package com.android.tools.lint.checks;

import com.android.tools.lint.checks.TargetSdkCheckResult;
import com.android.tools.lint.client.api.JavaEvaluator;
import com.android.tools.lint.detector.api.Category;
import com.android.tools.lint.detector.api.ConstantEvaluator;
import com.android.tools.lint.detector.api.Detector;
import com.android.tools.lint.detector.api.Implementation;
import com.android.tools.lint.detector.api.Issue;
import com.android.tools.lint.detector.api.JavaContext;
import com.android.tools.lint.detector.api.LintFix;
import com.android.tools.lint.detector.api.Location;
import com.android.tools.lint.detector.api.Scope;
import com.android.tools.lint.detector.api.Severity;
import com.android.tools.lint.detector.api.SourceCodeScanner;
import com.intellij.psi.PsiElement;
import com.intellij.psi.PsiMethod;
import java.util.Collection;
import java.util.EnumSet;
import java.util.List;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmField;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.uast.UCallExpression;
import org.jetbrains.uast.UElement;
import org.jetbrains.uast.UExpression;
import org.jetbrains.uast.UMethod;
import org.jetbrains.uast.UastUtils;

/* compiled from: UnsafeFilenameDetector.kt */
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��:\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010 \n\u0002\u0010\u000e\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0004\u0018�� \u00142\u00020\u00012\u00020\u0002:\u0003\u0012\u0013\u0014B\u0007¢\u0006\u0004\b\u0003\u0010\u0004J\u000e\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006H\u0016J \u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u000fH\u0016J\u0018\u0010\u0010\u001a\u00020\u00112\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\n\u001a\u00020\u000bH\u0002¨\u0006\u0015"}, d2 = {"Lcom/android/tools/lint/checks/UnsafeFilenameDetector;", "Lcom/android/tools/lint/detector/api/Detector;", "Lcom/android/tools/lint/detector/api/SourceCodeScanner;", "<init>", "()V", "getApplicableMethodNames", TargetSdkCheckResult.NoIssue.message, TargetSdkCheckResult.NoIssue.message, "visitMethodCall", TargetSdkCheckResult.NoIssue.message, "context", "Lcom/android/tools/lint/detector/api/JavaContext;", "node", "Lorg/jetbrains/uast/UCallExpression;", CallSuperDetector.KEY_METHOD, "Lcom/intellij/psi/PsiMethod;", "isFirstArgDisplayName", TargetSdkCheckResult.NoIssue.message, "DisplayNameDataFlowAnalyzer", "FilenameDataFlowAnalyzer", "Companion", "lint-checks"})
/* loaded from: input_file:com/android/tools/lint/checks/UnsafeFilenameDetector.class */
public final class UnsafeFilenameDetector extends Detector implements SourceCodeScanner {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @JvmField
    @NotNull
    public static final Issue ISSUE = Issue.Companion.create$default(Issue.Companion, "UnsanitizedFilenameFromContentProvider", "Trusting ContentProvider filenames without any sanitization", "\n            When communicating between applications with files, the server app can provide the \\\n          client app with a maliciously constructed filename. The client app should never trust \\\n          this filename and should either sanitize it or completely discard it.\n        ", new Implementation(UnsafeFilenameDetector.class, Scope.JAVA_FILE_SCOPE), "https://developer.android.com/privacy-and-security/risks/untrustworthy-contentprovider-provided-filename", Category.SECURITY, 6, Severity.WARNING, false, true, (EnumSet) null, (Collection) null, 3328, (Object) null);

    @NotNull
    private static final String LITERAL_DISPLAY_NAME = "_display_name";

    @NotNull
    private static final String METHOD_GET_COLUMN_INDEX = "getColumnIndex";

    @NotNull
    private static final String METHOD_GET_COLUMN_INDEX_OR_THROW = "getColumnIndexOrThrow";

    @NotNull
    private static final String METHOD_GET_STRING = "getString";

    @NotNull
    private static final String CLASS_CURSOR = "android.database.Cursor";

    @NotNull
    private static final String CLASS_FILE = "java.io.File";

