package com.metaeffekt.mirror.contents.vulnerability;

import com.metaeffekt.artifact.analysis.report.CoverityReport;
import com.metaeffekt.artifact.analysis.utils.CustomCollectors;
import com.metaeffekt.artifact.analysis.utils.FileUtils;
import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.utils.SvgCreator;
import com.metaeffekt.artifact.analysis.utils.TimeUtils;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.keywords.KeywordSet;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.score.VulnerabilityPriorityCalculator;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatus;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatusConverter;
import com.metaeffekt.artifact.terms.model.NormalizationMetaData;
import com.metaeffekt.mirror.contents.advisory.AdvisoryEntry;
import com.metaeffekt.mirror.contents.base.CvssConditionAttributes;
import com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass;
import com.metaeffekt.mirror.contents.base.Reference;
import com.metaeffekt.mirror.contents.epss.EpssData;
import com.metaeffekt.mirror.contents.kev.KevData;
import com.metaeffekt.mirror.contents.store.AdvisoryTypeIdentifier;
import com.metaeffekt.mirror.contents.store.OtherTypeStore;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeIdentifier;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeStore;
import com.metaeffekt.mirror.query.VulnerabilityIndexQuery;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.lucene.document.Document;
import org.apache.lucene.document.Field;
import org.apache.lucene.document.TextField;
import org.json.JSONArray;
import org.json.JSONObject;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;
import org.metaeffekt.core.inventory.processor.report.configuration.CentralSecurityPolicyConfiguration;
import org.metaeffekt.core.security.cvss.CvssSource;
import org.metaeffekt.core.security.cvss.CvssVector;
import org.metaeffekt.core.security.cvss.KnownCvssEntities;
import org.metaeffekt.core.security.cvss.processor.CvssSelectionResult;
import org.metaeffekt.core.security.cvss.processor.CvssSelector;
import org.metaeffekt.core.security.cvss.processor.CvssVectorSet;
import org.metaeffekt.core.security.cvss.v2.Cvss2;
import org.metaeffekt.core.security.cvss.v3.Cvss3P1;
import org.metaeffekt.core.security.cvss.v4P0.Cvss4P0;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yaml.snakeyaml.Yaml;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

/* loaded from: input_file:com/metaeffekt/mirror/contents/vulnerability/Vulnerability.class */
public class Vulnerability extends MatchableDetailsAmbDataClass<VulnerabilityMetaData, Vulnerability> {
    protected VulnerabilityTypeIdentifier<?> sourceIdentifier;
    private String description;
    private String notes;
    private String url;
    protected Date createDate;
    protected Date updateDate;
    private CvssSelectionResult cvssSelectionResult;
    private EpssData epssData;
    private KevData kevData;
    private VulnerabilityStatus vulnerabilityStatus;
    private static final Logger LOG = LoggerFactory.getLogger(Vulnerability.class);
    private static final Set<String> CONVERSION_KEYS_AMB = new HashSet<String>(MatchableDetailsAmbDataClass.CONVERSION_KEYS_AMB) { // from class: com.metaeffekt.mirror.contents.vulnerability.Vulnerability.1
        {
            addAll(Arrays.asList(VulnerabilityMetaData.Attribute.NAME.getKey(), VulnerabilityMetaData.Attribute.SOURCE.getKey(), VulnerabilityMetaData.Attribute.SOURCE_IMPLEMENTATION.getKey(), InventoryAttribute.DESCRIPTION.getKey(), VulnerabilityMetaData.Attribute.URL.getKey(), InventoryAttribute.VULNERABILITY_UPDATED_DATE_TIMESTAMP.getKey(), InventoryAttribute.VULNERABILITY_CREATED_DATE_TIMESTAMP.getKey(), VulnerabilityMetaData.Attribute.REFERENCES.getKey(), VulnerabilityMetaData.Attribute.WEAKNESS.getKey(), InventoryAttribute.TAGS.getKey(), InventoryAttribute.VULNERABILITY_STATUS.getKey()));
        }
    };
    private static final Set<String> CONVERSION_KEYS_MAP = new HashSet<String>(MatchableDetailsAmbDataClass.CONVERSION_KEYS_MAP) { // from class: com.metaeffekt.mirror.contents.vulnerability.Vulnerability.2
        {
            addAll(Arrays.asList("name", "description", KeywordSet.KEY_NOTES, "url", "cvssVectors", "createDate", "updateDate", CoverityReport.CWE, "vulnerable_software", "references", "tags", "vulnerabilityStatus", "cvss", "kevData", "epssData"));
        }
    };
    public static final Comparator<Vulnerability> UPDATE_CREATE_TIME_COMPARATOR = Comparator.comparing((v0) -> {
        return v0.getUpdateDate();
    }).thenComparing((v0) -> {
        return v0.getCreateDate();
    });
    public static final Comparator<Vulnerability> COMPARE_BY_NAME = Comparator.comparing((v0) -> {
        return v0.getId();
    });
    private final CvssVectorSet cvssVectors = new CvssVectorSet();
    private final Set<Reference> references = new LinkedHashSet();
    private final Set<String> cwes = new LinkedHashSet();
    private final Set<VulnerableSoftwareTreeNode> vulnerableSoftwareConfigurations = new HashSet();
    private final Set<AdvisoryEntry> securityAdvisories = new LinkedHashSet();
    private final Set<String> tags = new LinkedHashSet();

    public Vulnerability() {
    }

    public Vulnerability(String str) {
        super.setId(str);
    }

    public void setSourceIdentifier(VulnerabilityTypeIdentifier<?> vulnerabilityTypeIdentifier) {
        if (vulnerabilityTypeIdentifier == null) {
            throw new IllegalArgumentException("Advisory source must not be null");
        }
        if (LOG.isDebugEnabled() && vulnerabilityTypeIdentifier != this.sourceIdentifier && this.sourceIdentifier != null) {
            LOG.warn("Explicitly assigned source differs from originally assigned [{}] --> [{}]", this.sourceIdentifier.toExtendedString(), vulnerabilityTypeIdentifier.toExtendedString());
        }
        this.sourceIdentifier = vulnerabilityTypeIdentifier;
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass
    public VulnerabilityTypeIdentifier<?> getSourceIdentifier() {
        return this.sourceIdentifier;
    }

    public String getUrl() {
        if (this.url != null) {
            return this.url;
        }
        if (this.id.startsWith("CVE-")) {
            return "https://nvd.nist.gov/vuln/detail/" + this.id;
        }
        return null;
    }

    public boolean isCreatedAfter(Date date) {
        return this.createDate != null && this.createDate.after(date);
    }

    public boolean isCreatedBefore(Date date) {
        return this.createDate != null && this.createDate.before(date);
    }

    public boolean isUpdatedAfter(Date date) {
        return this.updateDate != null && this.updateDate.after(date);
    }

    public boolean isUpdatedBefore(Date date) {
        return this.updateDate != null && this.updateDate.before(date);
    }

    public boolean hasBeenUpdatedSince(long j) {
        return (this.updateDate != null && this.updateDate.getTime() > j) || (this.createDate != null && this.createDate.getTime() > j);
    }

