package com.h3xstream.findsecbugs.xml;

import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import java.util.Iterator;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: input_file:com/h3xstream/findsecbugs/xml/TransformerFactoryDetector.class */
public class TransformerFactoryDetector extends OpcodeStackDetector {
    private static final String XXE_DTD_TRANSFORM_FACTORY_TYPE = "XXE_DTD_TRANSFORM_FACTORY";
    private static final String XXE_XSLT_TRANSFORM_FACTORY_TYPE = "XXE_XSLT_TRANSFORM_FACTORY";
    private static final String PROPERTY_SUPPORT_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
    private static final String PROPERTY_SUPPORT_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";
    private static final String PROPERTY_SECURE_PROCESSING = "http://javax.xml.XMLConstants/feature/secure-processing";
    private final BugReporter bugReporter;

    public TransformerFactoryDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void sawOpcode(int i) {
        if (i == 182 || i == 185 || i == 184) {
            String classConstantOperand = getClassConstantOperand();
            String nameConstantOperand = getNameConstantOperand();
            if (i == 184) {
                if ((classConstantOperand.equals("javax/xml/transform/TransformerFactory") || classConstantOperand.equals("javax/xml/transform/sax/SAXTransformerFactory")) && nameConstantOperand.equals("newInstance")) {
                    ClassContext classContext = getClassContext();
                    ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
                    try {
                        boolean z = false;
                        boolean z2 = false;
                        boolean z3 = false;
                        Iterator locationIterator = classContext.getCFG(getMethod()).locationIterator();
                        while (locationIterator.hasNext()) {
                            Location location = (Location) locationIterator.next();
                            InvokeInstruction instruction = location.getHandle().getInstruction();
                            if ((instruction instanceof INVOKEVIRTUAL) || (instruction instanceof INVOKEINTERFACE)) {
                                InvokeInstruction invokeInstruction = instruction;
                                if ("setAttribute".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                                    LDC ldc = (LDC) ByteCode.getPrevInstruction(location.getHandle().getPrev(), LDC.class);
                                    LDC ldc2 = (LDC) ByteCode.getPrevInstruction(location.getHandle(), LDC.class);
                                    if (ldc != null && ldc2 != null) {
                                        if (PROPERTY_SUPPORT_DTD.equals(ldc.getValue(constantPoolGen))) {
                                            z = "".equals(ldc2.getValue(constantPoolGen));
                                        } else if (PROPERTY_SUPPORT_STYLESHEET.equals(ldc.getValue(constantPoolGen))) {
                                            z2 = "".equals(ldc2.getValue(constantPoolGen));
                                        }
                                    }
                                } else if ("setFeature".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                                    LDC ldc3 = (LDC) ByteCode.getPrevInstruction(location.getHandle().getPrev(), LDC.class);
                                    ICONST iconst = (ICONST) ByteCode.getPrevInstruction(location.getHandle(), ICONST.class);
                                    if (ldc3 != null && iconst != null && PROPERTY_SECURE_PROCESSING.equals(ldc3.getValue(constantPoolGen))) {
                                        z3 = iconst.getValue().equals(1);
                                    }
                                }
                            }
                        }
                        if (z3) {
                            return;
                        }
                        String substring = classConstantOperand.substring(classConstantOperand.lastIndexOf(47) + 1);
                        if (!z) {
                            this.bugReporter.reportBug(new BugInstance(this, XXE_DTD_TRANSFORM_FACTORY_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                        }
                        if (z2) {
                            return;
                        }
                        this.bugReporter.reportBug(new BugInstance(this, XXE_XSLT_TRANSFORM_FACTORY_TYPE, 2).addClass(this).addMethod(this).addSourceLine(this).addString(substring + "." + nameConstantOperand + "(...)"));
                    } catch (CFGBuilderException e) {
                        AnalysisContext.logError("Cannot get CFG", e);
                    }
                }
            }
        }
    }
}
