package com.h3xstream.findsecbugs.password;

import com.h3xstream.findsecbugs.common.StackUtils;
import com.h3xstream.findsecbugs.common.matcher.InstructionDSL;
import com.h3xstream.findsecbugs.common.matcher.InvokeMatcherBuilder;
import com.h3xstream.findsecbugs.injection.BasicInjectionDetector;
import com.h3xstream.findsecbugs.injection.InjectionPoint;
import com.h3xstream.findsecbugs.taintanalysis.Taint;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrame;
import com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.FieldInstruction;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LoadInstruction;
import org.apache.bcel.generic.LocalVariableGen;
import org.apache.bcel.generic.MethodGen;

/* loaded from: input_file:com/h3xstream/findsecbugs/password/HashUnsafeEqualsDetector.class */
public class HashUnsafeEqualsDetector extends BasicInjectionDetector implements TaintFrameAdditionalVisitor {
    private static final String UNSAFE_HASH_EQUALS_TYPE = "UNSAFE_HASH_EQUALS";
    private static final boolean DEBUG = false;
    private static final List<String> ALLOWED_WORDS;
    private static final InvokeMatcherBuilder STRING_EQUALS_METHOD = InstructionDSL.invokeInstruction().atClass("java/lang/String").atMethod("equals").withArgs("(Ljava/lang/Object;)Z");
    private static final InvokeMatcherBuilder ARRAYS_EQUALS_METHOD = InstructionDSL.invokeInstruction().atClass("java/util/Arrays").atMethod("equals").withArgs("([B[B)Z");
    private static final List<String> HASH_WORDS = new ArrayList();

    public HashUnsafeEqualsDetector(BugReporter bugReporter) {
        super(bugReporter);
        registerVisitor(this);
    }

    @Override // com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    protected int getPriorityFromTaintFrame(TaintFrame taintFrame, int i) throws DataflowAnalysisException {
        Taint taint = (Taint) taintFrame.getStackValue(i);
        Taint taint2 = (Taint) taintFrame.getStackValue(i == 0 ? 1 : DEBUG);
        return ((taint2.isUnknown() && taint2.hasTag(Taint.Tag.HASH_VARIABLE)) || (taint.isUnknown() && taint.hasTag(Taint.Tag.HASH_VARIABLE))) ? 2 : 5;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.h3xstream.findsecbugs.injection.BasicInjectionDetector, com.h3xstream.findsecbugs.injection.AbstractInjectionDetector
    public InjectionPoint getInjectionPoint(InvokeInstruction invokeInstruction, ConstantPoolGen constantPoolGen, InstructionHandle instructionHandle) {
        return (STRING_EQUALS_METHOD.matches(invokeInstruction, constantPoolGen) || ARRAYS_EQUALS_METHOD.matches(invokeInstruction, constantPoolGen)) ? new InjectionPoint(new int[]{DEBUG, 1}, UNSAFE_HASH_EQUALS_TYPE) : InjectionPoint.NONE;
    }

    @Override // com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
    public void visitInvoke(InvokeInstruction invokeInstruction, MethodGen methodGen, TaintFrame taintFrame, List<Taint> list, ConstantPoolGen constantPoolGen) {
    }

    @Override // com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
    public void visitReturn(MethodGen methodGen, Taint taint, ConstantPoolGen constantPoolGen) throws Exception {
    }

    @Override // com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
    public void visitLoad(LoadInstruction loadInstruction, MethodGen methodGen, TaintFrame taintFrame, int i, ConstantPoolGen constantPoolGen) {
        int index = loadInstruction.getIndex();
        LocalVariableGen localVariable = StackUtils.getLocalVariable(methodGen, index);
        if (localVariable == null) {
            return;
        }
        String name = localVariable.getName();
        boolean z = DEBUG;
        String lowerCase = name.toLowerCase();
        Iterator<String> it = HASH_WORDS.iterator();
        loop0: while (it.hasNext()) {
            if (lowerCase.contains(it.next())) {
                Iterator<String> it2 = ALLOWED_WORDS.iterator();
                while (it2.hasNext()) {
                    if (lowerCase.contains(it2.next())) {
                        break loop0;
                    }
                }
                z = true;
            }
        }
        if (z) {
            ((Taint) taintFrame.getValue(index)).addTag(Taint.Tag.HASH_VARIABLE);
            if (i <= 0) {
                return;
            }
            for (int i2 = DEBUG; i2 < i; i2++) {
                try {
                    ((Taint) taintFrame.getStackValue(i2)).addTag(Taint.Tag.HASH_VARIABLE);
                } catch (DataflowAnalysisException e) {
                    return;
                }
            }
        }
    }

    @Override // com.h3xstream.findsecbugs.taintanalysis.TaintFrameAdditionalVisitor
    public void visitField(FieldInstruction fieldInstruction, MethodGen methodGen, TaintFrame taintFrame, Taint taint, int i, ConstantPoolGen constantPoolGen) throws Exception {
    }

    static {
        HASH_WORDS.add("hash");
        HASH_WORDS.add("md5");
        HASH_WORDS.add("sha");
        HASH_WORDS.add("digest");
        ALLOWED_WORDS = new ArrayList();
        ALLOWED_WORDS.add("share");
        ALLOWED_WORDS.add("shall");
        ALLOWED_WORDS.add("shad");
        ALLOWED_WORDS.add("sharp");
        ALLOWED_WORDS.add("shap");
    }
}