    public void addReference(Reference reference) {
        this.references.add(reference);
    }

    public void addReferences(Collection<Reference> collection) {
        this.references.addAll(collection);
    }

    public void addCwe(String str) {
        if (str != null) {
            this.cwes.add(str);
        }
    }

    public void addCwe(String... strArr) {
        addCwes(Arrays.asList(strArr));
    }

    private void addCwes(Collection<String> collection) {
        collection.forEach(this::addCwe);
    }

    public void addVulnerableSoftware(VulnerableSoftwareVersionRangeCpe vulnerableSoftwareVersionRangeCpe) {
        VulnerableSoftwareTreeNode vulnerableSoftwareTreeNode = new VulnerableSoftwareTreeNode("OR");
        vulnerableSoftwareTreeNode.addNode(vulnerableSoftwareVersionRangeCpe);
        this.vulnerableSoftwareConfigurations.add(vulnerableSoftwareTreeNode);
    }

    public void addVulnerableSoftwares(Collection<VulnerableSoftwareVersionRangeCpe> collection) {
        collection.forEach(this::addVulnerableSoftware);
    }

    public void addVulnerableSoftwareTreeNode(VulnerableSoftwareTreeNode vulnerableSoftwareTreeNode) {
        this.vulnerableSoftwareConfigurations.add(vulnerableSoftwareTreeNode);
    }

    public void addVulnerableSoftwaresTreeNodes(Collection<VulnerableSoftwareTreeNode> collection) {
        collection.forEach(this::addVulnerableSoftwareTreeNode);
    }

    public boolean cpeFlatMatchesVulnerableSoftware(Cpe cpe) {
        return this.vulnerableSoftwareConfigurations.stream().anyMatch(vulnerableSoftwareTreeNode -> {
            return vulnerableSoftwareTreeNode.isAffectedFlat(cpe);
        });
    }

    public VulnerableSoftwareVersionRangeCpe getCpeFlatMatchedVulnerableSoftware(Cpe cpe) {
        return (VulnerableSoftwareVersionRangeCpe) this.vulnerableSoftwareConfigurations.stream().map(vulnerableSoftwareTreeNode -> {
            return vulnerableSoftwareTreeNode.getFlatAffectedNode(cpe);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst().orElse(null);
    }

    public Optional<VulnerabilityStatus> optVulnerabilityStatus() {
        return Optional.ofNullable(this.vulnerabilityStatus);
    }

    public VulnerabilityStatus getOrCreateNewVulnerabilityStatus() {
        if (this.vulnerabilityStatus == null) {
            this.vulnerabilityStatus = new VulnerabilityStatus();
        }
        return this.vulnerabilityStatus;
    }

    public void addTag(String str) {
        this.tags.add(str);
    }

    public void addTags(Collection<String> collection) {
        this.tags.addAll(collection);
    }

    public boolean hasTag(String str) {
        return this.tags.contains(str);
    }

    public Map<AdvisoryTypeIdentifier<?>, Set<String>> deepCopyReferencedSecurityAdvisories() {
        HashMap hashMap = new HashMap();
        synchronized (this.referencedSecurityAdvisories) {
            for (Map.Entry<AdvisoryTypeIdentifier<?>, Set<String>> entry : this.referencedSecurityAdvisories.entrySet()) {
                hashMap.put(entry.getKey(), new HashSet(entry.getValue()));
            }
        }
        return hashMap;
    }

    public void addSecurityAdvisory(AdvisoryEntry advisoryEntry) {
        this.securityAdvisories.add(advisoryEntry);
        addReferencedSecurityAdvisory(advisoryEntry);
    }

    public void removeSecurityAdvisory(AdvisoryEntry advisoryEntry) {
        this.securityAdvisories.remove(advisoryEntry);
        removeReferencedSecurityAdvisory(advisoryEntry);
    }

    public Set<AdvisoryEntry> getRelatedAdvisors(AdvisoryTypeIdentifier<?> advisoryTypeIdentifier) {
        return getRelatedAdvisors(advisoryTypeIdentifier, this.securityAdvisories);
    }

    public static Set<AdvisoryEntry> getRelatedAdvisors(AdvisoryTypeIdentifier<?> advisoryTypeIdentifier, Collection<AdvisoryEntry> collection) {
        return advisoryTypeIdentifier == null ? Collections.emptySet() : (Set) collection.stream().filter(advisoryEntry -> {
            return advisoryEntry.getSourceIdentifier() == advisoryTypeIdentifier;
        }).collect(Collectors.toSet());
    }

    public <A extends AdvisoryEntry> List<A> getRelatedAdvisors(AdvisoryTypeIdentifier<?> advisoryTypeIdentifier, Class<A> cls) {
        if (advisoryTypeIdentifier == null || cls == null) {
            return Collections.emptyList();
        }
        Stream<AdvisoryEntry> stream = getRelatedAdvisors(advisoryTypeIdentifier).stream();
        cls.getClass();
        Stream<AdvisoryEntry> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        cls.getClass();
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).collect(Collectors.toList());
    }

    public Set<AdvisoryTypeIdentifier<?>> getRelatedAdvisorsTypes() {
        return (Set) this.securityAdvisories.stream().map((v0) -> {
            return v0.getSourceIdentifier();
        }).collect(Collectors.toSet());
    }

    public void setKevData(KevData kevData) {
        this.kevData = kevData;
    }

    public KevData getKevData() {
        return this.kevData;
    }

    public CvssVectorSet getCvssVectors() {
        return this.cvssVectors;
    }

    public CvssVectorSet calculateEffectiveCvssVectors() {
        return calculateEffectiveCvssVectors(this.cvssVectors);
    }

    public CvssVectorSet calculateEffectiveCvssVectors(CvssVectorSet cvssVectorSet) {
        CvssVectorSet cvssVectorSet2 = new CvssVectorSet();
        cvssVectorSet2.addAllCvssVectors(cvssVectorSet);
        Iterator<AdvisoryEntry> it = this.securityAdvisories.iterator();
        while (it.hasNext()) {
            for (CvssVector cvssVector : it.next().getCvssVectors().getCvssVectors()) {
                if (isCvssVectorApplicable(cvssVector.getApplicabilityCondition())) {
                    cvssVectorSet2.addCvssVector(cvssVector);
                }
            }
        }
        return cvssVectorSet2;
    }

    protected boolean isCvssVectorApplicable(JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty()) {
            return true;
        }
        Object opt = jSONObject.opt(CvssConditionAttributes.MATCHES_ON_MS_PRODUCT_ID);
        if (!(opt instanceof JSONArray)) {
            return true;
        }
        List list = (List) ((JSONArray) opt).toList().stream().map(String::valueOf).collect(Collectors.toList());
        boolean z = false;
        Iterator<Artifact> it = getAffectedArtifactsByDefaultKey().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str = it.next().get(InventoryAttribute.MS_PRODUCT_ID);
            if (str != null) {
                Stream stream = Arrays.asList(str.split(", ")).stream();
                list.getClass();
                if (stream.anyMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                    z = true;
                    break;
                }
            }
        }
        return z;
    }

