package com.metaeffekt.mirror.contents.advisory;

import com.metaeffekt.artifact.analysis.report.CoverityReport;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import com.metaeffekt.artifact.analysis.version.curation.VersionContext;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.mirror.contents.base.DescriptionParagraph;
import com.metaeffekt.mirror.contents.base.Reference;
import com.metaeffekt.mirror.contents.store.AdvisoryTypeStore;
import com.metaeffekt.mirror.contents.store.OtherTypeStore;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeStore;
import com.metaeffekt.mirror.contents.vulnerability.VulnerableSoftwareVersionRangeEcosystem;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.StringField;
import org.json.JSONArray;
import org.json.JSONObject;
import org.metaeffekt.core.inventory.processor.model.AdvisoryMetaData;
import org.metaeffekt.core.inventory.processor.report.model.AdvisoryUtils;
import org.metaeffekt.core.security.cvss.CvssSource;
import org.metaeffekt.core.security.cvss.KnownCvssEntities;
import org.metaeffekt.core.security.cvss.v2.Cvss2;
import org.metaeffekt.core.security.cvss.v3.Cvss3P1;
import org.metaeffekt.core.security.cvss.v4P0.Cvss4P0;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/metaeffekt/mirror/contents/advisory/GhsaAdvisorEntry.class */
public class GhsaAdvisorEntry extends AdvisoryEntry {
    private static final Logger LOG = LoggerFactory.getLogger(GhsaAdvisorEntry.class);
    protected static final Set<String> CONVERSION_KEYS_AMB = new HashSet<String>(AdvisoryEntry.CONVERSION_KEYS_AMB) { // from class: com.metaeffekt.mirror.contents.advisory.GhsaAdvisorEntry.1
    };
    protected static final Set<String> CONVERSION_KEYS_MAP = new HashSet<String>(AdvisoryEntry.CONVERSION_KEYS_MAP) { // from class: com.metaeffekt.mirror.contents.advisory.GhsaAdvisorEntry.2
        {
            add(CoverityReport.SEVERITY);
            add("githubReviewed");
            add("githubReviewedAt");
            add("nvdPublishedAt");
            add("vulnerableSoftware");
        }
    };
    private String severity;
    private boolean githubReviewed;
    private Date githubReviewedAt;
    private Date nvdPublishedAt;
    private final List<VulnerableSoftwareVersionRangeEcosystem> vulnerableSoftwares;
    private static final String CVSS_4_KEY = "CVSS_V4";
    private static final String CVSS_3_KEY = "CVSS_V3";
    private static final String CVSS_2_KEY = "CVSS_V2";

    public GhsaAdvisorEntry() {
        super(AdvisoryTypeStore.GHSA);
        this.vulnerableSoftwares = new ArrayList();
    }

    public GhsaAdvisorEntry(String str) {
        super(AdvisoryTypeStore.GHSA, str);
        this.vulnerableSoftwares = new ArrayList();
    }

    public String getSeverity() {
        return this.severity;
    }

    public void setSeverity(String str) {
        this.severity = str;
    }

    public boolean isGithubReviewed() {
        return this.githubReviewed;
    }

    public List<VulnerableSoftwareVersionRangeEcosystem> getVulnerableSoftwares() {
        return this.vulnerableSoftwares;
    }

    public void setGithubReviewed(boolean z) {
        this.githubReviewed = z;
    }

    public Date getGithubReviewedAt() {
        return this.githubReviewedAt;
    }

    public void setGithubReviewedAt(Date date) {
        this.githubReviewedAt = date;
    }

    public Date getNvdPublishedAt() {
        return this.nvdPublishedAt;
    }

    public void setNvdPublishedAt(Date date) {
        this.nvdPublishedAt = date;
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry
    public String getUrl() {
        return "https://github.com/advisories/" + getId();
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry
    public String getType() {
        return AdvisoryUtils.normalizeType("alert");
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    protected Set<String> conversionKeysAmb() {
        return CONVERSION_KEYS_AMB;
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    protected Set<String> conversionKeysMap() {
        return CONVERSION_KEYS_MAP;
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    public GhsaAdvisorEntry constructDataClass() {
        return new GhsaAdvisorEntry();
    }

