(method);
        boolean z = DEBUG;
        boolean z2 = DEBUG;
        ArrayList arrayList = new ArrayList();
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location nextLocation = nextLocation(locationIterator, constantPoolGen);
            GETSTATIC instruction = nextLocation.getHandle().getInstruction();
            if (instruction instanceof GETSTATIC) {
                String name = instruction.getName(constantPoolGen);
                if (name.endsWith("OTHERS_READ") || name.endsWith("OTHERS_WRITE") || name.endsWith("OTHERS_EXECUTE")) {
                    z = true;
                    arrayList.add(nextLocation);
                }
            }
            if (instruction instanceof INVOKESTATIC) {
                INVOKESTATIC invokestatic = (INVOKESTATIC) instruction;
                if ("java.nio.file.Files".equals(invokestatic.getClassName(constantPoolGen)) && "setPosixFilePermissions".equals(invokestatic.getMethodName(constantPoolGen))) {
                    z2 = true;
                }
                if ("java.nio.file.attribute.PosixFilePermissions".equals(invokestatic.getClassName(constantPoolGen)) && "fromString".equals(invokestatic.getMethodName(constantPoolGen)) && (ldc = (LDC) ByteCode.getPrevInstruction(nextLocation.getHandle(), LDC.class)) != null && !((String) ldc.getValue(constantPoolGen)).endsWith("---")) {
                    JavaClass javaClass = classContext.getJavaClass();
                    this.bugReporter.reportBug(new BugInstance(this, OVERLY_PERMISSIVE_FILE_PERMISSION, 2).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, nextLocation));
                }
            }
        }
        if (z && z2 && arrayList != null) {
            JavaClass javaClass2 = classContext.getJavaClass();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                this.bugReporter.reportBug(new BugInstance(this, OVERLY_PERMISSIVE_FILE_PERMISSION, 2).addClass(javaClass2).addMethod(javaClass2, method).addSourceLine(classContext, method, (Location) it.next()));
            }
        }
    }

    private Location nextLocation(Iterator<Location> it, ConstantPoolGen constantPoolGen) {
        return it.next();
    }
}
