package com.h3xstream.findsecbugs.xml;

import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.common.InterfaceUtils;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import java.util.Iterator;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:com/h3xstream/findsecbugs/xml/XxeDetector.class */
public class XxeDetector extends OpcodeStackDetector {
    private static final String XXE_SAX_PARSER_TYPE = "XXE_SAXPARSER";
    private static final String XXE_XML_READER_TYPE = "XXE_XMLREADER";
    private static final String XXE_DOCUMENT_TYPE = "XXE_DOCUMENT";
    private static final String XXE_XPATH_TYPE = "XXE_XPATH";
    private static final String FEATURE_DISALLOW_DTD = "http://apache.org/xml/features/disallow-doctype-decl";
    private static final String FEATURE_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
    private static final String FEATURE_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
    private static final String FEATURE_EXTERNAL_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
    private final BugReporter bugReporter;

    public XxeDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void sawOpcode(int i) {
        ICONST iconst;
        if (i == 182 || i == 185) {
            String classConstantOperand = getClassConstantOperand();
            String nameConstantOperand = getNameConstantOperand();
            String sigConstantOperand = getSigConstantOperand();
            if ((i != 182 || !classConstantOperand.equals("javax/xml/parsers/SAXParser") || !nameConstantOperand.equals("parse")) && ((i != 185 || !classConstantOperand.equals("org/xml/sax/XMLReader") || !nameConstantOperand.equals("parse")) && (i != 182 || !getClassConstantOperand().equals("javax/xml/parsers/DocumentBuilder") || !nameConstantOperand.equals("parse")))) {
                if (i != 185 || !getClassConstantOperand().equals("javax/xml/xpath/XPathExpression") || !nameConstantOperand.equals("evaluate")) {
                    return;
                }
                if (!sigConstantOperand.equals("(Lorg/xml/sax/InputSource;Ljavax/xml/namespace/QName;)Ljava/lang/Object;") && !sigConstantOperand.equals("(Lorg/xml/sax/InputSource;)Ljava/lang/String;")) {
                    return;
                }
            }
            if (InterfaceUtils.isSubtype(getThisClass(), "java.security.PrivilegedExceptionAction")) {
                return;
            }
            ClassContext classContext = getClassContext();
            ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
            try {
                CFG cfg = classContext.getCFG(getMethod());
                boolean z = false;
                boolean z2 = !getClassConstantOperand().equals("javax/xml/parsers/DocumentBuilder");
                boolean z3 = false;
                boolean z4 = false;
                Iterator locationIterator = cfg.locationIterator();
                while (locationIterator.hasNext()) {
                    Location location = (Location) locationIterator.next();
                    INVOKEINTERFACE instruction = location.getHandle().getInstruction();
                    if ((instruction instanceof INVOKEINTERFACE) && "setEntityResolver".equals(instruction.getMethodName(constantPoolGen))) {
                        return;
                    }
                    if ((instruction instanceof INVOKEVIRTUAL) || (instruction instanceof INVOKEINTERFACE)) {
                        InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                        if ("setFeature".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                            LDC ldc = (LDC) ByteCode.getPrevInstruction(location.getHandle(), LDC.class);
                            if (ldc == null) {
                                continue;
                            } else {
                                if (FEATURE_DISALLOW_DTD.equals(ldc.getValue(constantPoolGen)) || FEATURE_SECURE_PROCESSING.equals(ldc.getValue(constantPoolGen))) {
                                    return;
                                }
                                if (FEATURE_GENERAL_ENTITIES.equals(ldc.getValue(constantPoolGen))) {
                                    z3 = true;
                                } else if (FEATURE_EXTERNAL_ENTITIES.equals(ldc.getValue(constantPoolGen))) {
                                    z4 = true;
                                }
                            }
                        } else if ("setXIncludeAware".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                            ICONST iconst2 = (ICONST) ByteCode.getPrevInstruction(location.getHandle(), ICONST.class);
                            if (iconst2 != null && iconst2.getValue().equals(0)) {
                                z = true;
                            }
                        } else if ("setExpandEntityReferences".equals(invokeInstruction.getMethodName(constantPoolGen)) && (iconst = (ICONST) ByteCode.getPrevInstruction(location.getHandle(), ICONST.class)) != null && iconst.getValue().equals(0)) {
                            z2 = true;
                        }
                    }
                }
                if (z4 && z3 && z && z2) {
                    return;
                }
                String substring = classConstantOperand.substring(classConstantOperand.lastIndexOf(47) + 1);
                if (classConstantOperand.equals("javax/xml/parsers/SAXParser")) {
                    this.bugReporter.reportBug(new BugInstance(this, XXE_SAX_PARSER_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                    return;
                }
                if (classConstantOperand.equals("org/xml/sax/XMLReader")) {
                    this.bugReporter.reportBug(new BugInstance(this, XXE_XML_READER_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                } else if (classConstantOperand.equals("javax/xml/parsers/DocumentBuilder")) {
                    this.bugReporter.reportBug(new BugInstance(this, XXE_DOCUMENT_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                } else if (classConstantOperand.equals("javax/xml/xpath/XPathExpression")) {
                    this.bugReporter.reportBug(new BugInstance(this, XXE_XPATH_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                }
            } catch (CFGBuilderException e) {
                AnalysisContext.logError("Cannot get CFG", e);
            }
        }
    }
}