    public CvssSelectionResult selectEffectiveCvssVectors(CvssVectorSet cvssVectorSet, CvssSelector cvssSelector, CvssSelector cvssSelector2, List<CvssSelectionResult.CvssScoreVersionSelectionPolicy> list) {
        return new CvssSelectionResult(cvssVectorSet, cvssSelector, cvssSelector2, list);
    }

    public CvssSelectionResult selectEffectiveCvssVectors(CvssVectorSet cvssVectorSet, CentralSecurityPolicyConfiguration centralSecurityPolicyConfiguration) {
        return selectEffectiveCvssVectors(cvssVectorSet, centralSecurityPolicyConfiguration.getInitialCvssSelector(), centralSecurityPolicyConfiguration.getContextCvssSelector(), centralSecurityPolicyConfiguration.getCvssVersionSelectionPolicy());
    }

    public void selectEffectiveCvssVectors(CvssSelector cvssSelector, CvssSelector cvssSelector2, List<CvssSelectionResult.CvssScoreVersionSelectionPolicy> list) {
        this.cvssSelectionResult = selectEffectiveCvssVectors(calculateEffectiveCvssVectors(), cvssSelector, cvssSelector2, list);
    }

    public void selectEffectiveCvssVectors(CentralSecurityPolicyConfiguration centralSecurityPolicyConfiguration) {
        selectEffectiveCvssVectors(centralSecurityPolicyConfiguration.getInitialCvssSelector(), centralSecurityPolicyConfiguration.getContextCvssSelector(), centralSecurityPolicyConfiguration.getCvssVersionSelectionPolicy());
    }

    public boolean isCvssSelectionResultAvailable() {
        return this.cvssSelectionResult != null;
    }

    public CvssSelectionResult getCvssSelectionResult() {
        if (isCvssSelectionResultAvailable()) {
            return this.cvssSelectionResult;
        }
        throw new IllegalStateException("No cvss selection result available. Please call selectEffectiveCvssVectors() first, or use the getCvssSelectionResult(CentralSecurityPolicyConfiguration) method to select the effective cvss vectors on the fly.");
    }

    public CvssSelectionResult getCvssSelectionResult(CentralSecurityPolicyConfiguration centralSecurityPolicyConfiguration) {
        if (!isCvssSelectionResultAvailable()) {
            if (centralSecurityPolicyConfiguration == null) {
                throw new IllegalStateException("No cvss selection result available and passed CentralSecurityPolicyConfiguration is null, cannot select cvss vectors on the fly.");
            }
            selectEffectiveCvssVectors(centralSecurityPolicyConfiguration);
        }
        return this.cvssSelectionResult;
    }

    public void clearCvssSelectionResult() {
        this.cvssSelectionResult = null;
    }

    public void mapCvssSelectionResult(Function<CvssSelectionResult, CvssSelectionResult> function) {
        if (this.cvssSelectionResult == null) {
            throw new IllegalStateException("No cvss selection result available. Please call selectEffectiveCvssVectors() first, or use the getCvssSelectionResult(CentralSecurityPolicyConfiguration) method to select the effective cvss vectors on the fly.");
        }
        this.cvssSelectionResult = function.apply(this.cvssSelectionResult);
    }

    public List<KeywordSet> parseKeywords() {
        return KeywordSet.fromVulnerability(this);
    }

    public VulnerabilityPriorityCalculator.PriorityScoreResult calculatePriorityScore(CentralSecurityPolicyConfiguration centralSecurityPolicyConfiguration) {
        return new VulnerabilityPriorityCalculator().contribute(this).calculatePriorityScore(centralSecurityPolicyConfiguration);
    }

    public void clearNonTransferableStatusDetails() {
        setAdditionalAttribute((Vulnerability) VulnerabilityMetaData.Attribute.STATUS, (String) null);
        setAdditionalAttribute((Vulnerability) VulnerabilityMetaData.Attribute.RATIONALE, (String) null);
        setAdditionalAttribute((Vulnerability) VulnerabilityMetaData.Attribute.RISK, (String) null);
        setAdditionalAttribute((Vulnerability) InventoryAttribute.STATUS_ACCEPTED, (String) null);
        setAdditionalAttribute((Vulnerability) InventoryAttribute.STATUS_REPORTED, (String) null);
        setAdditionalAttribute((Vulnerability) InventoryAttribute.STATUS_HISTORY, (String) null);
        setAdditionalAttribute((Vulnerability) InventoryAttribute.STATUS_TITLE, (String) null);
        setAdditionalAttribute((Vulnerability) InventoryAttribute.REVIEWED_ADVISORIES, (String) null);
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    /* renamed from: constructBaseModel, reason: merged with bridge method [inline-methods] */
    public VulnerabilityMetaData mo171constructBaseModel() {
        return new VulnerabilityMetaData();
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    public Vulnerability constructDataClass() {
        return new Vulnerability();
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    protected Set<String> conversionKeysAmb() {
        return CONVERSION_KEYS_AMB;
    }

    @Override // com.metaeffekt.mirror.contents.base.AmbDataClass
    protected Set<String> conversionKeysMap() {
        return CONVERSION_KEYS_MAP;
    }

    public static Vulnerability fromVulnerabilityMetaData(VulnerabilityMetaData vulnerabilityMetaData) {
        if (vulnerabilityMetaData == null) {
            return null;
        }
        return (Vulnerability) new Vulnerability().performAction(vulnerability -> {
            vulnerability.appendFromBaseModel(vulnerabilityMetaData);
        });
    }

    public static Vulnerability fromInputMap(Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        return (Vulnerability) new Vulnerability().performAction(vulnerability -> {
            vulnerability.appendFromMap(map);
        });
    }

    public static Vulnerability fromJson(JSONObject jSONObject) {
        if (jSONObject == null) {
            return null;
        }
        return fromInputMap(jSONObject.toMap());
    }

