package com.palantir.baseline.errorprone;

import com.google.auto.service.AutoService;
import com.google.errorprone.BugPattern;
import com.google.errorprone.VisitorState;
import com.google.errorprone.bugpatterns.BugChecker;
import com.google.errorprone.matchers.AnnotationHasArgumentWithValue;
import com.google.errorprone.matchers.Description;
import com.google.errorprone.matchers.Matcher;
import com.google.errorprone.matchers.Matchers;
import com.google.errorprone.matchers.method.MethodMatchers;
import com.google.errorprone.util.ASTHelpers;
import com.sun.source.tree.AnnotationTree;
import com.sun.source.tree.ExpressionTree;
import com.sun.source.tree.MethodInvocationTree;
import com.sun.tools.javac.code.Symbol;
import java.lang.invoke.SerializedLambda;

@BugPattern(name = "DangerousJsonTypeInfoUsage", link = "https://github.com/palantir/gradle-baseline#baseline-error-prone-checks", linkType = BugPattern.LinkType.CUSTOM, severity = BugPattern.SeverityLevel.ERROR, summary = "Disallow usage of Jackson's Type Information features for security reasons, cf. https://github.com/FasterXML/jackson-databind/issues/1599")
@AutoService({BugChecker.class})
/* loaded from: input_file:com/palantir/baseline/errorprone/DangerousJsonTypeInfoUsage.class */
public final class DangerousJsonTypeInfoUsage extends BugChecker implements BugChecker.AnnotationTreeMatcher, BugChecker.MethodInvocationTreeMatcher {
    private static final long serialVersionUID = 1;
    private static final Matcher<AnnotationTree> annotationMatcher = new AnnotationHasArgumentWithValue("use", Matchers.allOf(new Matcher[]{Matchers.isSameType("com.fasterxml.jackson.annotation.JsonTypeInfo$Id"), Matchers.anyOf(new Matcher[]{symbolNamed("CLASS"), symbolNamed("MINIMAL_CLASS")})}));
    private static final Matcher<ExpressionTree> objectMapperTypeInfoMatcher = MethodMatchers.instanceMethod().onDescendantOf("com.fasterxml.jackson.databind.ObjectMapper").namedAnyOf(new String[]{"enableDefaultTyping", "enableDefaultTypingAsProperty", "activateDefaultTyping", "activateDefaultTypingAsProperty", "setDefaultTyping"});

    private static Matcher<ExpressionTree> symbolNamed(String str) {
        return (expressionTree, visitorState) -> {
            Symbol symbol = ASTHelpers.getSymbol(expressionTree);
            return symbol != null && symbol.name.contentEquals(str);
        };
    }

    public Description matchAnnotation(AnnotationTree annotationTree, VisitorState visitorState) {
        return !annotationMatcher.matches(annotationTree, visitorState) ? Description.NO_MATCH : buildDescription(annotationTree).setMessage("Must not use Jackson @JsonTypeInfo annotation with JsonTypeInfo.Id.CLASS or JsonTypeInfo.Id.MINIMAL_CLASS").build();
    }

    public Description matchMethodInvocation(MethodInvocationTree methodInvocationTree, VisitorState visitorState) {
        return !objectMapperTypeInfoMatcher.matches(methodInvocationTree, visitorState) ? Description.NO_MATCH : buildDescription(methodInvocationTree).setMessage("Must not use a Jackson ObjectMapper with default typings because it may allow remote code execution upon deserialization. Additionally, using java types in API makes usage more difficult for consumers using other languages.").build();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 170510469:
                if (implMethodName.equals("lambda$symbolNamed$f49cabba$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("com/google/errorprone/matchers/Matcher") && serializedLambda.getFunctionalInterfaceMethodName().equals("matches") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lcom/sun/source/tree/Tree;Lcom/google/errorprone/VisitorState;)Z") && serializedLambda.getImplClass().equals("com/palantir/baseline/errorprone/DangerousJsonTypeInfoUsage") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lcom/sun/source/tree/ExpressionTree;Lcom/google/errorprone/VisitorState;)Z")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return (expressionTree, visitorState) -> {
                        Symbol symbol = ASTHelpers.getSymbol(expressionTree);
                        return symbol != null && symbol.name.contentEquals(str);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