    public static GhsaAdvisorEntry fromAdvisoryMetaData(AdvisoryMetaData advisoryMetaData) {
        return (GhsaAdvisorEntry) AdvisoryEntry.fromAdvisoryMetaData(advisoryMetaData, GhsaAdvisorEntry::new);
    }

    public static GhsaAdvisorEntry fromInputMap(Map<String, Object> map) {
        return (GhsaAdvisorEntry) AdvisoryEntry.fromInputMap(map, GhsaAdvisorEntry::new);
    }

    public static GhsaAdvisorEntry fromJson(JSONObject jSONObject) {
        return (GhsaAdvisorEntry) AdvisoryEntry.fromJson(jSONObject, GhsaAdvisorEntry::new);
    }

    public static GhsaAdvisorEntry fromDocument(Document document) {
        return (GhsaAdvisorEntry) AdvisoryEntry.fromDocument(document, GhsaAdvisorEntry::new);
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromBaseModel(AdvisoryMetaData advisoryMetaData) {
        super.appendFromBaseModel(advisoryMetaData);
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToBaseModel(AdvisoryMetaData advisoryMetaData) {
        super.appendToBaseModel(advisoryMetaData);
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromMap(Map<String, Object> map) {
        super.appendFromMap(map);
        setSeverity((String) map.getOrDefault(CoverityReport.SEVERITY, null));
        setGithubReviewed(((Boolean) map.getOrDefault("githubReviewed", false)).booleanValue());
        setGithubReviewedAt(TimeUtils.tryParse(map.getOrDefault("githubReviewedAt", null)));
        setNvdPublishedAt(TimeUtils.tryParse(map.getOrDefault("nvdPublishedAt", null)));
        this.vulnerableSoftwares.addAll(createVulnerableSoftwareConfigurationsFromJson((List<Object>) map.getOrDefault("vulnerableSoftware", null)));
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToJson(JSONObject jSONObject) {
        super.appendToJson(jSONObject);
        jSONObject.put(CoverityReport.SEVERITY, getSeverity());
        jSONObject.put("githubReviewed", isGithubReviewed());
        jSONObject.put("githubReviewedAt", ObjectUtils.defaultIfNull(this.githubReviewedAt == null ? null : Long.valueOf(this.githubReviewedAt.getTime()), JSONObject.NULL));
        jSONObject.put("nvdPublishedAt", ObjectUtils.defaultIfNull(this.nvdPublishedAt == null ? null : Long.valueOf(this.nvdPublishedAt.getTime()), JSONObject.NULL));
        JSONArray jSONArray = new JSONArray();
        Iterator<VulnerableSoftwareVersionRangeEcosystem> it = this.vulnerableSoftwares.iterator();
        while (it.hasNext()) {
            jSONArray.put(it.next().toJson());
        }
        jSONObject.put("vulnerableSoftware", jSONArray);
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromDocument(Document document) {
        super.appendFromDocument(document);
        setSeverity(document.get(CoverityReport.SEVERITY));
        setGithubReviewed(Boolean.parseBoolean(document.get("githubReviewed")));
        setGithubReviewedAt(TimeUtils.tryParse(document.get("githubReviewedAt")));
        setNvdPublishedAt(TimeUtils.tryParse(document.get("nvdPublishedAt")));
        String str = document.get("vulnerableSoftware");
        if (str != null) {
            this.vulnerableSoftwares.addAll(createVulnerableSoftwareConfigurationsFromJson(new JSONArray(str)));
        }
    }

    @Override // com.metaeffekt.mirror.contents.advisory.AdvisoryEntry, com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToDocument(Document document) {
        super.appendToDocument(document);
        super.addToDocumentAsTextFieldIfNotEmpty(document, CoverityReport.SEVERITY, getSeverity());
        document.add(new StringField("githubReviewed", String.valueOf(isGithubReviewed()), Field.Store.YES));
        super.addToDocumentAsTextFieldIfNotEmpty(document, "githubReviewedAt", this.githubReviewedAt == null ? null : Long.toString(this.githubReviewedAt.getTime()));
        super.addToDocumentAsTextFieldIfNotEmpty(document, "nvdPublishedAt", this.nvdPublishedAt == null ? null : Long.toString(this.nvdPublishedAt.getTime()));
        JSONArray jSONArray = new JSONArray();
        ArrayList arrayList = new ArrayList();
        for (VulnerableSoftwareVersionRangeEcosystem vulnerableSoftwareVersionRangeEcosystem : this.vulnerableSoftwares) {
            jSONArray.put(vulnerableSoftwareVersionRangeEcosystem.toJson());
            arrayList.addAll(Arrays.asList(vulnerableSoftwareVersionRangeEcosystem.getName().split("[.:-]")));
        }
        super.addToDocumentAsTextFieldIfNotEmpty(document, "vulnerableSoftware", jSONArray.toString());
        super.addToDocumentAsTextFieldIfNotEmpty(document, "vulnerableSoftwareNamePhrases", String.join(NormalizationMetaData.STRING_WHITESPACE, arrayList));
    }