    public static Vulnerability fromDocument(Document document) {
        if (document == null) {
            return null;
        }
        return (Vulnerability) new Vulnerability().performAction(vulnerability -> {
            vulnerability.appendFromDocument(document);
        });
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromBaseModel(VulnerabilityMetaData vulnerabilityMetaData) {
        super.appendFromBaseModel((Vulnerability) vulnerabilityMetaData);
        setId(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME));
        String str = vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.SOURCE);
        String str2 = vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.SOURCE_IMPLEMENTATION);
        if (StringUtils.hasText(str) || StringUtils.hasText(str2)) {
            setSourceIdentifier(VulnerabilityTypeStore.get().fromNameAndImplementation(str, str2));
        } else {
            VulnerabilityTypeStore.get().inferSourceIdentifierFromIdIfAbsent(this);
        }
        setDescription(vulnerabilityMetaData.get(InventoryAttribute.DESCRIPTION.getKey()));
        setUrl(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.URL));
        CvssSource.fromMultipleColumnHeaderStrings(vulnerabilityMetaData.getAttributes()).forEach((str3, cvssSource) -> {
            if (StringUtils.hasText(vulnerabilityMetaData.get(str3))) {
                this.cvssVectors.addCvssVector(cvssSource, vulnerabilityMetaData.get(str3));
            }
        });
        if (StringUtils.hasText(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_UPDATED_DATE_TIMESTAMP.getKey()))) {
            setUpdateDate(new Date(Long.parseLong(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_UPDATED_DATE_TIMESTAMP.getKey()))));
        }
        if (StringUtils.hasText(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_CREATED_DATE_TIMESTAMP.getKey()))) {
            setCreateDate(new Date(Long.parseLong(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_CREATED_DATE_TIMESTAMP.getKey()))));
        }
        if (StringUtils.hasText(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.REFERENCES))) {
            String str4 = vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.REFERENCES);
            if (str4.startsWith("[")) {
                addReferences(Reference.fromJsonArray(new JSONArray(str4)));
            } else {
                for (String str5 : str4.split(", ?")) {
                    Matcher matcher = Reference.REFERENCE_STRING_PATTERN.matcher(str5);
                    if (matcher.matches()) {
                        addReference(Reference.fromTitleAndUrl(matcher.group(1) + "(" + matcher.group(3) + ")", matcher.group(2)));
                    } else {
                        addReference(Reference.fromUrl(str5));
                    }
                }
            }
        }
        if (vulnerabilityMetaData.get(InventoryAttribute.KEV_DATA) != null) {
            setKevData(KevData.fromJson(new JSONObject(vulnerabilityMetaData.get(InventoryAttribute.KEV_DATA))));
        }
        if (StringUtils.hasText(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.WEAKNESS))) {
            addCwes(Arrays.asList(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.WEAKNESS).split(", ?")));
        }
        if (vulnerabilityMetaData.get(InventoryAttribute.EPSS_DATA) != null) {
            setEpssData(EpssData.fromJson(new JSONObject(vulnerabilityMetaData.get(InventoryAttribute.EPSS_DATA))));
        }
        String str6 = vulnerabilityMetaData.get(InventoryAttribute.TAGS.getKey());
        if (StringUtils.hasText(str6)) {
            addTags(Arrays.asList(str6.split(", ")));
        }
        if (StringUtils.hasText(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_STATUS))) {
            setVulnerabilityStatus(VulnerabilityStatusConverter.fromJson(new JSONObject(vulnerabilityMetaData.get(InventoryAttribute.VULNERABILITY_STATUS))));
        }
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToBaseModel(VulnerabilityMetaData vulnerabilityMetaData) {
        super.appendToBaseModel((Vulnerability) vulnerabilityMetaData);
        if (this.url != null) {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.URL, this.url);
        } else if (StringUtils.hasText(this.id) && this.id.startsWith("CVE-")) {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.URL, "https://nvd.nist.gov/vuln/detail/" + this.id);
        } else {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.URL, (String) null);
        }
        if (this.cwes.isEmpty()) {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.WEAKNESS, (String) null);
        } else {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.WEAKNESS, String.join(", ", this.cwes));
        }
        if (this.epssData != null) {
            vulnerabilityMetaData.set(InventoryAttribute.EPSS_DATA, this.epssData.toJson().toString());
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.EPSS_DATA, (String) null);
        }
        for (CvssVector cvssVector : this.cvssVectors.getCvssVectors()) {
            if (cvssVector.getCvssSource() == null) {
                LOG.warn("Using NVD-CNA-NVD for cvss vector [{}] for vulnerability [{}] as it has no source.", cvssVector, this.id);
                vulnerabilityMetaData.set(new CvssSource(KnownCvssEntities.NVD, CvssSource.CvssIssuingEntityRole.CNA, KnownCvssEntities.NVD, cvssVector.getClass()).toColumnHeaderString(), cvssVector.toString());
            } else {
                vulnerabilityMetaData.set(cvssVector.getCvssSource().toColumnHeaderString(), cvssVector.toString());
            }
        }
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_CONTEXT_OVERALL, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_INITIAL_OVERALL, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_INITIAL_OVERALL_SEVERITY, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_CONTEXT_OVERALL_SEVERITY, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_BASE, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_EXPLOITABILITY, (String) null);
        vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_IMPACT, (String) null);
        if (isCvssSelectionResultAvailable()) {
            CvssVector selectedContextCvss = this.cvssSelectionResult.getSelectedContextCvss();
            CvssVector selectedInitialCvss = this.cvssSelectionResult.getSelectedInitialCvss();
            CvssVector selectedContextIfAvailableOtherwiseInitial = this.cvssSelectionResult.getSelectedContextIfAvailableOtherwiseInitial();
            if (selectedInitialCvss != null) {
                vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_INITIAL_OVERALL, String.valueOf(selectedInitialCvss.getBakedScores().getOverallScore()));
                vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_INITIAL_SELECTION, String.valueOf(selectedInitialCvss.toJson()));
            }
            if (selectedContextCvss != null) {
                vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_CONTEXT_OVERALL, String.valueOf(selectedContextCvss.getBakedScores().getOverallScore()));
                vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_CONTEXT_SELECTION, String.valueOf(selectedContextCvss.toJson()));
            }
            if (selectedContextIfAvailableOtherwiseInitial != null) {
                if (!Double.isNaN(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getBaseScore())) {
                    vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_BASE, String.valueOf(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getBaseScore()));
                }
                if (!Double.isNaN(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getExploitabilityScore())) {
                    vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_EXPLOITABILITY, String.valueOf(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getExploitabilityScore()));
                }
                if (!Double.isNaN(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getImpactScore())) {
                    vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.SCORE_IMPACT, String.valueOf(selectedContextIfAvailableOtherwiseInitial.getBakedScores().getImpactScore()));
                }
            }
        }
        if (this.kevData != null) {
            vulnerabilityMetaData.set(InventoryAttribute.KEV_DATA, this.kevData.toJson().toString());
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.KEV_DATA, (String) null);
        }
        if (this.createDate != null) {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_CREATED_DATE_TIMESTAMP.getKey(), Long.toString(this.createDate.getTime()));
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_CREATED_DATE_FORMATTED.getKey(), TimeUtils.formatNormalizedDate(this.createDate));
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_CREATED_DATE_TIMESTAMP.getKey(), (String) null);
        }
        if (this.updateDate != null) {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_UPDATED_DATE_TIMESTAMP.getKey(), Long.toString(this.updateDate.getTime()));
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_UPDATED_DATE_FORMATTED.getKey(), TimeUtils.formatNormalizedDate(this.updateDate));
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_UPDATED_DATE_TIMESTAMP.getKey(), (String) null);
