package org.sonar.iac.docker.checks;

import java.util.ArrayDeque;
import java.util.List;
import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.tree.api.AddInstruction;
import org.sonar.iac.docker.tree.api.Argument;
import org.sonar.iac.docker.tree.api.CopyInstruction;
import org.sonar.iac.docker.tree.api.Flag;
import org.sonar.iac.docker.utils.ArgumentUtils;

@Rule(key = "S6470")
/* loaded from: input_file:org/sonar/iac/docker/checks/DirectoryCopySourceCheck.class */
public class DirectoryCopySourceCheck implements IacCheck {
    private static final String MESSAGE_CURRENT_OR_ROOT = "Make sure that recursively copying directories is safe here.";
    private static final String MESSAGE_GLOBING = "Make sure that using globbing in a %s source is safe here.";
    private static final Pattern WINDOWS_DRIVE_PATTERN = Pattern.compile("^[a-zA-Z]:$");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/sonar/iac/docker/checks/DirectoryCopySourceCheck$PathSensitivity.class */
    public enum PathSensitivity {
        SAFE,
        ROOT_OR_CURRENT,
        TOP_LEVEL_GLOBBING
    }

    public void initialize(InitContext initContext) {
        initContext.register(AddInstruction.class, DirectoryCopySourceCheck::checkAdd);
        initContext.register(CopyInstruction.class, DirectoryCopySourceCheck::checkCopy);
    }

    private static void checkAdd(CheckContext checkContext, AddInstruction addInstruction) {
        for (Argument argument : addInstruction.srcs()) {
            String value = ArgumentUtils.resolve(argument).value();
            if (value != null && !value.startsWith("http://") && !value.startsWith("https://")) {
                reportIfSensitive(checkContext, argument, isSensitivePath(value), "ADD");
            }
        }
    }

    private static void checkCopy(CheckContext checkContext, CopyInstruction copyInstruction) {
        if (hasOption(copyInstruction.options(), "from")) {
            return;
        }
        for (Argument argument : copyInstruction.srcs()) {
            String value = ArgumentUtils.resolve(argument).value();
            if (value != null) {
                reportIfSensitive(checkContext, argument, isSensitivePath(value), "COPY");
            }
        }
    }

    private static boolean hasOption(List<Flag> list, String str) {
        return list.stream().anyMatch(flag -> {
            return flag.name().equals(str);
        });
    }

    private static void reportIfSensitive(CheckContext checkContext, Argument argument, PathSensitivity pathSensitivity, String str) {
        if (pathSensitivity == PathSensitivity.ROOT_OR_CURRENT) {
            checkContext.reportIssue(argument, MESSAGE_CURRENT_OR_ROOT);
        } else if (pathSensitivity == PathSensitivity.TOP_LEVEL_GLOBBING) {
            checkContext.reportIssue(argument, String.format(MESSAGE_GLOBING, str));
        }
    }

    private static PathSensitivity isSensitivePath(String str) {
        String[] normalize = normalize(str);
        if (normalize.length == 0) {
            return PathSensitivity.ROOT_OR_CURRENT;
        }
        if (normalize.length == 1 && isRootOrCurrent(normalize[0])) {
            return PathSensitivity.ROOT_OR_CURRENT;
        }
        int levelToCheckIndex = getLevelToCheckIndex(normalize);
        return (normalize[levelToCheckIndex].endsWith("*") && normalize.length == levelToCheckIndex + 1) ? PathSensitivity.TOP_LEVEL_GLOBBING : PathSensitivity.SAFE;
    }

    private static boolean isRootOrCurrent(String str) {
        return str.isEmpty() || ".".equals(str) || WINDOWS_DRIVE_PATTERN.matcher(str).find();
    }

    private static int getLevelToCheckIndex(String[] strArr) {
        return isRootOrCurrent(strArr[0]) ? 1 : 0;
    }

    static String[] normalize(String str) {
        ArrayDeque arrayDeque = new ArrayDeque();
        for (String str2 : str.split("/")) {
            if ("..".equals(str2) && !arrayDeque.isEmpty()) {
                arrayDeque.removeLast();
            } else if (str2.isEmpty()) {
                if (arrayDeque.isEmpty()) {
                    arrayDeque.add(str2);
                }
            } else if (".".equals(str2) && arrayDeque.isEmpty()) {
                arrayDeque.add(str2);
            } else if (!".".equals(str2)) {
                arrayDeque.add(str2);
            }
        }
        return (String[]) arrayDeque.toArray(new String[0]);
    }
}
