package com.h3xstream.findsecbugs.serial;

import com.h3xstream.findsecbugs.common.InterfaceUtils;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.bcel.classfile.ConstantUtf8;
import org.apache.bcel.classfile.Field;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.ObjectType;

/* loaded from: classes2.dex */
public class DeserializationGadgetDetector implements Detector {
    private static final String b = "DESERIALIZATION_GADGET";
    private static final List<String> c = Arrays.asList("java/lang/reflect/Method", "java/lang/reflect/Constructor", "org/springframework/beans/BeanUtils", "org/apache/commons/beanutils/BeanUtils", "org/apache/commons/beanutils/PropertyUtils", "org/springframework/util/ReflectionUtils");
    private static final List<String> e = Arrays.asList("readObject", "readUnshared", "readArray", "readResolve");
    List<String> a = Arrays.asList("java/io/ObjectInputStream", "java/lang/Object");
    private final BugReporter d;

    public DeserializationGadgetDetector(BugReporter bugReporter) {
        this.d = bugReporter;
    }

    private boolean a(Method method, ClassContext classContext, List<String> list) {
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        Iterator locationIterator = classContext.getCFG(method).locationIterator();
        int i = 0;
        while (locationIterator.hasNext()) {
            InvokeInstruction instruction = ((Location) locationIterator.next()).getHandle().getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = instruction;
                if (!e.contains(invokeInstruction.getMethodName(constantPoolGen)) && !list.contains(invokeInstruction.getClassName(constantPoolGen))) {
                    i++;
                }
            }
        }
        return i > 3;
    }

    public void a() {
    }

    public void a(ClassContext classContext) {
        boolean z;
        JavaClass javaClass = classContext.getJavaClass();
        boolean a = InterfaceUtils.a(javaClass, "java.io.Serializable");
        boolean a2 = InterfaceUtils.a(javaClass, "java.lang.reflect.InvocationHandler");
        if (a) {
            ConstantUtf8[] constantPool = javaClass.getConstantPool().getConstantPool();
            int length = constantPool.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    z = false;
                    break;
                }
                ConstantUtf8 constantUtf8 = constantPool[i];
                if (constantUtf8 instanceof ConstantUtf8) {
                    if (c.contains(String.valueOf(constantUtf8.getBytes()))) {
                        z = true;
                        break;
                    }
                }
                i++;
            }
            boolean z2 = false;
            boolean z3 = false;
            for (Method method : javaClass.getMethods()) {
                if (!z2 && e.contains(method.getName())) {
                    try {
                        z2 = a(method, classContext, this.a);
                    } catch (CFGBuilderException | DataflowAnalysisException e2) {
                        AnalysisContext.logError("Cannot check custom read object", e2);
                    }
                } else if (!z3 && "invoke".equals(method.getName())) {
                    try {
                        z3 = a(method, classContext, this.a);
                    } catch (CFGBuilderException | DataflowAnalysisException e3) {
                        AnalysisContext.logError("Cannot check custom read object", e3);
                    }
                }
            }
            boolean z4 = false;
            for (Field field : javaClass.getFields()) {
                if ((field.getName().toLowerCase().contains("method") && field.getType().equals(new ObjectType("java.lang.String"))) || field.getType().equals(new ObjectType("java.reflect.Method"))) {
                    z4 = true;
                }
            }
            if ((a && z2) || (a2 && z3)) {
                this.d.reportBug(new BugInstance(this, b, z ? 2 : 3).addClass(javaClass));
            } else if (a && z4 && z) {
                this.d.reportBug(new BugInstance(this, b, 3).addClass(javaClass));
            }
        }
    }
}
