package org.sonar.iac.docker.checks;

import java.util.List;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.checks.utils.CheckUtils;
import org.sonar.iac.docker.checks.utils.CommandDetector;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.RunInstruction;

@Rule(key = "S4790")
/* loaded from: input_file:org/sonar/iac/docker/checks/WeakHashAlgorithmsCheck.class */
public class WeakHashAlgorithmsCheck implements IacCheck {
    private static final String MESSAGE = "Using weak hashing algorithms is security-sensitive.";
    private static final Set<String> OPENSSL_SENSITIVE_SUBCOMMAND = Set.of("md5", "sha1", "rmd160", "ripemd160");
    private static final Set<String> OPENSSL_SENSITIVE_DGST_OPTION = Set.of("-md2", "-md4", "-md5", "-sha1", "-ripemd160", "-ripemd", "-rmd160");
    private static final Set<String> SHASUM_SENSITIVE_COMMAND = Set.of("md5sum", "sha1sum");
    private static final Set<String> SHASUM_SENSITIVE_FLAG = Set.of("-a", "--algorithm");
    private static final CommandDetector SENSITIVE_OPENSSL_SUBCOMMAND = CommandDetector.builder().with("openssl").with(OPENSSL_SENSITIVE_SUBCOMMAND).build();
    private static final CommandDetector SENSITIVE_OPENSSL_DGST = CommandDetector.builder().with("openssl").with("dgst").withAnyFlagFollowedBy(OPENSSL_SENSITIVE_DGST_OPTION).build();
    private static final CommandDetector SENSITIVE_SHASUM_COMMAND = CommandDetector.builder().with(SHASUM_SENSITIVE_COMMAND).build();
    private static final CommandDetector SENSITIVE_SHASUN_COMMAND_WITHOUT_OPTION_A = CommandDetector.builder().with("shasum").withAnyFlagExcept(SHASUM_SENSITIVE_FLAG).build();
    private static final CommandDetector SENSITIVE_SHASUM_COMMAND_WITH_OPTION_A_TO_1 = CommandDetector.builder().with("shasum").withAnyFlagFollowedBy(SHASUM_SENSITIVE_FLAG).with("1").build();
    private static final List<CommandDetector> COMMANDS = List.of(SENSITIVE_OPENSSL_SUBCOMMAND, SENSITIVE_OPENSSL_DGST, SENSITIVE_SHASUM_COMMAND, SENSITIVE_SHASUN_COMMAND_WITHOUT_OPTION_A, SENSITIVE_SHASUM_COMMAND_WITH_OPTION_A_TO_1);

    public void initialize(InitContext initContext) {
        initContext.register(RunInstruction.class, WeakHashAlgorithmsCheck::checkRun);
    }

    private static void checkRun(CheckContext checkContext, RunInstruction runInstruction) {
        List<ArgumentResolution> resolveInstructionArguments = CheckUtils.resolveInstructionArguments(runInstruction);
        COMMANDS.forEach(commandDetector -> {
            commandDetector.search(resolveInstructionArguments).forEach(command -> {
                checkContext.reportIssue(command, MESSAGE);
            });
        });
    }
}
