package com.metaeffekt.artifact.enrichment.other.periodic;

import com.metaeffekt.artifact.analysis.cert.PeriodicDataSourcesOperations;
import com.metaeffekt.artifact.analysis.diffmerge.InventoryMerger;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.AdvisorPeriodicEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.advisory.AdvisoryEntry;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeIdentifier;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import java.io.File;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.StringJoiner;
import java.util.stream.Collectors;
import org.metaeffekt.core.inventory.processor.model.AdvisoryMetaData;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.InventoryInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EnricherMetadata(name = "Advisor periodic", phase = InventoryEnrichmentPhase.STANDALONE, intermediateFileSuffix = "advisor-periodic", mavenPropertyName = "advisorPeriodicEnrichment")
/* loaded from: input_file:com/metaeffekt/artifact/enrichment/other/periodic/AdvisorPeriodicEnrichment.class */
public class AdvisorPeriodicEnrichment extends InventoryEnricher {
    private static final Logger LOG = LoggerFactory.getLogger(AdvisorPeriodicEnrichment.class);
    public static final String ADVISOR_PERIODIC_QUERY_KEY = "cert-periodic-query";
    public static final String ADVISOR_PERIODIC_QUERY_RANGE_START_KEY = "Range Start";
    public static final String ADVISOR_PERIODIC_QUERY_RANGE_END_KEY = "Range End";
    private AdvisorPeriodicEnrichmentConfiguration configuration = new AdvisorPeriodicEnrichmentConfiguration();
    private final File baseMirrorDirectory;

    public AdvisorPeriodicEnrichment(File file) {
        this.baseMirrorDirectory = file;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    public AdvisorPeriodicEnrichmentConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    protected void performEnrichment(Inventory inventory) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (this.configuration.hasInitialInventoryContextName()) {
            linkedHashMap.put(this.configuration.getInitialInventoryContextName(), inventory);
        }
        linkedHashMap.putAll(this.configuration.parseReferenceInventories());
        if (linkedHashMap.isEmpty()) {
            LOG.warn("No reference inventories have been provided.");
        } else if (linkedHashMap.size() == 1) {
            LOG.info("Using [{}] as the only reference inventory", linkedHashMap.keySet().iterator().next());
        } else {
            LOG.info("Using [{}] as the reference inventories", linkedHashMap.keySet());
        }
        Map<String, VulnerabilityContextInventory> fromInventories = VulnerabilityContextInventory.fromInventories(linkedHashMap);
        Inventory inventory2 = new Inventory();
        VulnerabilityContextInventory fromInventory = VulnerabilityContextInventory.fromInventory(inventory2);
        PeriodicDataSourcesOperations.QueryTimePeriod advisoryQueryPeriod = this.configuration.getAdvisoryQueryPeriod();
        LOG.info("Listing all advisories for changed entries of {} in period {}", this.configuration.getAdvisoryProviders(), advisoryQueryPeriod);
        InventoryInfo findOrCreateInventoryInfo = inventory2.findOrCreateInventoryInfo(ADVISOR_PERIODIC_QUERY_KEY);
        findOrCreateInventoryInfo.set(ADVISOR_PERIODIC_QUERY_RANGE_START_KEY, new SimpleDateFormat("yyyy-MM-dd").format(Long.valueOf(advisoryQueryPeriod.getStart())));
        findOrCreateInventoryInfo.set(ADVISOR_PERIODIC_QUERY_RANGE_END_KEY, new SimpleDateFormat("yyyy-MM-dd").format(Long.valueOf(advisoryQueryPeriod.getEnd())));
        PeriodicDataSourcesOperations periodicDataSourcesOperations = new PeriodicDataSourcesOperations();
        periodicDataSourcesOperations.addAdvisorIndexQueriesForContentIdentifiers(this.baseMirrorDirectory, this.configuration.getAdvisoryProviders());
        fromInventory.addAllAdvisories(periodicDataSourcesOperations.findSecurityAdvisoriesUpdatedOrModifiedSince(advisoryQueryPeriod, this.configuration.getAdvisoryProviders(), this.configuration.getIncludeAdvisoryTypes()));
        periodicDataSourcesOperations.setSecurityAdvisoryReviewedStatusFromReferenceInventories(fromInventory.getSecurityAdvisories(), fromInventories.values());
        filterInventoryDataPreMerge(fromInventory, periodicDataSourcesOperations);
        mergeReferenceInventoriesToSourceInventory(fromInventory, linkedHashMap, inventory2);
        for (AdvisoryEntry advisoryEntry : fromInventory.getShallowCopySecurityAdvisories()) {
            if (advisoryEntry.getAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS) == null) {
                advisoryEntry.setAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS, "unclassified");
            }
        }
        filterInventoryDataPostMerge(fromInventory, periodicDataSourcesOperations);
        fromInventory.writeBack(true);
        logReviewStateCounts(fromInventory.getSecurityAdvisories());
        super.moveInventoryData(inventory2, inventory);
    }

