package com.h3xstream.findsecbugs.xml;

import com.h3xstream.findsecbugs.common.ByteCode;
import com.h3xstream.findsecbugs.common.matcher.InstructionDSL;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.ba.AnalysisContext;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.bcel.OpcodeStackDetector;
import java.util.Iterator;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.GETSTATIC;
import org.apache.bcel.generic.ICONST;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.LDC;

/* loaded from: classes3.dex */
public class XmlStreamReaderDetector extends OpcodeStackDetector {
    private static final String b = "XXE_XMLSTREAMREADER";
    private static final String c = "javax.xml.stream.supportDTD";
    private static final String d = "javax.xml.stream.isSupportingExternalEntities";
    private final BugReporter a;

    public XmlStreamReaderDetector(BugReporter bugReporter) {
        this.a = bugReporter;
    }

    public void a(int i) {
        LDC ldc;
        Integer a;
        if (i != 182) {
            return;
        }
        String classConstantOperand = getClassConstantOperand();
        String nameConstantOperand = getNameConstantOperand();
        if (classConstantOperand.equals("javax/xml/stream/XMLInputFactory") && nameConstantOperand.equals("createXMLStreamReader")) {
            ClassContext classContext = getClassContext();
            ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
            try {
                Iterator locationIterator = classContext.getCFG(getMethod()).locationIterator();
                while (locationIterator.hasNext()) {
                    Location location = (Location) locationIterator.next();
                    InvokeInstruction instruction = location.getHandle().getInstruction();
                    if ((instruction instanceof INVOKEVIRTUAL) && "setProperty".equals(instruction.getMethodName(constantPoolGen)) && (ldc = (LDC) ByteCode.a(location.getHandle(), LDC.class)) != null && (c.equals(ldc.getValue(constantPoolGen)) || d.equals(ldc.getValue(constantPoolGen)))) {
                        InstructionHandle prev = location.getHandle().getPrev();
                        InstructionHandle prev2 = prev.getPrev();
                        if (InstructionDSL.a().a("java.lang.Boolean").b("valueOf").a(prev.getInstruction(), constantPoolGen)) {
                            if ((prev2.getInstruction() instanceof ICONST) && (a = ByteCode.a(prev2)) != null && a.equals(0)) {
                                return;
                            }
                        } else if (prev.getInstruction() instanceof GETSTATIC) {
                            GETSTATIC instruction2 = prev.getInstruction();
                            if (instruction2.getClassType(constantPoolGen).getClassName().equals("java.lang.Boolean") && instruction2.getFieldName(constantPoolGen).equals("FALSE")) {
                                return;
                            }
                        } else {
                            continue;
                        }
                    }
                }
                this.a.reportBug(new BugInstance(this, b, 2).addClass(this).addMethod(this).addSourceLine(this));
            } catch (CFGBuilderException e) {
                AnalysisContext.logError("Cannot get CFG", e);
            }
        }
    }
}