    private static List<VulnerableSoftwareVersionRangeEcosystem> createVulnerableSoftwareConfigurationsFromJson(JSONArray jSONArray) {
        ArrayList arrayList = new ArrayList();
        if (jSONArray != null) {
            for (int i = 0; i < jSONArray.length(); i++) {
                JSONObject optJSONObject = jSONArray.optJSONObject(i);
                if (optJSONObject != null) {
                    arrayList.add(VulnerableSoftwareVersionRangeEcosystem.fromJson(optJSONObject));
                }
            }
        }
        return arrayList;
    }

    private static List<VulnerableSoftwareVersionRangeEcosystem> createVulnerableSoftwareConfigurationsFromJson(List<Object> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            for (Object obj : list) {
                if (obj instanceof Map) {
                    arrayList.add(VulnerableSoftwareVersionRangeEcosystem.fromJson(new JSONObject(obj)));
                } else if (obj instanceof JSONObject) {
                    arrayList.add(VulnerableSoftwareVersionRangeEcosystem.fromJson((JSONObject) obj));
                } else {
                    LOG.warn("Unknown vulnerable software type: [{}]", obj.getClass());
                }
            }
        }
        return arrayList;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:45:0x01c3. Please report as an issue. */
    public static GhsaAdvisorEntry fromGitRepoJson(JSONObject jSONObject) {
        GhsaAdvisorEntry ghsaAdvisorEntry = new GhsaAdvisorEntry();
        ghsaAdvisorEntry.setId(jSONObject.getString("id"));
        ghsaAdvisorEntry.setUpdateDate(TimeUtils.tryParse(jSONObject.optString("modified", null)));
        ghsaAdvisorEntry.setCreateDate(TimeUtils.tryParse(jSONObject.optString("published", null)));
        ghsaAdvisorEntry.setSummary(jSONObject.optString("summary", null));
        if (!jSONObject.isNull("details")) {
            ghsaAdvisorEntry.setDescription(DescriptionParagraph.fromTitleAndContent("details", jSONObject.getString("details")));
        }
        JSONArray optJSONArray = jSONObject.optJSONArray("aliases");
        if (optJSONArray != null) {
            for (int i = 0; i < optJSONArray.length(); i++) {
                String optString = optJSONArray.optString(i, null);
                if (optString != null && optString.startsWith("CVE-")) {
                    ghsaAdvisorEntry.addReferencedVulnerability(VulnerabilityTypeStore.CVE, optString);
                }
            }
        }
        JSONArray optJSONArray2 = jSONObject.optJSONArray("references");
        if (optJSONArray2 != null) {
            for (int i2 = 0; i2 < optJSONArray2.length(); i2++) {
                JSONObject jSONObject2 = optJSONArray2.getJSONObject(i2);
                ghsaAdvisorEntry.addReference(Reference.fromUrlAndTags(jSONObject2.getString("url"), jSONObject2.getString("type")));
            }
        }
        JSONObject optJSONObject = jSONObject.optJSONObject("database_specific");
        if (optJSONObject != null) {
            JSONArray jSONArray = optJSONObject.getJSONArray("cwe_ids");
            for (int i3 = 0; i3 < jSONArray.length(); i3++) {
                ghsaAdvisorEntry.addOtherReferencedId(OtherTypeStore.CWE, jSONArray.getString(i3));
            }
            ghsaAdvisorEntry.setSeverity(optJSONObject.optString(CoverityReport.SEVERITY, null));
            ghsaAdvisorEntry.setGithubReviewed(optJSONObject.optBoolean("github_reviewed", false));
            ghsaAdvisorEntry.setGithubReviewedAt(TimeUtils.tryParse(optJSONObject.optString("github_reviewed_at", null)));
            ghsaAdvisorEntry.setNvdPublishedAt(TimeUtils.tryParse(optJSONObject.optString("nvd_published_at", null)));
        }
        JSONArray optJSONArray3 = jSONObject.optJSONArray(CoverityReport.SEVERITY);
        if (optJSONArray3 != null) {
            CvssSource cvssSource = new CvssSource(KnownCvssEntities.GHSA, Cvss3P1.class);
            for (int i4 = 0; i4 < optJSONArray3.length(); i4++) {
                JSONObject jSONObject3 = optJSONArray3.getJSONObject(i4);
                String string = jSONObject3.getString("type");
