package hirondelle.web4j;

import hirondelle.web4j.model.ConvertParam;
import hirondelle.web4j.model.ModelCtorException;
import hirondelle.web4j.readconfig.ConfigReader;
import hirondelle.web4j.util.Util;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Arrays;
import java.util.logging.Logger;

/* loaded from: input_file:resources/lib/web4j.jar:hirondelle/web4j/CheckModelObjects.class */
final class CheckModelObjects {
    private final ConvertParam fConvertParam = BuildImpl.forConvertParam();
    private static final Logger fLogger = Util.getLogger(CheckModelObjects.class);
    private int fCountXSS;
    private int fCountUnsupportedCtorArg;

    /* JADX INFO: Access modifiers changed from: package-private */
    public void performChecks() {
        fLogger.config("Performing checks on Model Objects for Cross-Site Scripting vulnerabilities and unsupported constructor arguments.");
        for (Class cls : ConfigReader.fetchConcreteClasses()) {
            if (isPublicModelObject(cls)) {
                scanForMethodsReturningString(cls);
                scanForUnsupportedCtorArgs(cls);
            }
        }
        logResults();
    }

    private boolean isPublicModelObject(Class cls) {
        boolean z = false;
        if (isPublic(cls)) {
            Constructor<?>[] declaredConstructors = cls.getDeclaredConstructors();
            int length = declaredConstructors.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (Arrays.asList(declaredConstructors[i].getExceptionTypes()).contains(ModelCtorException.class)) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }

    private boolean isPublic(Class cls) {
        return Modifier.isPublic(cls.getModifiers());
    }

    private boolean isPublic(Method method) {
        return Modifier.isPublic(method.getModifiers());
    }

    private void scanForMethodsReturningString(Class cls) {
        for (Method method : cls.getDeclaredMethods()) {
            if (isVulnerableMethod(method)) {
                fLogger.warning("Public Model Object named " + cls.getName() + " has a public method named " + Util.quote(method.getName()) + " that returns a String. Should it return SafeText instead? Possible vulnerability to Cross-Site Scripting attack.");
                this.fCountXSS++;
            }
        }
    }

    private boolean isVulnerableMethod(Method method) {
        return isPublic(method) && method.getName().startsWith("get") && method.getReturnType().equals(String.class);
    }

    private void scanForUnsupportedCtorArgs(Class cls) {
        for (Constructor<?> constructor : cls.getDeclaredConstructors()) {
            for (Class<?> cls2 : Arrays.asList(constructor.getParameterTypes())) {
                if (!this.fConvertParam.isSupported(cls2)) {
                    fLogger.warning("Model Object: " + cls + ". Constructor has argument not supported by ConvertParam: " + cls2);
                    this.fCountUnsupportedCtorArg++;
                }
            }
        }
    }

    private void logResults() {
        if (this.fCountXSS == 0) {
            fLogger.config("** SUCCESS *** : Scanned Model Objects for Cross-Site Scripting vulnerabilities. Found 0 incidents.");
        } else {
            fLogger.warning("Scanned Model Objects for Cross-Site Scripting vulnerabilities. Found " + this.fCountXSS + " incident(s).");
        }
        if (this.fCountUnsupportedCtorArg == 0) {
            fLogger.config("** SUCCESS *** : Scanned Model Objects for unsupported constructor arguments. Found 0 incidents.");
        } else {
            fLogger.warning("Scanned Model Objects for unsupported constructor arguments. Found " + this.fCountUnsupportedCtorArg + " incident(s).");
        }
    }
}