        }
        if (this.references.isEmpty()) {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.REFERENCES, (String) null);
        } else {
            vulnerabilityMetaData.set(VulnerabilityMetaData.Attribute.REFERENCES, ((JSONArray) Reference.mergeReferences(this.references, Reference.fromJsonArray(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.REFERENCES))).stream().map((v0) -> {
                return v0.toJson();
            }).collect(CustomCollectors.toJsonArray())).toString());
        }
        if (this.description != null) {
            vulnerabilityMetaData.set(InventoryAttribute.DESCRIPTION.getKey(), this.description);
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.DESCRIPTION.getKey(), (String) null);
        }
        if (this.tags.isEmpty()) {
            vulnerabilityMetaData.set(InventoryAttribute.TAGS.getKey(), (String) null);
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.TAGS.getKey(), String.join(", ", this.tags));
        }
        if (this.vulnerabilityStatus != null) {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_STATUS, this.vulnerabilityStatus.toJson().toString());
        } else {
            vulnerabilityMetaData.set(InventoryAttribute.VULNERABILITY_STATUS, (String) null);
        }
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromDataClass(Vulnerability vulnerability) {
        super.appendFromDataClass(vulnerability);
        if (StringUtils.hasText(vulnerability.getDescription())) {
            setDescription(vulnerability.getDescription());
        }
        if (StringUtils.hasText(vulnerability.getNotes())) {
            setNotes(vulnerability.getNotes());
        }
        if (StringUtils.hasText(vulnerability.getUrl())) {
            setUrl(vulnerability.getUrl());
        }
        if (vulnerability.getCreateDate() != null) {
            setCreateDate(vulnerability.getCreateDate());
        }
        if (vulnerability.getUpdateDate() != null) {
            setUpdateDate(vulnerability.getUpdateDate());
        }
        this.cvssVectors.addAllCvssVectors(vulnerability.getCvssVectors());
        addReferences(vulnerability.getReferences());
        addCwes(vulnerability.getCwes());
        setKevData(vulnerability.getKevData());
        setEpssData(vulnerability.getEpssData());
        vulnerability.getSecurityAdvisories().forEach(this::addSecurityAdvisory);
        if (vulnerability.getVulnerabilityStatus() != null) {
            setVulnerabilityStatus(vulnerability.getVulnerabilityStatus());
        }
        addTags(vulnerability.getTags());
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromMap(Map<String, Object> map) {
        JSONArray jSONArray;
        super.appendFromMap(map);
        setId(getStringOrNullFromMap(map, "name"));
        String str = (String) map.getOrDefault("source", null);
        String str2 = (String) map.getOrDefault("sourceImplementation", null);
        if (str != null || str2 != null) {
            setSourceIdentifier(VulnerabilityTypeStore.get().fromNameAndImplementation(str, str2));
        }
        setDescription(getStringOrNullFromMap(map, "description"));
        setNotes(getStringOrNullFromMap(map, KeywordSet.KEY_NOTES));
        setUrl(getStringOrNullFromMap(map, "url"));
        if (map.get("cvss") != null) {
            if (map.get("cvss") instanceof String) {
                jSONArray = new JSONArray((String) map.get("cvss"));
            } else if (map.get("cvss") instanceof JSONArray) {
                jSONArray = (JSONArray) map.get("cvss");
            } else {
                if (!(map.get("cvss") instanceof Collection)) {
                    throw new RuntimeException("Unable to parse cvss vectors from input map: " + map.get("cvss"));
                }
                jSONArray = new JSONArray((Collection) map.get("cvss"));
            }
            this.cvssVectors.addAllCvssVectors(CvssVectorSet.fromJson(jSONArray));
        }
        setCreateDate((Date) ObjectUtils.firstNonNull(new Date[]{getDateOrNullFromMap(map, "createDate"), getDateOrNullFromMap(map, "publishedDate")}));
        setUpdateDate((Date) ObjectUtils.firstNonNull(new Date[]{getDateOrNullFromMap(map, "updateDate"), getDateOrNullFromMap(map, "lastModifiedDate")}));
        Iterator it = ((Collection) map.getOrDefault(CoverityReport.CWE, Collections.EMPTY_SET)).iterator();
        while (it.hasNext()) {
            addCwe((String) it.next());
        }
        if (map.get("vulnerable_software") != null) {
            try {
                VulnerableSoftwareTreeNode.fromJson(new JSONArray(((ArrayList) map.get("vulnerable_software")).toArray(new Object[0]))).forEach(this::addVulnerableSoftwareTreeNode);
            } catch (CpeValidationException e) {
                throw new RuntimeException("Unable to parse CPE on vulnerable software whilst parsing vulnerability from input map", e);
            }
        }
        Object obj = map.get("references");
        if (obj instanceof ArrayList) {
            Iterator it2 = ((ArrayList) obj).iterator();
            while (it2.hasNext()) {
                Object next = it2.next();
                if (next instanceof Map) {
                    addReference(Reference.fromMap((Map) next));
                } else {
                    LOG.warn("Reference in custom vulnerability [{}] is not of type Map: {}", getId(), next);
                }
            }
        }
        if (map.get("tags") != null) {
            addTags((Collection) map.get("tags"));
        }
        if (map.get("vulnerabilityStatus") != null) {
            setVulnerabilityStatus(VulnerabilityStatusConverter.fromJson(new JSONObject((Map) map.get("vulnerabilityStatus"))));
        }
        if (map.get("kevData") != null) {
            setKevData(KevData.fromJson(new JSONObject((Map) map.get("kevData"))));
        }
        if (map.get("epssData") != null) {
            setEpssData(EpssData.fromJson(new JSONObject((Map) map.get("epssData"))));
        }
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToJson(JSONObject jSONObject) {
        super.appendToJson(jSONObject);
        jSONObject.put("name", getId());
        jSONObject.put("description", getDescription());
        jSONObject.put(KeywordSet.KEY_NOTES, getNotes());
        jSONObject.put("url", getUrl());
        jSONObject.put("cvss", this.cvssVectors.toJson());
        jSONObject.put("createDate", getCreateDate() != null ? Long.valueOf(getCreateDate().getTime()) : null);
        jSONObject.put("updateDate", getUpdateDate() != null ? Long.valueOf(getUpdateDate().getTime()) : null);
        jSONObject.put(CoverityReport.CWE, (Collection) getCwes());
        jSONObject.put("vulnerable_software", getVulnerableSoftwareConfigurations().stream().map((v0) -> {
            return v0.toJson();
        }).collect(CustomCollectors.toJsonArray()));
        jSONObject.put("references", getReferences().stream().map((v0) -> {
            return v0.toJson();
        }).collect(CustomCollectors.toJsonArray()));
        jSONObject.put("tags", (Collection) getTags());
        jSONObject.put("vulnerabilityStatus", getVulnerabilityStatus() != null ? getVulnerabilityStatus().toJson() : null);
        if (this.kevData != null) {
            jSONObject.put("kevData", this.kevData.toJson());
        }
        if (this.epssData != null) {
            jSONObject.put("epssData", this.epssData.toJson());
        }
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendFromDocument(Document document) {
        super.appendFromDocument(document);
        setId(document.get("name"));
        setDescription(document.get("description"));
        setNotes(document.get(KeywordSet.KEY_NOTES));
        setUrl(document.get("url"));
        if (document.get("cvssV2") != null) {
            this.cvssVectors.addCvssVector(new CvssSource(KnownCvssEntities.NVD, Cvss2.class), document.get("cvssV2"));
        }
        if (document.get("cvssV3") != null) {
            this.cvssVectors.addCvssVector(new CvssSource(KnownCvssEntities.NVD, Cvss3P1.class), document.get("cvssV3"));
        }
        if (document.get("cvssV4") != null) {
            this.cvssVectors.addCvssVector(new CvssSource(KnownCvssEntities.NVD, Cvss4P0.class), document.get("cvssV4"));
        }
        if (document.get("cvssVectors") != null) {
            this.cvssVectors.addAllCvssVectors(CvssVectorSet.fromJson(new JSONArray(document.get("cvssVectors"))));
        }
        setCreateDate(getDateOrNullFromDocument(document, "createDate"));
        setUpdateDate(getDateOrNullFromDocument(document, "updateDate"));
        if (document.get(CoverityReport.CWE) != null) {
            Arrays.stream(document.get(CoverityReport.CWE).split(", ?")).forEach(this::addCwe);
        }
        if (document.get("vulnerable_software") != null) {
            try {
                VulnerableSoftwareTreeNode.fromJson(new JSONArray(document.get("vulnerable_software"))).forEach(this::addVulnerableSoftwareTreeNode);
            } catch (CpeValidationException e) {
                throw new RuntimeException("Unable to parse CPE on vulnerable software whilst parsing vulnerability from document", e);
            }
        }
        Reference.fromJsonArray(new JSONArray(document.get("references"))).forEach(this::addReference);
    }

