package com.palantir.baseline.errorprone;

import com.google.auto.service.AutoService;
import com.google.errorprone.BugPattern;
import com.google.errorprone.VisitorState;
import com.google.errorprone.bugpatterns.BugChecker;
import com.google.errorprone.matchers.Description;
import com.google.errorprone.matchers.Matcher;
import com.google.errorprone.matchers.method.MethodMatchers;
import com.sun.source.tree.ExpressionTree;
import com.sun.source.tree.MethodInvocationTree;

@BugPattern(name = "DangerousThrowableMessageSafeArg", link = "https://github.com/palantir/gradle-baseline#baseline-error-prone-checks", linkType = BugPattern.LinkType.CUSTOM, severity = BugPattern.SeverityLevel.ERROR, summary = "It is unsafe to create a SafeArg of Throwable.getMessage, SafeLoggable.getLogMessage may be used.")
@AutoService({BugChecker.class})
/* loaded from: input_file:com/palantir/baseline/errorprone/DangerousThrowableMessageSafeArg.class */
public final class DangerousThrowableMessageSafeArg extends BugChecker implements BugChecker.MethodInvocationTreeMatcher {
    private static final long serialVersionUID = 1;
    private static final Matcher<ExpressionTree> SAFEARG_FACTORY_METHOD = MethodMatchers.staticMethod().onClass("com.palantir.logsafe.SafeArg").named("of").withParameters(new String[]{String.class.getName(), Object.class.getName()});
    private static final Matcher<ExpressionTree> THROWABLE_MESSAGE_METHOD = MethodMatchers.instanceMethod().onDescendantOf(Throwable.class.getName()).named("getMessage");
    private static final Matcher<ExpressionTree> THROWABLE_MATCHER = MoreMatchers.isSubtypeOf((Class<?>) Throwable.class);

    public Description matchMethodInvocation(MethodInvocationTree methodInvocationTree, VisitorState visitorState) {
        if (!SAFEARG_FACTORY_METHOD.matches(methodInvocationTree, visitorState)) {
            return Description.NO_MATCH;
        }
        ExpressionTree expressionTree = (ExpressionTree) methodInvocationTree.getArguments().get(1);
        return THROWABLE_MESSAGE_METHOD.matches(expressionTree, visitorState) ? buildDescription(methodInvocationTree).setMessage("Do not use throwable messages as SafeArg values. SafeLoggable.getLogMessage is guaranteed to be safe.").build() : THROWABLE_MATCHER.matches(expressionTree, visitorState) ? buildDescription(methodInvocationTree).setMessage("Do not use throwables as SafeArg values. Throwables must be logged without an Arg wrapper as the last parameter, otherwise unsafe data may be leaked from the unsafe message or the unsafe message of a cause.").build() : Description.NO_MATCH;
    }
}
