package org.sonar.iac.docker.checks;

import java.util.regex.Pattern;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.EnvInstruction;
import org.sonar.iac.docker.tree.api.KeyValuePair;

@Rule(key = "S4507")
/* loaded from: input_file:org/sonar/iac/docker/checks/DebugModeCheck.class */
public class DebugModeCheck implements IacCheck {
    private static final String MESSAGE = "Do not enable debugging features on production servers.";
    private static final Pattern ENV_DEV_NAME_PATTERN = Pattern.compile("^([_A-Z]+)?ENV(IRONMENT)?$", 2);
    private static final Pattern ENV_DEV_VALUE_PATTERN = Pattern.compile("^dev(el(op(ment)?)?)?$", 2);
    private static final Pattern DEBUG_ENABLED_NAME_PATTERN = Pattern.compile("^([_A-Z]+)?DEBUG$", 2);
    private static final Pattern DEBUG_ENABLED_VALUE_PATTERN = Pattern.compile("^(true|yes|on|1)$", 2);
    private static final Pattern PHPX_DEBUG_ENABLED_NAME_PATTERN = Pattern.compile("^([_A-Z]+)?XDEBUG_MODE$", 2);

    public void initialize(InitContext initContext) {
        initContext.register(EnvInstruction.class, DebugModeCheck::checkEnvDebug);
    }

    private static void checkEnvDebug(CheckContext checkContext, EnvInstruction envInstruction) {
        for (KeyValuePair keyValuePair : envInstruction.environmentVariables()) {
            String value = ArgumentResolution.of(keyValuePair.key()).value();
            String value2 = ArgumentResolution.of(keyValuePair.value()).value();
            if (value != null && value2 != null && isVariableSensitive(value, value2)) {
                checkContext.reportIssue(keyValuePair, MESSAGE);
            }
        }
    }

    private static boolean isVariableSensitive(String str, String str2) {
        return isDevEnv(str, str2) || isDebugMode(str, str2) || isPhpXDebugMode(str, str2);
    }

    private static boolean isDevEnv(String str, String str2) {
        return ENV_DEV_NAME_PATTERN.matcher(str).matches() && ENV_DEV_VALUE_PATTERN.matcher(str2).matches();
    }

    private static boolean isDebugMode(String str, String str2) {
        return DEBUG_ENABLED_NAME_PATTERN.matcher(str).matches() && DEBUG_ENABLED_VALUE_PATTERN.matcher(str2).matches();
    }

    private static boolean isPhpXDebugMode(String str, String str2) {
        return PHPX_DEBUG_ENABLED_NAME_PATTERN.matcher(str).matches() && !str2.equalsIgnoreCase("off");
    }
}
