package org.sonar.iac.docker.checks;

import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.Flag;
import org.sonar.iac.docker.tree.api.RunInstruction;

@Rule(key = "S6502")
/* loaded from: input_file:org/sonar/iac/docker/checks/BuilderSandboxCheck.class */
public class BuilderSandboxCheck implements IacCheck {
    private static final String MESSAGE = "Make sure that disabling the builder sandbox is safe here.";

    public void initialize(InitContext initContext) {
        initContext.register(RunInstruction.class, (checkContext, runInstruction) -> {
            for (Flag flag : runInstruction.options()) {
                if ("security".equals(flag.name()) && "insecure".equals(ArgumentResolution.of(flag.value()).value())) {
                    checkContext.reportIssue(flag, MESSAGE);
                }
            }
        });
    }
}
