package com.metaeffekt.mirror.query;

import com.metaeffekt.artifact.analysis.utils.LruLinkedHashMap;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeIdentifier;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeStore;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.contents.vulnerability.VulnerableSoftwareVersionRangeCpe;
import com.metaeffekt.mirror.index.IndexSearch;
import com.metaeffekt.mirror.index.nvd.NvdCveApiIndex;
import java.io.File;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.lucene.document.Document;
import org.apache.lucene.queryparser.flexible.standard.QueryParserUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;

/* loaded from: input_file:com/metaeffekt/mirror/query/NvdCveIndexQuery.class */
public class NvdCveIndexQuery extends VulnerabilityIndexQuery {
    private static final Logger log = LoggerFactory.getLogger(NvdCveIndexQuery.class);
    private final Map<String, Vulnerability> vulnerabilityByNameCache;
    private final Map<String, List<Vulnerability>> documentByVendorProductCache;

    public NvdCveIndexQuery(File file) {
        super(file, NvdCveApiIndex.class);
        this.vulnerabilityByNameCache = new LruLinkedHashMap(1000);
        this.documentByVendorProductCache = new LruLinkedHashMap(1000);
    }

    @Override // com.metaeffekt.mirror.query.VulnerabilityIndexQuery
    public VulnerabilityTypeIdentifier<?> getVulnerabilityType() {
        return VulnerabilityTypeStore.CVE;
    }

    private Optional<Vulnerability> findVulnerabilityByNameInternal(String str) {
        return super.getIndex().findDocuments(new IndexSearch().fieldEquals("name", str)).stream().map(this::fromDocument).findFirst();
    }

    @Override // com.metaeffekt.mirror.query.VulnerabilityIndexQuery
    public List<Vulnerability> findAll() {
        return (List) super.getIndex().findAllDocuments().stream().map(this::fromDocument).collect(Collectors.toList());
    }

    @Override // com.metaeffekt.mirror.query.VulnerabilityIndexQuery
    public Optional<Vulnerability> findVulnerabilityByName(String str) {
        synchronized (this.vulnerabilityByNameCache) {
            if (!this.vulnerabilityByNameCache.containsKey(str)) {
                return findVulnerabilityByNameInternal(str).map(vulnerability -> {
                    synchronized (this.vulnerabilityByNameCache) {
                        this.vulnerabilityByNameCache.put(str, vulnerability);
                    }
                    return vulnerability;
                });
            }
            return Optional.of(this.vulnerabilityByNameCache.get(str));
        }
    }

    @Override // com.metaeffekt.mirror.query.VulnerabilityIndexQuery
    public List<Vulnerability> findVulnerabilitiesByFlatAffectedConfiguration(Cpe cpe) {
        String str = cpe.getVendor() + ":" + cpe.getProduct();
        synchronized (this.documentByVendorProductCache) {
            if (this.documentByVendorProductCache.containsKey(str)) {
                return (List) this.documentByVendorProductCache.get(str).stream().filter(vulnerability -> {
                    return vulnerability.cpeFlatMatchesVulnerableSoftware(cpe);
                }).sorted(Vulnerability.COMPARE_BY_NAME).collect(Collectors.toList());
            }
            List<Vulnerability> searchIndexForCpe = searchIndexForCpe(cpe);
            synchronized (this.documentByVendorProductCache) {
                this.documentByVendorProductCache.put(str, searchIndexForCpe);
            }
            return (List) searchIndexForCpe.stream().distinct().filter(vulnerability2 -> {
                return vulnerability2.cpeFlatMatchesVulnerableSoftware(cpe);
            }).sorted(Vulnerability.COMPARE_BY_NAME).collect(Collectors.toList());
        }
    }

    @Override // com.metaeffekt.mirror.query.VulnerabilityIndexQuery
    public Map<Vulnerability, VulnerableSoftwareVersionRangeCpe> findVulnerabilitiesByFlatAffectedConfigurationRetainSource(Cpe cpe) {
        List<Vulnerability> orDefault;
        String str = cpe.getVendor() + ":" + cpe.getProduct();
        synchronized (this.documentByVendorProductCache) {
            orDefault = this.documentByVendorProductCache.getOrDefault(str, null);
        }
        if (orDefault != null) {
            return (Map) orDefault.stream().map(vulnerability -> {
                return Pair.of(vulnerability, vulnerability.getCpeFlatMatchedVulnerableSoftware(cpe));
            }).filter(pair -> {
                return pair.getRight() != null;
            }).collect(Collectors.toMap((v0) -> {
                return v0.getLeft();
            }, (v0) -> {
                return v0.getRight();
            }));
        }
        List<Vulnerability> searchIndexForCpe = searchIndexForCpe(cpe);
        synchronized (this.documentByVendorProductCache) {
            this.documentByVendorProductCache.put(str, searchIndexForCpe);
        }
        return (Map) searchIndexForCpe.stream().distinct().map(vulnerability2 -> {
            return Pair.of(vulnerability2, vulnerability2.getCpeFlatMatchedVulnerableSoftware(cpe));
        }).filter(pair2 -> {
            return pair2.getRight() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getLeft();
        }, (v0) -> {
            return v0.getRight();
        }));
    }

    private List<Vulnerability> searchIndexForCpe(Cpe cpe) {
        boolean equals = "*".equals(cpe.getVendor());
        boolean equals2 = "*".equals(cpe.getProduct());
        if (equals && equals2) {
            log.warn("Wildcard search for both vendor and product is not supported. Returning empty list.");
            return Collections.emptyList();
        }
        String str = equals ? "*\\:" + QueryParserUtil.escape(cpe.getProduct()) : equals2 ? QueryParserUtil.escape(cpe.getVendor()) + "\\:*" : cpe.getVendor() + ":" + cpe.getProduct();
        if (!equals && !equals2) {
            return (List) super.getIndex().findDocuments(new IndexSearch().fieldContains("vulnerable_software_vp", str)).stream().map(this::findInCacheOrCreateVulnerabilityFromDocument).distinct().collect(Collectors.toList());
        }
        log.warn("It is recommended to avoid using only the vendor OR product information when querying vulnerability databases for the CPE [{}]. This broad approach can inadvertently match vulnerabilities that were not intended to be included, leading to inaccurate results. Even if the current data appears to correct as of now, there is no guarantee that the NVD will not introduce new CPE entries with different vendor/product combinations that could still match the original query unintentionally. To ensure precise and reliable vulnerability matching, it is recommended to provide more specific CPE identifiers that include both the vendor and product information whenever possible.", cpe);
        return (List) super.getIndex().findDocuments(new IndexSearch().fieldContainsUnquoted("vulnerable_software_vp", str)).stream().map(this::findInCacheOrCreateVulnerabilityFromDocument).distinct().collect(Collectors.toList());
    }

    private Vulnerability findInCacheOrCreateVulnerabilityFromDocument(Document document) {
        String str = document.get("name");
        synchronized (this.vulnerabilityByNameCache) {
            Vulnerability vulnerability = this.vulnerabilityByNameCache.get(str);
            if (vulnerability != null) {
                return vulnerability;
            }
            Vulnerability fromDocument = Vulnerability.fromDocument(document);
            this.vulnerabilityByNameCache.put(str, fromDocument);
            return fromDocument;
        }
    }
}
