package com.oracle.svm.hosted;

import com.oracle.svm.core.annotate.AutomaticFeature;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.FileSystems;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.CodeSource;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Optional;
import java.util.Properties;
import org.graalvm.nativeimage.hosted.Feature;

@AutomaticFeature
/* loaded from: input_file:com/oracle/svm/hosted/Log4ShellFeature.class */
public class Log4ShellFeature implements Feature {
    private static final String log4jClassName = "org.apache.logging.log4j.Logger";
    private static final String log4jVulnerableErrorMessage = "Warning: A vulnerable version of log4j has been detected. Please update to log4j version 2.17.1 or later.\nVulnerable Method(s):";
    private static final String log4jUnknownVersion = "Warning: The log4j library has been detected, but the version is unavailable. Due to Log4Shell, please ensure log4j is at version 2.17.1 or later.";
    private static final String[] targetMethodNames = {"debug", "error", "fatal", "info", "log", "trace", "warn"};

    private static void warn(String str) {
        System.err.println(str);
    }

    private static Optional<String> getPomVersion(Class<?> cls) {
        URL location;
        CodeSource codeSource = cls.getProtectionDomain().getCodeSource();
        if (codeSource != null && (location = codeSource.getLocation()) != null) {
            try {
                return Files.walk(FileSystems.newFileSystem(Paths.get(location.toURI()), (ClassLoader) null).getPath("/META-INF", new String[0]), new FileVisitOption[0]).filter(path -> {
                    return path.endsWith("pom.properties");
                }).map(path2 -> {
                    Properties properties = new Properties();
                    try {
                        InputStream newInputStream = Files.newInputStream(path2, new OpenOption[0]);
                        if (newInputStream != null) {
                            properties.load(newInputStream);
                        }
                    } catch (IOException e) {
                    }
                    return properties;
                }).filter(properties -> {
                    String property;
                    String property2 = properties.getProperty("groupId");
                    return property2 != null && (property = properties.getProperty("artifactId")) != null && property2.equals("org.apache.logging.log4j") && property.equals("log4j-core");
                }).map(properties2 -> {
                    return properties2.getProperty("version");
                }).findFirst();
            } catch (IOException | URISyntaxException e) {
                return Optional.empty();
            }
        }
        return Optional.empty();
    }

    private static boolean vulnerableLog4jOne(String[] strArr) {
        return strArr[1].equals("2");
    }

    private static boolean vulnerableLog4jTwo(String[] strArr) {
        String str = strArr[1];
        if (str.charAt(0) == '0') {
            return true;
        }
        try {
            int intValue = Integer.valueOf(str).intValue();
            if (intValue <= 16) {
                return true;
            }
            if (strArr.length == 3) {
                return intValue == 17 && Integer.valueOf(strArr[2]).intValue() == 0;
            }
            return false;
        } catch (NumberFormatException e) {
            warn(log4jUnknownVersion);
            return false;
        }
    }

    public void afterAnalysis(Feature.AfterAnalysisAccess afterAnalysisAccess) {
        try {
            Class findClassByName = afterAnalysisAccess.findClassByName(log4jClassName);
            if (findClassByName == null) {
                return;
            }
            String implementationVersion = findClassByName.getPackage().getImplementationVersion();
            if (implementationVersion == null) {
                Optional<String> pomVersion = getPomVersion(findClassByName);
                if (pomVersion.isPresent()) {
                    implementationVersion = pomVersion.get();
                }
            }
            if (implementationVersion == null) {
                warn(log4jUnknownVersion);
                return;
            }
            String[] split = implementationVersion.split("\\.");
            if (split.length < 2) {
                warn(log4jUnknownVersion);
                return;
            }
            HashSet hashSet = new HashSet();
            if ((split[0].equals("1") && vulnerableLog4jOne(split)) || (split[0].equals("2") && vulnerableLog4jTwo(split))) {
                HashSet hashSet2 = new HashSet(Arrays.asList(targetMethodNames));
                for (Method method : findClassByName.getMethods()) {
                    if (hashSet2.contains(method.getName()) && (afterAnalysisAccess.isReachable(method) || afterAnalysisAccess.reachableMethodOverrides(method).size() > 0)) {
                        hashSet.add(method.getDeclaringClass().getName() + "." + method.getName());
                    }
                }
            }
            if (hashSet.size() == 0) {
                return;
            }
            String str = log4jVulnerableErrorMessage;
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                str = str + "\n" + ((String) it.next());
            }
            warn(str);
        } catch (Throwable th) {
        }
    }
}
