package org.openrewrite.java.security.spring;

import java.time.Duration;
import java.util.Collections;
import java.util.Set;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Recipe;
import org.openrewrite.Tree;
import org.openrewrite.TreeVisitor;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaSourceFile;
import org.openrewrite.java.tree.TypeUtils;
import org.openrewrite.marker.SearchResult;
import org.openrewrite.xml.XPathMatcher;
import org.openrewrite.xml.XmlIsoVisitor;
import org.openrewrite.xml.tree.Xml;

/* loaded from: input_file:org/openrewrite/java/security/spring/InsecureSpringServiceExporter.class */
public class InsecureSpringServiceExporter extends Recipe {
    public String getDisplayName() {
        return "Secure Spring service exporters";
    }

    public String getDescription() {
        return "The default Java deserialization mechanism is available via `ObjectInputStream` class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution.\n\nSpring’s `RemoteInvocationSerializingExporter` uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least `HttpInvokerServiceExporter` and `SimpleHttpInvokerServiceExporter` that extend `RemoteInvocationSerializingExporter`. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism.\n\nSee the full [blog post](https://blog.gypsyengineer.com/en/security/detecting-dangerous-spring-exporters-with-codeql.html) by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.";
    }

    public Set<String> getTags() {
        return Collections.singleton("CVE-2016-1000027");
    }

    @Nullable
    public Duration getEstimatedEffortPerOccurrence() {
        return Duration.ofMinutes(15L);
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        return new TreeVisitor<Tree, ExecutionContext>() { // from class: org.openrewrite.java.security.spring.InsecureSpringServiceExporter.1
            @Nullable
            public Tree preVisit(Tree tree, ExecutionContext executionContext) {
                return tree instanceof JavaSourceFile ? InsecureSpringServiceExporter.access$000().visit(tree, executionContext, getCursor().getParentOrThrow()) : tree instanceof Xml.Document ? InsecureSpringServiceExporter.access$100().visit(tree, executionContext, getCursor().getParentOrThrow()) : super.preVisit(tree, executionContext);
            }
        };
    }

    private static JavaIsoVisitor<ExecutionContext> findJavaUses() {
        return new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.spring.InsecureSpringServiceExporter.2
            /* renamed from: visitMethodDeclaration, reason: merged with bridge method [inline-methods] */
            public J.MethodDeclaration m588visitMethodDeclaration(J.MethodDeclaration methodDeclaration, ExecutionContext executionContext) {
                return (methodDeclaration.getReturnTypeExpression() == null || !TypeUtils.isAssignableTo("org.springframework.remoting.rmi.RemoteInvocationSerializingExporter", methodDeclaration.getReturnTypeExpression().getType())) ? super.visitMethodDeclaration(methodDeclaration, executionContext) : methodDeclaration.withReturnTypeExpression(SearchResult.found(methodDeclaration.getReturnTypeExpression()));
            }

            /* renamed from: visitClassDeclaration, reason: merged with bridge method [inline-methods] */
            public J.ClassDeclaration m589visitClassDeclaration(J.ClassDeclaration classDeclaration, ExecutionContext executionContext) {
                return TypeUtils.isAssignableTo("org.springframework.remoting.rmi.RemoteInvocationSerializingExporter", classDeclaration.getType()) ? SearchResult.found(classDeclaration) : super.visitClassDeclaration(classDeclaration, executionContext);
            }
        };
    }

    private static XmlIsoVisitor<ExecutionContext> findXmlUses() {
        final XPathMatcher xPathMatcher = new XPathMatcher("/beans/bean");
        return new XmlIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.spring.InsecureSpringServiceExporter.3
            /* renamed from: visitTag, reason: merged with bridge method [inline-methods] */
            public Xml.Tag m590visitTag(Xml.Tag tag, ExecutionContext executionContext) {
                return (xPathMatcher.matches(getCursor()) && tag.getAttributes().stream().anyMatch(attribute -> {
                    return ("class".equals(attribute.getKeyAsString()) && "org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter".equals(attribute.getValueAsString())) || "org.springframework.remoting.httpinvoker.SimpleHttpInvokerServiceExporter".equals(attribute.getValueAsString());
                })) ? SearchResult.found(tag) : super.visitTag(tag, executionContext);
            }
        };
    }

    static /* synthetic */ JavaIsoVisitor access$000() {
        return findJavaUses();
    }

    static /* synthetic */ XmlIsoVisitor access$100() {
        return findXmlUses();
    }
}
