package de.mirkosertic.mavensonarsputnik.processor.owasp;

import de.mirkosertic.mavensonarsputnik.MavenEnvironment;
import de.mirkosertic.mavensonarsputnik.processor.DefaultConfigurationOption;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Properties;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringUtils;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.project.MavenProject;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.codehaus.plexus.util.xml.Xpp3DomBuilder;
import org.codehaus.plexus.util.xml.pull.XmlPullParserException;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.twdata.maven.mojoexecutor.MojoExecutor;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import pl.touk.sputnik.configuration.Configuration;
import pl.touk.sputnik.configuration.ConfigurationOption;
import pl.touk.sputnik.review.Review;
import pl.touk.sputnik.review.ReviewException;
import pl.touk.sputnik.review.ReviewFile;
import pl.touk.sputnik.review.ReviewProcessor;
import pl.touk.sputnik.review.ReviewResult;
import pl.touk.sputnik.review.Severity;
import pl.touk.sputnik.review.Violation;

/* loaded from: input_file:de/mirkosertic/mavensonarsputnik/processor/owasp/OWASPDependencyCheckProcessor.class */
public class OWASPDependencyCheckProcessor implements ReviewProcessor {
    private static final Logger log = LoggerFactory.getLogger(OWASPDependencyCheckProcessor.class);
    public static final ConfigurationOption OWASPDEPENDENCYCHECK_ENABLED = new DefaultConfigurationOption("owaspdependencycheck.enabled", "OWASP Dependency Check enabled", "true");
    public static final ConfigurationOption OWASPDEPENDENCYCHECK_CONFIGURATION = new DefaultConfigurationOption("owaspdependencycheck.configurationFile", "OWASP Dependency check configuration file", "");
    private final Properties properties = new Properties();
    private final Severity severity;
    private final boolean report;
    private final boolean reportTransitive;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/mirkosertic/mavensonarsputnik/processor/owasp/OWASPDependencyCheckProcessor$MavenIdentifier.class */
    public static class MavenIdentifier {
        private final String groupId;
        private final String artifactId;
        private final String version;

        public MavenIdentifier(String str) {
            String substring = str.substring(1, str.length() - 1);
            int indexOf = substring.indexOf(":");
            this.groupId = substring.substring(0, indexOf);
            String substring2 = substring.substring(indexOf + 1);
            int indexOf2 = substring2.indexOf(":");
            this.artifactId = substring2.substring(0, indexOf2);
            this.version = substring2.substring(indexOf2 + 1);
        }

        public String getGroupId() {
            return this.groupId;
        }

        public String getArtifactId() {
            return this.artifactId;
        }

        public String getVersion() {
            return this.version;
        }
    }

    public OWASPDependencyCheckProcessor(Configuration configuration) {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream("/default-owaspdependencycheck.properties");
            Throwable th = null;
            try {
                try {
                    this.properties.load(resourceAsStream);
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    String property = configuration.getProperty(OWASPDEPENDENCYCHECK_CONFIGURATION);
                    if (!StringUtils.isEmpty(property)) {
                        try {
                            FileInputStream fileInputStream = new FileInputStream(property);
                            Throwable th3 = null;
                            try {
                                try {
                                    this.properties.load(fileInputStream);
                                    if (fileInputStream != null) {
                                        if (0 != 0) {
                                            try {
                                                fileInputStream.close();
                                            } catch (Throwable th4) {
                                                th3.addSuppressed(th4);
                                            }
                                        } else {
                                            fileInputStream.close();
                                        }
                                    }
                                } finally {
                                }
                            } finally {
                            }
                        } catch (Exception e) {
                            throw new RuntimeException("Error initializing OWASP Dependency Check", e);
                        }
                    }
                    this.severity = Severity.valueOf(this.properties.getProperty("owaspdependencycheck.severity"));
                    this.report = Boolean.parseBoolean(this.properties.getProperty("owaspdependencycheck.report"));
                    this.reportTransitive = Boolean.parseBoolean(this.properties.getProperty("owaspdependencycheck.reporttransitive"));
                } finally {
                }
            } finally {
            }
        } catch (Exception e2) {
            throw new RuntimeException("Error initializing OWASPDependencyCheck", e2);
        }
    }

    @NotNull
    public String getName() {
        return "OWASP Dependency Check";
    }

    @Nullable
    public ReviewResult process(@NotNull Review review) {
        ReviewResult reviewResult = new ReviewResult();
        for (ReviewFile reviewFile : review.getFiles()) {
            File ioFile = reviewFile.getIoFile();
            if (ioFile != null && ioFile.exists() && ioFile.isFile() && ioFile.getName().equals("pom.xml")) {
                try {
                    processChangedMavenModule(reviewFile, ioFile.getAbsoluteFile(), review, reviewResult);
                } catch (Exception e) {
                    throw new ReviewException("Error invoking OWASP Dependency Checker for " + ioFile);
                }
            } else {
                log.debug("Ignoring {}", ioFile);
            }
        }
        return reviewResult;
    }

    public static Xpp3Dom plainTextConfigurationFrom(String str) throws IOException, XmlPullParserException {
        return Xpp3DomBuilder.build(new StringReader(str));
    }

