package com.metaeffekt.artifact.enrichment.matching;

import com.metaeffekt.artifact.analysis.node.NodeScanSupport;
import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.version.AllCategorizedPartsVersionImpl;
import com.metaeffekt.artifact.analysis.version.Version;
import com.metaeffekt.artifact.analysis.version.curation.VersionContext;
import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.warnings.InventoryWarningEntry;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.VulnerabilitiesFromCpeEnrichmentConfiguration;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.mirror.contents.base.DataSourceIndicator;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.store.ContentIdentifierStore;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeIdentifier;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.contents.vulnerability.VulnerableSoftwareVersionRangeCpe;
import com.metaeffekt.mirror.query.VulnerabilityIndexQuery;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

/* loaded from: input_file:com/metaeffekt/artifact/enrichment/matching/VulnerabilitiesFromCpeEnrichment.class */
public abstract class VulnerabilitiesFromCpeEnrichment extends InventoryEnricher {
    private static final Logger LOG = LoggerFactory.getLogger(VulnerabilitiesFromCpeEnrichment.class);
    protected VulnerabilitiesFromCpeEnrichmentConfiguration configuration;

    public VulnerabilitiesFromCpeEnrichment(VulnerabilitiesFromCpeEnrichmentConfiguration vulnerabilitiesFromCpeEnrichmentConfiguration) {
        this.configuration = vulnerabilitiesFromCpeEnrichmentConfiguration;
    }

    public void setConfiguration(VulnerabilitiesFromCpeEnrichmentConfiguration vulnerabilitiesFromCpeEnrichmentConfiguration) {
        this.configuration = vulnerabilitiesFromCpeEnrichmentConfiguration;
    }

    protected abstract VulnerabilityIndexQuery getVulnerabilityQuery();

    protected abstract ContentIdentifierStore.ContentIdentifier getVulnerabilitySource();

    /* JADX INFO: Access modifiers changed from: protected */
    public void enrichVulnerabilitiesForCpe(VulnerabilityContextInventory vulnerabilityContextInventory, Artifact artifact) {
        Map<Cpe, List<Vulnerability>> queryVulnerabilitiesForArtifact = queryVulnerabilitiesForArtifact(vulnerabilityContextInventory, artifact);
        HashSet hashSet = new HashSet();
        queryVulnerabilitiesForArtifact.keySet().forEach(cpe -> {
            hashSet.add(CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(cpe));
        });
        if (hashSet.isEmpty()) {
            artifact.set(InventoryAttribute.MATCHED_CPES, (String) null);
        } else {
            artifact.set(InventoryAttribute.MATCHED_CPES, (String) hashSet.stream().filter(str -> {
                return (str == null || str.equals("null")) ? false : true;
            }).collect(Collectors.joining(", ")));
        }
    }