    @Override // com.metaeffekt.mirror.contents.base.MatchableDetailsAmbDataClass, com.metaeffekt.mirror.contents.base.AmbDataClass
    public void appendToDocument(Document document) {
        super.appendToDocument(document);
        addToDocumentAsTextFieldIfNotEmpty(document, "name", getId());
        addToDocumentAsTextFieldIfNotEmpty(document, "description", getDescription());
        addToDocumentAsTextFieldIfNotEmpty(document, KeywordSet.KEY_NOTES, getNotes());
        addToDocumentAsTextFieldIfNotEmpty(document, "url", getUrl());
        if (!this.cvssVectors.isEmpty()) {
            document.add(new TextField("cvssVectors", this.cvssVectors.toJson().toString(), Field.Store.YES));
        }
        addToDocumentAsTextFieldIfNotEmpty(document, "createDate", getCreateDate() != null ? "" + getCreateDate().getTime() : null);
        addToDocumentAsTextFieldIfNotEmpty(document, "updateDate", getUpdateDate() != null ? "" + getUpdateDate().getTime() : null);
        document.add(new TextField(CoverityReport.CWE, String.join(",", getCwes()), Field.Store.YES));
        document.add(new TextField("references", ((JSONArray) getReferences().stream().map((v0) -> {
            return v0.toJson();
        }).collect(CustomCollectors.toJsonArray())).toString(), Field.Store.YES));
        document.add(new TextField("vulnerable_software", ((JSONArray) getVulnerableSoftwareConfigurations().stream().map((v0) -> {
            return v0.toJson();
        }).collect(CustomCollectors.toJsonArray())).toString(), Field.Store.YES));
        document.add(new TextField("vulnerable_software_vp", (String) getVulnerableSoftwareConfigurations().stream().map((v0) -> {
            return v0.getAllCpes();
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(vulnerableSoftwareVersionRangeCpe -> {
            return vulnerableSoftwareVersionRangeCpe.getCpe().getVendor() + ":" + vulnerableSoftwareVersionRangeCpe.getCpe().getProduct();
        }).collect(Collectors.joining(NormalizationMetaData.STRING_WHITESPACE)), Field.Store.YES));
    }

