package org.sonar.iac.docker.checks;

import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.checks.utils.CheckUtils;
import org.sonar.iac.docker.checks.utils.CommandDetector;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.RunInstruction;

@Rule(key = "S6500")
/* loaded from: input_file:org/sonar/iac/docker/checks/PackageInstallationCheck.class */
public class PackageInstallationCheck implements IacCheck {
    private static final String MESSAGE = "Make sure automatically installing recommended packages is safe here.";
    private static final Set<String> APT_COMMANDS = Set.of("apt", "apt-get");
    private static final CommandDetector SENSITIVE_APT_COMMAND;
    private static final CommandDetector SENSITIVE_APTITUDE_COMMAND;

    public void initialize(InitContext initContext) {
        initContext.register(RunInstruction.class, PackageInstallationCheck::checkRunInstruction);
    }

    private static void checkRunInstruction(CheckContext checkContext, RunInstruction runInstruction) {
        List<ArgumentResolution> resolveInstructionArguments = CheckUtils.resolveInstructionArguments(runInstruction);
        SENSITIVE_APT_COMMAND.search(resolveInstructionArguments).forEach(command -> {
            checkContext.reportIssue(command, MESSAGE);
        });
        SENSITIVE_APTITUDE_COMMAND.search(resolveInstructionArguments).forEach(command2 -> {
            checkContext.reportIssue(command2, MESSAGE);
        });
    }

    static {
        CommandDetector.Builder builder = CommandDetector.builder();
        Set<String> set = APT_COMMANDS;
        Objects.requireNonNull(set);
        CommandDetector.Builder withAnyFlag = builder.with((v1) -> {
            return r1.contains(v1);
        }).withAnyFlag();
        String str = "install";
        SENSITIVE_APT_COMMAND = withAnyFlag.with((v1) -> {
            return r1.equals(v1);
        }).withAnyFlagExcept("--no-install-recommends").build();
        String str2 = "aptitude";
        CommandDetector.Builder withAnyFlag2 = CommandDetector.builder().with((v1) -> {
            return r1.equals(v1);
        }).withAnyFlag();
        String str3 = "install";
        SENSITIVE_APTITUDE_COMMAND = withAnyFlag2.with((v1) -> {
            return r1.equals(v1);
        }).withAnyFlagExcept("--without-recommends").build();
    }
}