    /* compiled from: UnsafeFilenameDetector.kt */
    @Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0006\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u0010\u0010\u0004\u001a\u00020\u00058\u0006X\u0087\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u000b\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��R\u000e\u0010\f\u001a\u00020\u0007X\u0082T¢\u0006\u0002\n��¨\u0006\r"}, d2 = {"Lcom/android/tools/lint/checks/UnsafeFilenameDetector$Companion;", TargetSdkCheckResult.NoIssue.message, "<init>", "()V", "ISSUE", "Lcom/android/tools/lint/detector/api/Issue;", "LITERAL_DISPLAY_NAME", TargetSdkCheckResult.NoIssue.message, "METHOD_GET_COLUMN_INDEX", "METHOD_GET_COLUMN_INDEX_OR_THROW", "METHOD_GET_STRING", "CLASS_CURSOR", "CLASS_FILE", "lint-checks"})
    /* loaded from: input_file:com/android/tools/lint/checks/UnsafeFilenameDetector$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: UnsafeFilenameDetector.kt */
    @Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��,\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0002\u0018��2\u00020\u0001B\u001f\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0004\b\b\u0010\tJ\u0018\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0003H\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\n\u0010\u000bR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\f\u0010\rR\u0011\u0010\u0006\u001a\u00020\u0007¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u000f¨\u0006\u0015"}, d2 = {"Lcom/android/tools/lint/checks/UnsafeFilenameDetector$DisplayNameDataFlowAnalyzer;", "Lcom/android/tools/lint/checks/DataFlowAnalyzer;", "trackedNode", "Lorg/jetbrains/uast/UElement;", "context", "Lcom/android/tools/lint/detector/api/JavaContext;", "evaluator", "Lcom/android/tools/lint/client/api/JavaEvaluator;", "<init>", "(Lorg/jetbrains/uast/UElement;Lcom/android/tools/lint/detector/api/JavaContext;Lcom/android/tools/lint/client/api/JavaEvaluator;)V", "getTrackedNode", "()Lorg/jetbrains/uast/UElement;", "getContext", "()Lcom/android/tools/lint/detector/api/JavaContext;", "getEvaluator", "()Lcom/android/tools/lint/client/api/JavaEvaluator;", "argument", TargetSdkCheckResult.NoIssue.message, "call", "Lorg/jetbrains/uast/UCallExpression;", "reference", "lint-checks"})
    /* loaded from: input_file:com/android/tools/lint/checks/UnsafeFilenameDetector$DisplayNameDataFlowAnalyzer.class */
    private static final class DisplayNameDataFlowAnalyzer extends DataFlowAnalyzer {

        @NotNull
        private final UElement trackedNode;

        @NotNull
        private final JavaContext context;

        @NotNull
        private final JavaEvaluator evaluator;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public DisplayNameDataFlowAnalyzer(@NotNull UElement uElement, @NotNull JavaContext javaContext, @NotNull JavaEvaluator javaEvaluator) {
            super(SetsKt.setOf(uElement), null, 2, null);
            Intrinsics.checkNotNullParameter(uElement, "trackedNode");
            Intrinsics.checkNotNullParameter(javaContext, "context");
            Intrinsics.checkNotNullParameter(javaEvaluator, "evaluator");
            this.trackedNode = uElement;
            this.context = javaContext;
            this.evaluator = javaEvaluator;
        }

        @NotNull
        public final UElement getTrackedNode() {
            return this.trackedNode;
        }

        @NotNull
        public final JavaContext getContext() {
            return this.context;
        }

        @NotNull
        public final JavaEvaluator getEvaluator() {
            return this.evaluator;
        }

        @Override // com.android.tools.lint.checks.DataFlowAnalyzer
        public void argument(@NotNull UCallExpression uCallExpression, @NotNull UElement uElement) {
            Intrinsics.checkNotNullParameter(uCallExpression, "call");
            Intrinsics.checkNotNullParameter(uElement, "reference");
            PsiMethod resolve = uCallExpression.resolve();
            if (resolve != null && Intrinsics.areEqual(uCallExpression.getMethodName(), UnsafeFilenameDetector.METHOD_GET_STRING) && this.evaluator.methodMatches(resolve, "android.database.Cursor", true, new String[]{"int"})) {
                UMethod parentOfType$default = UastUtils.getParentOfType$default((UElement) uCallExpression, UMethod.class, false, 2, (Object) null);
                if (parentOfType$default != null) {
                    parentOfType$default.accept(new FilenameDataFlowAnalyzer((UElement) uCallExpression, this.evaluator, this.context));
                }
            }
        }
    }

    /* compiled from: UnsafeFilenameDetector.kt */
    @Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��2\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\u000b\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0002\u0018��2\u00020\u0001B\u001f\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0004\b\b\u0010\tJ\u0010\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u0015H\u0016J\u0018\u0010\u0016\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0017\u001a\u00020\u0003H\u0016R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\n\u0010\u000bR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\f\u0010\rR\u0011\u0010\u0006\u001a\u00020\u0007¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u000fR\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u000e¢\u0006\u0002\n��¨\u0006\u0018"}, d2 = {"Lcom/android/tools/lint/checks/UnsafeFilenameDetector$FilenameDataFlowAnalyzer;", "Lcom/android/tools/lint/checks/DataFlowAnalyzer;", "trackedFilename", "Lorg/jetbrains/uast/UElement;", "evaluator", "Lcom/android/tools/lint/client/api/JavaEvaluator;", "context", "Lcom/android/tools/lint/detector/api/JavaContext;", "<init>", "(Lorg/jetbrains/uast/UElement;Lcom/android/tools/lint/client/api/JavaEvaluator;Lcom/android/tools/lint/detector/api/JavaContext;)V", "getTrackedFilename", "()Lorg/jetbrains/uast/UElement;", "getEvaluator", "()Lcom/android/tools/lint/client/api/JavaEvaluator;", "getContext", "()Lcom/android/tools/lint/detector/api/JavaContext;", "isPotentiallySanitized", TargetSdkCheckResult.NoIssue.message, "receiver", TargetSdkCheckResult.NoIssue.message, "call", "Lorg/jetbrains/uast/UCallExpression;", "argument", "reference", "lint-checks"})
    /* loaded from: input_file:com/android/tools/lint/checks/UnsafeFilenameDetector$FilenameDataFlowAnalyzer.class */
    private static final class FilenameDataFlowAnalyzer extends DataFlowAnalyzer {