    private static Date getDateOrNullFromDocument(Document document, String str) {
        if (document.get(str) != null) {
            return new Date(Long.parseLong(document.get(str)));
        }
        return null;
    }

    protected void addToDocumentAsTextFieldIfNotEmpty(Document document, String str, String str2) {
        if (StringUtils.hasText(str2)) {
            document.add(new TextField(str, str2, Field.Store.YES));
        }
    }

    @Deprecated
    public static Vulnerability fromVulnerabilityMetaData(VulnerabilityMetaData vulnerabilityMetaData, VulnerabilityIndexQuery vulnerabilityIndexQuery) {
        Vulnerability fromVulnerabilityMetaData = fromVulnerabilityMetaData(vulnerabilityMetaData);
        vulnerabilityIndexQuery.findVulnerabilityByName(fromVulnerabilityMetaData.getId()).ifPresent(vulnerability -> {
            fromVulnerabilityMetaData.addVulnerableSoftwaresTreeNodes(vulnerability.getVulnerableSoftwareConfigurations());
        });
        return fromVulnerabilityMetaData;
    }

    @Deprecated
    public static Vulnerability fromNvdMirrorCveItem1P0(JSONObject jSONObject) {
        Vulnerability vulnerability = new Vulnerability();
        JSONObject jSONObject2 = jSONObject.has("cve") ? jSONObject.getJSONObject("cve") : jSONObject;
        if (!jSONObject2.getString("data_type").equals("CVE")) {
            LOG.warn("Data type should be [CVE] in CVE item, but was [{}]", jSONObject2.getString("data_type"));
        }
        vulnerability.setId(jSONObject2.getJSONObject("CVE_data_meta").getString("ID"));
        vulnerability.setNotes("Assigner: " + jSONObject2.getJSONObject("CVE_data_meta").getString("ASSIGNER"));
        vulnerability.addDataSource(VulnerabilityTypeStore.CVE);
        vulnerability.addDataSource(OtherTypeStore.NVD);
        JSONArray jSONArray = jSONObject2.getJSONObject("description").getJSONArray("description_data");
        String str = null;
        int i = 0;
        while (true) {
            if (i >= jSONArray.length()) {
                break;
            }
            JSONObject jSONObject3 = jSONArray.getJSONObject(i);
            if (jSONObject3.getString("lang").equals("en")) {
                str = jSONObject3.getString("value");
                break;
            }
            if (str == null) {
                str = jSONObject3.getString("value");
            }
            i++;
        }
        if (StringUtils.hasText(str)) {
            vulnerability.setDescription(str);
        }
        if (StringUtils.hasText(jSONObject.optString("publishedDate"))) {
            vulnerability.setCreateDate(TimeUtils.tryParse(jSONObject.getString("publishedDate")));
        }
        if (StringUtils.hasText(jSONObject.optString("lastModifiedDate"))) {
            vulnerability.setUpdateDate(TimeUtils.tryParse(jSONObject.getString("lastModifiedDate")));
        }
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray2 = jSONObject2.getJSONObject("references").getJSONArray("reference_data");
        for (int i2 = 0; i2 < jSONArray2.length(); i2++) {
            JSONObject jSONObject4 = jSONArray2.getJSONObject(i2);
            Reference fromTitleAndUrl = Reference.fromTitleAndUrl(jSONObject4.getString("name"), jSONObject4.getString("url"));
            jSONObject4.getJSONArray("tags").forEach(obj -> {
                fromTitleAndUrl.addTag(String.valueOf(obj));
            });
            fromTitleAndUrl.addTag(jSONObject4.getString("refsource"));
            arrayList.add(fromTitleAndUrl);
        }
        vulnerability.addReferences(arrayList);
        HashSet hashSet = new HashSet();
        JSONArray jSONArray3 = jSONObject2.getJSONObject("problemtype").getJSONArray("problemtype_data");
        for (int i3 = 0; i3 < jSONArray3.length(); i3++) {
            JSONArray jSONArray4 = jSONArray3.getJSONObject(i3).getJSONArray("description");
            for (int i4 = 0; i4 < jSONArray4.length(); i4++) {
                JSONObject jSONObject5 = jSONArray4.getJSONObject(i4);
                if (!isNoInfoOtherCwe(jSONObject5.getString("value"))) {
                    hashSet.add(jSONObject5.getString("value"));
                }
            }
        }
        vulnerability.addCwes(hashSet);
        JSONObject jSONObject6 = jSONObject.getJSONObject("impact");
        if (jSONObject6.has("baseMetricV2")) {
            vulnerability.cvssVectors.addCvssVector(new Cvss2(jSONObject6.getJSONObject("baseMetricV2").getJSONObject("cvssV2").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, Cvss2.class)));
        }
        if (jSONObject6.has("baseMetricV3")) {
            vulnerability.cvssVectors.addCvssVector(new Cvss3P1(jSONObject6.getJSONObject("baseMetricV3").getJSONObject("cvssV3").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, Cvss3P1.class)));
        }
        if (jSONObject6.has("baseMetricV4")) {
            new Cvss4P0(jSONObject6.getJSONObject("baseMetricV4").getJSONObject("cvssV4").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, Cvss4P0.class));
        }
        HashSet hashSet2 = new HashSet();
        JSONArray jSONArray5 = jSONObject.getJSONObject("configurations").getJSONArray("nodes");
        for (int i5 = 0; i5 < jSONArray5.length(); i5++) {
            JSONObject jSONObject7 = jSONArray5.getJSONObject(i5);
            try {
                hashSet2.add(VulnerableSoftwareTreeNode.fromJson(jSONObject7));
            } catch (CpeValidationException e) {
                throw new RuntimeException("Invalid CPE URI on [" + vulnerability.getId() + "] in software configuration: " + jSONObject7, e);
            }
        }
        vulnerability.addVulnerableSoftwaresTreeNodes(hashSet2);
        return vulnerability;
    }

    public static Vulnerability fromNvdMirrorCveItem2P0(JSONObject jSONObject) {
        Vulnerability vulnerability = new Vulnerability();
        vulnerability.setId(jSONObject.getString("id"));
        vulnerability.addDataSource(VulnerabilityTypeStore.CVE);
        vulnerability.addDataSource(OtherTypeStore.NVD);
        JSONArray jSONArray = jSONObject.getJSONArray("descriptions");
        String str = null;
        int i = 0;
        while (true) {
            if (i >= jSONArray.length()) {
                break;
            }
            JSONObject jSONObject2 = jSONArray.getJSONObject(i);
            if (jSONObject2.getString("lang").equals("en")) {
                str = jSONObject2.getString("value");
                break;
            }
            if (str == null) {
                str = jSONObject2.getString("value");
            }
            i++;
        }
        if (StringUtils.hasText(str)) {
            vulnerability.setDescription(str);
        }
        if (StringUtils.hasText(jSONObject.optString("published"))) {
            vulnerability.setCreateDate(TimeUtils.tryParse(jSONObject.getString("published")));
        }
        if (StringUtils.hasText(jSONObject.optString("lastModified"))) {
            vulnerability.setUpdateDate(TimeUtils.tryParse(jSONObject.getString("lastModified")));
        }
        ArrayList arrayList = new ArrayList();
        JSONArray jSONArray2 = jSONObject.getJSONArray("references");
        for (int i2 = 0; i2 < jSONArray2.length(); i2++) {
            JSONObject jSONObject3 = jSONArray2.getJSONObject(i2);
            Reference fromTitleAndUrl = Reference.fromTitleAndUrl(jSONObject3.getString("source"), jSONObject3.getString("url"));
            JSONArray optJSONArray = jSONObject3.optJSONArray("tags");
            if (optJSONArray != null) {
                optJSONArray.forEach(obj -> {
                    fromTitleAndUrl.addTag(String.valueOf(obj));
                });
            }
            fromTitleAndUrl.addTag(jSONObject3.getString("source"));
            arrayList.add(fromTitleAndUrl);
        }
        vulnerability.addReferences(arrayList);
        JSONArray optJSONArray2 = jSONObject.optJSONArray("weaknesses");
        if (optJSONArray2 != null) {
            ArrayList arrayList2 = new ArrayList();
            for (int i3 = 0; i3 < optJSONArray2.length(); i3++) {
                JSONArray jSONArray3 = optJSONArray2.getJSONObject(i3).getJSONArray("description");
                int i4 = 0;
                while (true) {
                    if (i4 < jSONArray3.length()) {
                        JSONObject jSONObject4 = jSONArray3.getJSONObject(i4);
                        if (!isNoInfoOtherCwe(jSONObject4.getString("value"))) {
                            arrayList2.add(jSONObject4.getString("value"));
                            break;
                        }
                        i4++;
                    }
                }
            }
            vulnerability.addCwes(arrayList2);
        }
        JSONObject optJSONObject = jSONObject.optJSONObject("metrics");
        if (optJSONObject != null) {
            JSONArray optJSONArray3 = optJSONObject.optJSONArray("cvssMetricV2");
            if (optJSONArray3 != null) {
                for (int i5 = 0; i5 < optJSONArray3.length(); i5++) {
                    JSONObject jSONObject5 = optJSONArray3.getJSONObject(i5);
                    String string = jSONObject5.getString("source");
                    vulnerability.cvssVectors.addCvssVector(new Cvss2(jSONObject5.getJSONObject("cvssData").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, CvssSource.CvssIssuingEntityRole.CNA, string == null ? KnownCvssEntities.NVD : KnownCvssEntities.findByNameOrMailOrCreateNew(string), Cvss2.class)));
                }
            }
            JSONArray jSONArray4 = (JSONArray) ObjectUtils.firstNonNull(new JSONArray[]{optJSONObject.optJSONArray("cvssMetricV30"), optJSONObject.optJSONArray("cvssMetricV31")});
            if (jSONArray4 != null) {
                for (int i6 = 0; i6 < jSONArray4.length(); i6++) {
                    JSONObject jSONObject6 = jSONArray4.getJSONObject(i6);
                    String string2 = jSONObject6.getString("source");
                    vulnerability.cvssVectors.addCvssVector(new Cvss3P1(jSONObject6.getJSONObject("cvssData").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, CvssSource.CvssIssuingEntityRole.CNA, string2 == null ? KnownCvssEntities.NVD : KnownCvssEntities.findByNameOrMailOrCreateNew(string2), Cvss3P1.class)));
                }
            }
            JSONArray jSONArray5 = (JSONArray) ObjectUtils.firstNonNull(new JSONArray[]{optJSONObject.optJSONArray("cvssMetricV40"), optJSONObject.optJSONArray("cvssMetricV4")});
            if (jSONArray5 != null) {
                for (int i7 = 0; i7 < jSONArray5.length(); i7++) {
                    JSONObject jSONObject7 = jSONArray5.getJSONObject(i7);
                    String string3 = jSONObject7.getString("source");
                    vulnerability.cvssVectors.addCvssVector(new Cvss4P0(jSONObject7.getJSONObject("cvssData").getString("vectorString"), new CvssSource(KnownCvssEntities.NVD, CvssSource.CvssIssuingEntityRole.CNA, string3 == null ? KnownCvssEntities.NVD : KnownCvssEntities.findByNameOrMailOrCreateNew(string3), Cvss4P0.class)));
                }
            }
            if (optJSONObject.keySet().stream().anyMatch(str2 -> {
                return (str2.equals("cvssMetricV2") || str2.equals("cvssMetricV30") || str2.equals("cvssMetricV31") || str2.equals("cvssMetricV40") || str2.equals("cvssMetricV4")) ? false : true;
            })) {
                LOG.warn("Unknown CVSS metric version: {}", optJSONObject.keySet());
            }
        }
        if (jSONObject.has("configurations")) {
            HashSet hashSet = new HashSet();
            JSONArray jSONArray6 = jSONObject.getJSONArray("configurations");
            for (int i8 = 0; i8 < jSONArray6.length(); i8++) {
                JSONArray jSONArray7 = jSONArray6.getJSONObject(i8).getJSONArray("nodes");
                for (int i9 = 0; i9 < jSONArray7.length(); i9++) {
                    JSONObject jSONObject8 = jSONArray7.getJSONObject(i9);
                    try {
                        hashSet.add(VulnerableSoftwareTreeNode.fromJson(jSONObject8));
                    } catch (CpeValidationException e) {
                        throw new RuntimeException("Invalid CPE URI on [" + vulnerability.getId() + "] in software configuration: " + jSONObject8, e);
                    }
                }
            }
            vulnerability.addVulnerableSoftwaresTreeNodes(hashSet);
        }
        return vulnerability;
    }

