package org.sonar.iac.docker.checks;

import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.tree.api.ExposeTree;
import org.sonar.iac.docker.tree.api.PortTree;
import org.sonar.iac.docker.tree.api.SyntaxToken;

@Rule(key = "S6473")
/* loaded from: input_file:org/sonar/iac/docker/checks/ExposePortCheck.class */
public class ExposePortCheck implements IacCheck {
    private static final Logger LOG = Loggers.get(ExposePortCheck.class);
    private static final String MESSAGE = "Make sure that exposing administration services is safe here.";
    private static final String DEFAULT_SENSITIVE_PORTS = "22, 23, 3389, 5800, 5900";
    private List<Integer> sensitivePorts;

    @RuleProperty(key = "ports", description = "Comma separated list of sensitive ports.", defaultValue = DEFAULT_SENSITIVE_PORTS)
    String portList = DEFAULT_SENSITIVE_PORTS;

    public void initialize(InitContext initContext) {
        initContext.register(ExposeTree.class, (checkContext, exposeTree) -> {
            exposeTree.ports().forEach(portTree -> {
                checkPort(checkContext, portTree);
            });
        });
        this.sensitivePorts = sensitivePorts(this.portList);
    }

    private static List<Integer> sensitivePorts(String str) {
        try {
            return (List) Arrays.stream(str.split(",\\s*+")).map(Integer::parseInt).collect(Collectors.toList());
        } catch (NumberFormatException e) {
            LOG.warn("The port list provided for ExposePortCheck (S6473) is not a comma seperated list of integers. The default list is used. Invalid list of ports \"{}\"", str);
            return sensitivePorts(DEFAULT_SENSITIVE_PORTS);
        }
    }

    private void checkPort(CheckContext checkContext, PortTree portTree) {
        if (isTcpProtocol(portTree.protocol())) {
            try {
                if (isSensitivePort(Integer.parseInt(portTree.portMin().value()), Integer.parseInt(portTree.portMax().value()))) {
                    checkContext.reportIssue(portTree, MESSAGE);
                }
            } catch (NumberFormatException e) {
            }
        }
    }

    private boolean isSensitivePort(int i, int i2) {
        return this.sensitivePorts.stream().anyMatch(num -> {
            return isBetween(num.intValue(), i, i2);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isBetween(int i, int i2, int i3) {
        return i >= i2 && i <= i3;
    }

    private static boolean isTcpProtocol(@Nullable SyntaxToken syntaxToken) {
        if (syntaxToken != null) {
            return "tcp".equals(syntaxToken.value());
        }
        return true;
    }
}
