package com.h3xstream.findsecbugs;

import com.android.common.utils.StringUtils;
import com.ctrip.ebooking.aphone.deviceInfo.Symbol;
import com.h3xstream.findsecbugs.common.ByteCode;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Iterator;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.INVOKEINTERFACE;
import org.apache.bcel.generic.LDC;

/* loaded from: classes2.dex */
public class PermissiveCORSDetector implements Detector {
    private static final String a = "PERMISSIVE_CORS";
    private BugReporter b;

    public PermissiveCORSDetector(BugReporter bugReporter) {
        this.b = bugReporter;
    }

    private void a(Method method, ClassContext classContext) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = classContext.getCFG(method).locationIterator();
        while (locationIterator.hasNext()) {
            Location location = (Location) locationIterator.next();
            INVOKEINTERFACE instruction = location.getHandle().getInstruction();
            if (instruction instanceof INVOKEINTERFACE) {
                INVOKEINTERFACE invokeinterface = instruction;
                String methodName = invokeinterface.getMethodName(constantPoolGen);
                if (invokeinterface.getClassName(constantPoolGen).equals("javax.servlet.http.HttpServletResponse") && (methodName.equals("addHeader") || methodName.equals("setHeader"))) {
                    LDC ldc = (LDC) ByteCode.a(location.getHandle().getPrev(), LDC.class);
                    if (ldc != null) {
                        String str = (String) ByteCode.a(location.getHandle().getPrev(), constantPoolGen, String.class);
                        if ("Access-Control-Allow-Origin".equalsIgnoreCase((String) ldc.getValue(constantPoolGen)) && (str.contains(Symbol.y) || StringUtils.NULL.equalsIgnoreCase(str))) {
                            JavaClass javaClass = classContext.getJavaClass();
                            this.b.reportBug(new BugInstance(this, a, 1).addClass(javaClass).addMethod(javaClass, method).addSourceLine(classContext, method, location));
                        }
                    }
                }
            }
        }
    }

    public void a() {
    }

    public void a(ClassContext classContext) {
        for (Method method : classContext.getJavaClass().getMethods()) {
            try {
                a(method, classContext);
            } catch (CFGBuilderException | DataflowAnalysisException unused) {
            }
        }
    }
}