    public static List<Vulnerability> fromCustomVulnerabilityFileOrDir(File file) {
        ArrayList arrayList = new ArrayList();
        if (!file.exists()) {
            LOG.warn("Vulnerability file does not exist: {}", file.getAbsolutePath());
            return arrayList;
        }
        if (file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                arrayList.addAll(fromCustomVulnerabilityFileOrDir(file2));
            }
        } else if (file.getName().endsWith(".yaml")) {
            try {
                Object load = new Yaml().load(Files.newInputStream(file.toPath(), new OpenOption[0]));
                if (load instanceof List) {
                    for (Object obj : (List) load) {
                        if (obj instanceof Map) {
                            arrayList.add(fromInputMap((Map) obj));
                        }
                    }
                } else if (load instanceof Map) {
                    arrayList.add(fromInputMap((Map) load));
                }
            } catch (Exception e) {
                LOG.error("Failed to parse YAML vulnerability file: " + file, e);
            }
        } else if (file.getName().endsWith(".json")) {
            try {
                String join = String.join("", FileUtils.readLines(file, StandardCharsets.UTF_8));
                if (join.startsWith("[")) {
                    JSONArray jSONArray = new JSONArray(join);
                    for (int i = 0; i < jSONArray.length(); i++) {
                        arrayList.add(fromInputMap(jSONArray.getJSONObject(i).toMap()));
                    }
                } else {
                    arrayList.add(fromInputMap(new JSONObject(join).toMap()));
                }
            } catch (Exception e2) {
                LOG.error("Failed to parse JSON vulnerability file: " + file, e2);
            }
        } else {
            LOG.info("Skipping file during vulnerability parsing: {}", file.getAbsolutePath());
        }
        Logger logger = LOG;
        Object[] objArr = new Object[3];
        objArr[0] = Integer.valueOf(arrayList.size());
        objArr[1] = arrayList.size() == 1 ? SvgCreator.ATTRIBUTE_Y : "ies";
        objArr[2] = file.getAbsolutePath();
        logger.info("Parsed [{}] vulnerabilit{} from {}", objArr);
        return arrayList;
    }

    private static boolean isNoInfoOtherCwe(String str) {
        String lowerCase = str.toLowerCase();
        return lowerCase.equals("nvd-cwe-noinfo") || lowerCase.equals("nvd-cwe-other");
    }

    private static String getStringOrNullFromMap(Map<String, Object> map, String str) {
        Object orDefault = map.getOrDefault(str, null);
        if (orDefault == null) {
            return null;
        }
        return String.valueOf(orDefault);
    }

    private static Date getDateOrNullFromMap(Map<String, Object> map, String str) {
        Object orDefault = map.getOrDefault(str, null);
        if (orDefault == null) {
            return null;
        }
        return TimeUtils.tryParse(orDefault.toString());
    }

    public String toString() {
        return getId();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return Objects.equals(this.id, ((Vulnerability) obj).id);
    }

    public int hashCode() {
        return Objects.hash(this.id);
    }

    public static Map<Artifact, List<Vulnerability>> groupVulnerabilitiesByArtifact(Collection<Vulnerability> collection) {
        HashMap hashMap = new HashMap();
        for (Vulnerability vulnerability : collection) {
            Iterator<Artifact> it = vulnerability.getAffectedArtifactsByDefaultKey().iterator();
            while (it.hasNext()) {
                ((List) hashMap.computeIfAbsent(it.next(), artifact -> {
                    return new ArrayList();
                })).add(vulnerability);
            }
        }
        return hashMap;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public String getNotes() {
        return this.notes;
    }

    public void setNotes(String str) {
        this.notes = str;
    }

    public void setUrl(String str) {
        this.url = str;
    }

    public Date getCreateDate() {
        return this.createDate;
    }

    public void setCreateDate(Date date) {
        this.createDate = date;
    }

    public Date getUpdateDate() {
        return this.updateDate;
    }

    public void setUpdateDate(Date date) {
        this.updateDate = date;
    }

    public Set<Reference> getReferences() {
        return this.references;
    }

    public Set<String> getCwes() {
        return this.cwes;
    }

    public EpssData getEpssData() {
        return this.epssData;
    }

    public void setEpssData(EpssData epssData) {
        this.epssData = epssData;
    }

    public Set<VulnerableSoftwareTreeNode> getVulnerableSoftwareConfigurations() {
        return this.vulnerableSoftwareConfigurations;
    }

    public Set<AdvisoryEntry> getSecurityAdvisories() {
        return this.securityAdvisories;
    }

    public Set<String> getTags() {
        return this.tags;
    }

    public VulnerabilityStatus getVulnerabilityStatus() {
        return this.vulnerabilityStatus;
    }

    public void setVulnerabilityStatus(VulnerabilityStatus vulnerabilityStatus) {
        this.vulnerabilityStatus = vulnerabilityStatus;
    }
}
