package net.sourceforge.pmd.lang.visualforce.rule.security.internal;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import net.sourceforge.pmd.lang.visualforce.DataType;
import net.sourceforge.pmd.lang.visualforce.ast.ASTArguments;
import net.sourceforge.pmd.lang.visualforce.ast.ASTDotExpression;
import net.sourceforge.pmd.lang.visualforce.ast.ASTElExpression;
import net.sourceforge.pmd.lang.visualforce.ast.ASTExpression;
import net.sourceforge.pmd.lang.visualforce.ast.ASTIdentifier;
import net.sourceforge.pmd.lang.visualforce.ast.ASTNegationExpression;
import net.sourceforge.pmd.lang.visualforce.ast.VfNode;
import net.sourceforge.pmd.lang.visualforce.ast.VfTypedNode;

/* loaded from: input_file:target/lib/net.sourceforge.pmd.pmd-visualforce.jar:net/sourceforge/pmd/lang/visualforce/rule/security/internal/ElEscapeDetector.class */
public final class ElEscapeDetector {
    private static final Set<String> SAFE_PROPERTIES = new HashSet(Arrays.asList("id", "size", "caseNumber"));
    private static final Set<String> SAFE_BUILTIN_FUNCTIONS = new HashSet(Arrays.asList("addmonths", "date", "datevalue", "datetimevalue", "day", "hour", "millisecond", "minute", "month", "now", "second", "timenow", "timevalue", "today", "weekday", "year", "and", "isblank", "isclone", "isnew", "isnull", "isnumber", "not", "or", "abs", "ceiling", "exp", "floor", "ln", "log", "max", "mceiling", "mfloor", "min", "mod", "round", "sqrt", "begins", "br", "casesafeid", "contains", "find", "getsessionid", "ispickval", "len", "currencyrate", "getrecordids", "ischanged", "junctionidlist", "linkto", "regex", "urlfor"));
    private static final Set<String> FUNCTIONS_WITH_XSSABLE_ARG0 = new HashSet(Arrays.asList("left", "lower", "lpad", "mid", "right", "rpad", "upper"));
    private static final Set<String> FUNCTIONS_WITH_XSSABLE_ARG2 = new HashSet(Arrays.asList("lpad", "rpad"));
    private static final Set<String> SAFE_GLOBAL_VARS = new HashSet(Arrays.asList("$action", "$page", "$site", "$resource", "$label", "$objecttype", "$component", "$remoteaction", "$messagechannel"));

    /* loaded from: input_file:target/lib/net.sourceforge.pmd.pmd-visualforce.jar:net/sourceforge/pmd/lang/visualforce/rule/security/internal/ElEscapeDetector$Escaping.class */
    public enum Escaping {
        HTMLENCODE("HTMLENCODE"),
        URLENCODE("URLENCODE"),
        JSINHTMLENCODE("JSINHTMLENCODE"),
        JSENCODE("JSENCODE"),
        ANY("ANY");

        private final String text;

        Escaping(String str) {
            this.text = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.text;
        }
    }

    private ElEscapeDetector() {
    }

    private static VfNode getNextSibling(VfNode vfNode) {
        VfNode vfNode2 = (VfNode) vfNode.getParent();
        if (vfNode2 == null || vfNode.getIndexInParent() >= vfNode2.getNumChildren() - 1) {
            return null;
        }
        return (VfNode) vfNode2.getChild(vfNode.getIndexInParent() + 1);
    }

    public static boolean expressionRecursivelyValid(ASTExpression aSTExpression, Set<Escaping> set) {
        ASTIdentifier aSTIdentifier;
        int numChildren = aSTExpression.getNumChildren();
        String str = "";
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < numChildren; i++) {
            VfNode vfNode = (VfNode) aSTExpression.getChild(i);
            if (vfNode instanceof ASTIdentifier) {
                VfNode nextSibling = getNextSibling(vfNode);
                if ((nextSibling instanceof ASTArguments) || (nextSibling instanceof ASTDotExpression)) {
                    str = vfNode.getImage();
                } else if (!typedNodeIsSafe((ASTIdentifier) vfNode)) {
                    return false;
                }
            } else if (vfNode instanceof ASTArguments) {
                if (!functionIsEscape(str, set) && !functionInherentlySafe(str)) {
                    arrayList.addAll(getXssableArguments(str, (ASTArguments) vfNode));
                }
            } else if (vfNode instanceof ASTDotExpression) {
                if (!isSafeGlobal(str) && !(getNextSibling(vfNode) instanceof ASTDotExpression) && (aSTIdentifier = (ASTIdentifier) vfNode.firstChild(ASTIdentifier.class)) != null && !isSafeProperty(aSTIdentifier.getImage()) && !typedNodeIsSafe(aSTIdentifier)) {
                    return false;
                }
            } else if (vfNode instanceof ASTExpression) {
                arrayList.add((ASTExpression) vfNode);
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!expressionRecursivelyValid((ASTExpression) it.next(), set)) {
                return false;
            }
        }
        return true;
    }

    private static boolean functionIsEscape(String str, Set<Escaping> set) {
        Iterator<Escaping> it = (set.contains(Escaping.ANY) ? EnumSet.allOf(Escaping.class) : set).iterator();
        while (it.hasNext()) {
            if (str.equalsIgnoreCase(it.next().toString())) {
                return true;
            }
        }
        return false;
    }

    private static boolean functionInherentlySafe(String str) {
        return SAFE_BUILTIN_FUNCTIONS.contains(str.toLowerCase(Locale.ROOT));
    }

