package edu.umd.cs.findbugs.detect;

import edu.umd.cs.findbugs.BugInstance;
import edu.umd.cs.findbugs.BugReporter;
import edu.umd.cs.findbugs.DeepSubtypeAnalysis;
import edu.umd.cs.findbugs.Detector;
import edu.umd.cs.findbugs.SourceLineAnnotation;
import edu.umd.cs.findbugs.TypeAnnotation;
import edu.umd.cs.findbugs.ba.CFG;
import edu.umd.cs.findbugs.ba.CFGBuilderException;
import edu.umd.cs.findbugs.ba.ClassContext;
import edu.umd.cs.findbugs.ba.DataflowAnalysisException;
import edu.umd.cs.findbugs.ba.Location;
import edu.umd.cs.findbugs.ba.type.NullType;
import edu.umd.cs.findbugs.ba.type.TopType;
import edu.umd.cs.findbugs.ba.type.TypeDataflow;
import edu.umd.cs.findbugs.ba.type.TypeFrame;
import java.util.BitSet;
import java.util.Iterator;
import org.apache.bcel.classfile.Method;
import org.apache.bcel.generic.ConstantPoolGen;
import org.apache.bcel.generic.Instruction;
import org.apache.bcel.generic.InstructionHandle;
import org.apache.bcel.generic.InvokeInstruction;
import org.apache.bcel.generic.MethodGen;
import org.apache.bcel.generic.ReferenceType;
import org.apache.bcel.generic.Type;

/* loaded from: input_file:lib/spotbugs-4.7.0.jar:edu/umd/cs/findbugs/detect/FindNonSerializableValuePassedToWriteObject.class */
public class FindNonSerializableValuePassedToWriteObject implements Detector {
    private final BugReporter bugReporter;
    private static final boolean DEBUG = false;

    public FindNonSerializableValuePassedToWriteObject(BugReporter bugReporter) {
        this.bugReporter = bugReporter;
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void visitClassContext(ClassContext classContext) {
        for (Method method : classContext.getJavaClass().getMethods()) {
            if (method.getCode() != null) {
                try {
                    analyzeMethod(classContext, method);
                } catch (CFGBuilderException e) {
                    this.bugReporter.logError("Detector " + getClass().getName() + " caught exception", e);
                } catch (DataflowAnalysisException e2) {
                }
            }
        }
    }

    private void analyzeMethod(ClassContext classContext, Method method) throws CFGBuilderException, DataflowAnalysisException {
        BitSet bytecodeSet;
        MethodGen methodGen = classContext.getMethodGen(method);
        if (methodGen == null || (bytecodeSet = classContext.getBytecodeSet(method)) == null || bytecodeSet.get(193) || bytecodeSet.get(192)) {
            return;
        }
        CFG cfg = classContext.getCFG(method);
        TypeDataflow typeDataflow = classContext.getTypeDataflow(method);
        ConstantPoolGen constantPoolGen = classContext.getConstantPoolGen();
        String sourceFileName = classContext.getJavaClass().getSourceFileName();
        Iterator<Location> locationIterator = cfg.locationIterator();
        while (locationIterator.hasNext()) {
            Location next = locationIterator.next();
            InstructionHandle handle = next.getHandle();
            Instruction instruction = handle.getInstruction();
            if (instruction instanceof InvokeInstruction) {
                InvokeInstruction invokeInstruction = (InvokeInstruction) instruction;
                if ("writeObject".equals(invokeInstruction.getMethodName(constantPoolGen))) {
                    String className = invokeInstruction.getClassName(constantPoolGen);
                    if ("java.io.ObjectOutput".equals(className) || "java.io.ObjectOutputStream".equals(className)) {
                        TypeFrame factAtLocation = typeDataflow.getFactAtLocation(next);
                        if (factAtLocation.isValid()) {
                            Type topValue = factAtLocation.getTopValue();
                            if (!topValue.equals(TopType.instance()) && (topValue instanceof ReferenceType)) {
                                ReferenceType referenceType = (ReferenceType) topValue;
                                if (!referenceType.equals(NullType.instance())) {
                                    try {
                                        double isDeepSerializable = DeepSubtypeAnalysis.isDeepSerializable(referenceType);
                                        if (isDeepSerializable < 0.9d) {
                                            ReferenceType leastSerializableTypeComponent = DeepSubtypeAnalysis.getLeastSerializableTypeComponent(referenceType);
                                            double isDeepRemote = DeepSubtypeAnalysis.isDeepRemote(referenceType);
                                            if (isDeepRemote < 0.9d) {
                                                if (isDeepSerializable < isDeepRemote) {
                                                    isDeepSerializable = isDeepRemote;
                                                }
                                                this.bugReporter.reportBug(new BugInstance(this, "DMI_NONSERIALIZABLE_OBJECT_WRITTEN", isDeepSerializable < 0.15d ? 1 : isDeepSerializable > 0.5d ? 3 : 2).addClassAndMethod(methodGen, sourceFileName).addType(leastSerializableTypeComponent).describe(TypeAnnotation.FOUND_ROLE).addSourceLine(SourceLineAnnotation.fromVisitedInstruction(classContext, methodGen, sourceFileName, handle)));
                                            }
                                        }
                                    } catch (ClassNotFoundException e) {
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }

    @Override // edu.umd.cs.findbugs.Detector
    public void report() {
    }
}