    private void mergeReferenceInventoriesToSourceInventory(VulnerabilityContextInventory vulnerabilityContextInventory, Map<String, Inventory> map, Inventory inventory) {
        vulnerabilityContextInventory.writeBack(true);
        int size = vulnerabilityContextInventory.getSecurityAdvisories().size();
        if (!map.isEmpty()) {
            InventoryMerger inventoryMerger = new InventoryMerger(inventory);
            for (Map.Entry<String, Inventory> entry : map.entrySet()) {
                inventoryMerger.addReferenceInventory(entry.getValue(), entry.getKey());
            }
            inventoryMerger.includeArtifacts();
            inventoryMerger.includeVulnerabilities();
            inventoryMerger.includeAdvisories();
        }
        vulnerabilityContextInventory.parse();
        int size2 = vulnerabilityContextInventory.getSecurityAdvisories().size();
        LOG.info(" --> Added [{} - {} = {}] security advisories from [{}] reference inventories", new Object[]{Integer.valueOf(size2), Integer.valueOf(size), Integer.valueOf(size2 - size), Integer.valueOf(map.size())});
    }

    private void filterInventoryDataPreMerge(VulnerabilityContextInventory vulnerabilityContextInventory, PeriodicDataSourcesOperations periodicDataSourcesOperations) {
        if (this.configuration.isFilterUnaffected()) {
            filterSecurityAdvisoriesIfStatus(vulnerabilityContextInventory, periodicDataSourcesOperations, "unaffected");
        }
    }

    private void filterInventoryDataPostMerge(VulnerabilityContextInventory vulnerabilityContextInventory, PeriodicDataSourcesOperations periodicDataSourcesOperations) {
        Set<Vulnerability> shallowCopyVulnerabilities = vulnerabilityContextInventory.getShallowCopyVulnerabilities();
        int size = vulnerabilityContextInventory.getSecurityAdvisories().size();
        if (this.configuration.isFilterUnclassified()) {
            filterSecurityAdvisoriesIfStatus(vulnerabilityContextInventory, periodicDataSourcesOperations, "unclassified");
        }
        if (this.configuration.isFilterVulnerabilitiesWithoutSpecifiedAdvisory()) {
            if (this.configuration.getVulnerabilityAdvisoryFilter().isEmpty()) {
                LOG.warn("Filtering vulnerabilities without specified advisory is enabled, but no advisory providers are specified. No vulnerabilities will be removed.");
            } else {
                LOG.info("Removing all vulnerabilities that do not contain at least one vulnerability with a specified advisory provider of {}", this.configuration.getVulnerabilityAdvisoryFilter());
                int size2 = vulnerabilityContextInventory.getVulnerabilities().size();
                periodicDataSourcesOperations.filterVulnerabilitiesByAdvisoryFilter(vulnerabilityContextInventory, this.configuration.getVulnerabilityAdvisoryFilter());
                int size3 = vulnerabilityContextInventory.getVulnerabilities().size();
                LOG.info(" --> Removed [{} - {} = {}] vulnerabilities that do not contain at least one vulnerability with a specified advisory provider", new Object[]{Integer.valueOf(size2), Integer.valueOf(size2 - size3), Integer.valueOf(size3)});
            }
        }
        if (this.configuration.isFilterUnaffectedVulnerabilities()) {
            LOG.info("Removing all vulnerabilities that are not affected by any advisory");
            HashSet hashSet = new HashSet();
            Iterator<AdvisoryEntry> it = vulnerabilityContextInventory.getShallowCopySecurityAdvisories().iterator();
            while (it.hasNext()) {
                Iterator<Map.Entry<VulnerabilityTypeIdentifier<?>, Set<String>>> it2 = it.next().getReferencedVulnerabilities().entrySet().iterator();
                while (it2.hasNext()) {
                    Iterator<String> it3 = it2.next().getValue().iterator();
                    while (it3.hasNext()) {
                        Optional<Vulnerability> findVulnerabilityByName = vulnerabilityContextInventory.findVulnerabilityByName(it3.next());
                        hashSet.getClass();
                        findVulnerabilityByName.ifPresent((v1) -> {
                            r1.add(v1);
                        });
                    }
                }
            }
            LOG.info(" --> Found [{}] vulnerabilities that are affected by at least one advisory", Integer.valueOf(hashSet.size()));
            int size4 = vulnerabilityContextInventory.getVulnerabilities().size();
            for (Vulnerability vulnerability : vulnerabilityContextInventory.getShallowCopyVulnerabilities()) {
                if (!hashSet.contains(vulnerability)) {
                    vulnerabilityContextInventory.remove(vulnerability);
                }
            }
            int size5 = vulnerabilityContextInventory.getVulnerabilities().size();
            LOG.info(" --> Removed [{} - {} = {}] vulnerabilities that are not affected by any advisory", new Object[]{Integer.valueOf(size4), Integer.valueOf(size4 - size5), Integer.valueOf(size5)});
        }
        long includeVulnerabilitiesChangedSinceTimestamp = this.configuration.getIncludeVulnerabilitiesChangedSinceTimestamp();
        Date date = new Date(includeVulnerabilitiesChangedSinceTimestamp);
        if (includeVulnerabilitiesChangedSinceTimestamp != 0) {
            int i = 0;
            for (Vulnerability vulnerability2 : shallowCopyVulnerabilities) {
                if (vulnerability2.isCreatedAfter(date) || vulnerability2.isUpdatedAfter(date)) {
                    if (!vulnerabilityContextInventory.contains(vulnerability2)) {
                        vulnerabilityContextInventory.add(vulnerability2);
                        i++;
                    }
                }
            }
            if (i > 0) {
                LOG.info(" --> Re-added [{}] previously removed vulnerabilities that were created or updated after [{}]", Integer.valueOf(i), TimeUtils.formatNormalizedDate(date));
            } else {
                LOG.info(" --> No vulnerabilities were re-added, as none were removed that were created or updated after [{}]", TimeUtils.formatNormalizedDate(date));
            }
        }
        LOG.info("Counts after applying filtering: [vulnerabilities {} -> {}] [advisories {} -> {}]", new Object[]{Integer.valueOf(shallowCopyVulnerabilities.size()), Integer.valueOf(vulnerabilityContextInventory.getVulnerabilities().size()), Integer.valueOf(size), Integer.valueOf(vulnerabilityContextInventory.getSecurityAdvisories().size())});
    }

