package com.mebigfatguy.fbcontrib.detect;

import com.mebigfatguy.fbcontrib.utils.BugType;
import com.mebigfatguy.fbcontrib.utils.SignatureUtils;
import com.mebigfatguy.fbcontrib.utils.Values;
import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.BytecodeScanningDetector;
import edu.umd.cs.findbugs.OpcodeStack;
import edu.umd.cs.findbugs.ba.ClassContext;
import org.apache.bcel.classfile.Field;
import org.apache.bcel.classfile.JavaClass;
import org.apache.bcel.classfile.Method;

/* loaded from: input_file:target/fb-contrib-7.0.4.sb.jar:com/mebigfatguy/fbcontrib/detect/PossibleUnsuspectedSerialization.class */
public class PossibleUnsuspectedSerialization extends BytecodeScanningDetector {
    private final BugReporter bugReporter;
    private OpcodeStack stack;

    public PossibleUnsuspectedSerialization(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    public void visitClassContext(ClassContext classContext) {
        try {
            this.stack = new OpcodeStack();
            super.visitClassContext(classContext);
        } finally {
            this.stack = null;
        }
    }

    public void visitMethod(Method method) {
        this.stack.resetForMethodEntry(this);
        super.visitMethod(method);
    }

    public void sawOpcode(int i) {
        JavaClass javaClass;
        try {
            try {
                this.stack.precomputation(this);
                if (i == 182 && "java/io/ObjectOutputStream".equals(getClassConstantOperand()) && "writeObject".equals(getNameConstantOperand()) && this.stack.getStackDepth() > 0 && (javaClass = this.stack.getStackItem(0).getJavaClass()) != null && javaClass.getClassName().contains("$") && hasOuterClassSyntheticReference(javaClass)) {
                    this.bugReporter.reportBug(new BugInstance(this, BugType.PUS_POSSIBLE_UNSUSPECTED_SERIALIZATION.name(), 2).addClass(this).addMethod(this).addSourceLine(this));
                }
                this.stack.sawOpcode(this, i);
            } catch (ClassNotFoundException e) {
                this.bugReporter.reportMissingClass(e);
                this.stack.sawOpcode(this, i);
            }
        } catch (Throwable th) {
            this.stack.sawOpcode(this, i);
            throw th;
        }
    }

    private static boolean hasOuterClassSyntheticReference(JavaClass javaClass) {
        for (Field field : javaClass.getFields()) {
            if (field.isSynthetic()) {
                String signature = field.getSignature();
                if (signature.startsWith(Values.SIG_QUALIFIED_CLASS_PREFIX)) {
                    if (javaClass.getClassName().startsWith(SignatureUtils.trimSignature(signature))) {
                        return true;
                    }
                } else {
                    continue;
                }
            }
        }
        return false;
    }
}