    public Map<Cpe, List<Vulnerability>> queryVulnerabilitiesForArtifact(VulnerabilityContextInventory vulnerabilityContextInventory, Artifact artifact) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        HashSet hashSet = new HashSet();
        for (Cpe cpe : CommonEnumerationUtil.parseEffectiveCpe(artifact)) {
            try {
                Optional<Cpe> deriveQueryCpe = deriveQueryCpe(vulnerabilityContextInventory, getEnrichmentName(), artifact, cpe);
                if (deriveQueryCpe.isPresent()) {
                    Cpe cpe2 = deriveQueryCpe.get();
                    Map<Vulnerability, VulnerableSoftwareVersionRangeCpe> findVulnerabilitiesByFlatAffectedConfigurationRetainSource = getVulnerabilityQuery().findVulnerabilitiesByFlatAffectedConfigurationRetainSource(cpe2);
                    Stream<R> map = findVulnerabilitiesByFlatAffectedConfigurationRetainSource.keySet().stream().map((v0) -> {
                        return v0.getId();
                    });
                    vulnerabilityContextInventory.getClass();
                    List<Vulnerability> list = (List) map.map(vulnerabilityContextInventory::findOrCreateVulnerabilityByName).collect(Collectors.toList());
                    if (!list.isEmpty()) {
                        for (Vulnerability vulnerability : list) {
                            VulnerableSoftwareVersionRangeCpe vulnerableSoftwareVersionRangeCpe = findVulnerabilitiesByFlatAffectedConfigurationRetainSource.get(vulnerability);
                            vulnerability.addMatchingSource(DataSourceIndicator.cpe(artifact, getVulnerabilitySource(), cpe2, vulnerableSoftwareVersionRangeCpe != null ? vulnerableSoftwareVersionRangeCpe.toString() : null));
                        }
                    }
                    hashSet.addAll((Collection) list.stream().map((v0) -> {
                        return v0.getId();
                    }).collect(Collectors.toSet()));
                    linkedHashMap.put(cpe, list);
                    if (hashSet.size() > this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact()) {
                        break;
                    }
                }
            } catch (Exception e) {
                throw new RuntimeException("Failed to query vulnerabilities for artifact [" + artifact.getId() + "] on CPE [" + CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(cpe) + "]: " + e.getMessage(), e);
            }
        }
        if (hashSet.size() > this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact()) {
            LOG.warn("Found [{}] vulnerabilities for artifact [{}] but only the first [{}] will be considered.", new Object[]{Integer.valueOf(hashSet.size()), artifact.getId(), Integer.valueOf(this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact())});
            vulnerabilityContextInventory.getInventoryWarnings().addArtifactWarning(new InventoryWarningEntry<>(artifact, "Found " + hashSet.size() + " vulnerabilities but only the first " + this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact() + " will be considered.", getEnrichmentName()));
            int i = 0;
            boolean z = false;
            Iterator it = linkedHashMap.entrySet().iterator();
            while (it.hasNext()) {
                List list2 = (List) ((Map.Entry) it.next()).getValue();
                i += list2.size();
                if (i > this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact()) {
                    if (z) {
                        list2.clear();
                    } else {
                        list2.subList(list2.size() - (i - this.configuration.getMaxCorrelatedVulnerabilitiesPerArtifact()), list2.size()).clear();
                        z = true;
                    }
                }
            }
        }
        VulnerabilityTypeIdentifier<?> vulnerabilityType = getVulnerabilityQuery().getVulnerabilityType();
        Iterator it2 = linkedHashMap.values().iterator();
        while (it2.hasNext()) {
            Iterator it3 = ((List) it2.next()).iterator();
            while (it3.hasNext()) {
                ((Vulnerability) it3.next()).setSourceIdentifier(vulnerabilityType);
            }
        }
        return linkedHashMap;
    }

    public static Optional<Cpe> deriveQueryCpe(VulnerabilityContextInventory vulnerabilityContextInventory, String str, Artifact artifact, Cpe cpe) {
        Version deriveQueryVersion = deriveQueryVersion(artifact, cpe);
        try {
            return Optional.of(CommonEnumerationUtil.builder().from(cpe).version(replaceIfNotNull(deriveQueryVersion.getVersion(), NormalizationMetaData.STRING_WHITESPACE, "_")).update(replaceIfNotNull(deriveQueryVersion.getUpdate(), NormalizationMetaData.STRING_WHITESPACE, "_")).build());
        } catch (CpeValidationException e) {
            LOG.warn("Failed to build CPE for querying vulnerability data: [{}] [{}]: {}", new Object[]{cpe, deriveQueryVersion, e.getMessage()});
            if (vulnerabilityContextInventory != null) {
                vulnerabilityContextInventory.getInventoryWarnings().addArtifactWarning(new InventoryWarningEntry<>(artifact, "Failed to build CPE for querying vulnerability data: " + cpe + NormalizationMetaData.STRING_WHITESPACE + deriveQueryVersion + ": " + e.getMessage(), str != null ? str : VulnerabilitiesFromCpeEnrichment.class.getName()));
            }
            return Optional.empty();
        }
    }

    private static String replaceIfNotNull(String str, String str2, String str3) {
        if (str != null) {
            return str.replace(str2, str3);
        }
        return null;
    }

