package org.sonar.iac.docker.checks;

import java.util.List;
import javax.annotation.Nullable;
import org.sonar.check.Rule;
import org.sonar.iac.common.api.checks.CheckContext;
import org.sonar.iac.common.api.checks.IacCheck;
import org.sonar.iac.common.api.checks.InitContext;
import org.sonar.iac.common.api.tree.impl.TextRanges;
import org.sonar.iac.docker.checks.utils.Chmod;
import org.sonar.iac.docker.symbols.ArgumentResolution;
import org.sonar.iac.docker.tree.api.Argument;
import org.sonar.iac.docker.tree.api.RunInstruction;
import org.sonar.iac.docker.tree.api.TransferInstruction;

@Rule(key = "S2612")
/* loaded from: input_file:org/sonar/iac/docker/checks/PosixPermissionCheck.class */
public class PosixPermissionCheck implements IacCheck {
    private static final String MESSAGE = "Make sure granting write access to others is safe here.";

    public void initialize(InitContext initContext) {
        initContext.register(TransferInstruction.class, PosixPermissionCheck::checkTransferChmodPermission);
        initContext.register(RunInstruction.class, PosixPermissionCheck::checkRunChmodPermission);
    }

    private static void checkRunChmodPermission(CheckContext checkContext, RunInstruction runInstruction) {
        for (Chmod chmod : Chmod.extractChmodsFromArguments(runInstruction.arguments())) {
            if (chmod.hasPermission("o+w") || chmod.hasPermission("g+s") || chmod.hasPermission("u+s")) {
                checkContext.reportIssue(TextRanges.merge(List.of(chmod.chmodArg.textRange(), chmod.permissionsArg.textRange())), MESSAGE);
            }
        }
    }

    private static void checkTransferChmodPermission(CheckContext checkContext, TransferInstruction transferInstruction) {
        transferInstruction.options().stream().filter(flag -> {
            return "chmod".equals(flag.name());
        }).filter(flag2 -> {
            return isPermissionSensitive(flag2.value());
        }).forEach(flag3 -> {
            checkContext.reportIssue(flag3, MESSAGE);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isPermissionSensitive(@Nullable Argument argument) {
        String value;
        if (argument == null || (value = ArgumentResolution.of(argument).value()) == null) {
            return false;
        }
        return Chmod.Permission.fromNumeric(value).hasRight("o+w");
    }
}