    private void filterSecurityAdvisoriesIfStatus(VulnerabilityContextInventory vulnerabilityContextInventory, PeriodicDataSourcesOperations periodicDataSourcesOperations, String str) {
        LOG.info("Removing all security advisories that are marked as [{}]", str);
        int size = vulnerabilityContextInventory.getSecurityAdvisories().size();
        periodicDataSourcesOperations.removeSecurityAdvisoryIfStatus(vulnerabilityContextInventory, str);
        int size2 = vulnerabilityContextInventory.getSecurityAdvisories().size();
        LOG.info(" --> Removed [{} - {} = {}] security advisories that are marked as [{}]", new Object[]{Integer.valueOf(size), Integer.valueOf(size - size2), Integer.valueOf(size2), str});
    }

    private void logReviewStateCounts(Collection<AdvisoryEntry> collection) {
        Map map = (Map) collection.stream().collect(Collectors.groupingBy(advisoryEntry -> {
            return advisoryEntry.getAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS) == null ? "null" : advisoryEntry.getAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS);
        }, Collectors.counting()));
        LOG.info("");
        LOG.info("Inventory review status state summary:");
        for (Map.Entry entry : map.entrySet()) {
            LOG.info("  {}: {}", entry.getKey(), entry.getValue());
            StringJoiner stringJoiner = new StringJoiner(", ");
            for (AdvisoryEntry advisoryEntry2 : collection) {
                if (((String) entry.getKey()).equals(advisoryEntry2.getAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS) == null ? "null" : advisoryEntry2.getAdditionalAttribute((AdvisoryEntry) AdvisoryMetaData.Attribute.REVIEW_STATUS))) {
                    stringJoiner.add(advisoryEntry2.getId());
                }
            }
            LOG.info("    {}", stringJoiner);
        }
        LOG.info("");
    }

    public void setConfiguration(AdvisorPeriodicEnrichmentConfiguration advisorPeriodicEnrichmentConfiguration) {
        this.configuration = advisorPeriodicEnrichmentConfiguration;
    }
}