    public static Version deriveQueryVersion(Artifact artifact, Cpe cpe) {
        Version deriveArtifactVersion = deriveArtifactVersion(artifact);
        Version of = Version.of(cpe.getVersion(), cpe.getUpdate(), VersionContext.fromCpe(cpe));
        Version modulateVersions = modulateVersions(deriveArtifactVersion, of);
        if (!deriveArtifactVersion.toString().equals(modulateVersions.toString())) {
            LOG.info("Derived query version for artifact [{}] and CPE [{}]: [{}] + [{}] = [{}]", new Object[]{artifact.getId(), CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(cpe), deriveArtifactVersion, of, modulateVersions});
        }
        return modulateVersions;
    }

    public static Version deriveArtifactVersion(Artifact artifact) {
        String extractCpeVersion = extractCpeVersion(artifact);
        String str = null;
        if (Pattern.compile("^.*p[0-9]+$").matcher(extractCpeVersion).matches()) {
            int lastIndexOf = extractCpeVersion.lastIndexOf("p");
            str = extractCpeVersion.substring(lastIndexOf);
            extractCpeVersion = extractCpeVersion.substring(0, lastIndexOf);
        }
        return Version.of(extractCpeVersion, str, VersionContext.fromArtifact(artifact));
    }

    private static Version modulateVersions(Version version, Version version2) {
        if (!(version instanceof AllCategorizedPartsVersionImpl) || (version2 != null && !(version2 instanceof AllCategorizedPartsVersionImpl))) {
            LOG.warn("Using old implementation for version modulation. Please update to the new implementation [{}] [{}]", version, version2);
            String version3 = version.getVersion();
            String update = version.getUpdate();
            if (version2 == null) {
                return version;
            }
            if (!"*".equals(version2.getVersion())) {
                version3 = version2.getVersion();
                if (!"*".equals(version2.getUpdate())) {
                    update = version2.getUpdate();
                }
            }
            return Version.of(version3, update);
        }
        AllCategorizedPartsVersionImpl allCategorizedPartsVersionImpl = (AllCategorizedPartsVersionImpl) version;
        AllCategorizedPartsVersionImpl allCategorizedPartsVersionImpl2 = (AllCategorizedPartsVersionImpl) version2;
        String stringPreModifierPart = allCategorizedPartsVersionImpl.toStringPreModifierPart();
        String stringModifierPart = allCategorizedPartsVersionImpl.toStringModifierPart();
        if (allCategorizedPartsVersionImpl2 == null) {
            return Version.of(stringPreModifierPart, stringModifierPart);
        }
        String stringPreModifierPart2 = allCategorizedPartsVersionImpl2.toStringPreModifierPart();
        String stringModifierPart2 = allCategorizedPartsVersionImpl2.toStringModifierPart();
        String str = (!"*".equals(version2.getVersion()) && StringUtils.hasText(version2.getVersion()) && StringUtils.hasText(stringPreModifierPart2)) ? stringPreModifierPart2 : stringPreModifierPart;
        String str2 = (!"*".equals(allCategorizedPartsVersionImpl2.getUpdate()) && StringUtils.hasText(version2.getUpdate()) && StringUtils.hasText(stringModifierPart2)) ? stringModifierPart2 : stringModifierPart;
        return (StringUtils.hasText(str) && StringUtils.hasText(str2)) ? Version.of(str, str2) : StringUtils.hasText(str) ? Version.of(str, version.getUpdate()) : Version.of(version.getVersion(), version.getUpdate());
    }

    public static String extractCpeVersion(Artifact artifact) {
        String trim = StringUtils.isEmpty(artifact.getVersion()) ? "*" : artifact.getVersion().trim();
        return (trim.equalsIgnoreCase("unspecific") || trim.equalsIgnoreCase(NodeScanSupport.VALUE_UNDEFINED)) ? "*" : trim.contains(":") ? trim.substring(trim.indexOf(":") + 1) : trim.contains("+") ? trim.substring(0, trim.indexOf("+")) : trim.contains("~") ? trim.substring(0, trim.indexOf("~")) : trim.contains("-") ? trim.substring(0, trim.indexOf("-")) : trim.contains(".RELEASE") ? trim.substring(0, trim.indexOf(".RELEASE")) : trim.contains(".FINAL") ? trim.substring(0, trim.indexOf(".FINAL")) : trim.contains(".Release") ? trim.substring(0, trim.indexOf(".Release")) : trim.contains(".Final") ? trim.substring(0, trim.indexOf(".Final")) : trim;
    }
}
