package org.eclipse.cdt.codan.internal.checkers.fs;

import java.util.Iterator;
import org.eclipse.cdt.codan.core.cxx.model.AbstractIndexAstChecker;
import org.eclipse.cdt.core.dom.ast.ASTVisitor;
import org.eclipse.cdt.core.dom.ast.IASTExpression;
import org.eclipse.cdt.core.dom.ast.IASTFunctionCallExpression;
import org.eclipse.cdt.core.dom.ast.IASTIdExpression;
import org.eclipse.cdt.core.dom.ast.IASTInitializerClause;
import org.eclipse.cdt.core.dom.ast.IASTNode;
import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit;
import org.eclipse.cdt.core.dom.ast.IArrayType;
import org.eclipse.cdt.core.dom.ast.IValue;

/* loaded from: input_file:org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.class */
public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker {
    private static final String ER_ID = "org.eclipse.cdt.codan.internal.checkers.ScanfFormatStringSecurityProblem";
    private static final VulnerableFunction[] VULNERABLE_FUNCTIONS = {new VulnerableFunction("scanf", 0, null), new VulnerableFunction("fscanf", 1, null), new VulnerableFunction("fwscanf", 1, null), new VulnerableFunction("wscanf", 0, null), new VulnerableFunction("swscanf", 1, null), new VulnerableFunction("sscanf", 1, null)};

    /* loaded from: input_file:org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker$FormatStringVisitor.class */
    private class FormatStringVisitor extends ASTVisitor {
        private FormatStringVisitor() {
            this.shouldVisitExpressions = true;
        }

        public int visit(IASTExpression iASTExpression) {
            IASTFunctionCallExpression iASTFunctionCallExpression;
            VulnerableFunction vulnerableFunctionForExpression;
            if (!(iASTExpression instanceof IASTFunctionCallExpression) || (vulnerableFunctionForExpression = getVulnerableFunctionForExpression((iASTFunctionCallExpression = (IASTFunctionCallExpression) iASTExpression))) == null) {
                return 3;
            }
            detectFaulyArguments(iASTFunctionCallExpression, iASTFunctionCallExpression.getArguments(), vulnerableFunctionForExpression.getFormatStringArgumentIndex());
            return 3;
        }

        private VulnerableFunction getVulnerableFunctionForExpression(IASTFunctionCallExpression iASTFunctionCallExpression) {
            String rawSignature = iASTFunctionCallExpression.getFunctionNameExpression().getRawSignature();
            for (int i = 0; i < ScanfFormatStringSecurityChecker.VULNERABLE_FUNCTIONS.length; i++) {
                if (ScanfFormatStringSecurityChecker.VULNERABLE_FUNCTIONS[i].getName().equals(rawSignature)) {
                    return ScanfFormatStringSecurityChecker.VULNERABLE_FUNCTIONS[i];
                }
            }
            return null;
        }

        private void detectFaulyArguments(IASTFunctionCallExpression iASTFunctionCallExpression, IASTInitializerClause[] iASTInitializerClauseArr, int i) {
            IValue size;
            Number numberValue;
            CFormatStringParser cFormatStringParser = new CFormatStringParser(iASTInitializerClauseArr[i].getRawSignature());
            if (cFormatStringParser.isVulnerable()) {
                Iterator<VulnerableFormatStringArgument> vulnerableArgumentsIterator = cFormatStringParser.getVulnerableArgumentsIterator();
                while (vulnerableArgumentsIterator.hasNext()) {
                    VulnerableFormatStringArgument next = vulnerableArgumentsIterator.next();
                    int argumentIndex = next.getArgumentIndex();
                    int argumentSize = next.getArgumentSize();
                    if (argumentSize == -1) {
                        ScanfFormatStringSecurityChecker.this.reportProblem(ScanfFormatStringSecurityChecker.ER_ID, iASTFunctionCallExpression, new Object[]{iASTFunctionCallExpression.getRawSignature()});
                    }
                    IASTInitializerClause iASTInitializerClause = iASTInitializerClauseArr[1 + i + argumentIndex];
                    if (iASTInitializerClause instanceof IASTIdExpression) {
                        IASTNode iASTNode = (IASTIdExpression) iASTInitializerClause;
                        IArrayType expressionType = iASTNode.getExpressionType();
                        if ((expressionType instanceof IArrayType) && (size = expressionType.getSize()) != null && (numberValue = size.numberValue()) != null && argumentSize > numberValue.longValue()) {
                            ScanfFormatStringSecurityChecker.this.reportProblem(ScanfFormatStringSecurityChecker.ER_ID, iASTNode, new Object[]{iASTNode.getRawSignature()});
                        }
                    }
                }
            }
        }

        /* synthetic */ FormatStringVisitor(ScanfFormatStringSecurityChecker scanfFormatStringSecurityChecker, FormatStringVisitor formatStringVisitor) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker$VulnerableFunction.class */
    public static final class VulnerableFunction {
        private final String name;
        private final int formatStringArgumentIndex;

        private VulnerableFunction(String str, int i) {
            this.name = str;
            this.formatStringArgumentIndex = i;
        }

        public String getName() {
            return this.name;
        }

        public int getFormatStringArgumentIndex() {
            return this.formatStringArgumentIndex;
        }

        /* synthetic */ VulnerableFunction(String str, int i, VulnerableFunction vulnerableFunction) {
            this(str, i);
        }
    }

    public void processAst(IASTTranslationUnit iASTTranslationUnit) {
        iASTTranslationUnit.accept(new FormatStringVisitor(this, null));
    }
}