        @NotNull
        private final UElement trackedFilename;

        @NotNull
        private final JavaEvaluator evaluator;

        @NotNull
        private final JavaContext context;
        private boolean isPotentiallySanitized;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        public FilenameDataFlowAnalyzer(@NotNull UElement uElement, @NotNull JavaEvaluator javaEvaluator, @NotNull JavaContext javaContext) {
            super(SetsKt.setOf(uElement), null, 2, null);
            Intrinsics.checkNotNullParameter(uElement, "trackedFilename");
            Intrinsics.checkNotNullParameter(javaEvaluator, "evaluator");
            Intrinsics.checkNotNullParameter(javaContext, "context");
            this.trackedFilename = uElement;
            this.evaluator = javaEvaluator;
            this.context = javaContext;
        }

        @NotNull
        public final UElement getTrackedFilename() {
            return this.trackedFilename;
        }

        @NotNull
        public final JavaEvaluator getEvaluator() {
            return this.evaluator;
        }

        @NotNull
        public final JavaContext getContext() {
            return this.context;
        }

        @Override // com.android.tools.lint.checks.DataFlowAnalyzer
        public void receiver(@NotNull UCallExpression uCallExpression) {
            Intrinsics.checkNotNullParameter(uCallExpression, "call");
            this.isPotentiallySanitized = true;
        }

        @Override // com.android.tools.lint.checks.DataFlowAnalyzer
        public void argument(@NotNull UCallExpression uCallExpression, @NotNull UElement uElement) {
            Intrinsics.checkNotNullParameter(uCallExpression, "call");
            Intrinsics.checkNotNullParameter(uElement, "reference");
            PsiMethod resolve = uCallExpression.resolve();
            if (resolve == null || !resolve.isConstructor() || !JavaEvaluator.extendsClass$default(this.evaluator, resolve.getContainingClass(), UnsafeFilenameDetector.CLASS_FILE, false, 4, (Object) null) || this.isPotentiallySanitized) {
                this.isPotentiallySanitized = true;
                return;
            }
            JavaContext javaContext = this.context;
            Issue issue = UnsafeFilenameDetector.ISSUE;
            Location location = this.context.getLocation(uElement);
            PsiElement sourcePsi = uElement.getSourcePsi();
            JavaContext.report$default(javaContext, issue, uElement, location, StringsKt.trimMargin$default("\n              Using `" + (sourcePsi != null ? sourcePsi.getText() : null) + "` is unsafe as it is a filename obtained directly \\\n              from a `ContentProvider`. You should sanitize it before using it for creating a \\\n              `File`.\n          ", (String) null, 1, (Object) null), (LintFix) null, 16, (Object) null);
        }
    }

    @NotNull
    public List<String> getApplicableMethodNames() {
        return CollectionsKt.listOf(new String[]{METHOD_GET_COLUMN_INDEX, METHOD_GET_COLUMN_INDEX_OR_THROW});
    }

    public void visitMethodCall(@NotNull JavaContext javaContext, @NotNull UCallExpression uCallExpression, @NotNull PsiMethod psiMethod) {
        Intrinsics.checkNotNullParameter(javaContext, "context");
        Intrinsics.checkNotNullParameter(uCallExpression, "node");
        Intrinsics.checkNotNullParameter(psiMethod, CallSuperDetector.KEY_METHOD);
        UMethod parentOfType$default = UastUtils.getParentOfType$default((UElement) uCallExpression, UMethod.class, false, 2, (Object) null);
        if (parentOfType$default == null) {
            return;
        }
        JavaEvaluator evaluator = javaContext.getEvaluator();
        if (evaluator.methodMatches(psiMethod, "android.database.Cursor", true, new String[]{"java.lang.String"}) && isFirstArgDisplayName(uCallExpression, javaContext)) {
            parentOfType$default.accept(new DisplayNameDataFlowAnalyzer((UElement) uCallExpression, javaContext, evaluator));
        }
    }

    private final boolean isFirstArgDisplayName(UCallExpression uCallExpression, JavaContext javaContext) {
        UElement uElement = (UExpression) CollectionsKt.firstOrNull(uCallExpression.getValueArguments());
        if (uElement == null) {
            return false;
        }
        Object evaluate = ConstantEvaluator.evaluate(javaContext, uElement);
        return (evaluate instanceof String) && Intrinsics.areEqual(evaluate, LITERAL_DISPLAY_NAME);
    }
}
