package org.openrewrite.java.security.servlet;

import fj.data.Option;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import org.openrewrite.Cursor;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Preconditions;
import org.openrewrite.Recipe;
import org.openrewrite.TreeVisitor;
import org.openrewrite.analysis.dataflow.DataFlowNode;
import org.openrewrite.analysis.dataflow.DataFlowSpec;
import org.openrewrite.analysis.dataflow.Dataflow;
import org.openrewrite.java.JavaIsoVisitor;
import org.openrewrite.java.JavaParser;
import org.openrewrite.java.JavaTemplate;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.search.UsesMethod;
import org.openrewrite.java.tree.Expression;
import org.openrewrite.java.tree.J;

/* loaded from: input_file:org/openrewrite/java/security/servlet/CookieSetSecure.class */
public class CookieSetSecure extends Recipe {
    public String getDisplayName() {
        return "Insecure cookies";
    }

    public String getDescription() {
        return "Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.";
    }

    public Set<String> getTags() {
        return Collections.singleton("CWE-614");
    }

    public TreeVisitor<?, ExecutionContext> getVisitor() {
        final MethodMatcher methodMatcher = new MethodMatcher("javax.servlet.http.Cookie <constructor>(..)");
        final MethodMatcher methodMatcher2 = new MethodMatcher("javax.servlet.http.Cookie setSecure(boolean)");
        return Preconditions.check(new UsesMethod(methodMatcher), new JavaIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.servlet.CookieSetSecure.1
            /* renamed from: visitBlock, reason: merged with bridge method [inline-methods] */
            public J.Block m599visitBlock(J.Block block, ExecutionContext executionContext) {
                J.Block visitBlock = super.visitBlock(block, executionContext);
                J.VariableDeclarations variableDeclarations = (J.VariableDeclarations) getCursor().getMessage("insecure");
                if (variableDeclarations == null) {
                    return visitBlock;
                }
                J.MethodInvocation methodInvocation = (J.MethodInvocation) getCursor().getMessage("setSecureFalse");
                return methodInvocation == null ? JavaTemplate.builder("#{any(javax.servlet.http.Cookie)}.setSecure(true);").javaParser(JavaParser.fromJavaVersion().classpathFromResources(executionContext, new String[]{"javaee-api"})).build().apply(getCursor(), variableDeclarations.getCoordinates().after(), new Object[]{((J.VariableDeclarations.NamedVariable) variableDeclarations.getVariables().get(0)).getName()}) : JavaTemplate.builder("true").build().apply(getCursor(), methodInvocation.getCoordinates().replaceArguments(), new Object[0]);
            }

            /* renamed from: visitNewClass, reason: merged with bridge method [inline-methods] */
            public J.NewClass m598visitNewClass(J.NewClass newClass, ExecutionContext executionContext) {
                if (((J.NewArray) getCursor().firstEnclosing(J.NewArray.class)) != null) {
                    return newClass;
                }
                if (methodMatcher.matches(newClass) && getCursor().firstEnclosing(J.VariableDeclarations.class) != null && Dataflow.startingAt(getCursor()).findSinks(new DataFlowSpec() { // from class: org.openrewrite.java.security.servlet.CookieSetSecure.1.1
                    public boolean isSource(DataFlowNode dataFlowNode) {
                        return true;
                    }

                    public boolean isSink(DataFlowNode dataFlowNode) {
                        Object value = dataFlowNode.getCursor().getParentTreeCursor().getValue();
                        return (value instanceof J.MethodInvocation) && methodMatcher2.matches((J.MethodInvocation) value);
                    }
                }).bind(sinkFlowSummary -> {
                    Iterator it = sinkFlowSummary.getSinkCursors().iterator();
                    while (it.hasNext()) {
                        J.MethodInvocation methodInvocation = (J.MethodInvocation) ((Cursor) it.next()).getParentTreeCursor().getValue();
                        J.Literal literal = (Expression) methodInvocation.getArguments().get(0);
                        if (!(literal instanceof J.Literal) || Boolean.TRUE.equals(literal.getValue())) {
                            return Option.some(sinkFlowSummary);
                        }
                        getCursor().putMessageOnFirstEnclosing(J.Block.class, "setSecureFalse", methodInvocation);
                    }
                    return Option.none();
                }).isNone()) {
                    getCursor().putMessageOnFirstEnclosing(J.Block.class, "insecure", getCursor().firstEnclosingOrThrow(J.VariableDeclarations.class));
                }
                return super.visitNewClass(newClass, executionContext);
            }
        });
    }
}
