package net.sourceforge.pmd.lang.vf.rule.security;

import java.util.EnumSet;
import java.util.Set;
import java.util.regex.Pattern;
import net.sourceforge.pmd.lang.vf.ast.ASTContent;
import net.sourceforge.pmd.lang.vf.ast.ASTElExpression;
import net.sourceforge.pmd.lang.vf.ast.ASTElement;
import net.sourceforge.pmd.lang.vf.ast.ASTText;
import net.sourceforge.pmd.lang.vf.ast.VfNode;
import net.sourceforge.pmd.lang.vf.rule.AbstractVfRule;
import net.sourceforge.pmd.lang.vf.rule.security.internal.ElEscapeDetector;

/* loaded from: input_file:target/lib/pmd-visualforce.jar:net/sourceforge/pmd/lang/vf/rule/security/VfHtmlStyleTagXssRule.class */
public class VfHtmlStyleTagXssRule extends AbstractVfRule {
    private static final String STYLE_TAG = "style";
    private static final String APEX_PREFIX = "apex";
    private static final Set<ElEscapeDetector.Escaping> URLENCODE_JSINHTMLENCODE = EnumSet.of(ElEscapeDetector.Escaping.URLENCODE, ElEscapeDetector.Escaping.JSINHTMLENCODE);
    private static final Set<ElEscapeDetector.Escaping> ANY_ENCODE = EnumSet.of(ElEscapeDetector.Escaping.ANY);
    private static final Pattern URL_METHOD_PATTERN = Pattern.compile("url\\s*\\([^)]*$", 2);

    public VfHtmlStyleTagXssRule() {
        addRuleChainVisit(ASTElExpression.class);
    }

    @Override // net.sourceforge.pmd.lang.vf.ast.VfVisitor
    public Object visit(ASTElExpression aSTElExpression, Object obj) {
        VfNode vfNode = (VfNode) aSTElExpression.getParent();
        if (!(vfNode instanceof ASTContent)) {
            return obj;
        }
        ASTContent aSTContent = (ASTContent) vfNode;
        VfNode vfNode2 = (VfNode) aSTContent.getParent();
        if (!(vfNode2 instanceof ASTElement)) {
            return obj;
        }
        ASTElement aSTElement = (ASTElement) vfNode2;
        if (isApexPrefixed(aSTElement)) {
            return obj;
        }
        verifyEncoding(aSTElExpression, aSTContent, aSTElement, obj);
        return obj;
    }

    private void verifyEncoding(ASTElExpression aSTElExpression, ASTContent aSTContent, ASTElement aSTElement, Object obj) {
        String previousText = getPreviousText(aSTContent, aSTElExpression);
        boolean startsWithSafeResource = ElEscapeDetector.startsWithSafeResource(aSTElExpression);
        if (!isStyleTag(aSTElement) || startsWithSafeResource) {
            return;
        }
        if (isWithinUrlMethod(previousText)) {
            verifyEncodingWithinUrl(aSTElExpression, obj);
        } else {
            verifyEncodingWithoutUrl(aSTElExpression, obj);
        }
    }

    private boolean isStyleTag(ASTElement aSTElement) {
        return STYLE_TAG.equalsIgnoreCase(aSTElement.getLocalName());
    }

    private void verifyEncodingWithinUrl(ASTElExpression aSTElExpression, Object obj) {
        if (ElEscapeDetector.doesElContainAnyUnescapedIdentifiers(aSTElExpression, URLENCODE_JSINHTMLENCODE)) {
            addViolationWithMessage(obj, aSTElExpression, "Dynamic EL content within URL in style tag should be URLENCODED or JSINHTMLENCODED as appropriate");
        }
    }

    private void verifyEncodingWithoutUrl(ASTElExpression aSTElExpression, Object obj) {
        if (ElEscapeDetector.doesElContainAnyUnescapedIdentifiers(aSTElExpression, ANY_ENCODE)) {
            addViolationWithMessage(obj, aSTElExpression, "Dynamic EL content in style tag should be appropriately encoded");
        }
    }

    private boolean isApexPrefixed(ASTElement aSTElement) {
        return aSTElement.isHasNamespacePrefix() && "apex".equalsIgnoreCase(aSTElement.getNamespacePrefix());
    }

    private String getPreviousText(ASTContent aSTContent, ASTElExpression aSTElExpression) {
        int indexInParent = aSTElExpression.getIndexInParent();
        VfNode vfNode = indexInParent > 0 ? (VfNode) aSTContent.getChild(indexInParent - 1) : null;
        return vfNode instanceof ASTText ? vfNode.getImage() : "";
    }

    static boolean isWithinUrlMethod(String str) {
        return URL_METHOD_PATTERN.matcher(str).find();
    }
}