    private static List<ASTExpression> getXssableArguments(String str, ASTArguments aSTArguments) {
        ArrayList arrayList = new ArrayList();
        int numChildren = aSTArguments.getNumChildren();
        if (numChildren != 0) {
            String lowerCase = str.toLowerCase(Locale.ROOT);
            ArrayList arrayList2 = new ArrayList();
            if ("case".equals(lowerCase)) {
                for (int i = 2; i < numChildren; i += 2) {
                    arrayList2.add(Integer.valueOf(i));
                }
                arrayList2.add(Integer.valueOf(numChildren - 1));
            } else if ("if".equals(lowerCase)) {
                arrayList2.add(1);
                arrayList2.add(2);
            } else {
                boolean z = true;
                if (FUNCTIONS_WITH_XSSABLE_ARG0.contains(lowerCase)) {
                    z = false;
                    arrayList2.add(0);
                }
                if (numChildren > 2 && FUNCTIONS_WITH_XSSABLE_ARG2.contains(lowerCase)) {
                    z = false;
                    arrayList2.add(2);
                }
                if (z) {
                    for (int i2 = 0; i2 < numChildren; i2++) {
                        arrayList2.add(Integer.valueOf(i2));
                    }
                }
            }
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                VfNode vfNode = (VfNode) aSTArguments.getChild(((Integer) it.next()).intValue());
                if (vfNode instanceof ASTExpression) {
                    arrayList.add((ASTExpression) vfNode);
                }
            }
        }
        return arrayList;
    }

    private static boolean isSafeGlobal(String str) {
        return SAFE_GLOBAL_VARS.contains(str.toLowerCase(Locale.ROOT));
    }

    private static boolean isSafeProperty(String str) {
        return SAFE_PROPERTIES.contains(str.toLowerCase(Locale.ROOT));
    }

    private static boolean innerContainsSafeFields(VfNode vfNode) {
        for (N n : vfNode.children()) {
            if ((n instanceof ASTIdentifier) && isSafeProperty(n.getImage())) {
                return true;
            }
            if ((n instanceof ASTArguments) && containsSafeFields((ASTArguments) n)) {
                return true;
            }
            if ((n instanceof ASTDotExpression) && innerContainsSafeFields((ASTDotExpression) n)) {
                return true;
            }
        }
        return false;
    }

    public static boolean containsSafeFields(VfNode vfNode) {
        ASTExpression aSTExpression = (ASTExpression) vfNode.firstChild(ASTExpression.class);
        return aSTExpression != null && innerContainsSafeFields(aSTExpression);
    }

    public static boolean startsWithSafeResource(ASTElExpression aSTElExpression) {
        ASTExpression aSTExpression = (ASTExpression) aSTElExpression.firstChild(ASTExpression.class);
        if (aSTExpression == null) {
            return false;
        }
        if (((ASTNegationExpression) aSTExpression.firstChild(ASTNegationExpression.class)) != null) {
            return true;
        }
        ASTIdentifier aSTIdentifier = (ASTIdentifier) aSTExpression.firstChild(ASTIdentifier.class);
        if (aSTIdentifier != null) {
            return aSTExpression.children(ASTArguments.class).nonEmpty() ? functionInherentlySafe(aSTIdentifier.getImage()) : isSafeGlobal(aSTIdentifier.getImage());
        }
        return false;
    }

    public static boolean doesElContainAnyUnescapedIdentifiers(ASTElExpression aSTElExpression, Escaping escaping) {
        return doesElContainAnyUnescapedIdentifiers(aSTElExpression, EnumSet.of(escaping));
    }

    public static boolean doesElContainAnyUnescapedIdentifiers(ASTElExpression aSTElExpression, Set<Escaping> set) {
        if (aSTElExpression == null) {
            return false;
        }
        HashSet hashSet = new HashSet();
        for (ASTExpression aSTExpression : aSTElExpression.children(ASTExpression.class)) {
            if (!innerContainsSafeFields(aSTExpression) && !expressionContainsSafeDataNodes(aSTExpression)) {
                for (ASTIdentifier aSTIdentifier : aSTExpression.children(ASTIdentifier.class)) {
                    boolean z = false;
                    Iterator<Escaping> it = set.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Escaping next = it.next();
                        if (aSTIdentifier.getImage().equalsIgnoreCase(next.toString())) {
                            z = true;
                            break;
                        }
                        if (next.equals(Escaping.ANY)) {
                            Escaping[] values = Escaping.values();
                            int length = values.length;
                            int i = 0;
                            while (true) {
                                if (i < length) {
                                    if (aSTIdentifier.getImage().equalsIgnoreCase(values[i].toString())) {
                                        z = true;
                                        break;
                                    }
                                    i++;
                                }
                            }
                        }
                    }
                    if (!z) {
                        hashSet.add(aSTIdentifier);
                    }
                }
            }
        }
        return !hashSet.isEmpty();
    }

    private static boolean expressionContainsSafeDataNodes(ASTExpression aSTExpression) {
        try {
            Iterator<VfTypedNode> it = aSTExpression.getDataNodes().keySet().iterator();
            while (it.hasNext()) {
                if (!typedNodeIsSafe(it.next())) {
                    return false;
                }
            }
            return true;
        } catch (ASTExpression.DataNodeStateException e) {
            return false;
        }
    }

    private static boolean typedNodeIsSafe(VfTypedNode vfTypedNode) {
        DataType dataType = vfTypedNode.getDataType();
        return (dataType == null || dataType.requiresEscaping) ? false : true;
    }
}