    private void processChangedMavenModule(ReviewFile reviewFile, File file, Review review, ReviewResult reviewResult) throws IOException, XmlPullParserException, MojoExecutionException, ParserConfigurationException, SAXException {
        log.info("Processing changed maven module {}", file);
        MavenEnvironment mavenEnvironment = MavenEnvironment.get();
        MavenProject mavenProject = null;
        for (MavenProject mavenProject2 : mavenEnvironment.getMavenSession().getAllProjects()) {
            if (mavenProject2.getFile() != null && mavenProject2.getFile().equals(file)) {
                mavenProject = mavenProject2;
            }
        }
        if (mavenProject == null) {
            throw new IllegalStateException("Cannot find Maven project for " + file);
        }
        File file2 = new File(new File(file.getParent(), "target"), "owasp-dependency-check");
        log.info("Writing reports to {}", file2);
        file2.mkdirs();
        MavenProject currentProject = mavenEnvironment.getMavenSession().getCurrentProject();
        try {
            mavenEnvironment.getMavenSession().setCurrentProject(mavenProject);
            MojoExecutor.executeMojo(MojoExecutor.plugin(MojoExecutor.groupId("org.owasp"), MojoExecutor.artifactId("dependency-check-maven"), MojoExecutor.version(this.properties.getProperty("owaspdependencycheck.pluginversion"))), MojoExecutor.goal("check"), plainTextConfigurationFrom("<configuration><autoUpdate>true</autoUpdate><format>ALL</format><outputDirectory>" + file2 + "</outputDirectory></configuration>"), MojoExecutor.executionEnvironment(mavenProject, mavenEnvironment.getMavenSession(), mavenEnvironment.getBuildPluginManager()));
            mavenEnvironment.getMavenSession().setCurrentProject(currentProject);
            if (this.report) {
                NodeList elementsByTagName = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(file2, "dependency-check-report.xml")).getElementsByTagName("dependency");
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    Element element = (Element) elementsByTagName.item(i);
                    NodeList elementsByTagName2 = element.getElementsByTagName("identifier");
                    NodeList elementsByTagName3 = element.getElementsByTagName("vulnerability");
                    if (elementsByTagName3 != null && elementsByTagName3.getLength() > 0 && elementsByTagName2.getLength() > 0) {
                        for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                            Element element2 = (Element) elementsByTagName2.item(i2);
                            if ("maven".equals(element2.getAttribute("type"))) {
                                NodeList elementsByTagName4 = element2.getElementsByTagName("name");
                                for (int i3 = 0; i3 < elementsByTagName4.getLength(); i3++) {
                                    processSingleDependency(file, elementsByTagName3, reviewResult, reviewFile, new MavenIdentifier(((Element) elementsByTagName4.item(i3)).getTextContent()));
                                }
                            }
                        }
                    }
                }
            }
        } catch (Throwable th) {
            mavenEnvironment.getMavenSession().setCurrentProject(currentProject);
            throw th;
        }
    }

    private String getElementContent(Element element, String str) {
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (str.equals(item.getNodeName())) {
                return item.getTextContent();
            }
        }
        return "";
    }

    private void processSingleDependency(File file, NodeList nodeList, ReviewResult reviewResult, ReviewFile reviewFile, MavenIdentifier mavenIdentifier) throws IOException {
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        Throwable th = null;
        while (bufferedReader.ready()) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine != null) {
                        arrayList.add(readLine);
                    }
                } finally {
                }
            } catch (Throwable th2) {
                if (bufferedReader != null) {
                    if (th != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th2;
            }
        }
        if (bufferedReader != null) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                bufferedReader.close();
            }
        }
        for (int i = 0; i < nodeList.getLength(); i++) {
            Element element = (Element) nodeList.item(i);
            String elementContent = getElementContent(element, "description");
            String elementContent2 = getElementContent(element, "cwe");
            String elementContent3 = getElementContent(element, "severity");
            getElementContent(element, "name");
            StringBuilder sb = new StringBuilder(elementContent3);
            sb.append(" Severity");
            sb.append("\n\n");
            if (elementContent2.length() > 0) {
                sb.append(elementContent2);
                sb.append(" : ");
            }
            sb.append(elementContent);
            sb.append("\n\n");
            NodeList elementsByTagName = element.getElementsByTagName("reference");
            for (int i2 = 0; i2 < elementsByTagName.getLength(); i2++) {
                Element element2 = (Element) elementsByTagName.item(i2);
                String elementContent4 = getElementContent(element2, "source");
                String elementContent5 = getElementContent(element2, "url");
                getElementContent(element2, "name");
                sb.append("*");
                sb.append(" ");
                sb.append(elementContent4);
                sb.append(" ");
                sb.append(elementContent5);
                sb.append("\n");
            }
            String sb2 = sb.toString();
            boolean z = false;
            for (int i3 = 0; i3 < arrayList.size(); i3++) {
                if (((String) arrayList.get(i3)).contains("<artifactId>" + mavenIdentifier.getArtifactId() + "</artifactId")) {
                    boolean z2 = i3 > 0 ? 0 != 0 || ((String) arrayList.get(i3 - 1)).contains(new StringBuilder().append("<groupId>").append(mavenIdentifier.getGroupId()).append("</groupId").toString()) : false;
                    if (i3 < arrayList.size() - 1) {
                        z2 = z2 || ((String) arrayList.get(i3 + 1)).contains(new StringBuilder().append("<groupId>").append(mavenIdentifier.getGroupId()).append("</groupId").toString());
                    }
                    if (z2) {
                        reviewResult.add(new Violation(reviewFile.getReviewFilename(), i3 + 1, sb2, this.severity));
                        z = true;
                    }
                }
            }
            if (!z && this.reportTransitive) {
                reviewResult.add(new Violation(reviewFile.getReviewFilename(), 1, "Transitive Dependency Warning\n\n" + sb2, this.severity));
            }
        }
    }
}
