package com.h3xstream.findsecbugs.file;

import com.h3xstream.findsecbugs.common.matcher.InstructionDSL;
import com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder;
import com.h3xstream.findsecbugs.injection.BasicInjectionDetector;
import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/file/SuspiciousCommandDetector.class */
public class SuspiciousCommandDetector extends BasicInjectionDetector {
    private static final InvokeMatcherBuilder RUNTIME_EXEC;
    private static final InvokeMatcherBuilder RUNTIME_EXEC_WITH_ENV;
    static final /* synthetic */ boolean $assertionsDisabled;

    public SuspiciousCommandDetector(BugReporter bugReporter) {
        super(bugReporter);
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    protected int getPriorityFromTaintFrame(TaintFrame taintFrame, int i) throws DataflowAnalysisException {
        for (int i2 = 0; i2 < taintFrame.getStackDepth(); i2++) {
            Taint taint = (Taint) taintFrame.getStackValue(i2);
            if (taint.getConstantValue() != null) {
                String constantValue = taint.getConstantValue();
                if (constantValue.contains("chmod") && constantValue.contains("777")) {
                    return 2;
                }
            }
        }
        return 5;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.h3xstream.findsecbugs.injection.BasicInjectionDetector, com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    public InjectionPoint getInjectionPoint(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        if ($assertionsDisabled || !(invokeInstruction == null || constantPoolGen == null)) {
            return RUNTIME_EXEC.matches(invokeInstruction, constantPoolGen) ? new InjectionPoint(new int[]{0}, OverlyPermissiveFilePermissionDetector.OVERLY_PERMISSIVE_FILE_PERMISSION) : RUNTIME_EXEC_WITH_ENV.matches(invokeInstruction, constantPoolGen) ? new InjectionPoint(new int[]{1}, OverlyPermissiveFilePermissionDetector.OVERLY_PERMISSIVE_FILE_PERMISSION) : InjectionPoint.NONE;
        }
        throw new AssertionError();
    }

    static {
        $assertionsDisabled = !SuspiciousCommandDetector.class.desiredAssertionStatus();
        RUNTIME_EXEC = InstructionDSL.invokeInstruction().atClass("java.lang.Runtime").atMethod("exec").withArgs("(Ljava/lang/String;)Ljava/lang/Process;");
        RUNTIME_EXEC_WITH_ENV = InstructionDSL.invokeInstruction().atClass("java.lang.Runtime").atMethod("exec").withArgs("(Ljava/lang/String;[Ljava/lang/String;)Ljava/lang/Process;");
    }
}