                String str = (String) ObjectUtils.firstNonNull(new String[]{jSONObject3.optString("value", null), jSONObject3.optString("score", null)});
                if (str != null) {
                    boolean z = -1;
                    switch (string.hashCode()) {
                        case 1874530376:
                            if (string.equals(CVSS_2_KEY)) {
                                z = true;
                                break;
                            }
                            break;
                        case 1874530377:
                            if (string.equals(CVSS_3_KEY)) {
                                z = false;
                                break;
                            }
                            break;
                        case 1874530378:
                            if (string.equals(CVSS_4_KEY)) {
                                z = 2;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            ghsaAdvisorEntry.getCvssVectors().addCvssVector(new Cvss3P1(str, cvssSource));
                            break;
                        case true:
                            ghsaAdvisorEntry.getCvssVectors().addCvssVector(new Cvss2(str, cvssSource.deriveSource(Cvss2.class)));
                            break;
                        case true:
                            ghsaAdvisorEntry.getCvssVectors().addCvssVector(new Cvss4P0(str, cvssSource.deriveSource(Cvss4P0.class)));
                            break;
                        default:
                            LOG.warn("Unknown severity type: [{}] with value [{}]", string, str);
                            break;
                    }
                } else {
                    LOG.warn("Severity value is null for type: [{}]", string);
                }
            }
        }
        JSONArray optJSONArray4 = jSONObject.optJSONArray("affected");
        if (optJSONArray4 != null) {
            for (int i5 = 0; i5 < optJSONArray4.length(); i5++) {
                JSONObject jSONObject4 = optJSONArray4.getJSONObject(i5);
                JSONObject jSONObject5 = jSONObject4.getJSONObject("package");
                String string2 = jSONObject5.getString("name");
                String string3 = jSONObject5.getString("ecosystem");
                JSONArray optJSONArray5 = jSONObject4.optJSONArray("ranges");
                if (optJSONArray5 != null) {
                    for (int i6 = 0; i6 < optJSONArray5.length(); i6++) {
                        JSONObject jSONObject6 = optJSONArray5.getJSONObject(i6);
                        String string4 = jSONObject6.getString("type");
                        if (string4.equals("ECOSYSTEM")) {
                            JSONArray jSONArray2 = jSONObject6.getJSONArray("events");
                            String str2 = null;
                            String str3 = null;
                            String str4 = null;
                            for (int i7 = 0; i7 < jSONArray2.length(); i7++) {
                                JSONObject jSONObject7 = jSONArray2.getJSONObject(i7);
                                if (jSONObject7.has("introduced")) {
                                    str2 = jSONObject7.getString("introduced");
                                } else if (jSONObject7.has("fixed")) {
                                    str3 = jSONObject7.getString("fixed");
                                } else if (jSONObject7.has("last_affected")) {
                                    str4 = jSONObject7.getString("last_affected");
                                } else {
                                    LOG.warn("Unknown event type: [{}] on [{}]", jSONObject7.keySet(), ghsaAdvisorEntry.getId());
                                }
                            }
                            ghsaAdvisorEntry.vulnerableSoftwares.add(new VulnerableSoftwareVersionRangeEcosystem(string3, string2, null, null, null, str2, str4, str3, VersionContext.fromGhsaProduct(string2), true));
                        } else {
                            LOG.warn("Unknown range type: [{}]", string4);
                        }
                    }
                }
            }
        }
        return ghsaAdvisorEntry;
    }
}
