package com.h3xstream.findsecbugs.wicket;

import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.common.matcher.InstructionDSL;
import com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InvokeInstruction;

/* loaded from: input_file:com/h3xstream/findsecbugs/wicket/WicketXssComponentDetector.class */
public class WicketXssComponentDetector implements Detector {
    private static final boolean DEBUG = false;
    private static final String WIC_XSS = "WICKET_XSS1";
    private static final InvokeMatcherBuilder COMPONENT_ESCAPE_MODEL_STRINGS = InstructionDSL.invokeInstruction().atMethod("setEscapeModelStrings").withArgs("(Z)Lorg/apache/wicket/Component;");
    private final BugReporter bugReporter;

    public WicketXssComponentDetector(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        Method[] methods = classContext.getJavaClass().getMethods();
        int length = methods.length;
        for (int i = DEBUG; i < length; i++) {
            try {
                analyzeMethod(methods[i], classContext);
            } catch (CFGBuilderException e) {
            } catch (DataflowAnalysisException e2) {
            }
        }
    }

    private void analyzeMethod(Method method, ClassContext classContext) throws CFGBuilderException, DataflowAnalysisException {
        boolean z = DEBUG;
        boolean z2 = DEBUG;
        Location location = DEBUG;
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = classContext.getCFG(method).locationIterator();
        while (locationIterator.hasNext()) {
            Location location2 = (Location) locationIterator.next();
            Instruction instruction = location2.getHandle().getInstruction();
            if (instruction instanceof InvokeInstruction) {
                if (COMPONENT_ESCAPE_MODEL_STRINGS.matches((InvokeInstruction) instruction, constantPoolGen)) {
                    Integer constantInt = ByteCode.getConstantInt(location2.getHandle().getPrev());
                    if (constantInt != null && constantInt.intValue() == 0) {
                        z = true;
                        location = location2;
                    } else if (constantInt == null) {
                        z2 = true;
                        location = location2;
                    }
                }
            }
        }
        if (z) {
            JavaClass javaClass = classContext.getJavaClass();
            this.bugReporter.reportBug(new BugInstance(this, WIC_XSS, 2).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, location));
        } else if (z2) {
            JavaClass javaClass2 = classContext.getJavaClass();
            this.bugReporter.reportBug(new BugInstance(this, WIC_XSS, 3).addClass(javaClass2).addMethod(javaClass2, method).addSourceLine(classContext, method, location));
        }
    }

    public void report() {
    }
}
