package com.datical.liquibase.ext.checks.dynamic;

import com.datical.liquibase.ext.checks.config.DynamicRuleParameterEnum;
import com.datical.liquibase.ext.checks.config.cli.RuleParameter;
import com.datical.liquibase.ext.checks.config.model.DynamicRule;
import com.datical.liquibase.ext.checks.config.model.DynamicRuleParameter;
import com.datical.liquibase.ext.checks.config.model.MatcherContext;
import com.datical.liquibase.ext.rules.api.ScopeEnum;
import com.datical.liquibase.ext.rules.core.AbstractLiquibaseDynamicForecastRule;
import com.datical.liquibase.ext.rules.core.AbstractLiquibaseRule;
import com.datical.liquibase.ext.rules.core.RuleIteration;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import liquibase.change.AbstractSQLChange;
import liquibase.change.Change;
import liquibase.changelog.ChangeSet;
import liquibase.database.Database;
import liquibase.structure.DatabaseObject;
import liquibase.util.StringUtil;

/* loaded from: input_file:com/datical/liquibase/ext/checks/dynamic/SqlNotAllowedToGrantOfSpecificPrivileges.class */
public class SqlNotAllowedToGrantOfSpecificPrivileges extends AbstractLiquibaseDynamicForecastRule {
    private static final Pattern GRANT_PATTERN = Pattern.compile("grant\\s+(.*?)\\s+(?:on .* )?to\\s+", 32);

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseRule, com.datical.liquibase.ext.rules.api.Rule
    public String getName() {
        return "Warn on Grant of Specific Privileges";
    }

    @Override // com.datical.liquibase.ext.rules.api.Rule
    public List<ScopeEnum> getScope() {
        return Collections.singletonList(ScopeEnum.CHANGELOG);
    }

    @Override // com.datical.liquibase.ext.rules.api.LiquibaseRule
    public List<String> getTags() {
        return Collections.emptyList();
    }

    @Override // com.datical.liquibase.ext.rules.api.LiquibaseRule
    public String getMinLiquibaseVersion() {
        return null;
    }

    @Override // com.datical.liquibase.ext.rules.api.LiquibaseRule
    public String getMaxLiquibaseVersion() {
        return null;
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseRule
    public String getShortName() {
        return "SqlGrantSpecificPrivsWarn";
    }

    private boolean doExecute(List<Change> list, ChangeSet changeSet, DynamicRule dynamicRule, boolean z) {
        DynamicRuleParameter parameter = dynamicRule.getParameter(DynamicRuleParameterEnum.PRIVILEGE_LIST);
        DynamicRuleParameter parameter2 = dynamicRule.getParameter(DynamicRuleParameterEnum.STRIP_COMMENTS);
        Objects.requireNonNull(parameter);
        boolean booleanValue = parameter2 != null ? ((Boolean) parameter2.getValue()).booleanValue() : false;
        boolean z2 = false;
        String[] split = ((String) parameter.getValue()).split(",");
        for (Change change : list) {
            if (change instanceof AbstractSQLChange) {
                z2 = true;
                ArrayList arrayList = new ArrayList();
                MatcherContext matcherContext = new MatcherContext();
                for (String str : split) {
                    matcherContext = doCheck((AbstractSQLChange) change, str, booleanValue);
                    if (matcherContext.matchResult) {
                        arrayList.add("'" + str + "'");
                    }
                }
                if (!arrayList.isEmpty()) {
                    matcherContext.matchResult = true;
                    addFailureRuleIteration(changeSet, change, getFailureMessage(" contains ", arrayList, changeSet), dynamicRule, z, matcherContext);
                }
            }
        }
        if (!z2) {
            addNonApplicableRuleIteration(changeSet, String.format("Changeset '%s' not applicable for rule '%s'", changeSet.toString(), dynamicRule.getShortName()), RuleIteration.FailureReason.OBJECT_TYPE_NOT_APPLICABLE, dynamicRule);
        }
        return returnAtEndOfRule(changeSet, dynamicRule, z);
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseDynamicRule
    public boolean internalEvaluate(ChangeSet changeSet, DynamicRule dynamicRule) {
        return doExecute(changeSet.getChanges(), changeSet, dynamicRule, false);
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseDynamicRule
    public boolean internalRollbackEvaluate(ChangeSet changeSet, List<Change> list, Database database, DynamicRule dynamicRule) {
        return doExecute(list, changeSet, dynamicRule, true);
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseDynamicRule
    public boolean internalEvaluate(DatabaseObject databaseObject, DynamicRule dynamicRule) {
        throw new UnsupportedOperationException();
    }

    private MatcherContext doCheck(AbstractSQLChange abstractSQLChange, String str, boolean z) {
        String group;
        MatcherContext matcherContext = new MatcherContext();
        String lowerCase = getSql(abstractSQLChange).toLowerCase();
        if (z) {
            lowerCase = StringUtil.stripComments(lowerCase);
        }
        Matcher matcher = GRANT_PATTERN.matcher(lowerCase);
        boolean find = matcher.find();
        matcherContext.matchResult = find;
        if (find && (group = matcher.group(1)) != null) {
            matcherContext.matchResult = !((List) Arrays.stream(group.split(",")).filter(str2 -> {
                return str2.trim().toLowerCase().equals(str.toLowerCase().trim().replace("\"", JsonProperty.USE_DEFAULT_NAME));
            }).collect(Collectors.toList())).isEmpty();
            if (matcherContext.matchResult) {
                matcherContext.start = matcher.start();
                matcherContext.end = matcher.end();
                matcherContext.sqlText = lowerCase;
            }
        }
        return matcherContext;
    }

    private String getFailureMessage(String str, List<String> list, ChangeSet changeSet) {
        return "Changeset " + changeSet.getId() + str + StringUtil.join(list, ",");
    }

    @Override // com.datical.liquibase.ext.rules.api.Rule
    public String getDescription() {
        return "This check warns a user when changeset includes or generates sql that grants specific privileges to a user or role";
    }

    @Override // com.datical.liquibase.ext.rules.api.Rule
    public int getPriority() {
        return 90;
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseRule
    public List<RuleParameter<?>> getParameters() {
        return Arrays.asList(new RuleParameter(DynamicRuleParameterEnum.PRIVILEGE_LIST), new RuleParameter(DynamicRuleParameterEnum.STRIP_COMMENTS, null, null, null, false, true));
    }

    @Override // com.datical.liquibase.ext.rules.core.AbstractLiquibaseRule, com.datical.liquibase.ext.rules.api.LiquibaseRule
    public List<String> getSupportedChangesetFormats() {
        return AbstractLiquibaseRule.SupportedChangesetFormats.UNMODELED;
    }
}
