package org.sonar.iac.docker.checks;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.checks.utils.CheckUtils;
import org.sonar.iac.docker.checks.utils.CommandDetector;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.RunInstruction;

@Rule(key = "S6505")
/* loaded from: input_file:org/sonar/iac/docker/checks/PackageInstallationScriptExecutionCheck.class */
public class PackageInstallationScriptExecutionCheck implements IacCheck {
    private static final String MESSAGE = "Omitting --ignore-scripts can lead to the execution of shell scripts. Make sure it is safe here.";
    private static final Set<String> NPM_COMMAND = Set.of("npm", "pnpm");
    private static final Set<String> NPM_INSTALL_COMMAND = Set.of((Object[]) new String[]{"install", "ci", "add", "i", "in", "ins", "inst", "insta", "instal", "isnt", "isnta", "isntal", "isntall"});
    private static final String REQUIRED_FLAG = "--ignore-scripts";
    private static final CommandDetector NPM_PACKAGE_INSTALLATION = CommandDetector.builder().with(NPM_COMMAND).with(NPM_INSTALL_COMMAND).withAnyFlagExcept(REQUIRED_FLAG).build();
    private static final CommandDetector YARN_PACKAGE_INSTALL = CommandDetector.builder().with("yarn").with("install").withAnyFlagExcept(REQUIRED_FLAG).build();

    public void initialize(InitContext initContext) {
        initContext.register(RunInstruction.class, PackageInstallationScriptExecutionCheck::checkRunInstruction);
    }

    private static void checkRunInstruction(CheckContext checkContext, RunInstruction runInstruction) {
        List<ArgumentResolution> resolveInstructionArguments = CheckUtils.resolveInstructionArguments(runInstruction);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(NPM_PACKAGE_INSTALLATION.search(resolveInstructionArguments));
        arrayList.addAll(YARN_PACKAGE_INSTALL.search(resolveInstructionArguments));
        arrayList.forEach(command -> {
            checkContext.reportIssue(command, MESSAGE);
        });
    }
}
