package com.metaeffekt.artifact.enrichment.vulnerability;

import com.metaeffekt.artifact.analysis.report.CoverityReport;
import com.metaeffekt.artifact.analysis.utils.CustomCollectors;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatus;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatusHistoryEntry;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.VulnerabilityStatusEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.base.DataSourceIndicator;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeStore;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import java.io.File;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.json.JSONArray;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.InventoryInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EnricherMetadata(name = "Vulnerability Status", phase = InventoryEnrichmentPhase.ASSESSMENTS, intermediateFileSuffix = CoverityReport.STATUS, mavenPropertyName = "vulnerabilityStatusEnrichment")
/* loaded from: input_file:com/metaeffekt/artifact/enrichment/vulnerability/VulnerabilityStatusEnrichment.class */
public class VulnerabilityStatusEnrichment extends InventoryEnricher {
    private static final Logger LOG = LoggerFactory.getLogger(VulnerabilityStatusEnrichment.class);
    private VulnerabilityStatusEnrichmentConfiguration configuration = new VulnerabilityStatusEnrichmentConfiguration();

    public void setConfiguration(VulnerabilityStatusEnrichmentConfiguration vulnerabilityStatusEnrichmentConfiguration) {
        this.configuration = vulnerabilityStatusEnrichmentConfiguration;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    public VulnerabilityStatusEnrichmentConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    protected void performEnrichment(Inventory inventory) {
        boolean z = VulnerabilityStatus.LOG_MATCHING_CRITERIA;
        VulnerabilityStatus.LOG_MATCHING_CRITERIA = this.configuration.isDebugMatchingCriteria();
        try {
            LOG.info("");
            if (!this.configuration.getStatusFiles().isEmpty()) {
                LOG.info("Adding data from status files from:");
                Stream map = this.configuration.getStatusFiles().stream().map((v0) -> {
                    return v0.getAbsolutePath();
                }).map(str -> {
                    return " - " + str;
                });
                Logger logger = LOG;
                logger.getClass();
                map.forEach(logger::info);
            }
            if (!this.configuration.getAdditionalStatus().isEmpty()) {
                LOG.info("Adding data from [{}] additional status entries added programmatically", Integer.valueOf(this.configuration.getAdditionalStatus().size()));
            }
            Set<VulnerabilityStatus> readVulnerabilityStatusEntries = this.configuration.readVulnerabilityStatusEntries(super.getSecurityPolicyConfiguration().getJsonSchemaValidationErrorsHandling());
            if (readVulnerabilityStatusEntries.isEmpty()) {
                LOG.info("No status files found in provided directories");
            } else {
                for (Map.Entry entry : ((Map) readVulnerabilityStatusEntries.stream().collect(Collectors.groupingBy(vulnerabilityStatus -> {
                    return vulnerabilityStatus.getOriginYamlFile() == null ? "programmatic" : vulnerabilityStatus.getOriginYamlFile().getAbsolutePath();
                }))).entrySet()) {
                    List list = (List) entry.getValue();
                    String str2 = (String) entry.getKey();
                    Logger logger2 = LOG;
                    Object[] objArr = new Object[4];
                    objArr[0] = Integer.valueOf(list.size());
                    objArr[1] = list.stream().map((v0) -> {
                        return v0.getScope();
                    }).distinct().map((v0) -> {
                        return v0.toString();
                    }).collect(Collectors.joining(", "));
                    objArr[2] = list.size() == 1 ? "" : "s";
                    objArr[3] = str2;
                    logger2.info("Found [{}] ({}) status file{} in file: {}", objArr);
                }
            }
            LOG.info("");
            VulnerabilityContextInventory fromInventory = VulnerabilityContextInventory.fromInventory(inventory);
            int size = fromInventory.getVulnerabilities().size();
            List list2 = (List) readVulnerabilityStatusEntries.stream().filter(vulnerabilityStatus2 -> {
                return vulnerabilityStatus2.isScope(VulnerabilityStatus.Scope.INVENTORY);
            }).collect(Collectors.toList());
            Collection<VulnerabilityStatus> collection = (List) readVulnerabilityStatusEntries.stream().filter(vulnerabilityStatus3 -> {
                return vulnerabilityStatus3.isScope(VulnerabilityStatus.Scope.ARTIFACT);
            }).collect(Collectors.toList());
            if (!list2.isEmpty()) {
                Logger logger3 = LOG;
                Object[] objArr2 = new Object[3];
                objArr2[0] = Integer.valueOf(list2.size());
                objArr2[1] = list2.size() == 1 ? "" : "s";
                objArr2[2] = VulnerabilityStatus.Scope.INVENTORY;
                logger3.info("Found [{}] status file{} with scope [{}]", objArr2);
                Iterator<Vulnerability> it = fromInventory.getVulnerabilities().iterator();
                while (it.hasNext()) {
                    addStatusEntriesForVulnerability(fromInventory, list2, it.next(), false);
                }
                InventoryInfo findOrCreateInventoryInfo = fromInventory.getInventory().findOrCreateInventoryInfo(InventoryEnricher.INVENTORY_INFO_VULNERABILITY_STATUS_KEY);
                JSONArray jSONArray = (JSONArray) list2.stream().map((v0) -> {
                    return v0.toJson();
                }).collect(CustomCollectors.toJsonArray());
                if (findOrCreateInventoryInfo.has(InventoryEnricher.INVENTORY_INFO_VULNERABILITY_STATUS_INVENTORY_STATUSES_KEY)) {
                    JSONArray jSONArray2 = new JSONArray(findOrCreateInventoryInfo.get(InventoryEnricher.INVENTORY_INFO_VULNERABILITY_STATUS_INVENTORY_STATUSES_KEY));
                    for (int i = 0; i < jSONArray2.length(); i++) {
                        jSONArray.put(jSONArray2.get(i));
                    }
                }
                findOrCreateInventoryInfo.set(InventoryEnricher.INVENTORY_INFO_VULNERABILITY_STATUS_INVENTORY_STATUSES_KEY, jSONArray.toString());
            }
            HashMap hashMap = new HashMap();
            for (VulnerabilityStatus vulnerabilityStatus4 : readVulnerabilityStatusEntries) {
                for (String str3 : vulnerabilityStatus4.getAffectedVulnerabilitiesWithoutWildcards()) {
                    if (!fromInventory.findVulnerabilityByName(str3).isPresent()) {
                        Vulnerability findOrCreateVulnerabilityByName = fromInventory.findOrCreateVulnerabilityByName(str3);
                        VulnerabilityTypeStore.get().inferSourceIdentifierFromIdIfAbsent(findOrCreateVulnerabilityByName);
                        hashMap.put(findOrCreateVulnerabilityByName, vulnerabilityStatus4.getOriginYamlFile());
                    }
                }
            }
            for (Map.Entry entry2 : hashMap.entrySet()) {
                ((Vulnerability) entry2.getKey()).addMatchingSource(DataSourceIndicator.assessmentStatus((File) entry2.getValue()));
            }
            int size2 = fromInventory.getVulnerabilities().size();
            LOG.info("Found [{}] status files with a total of [{}] affected vulnerabilities, applying to an inventory with [{}] vulnerabilities (merged & deduplicated total: [{}])", new Object[]{Integer.valueOf(readVulnerabilityStatusEntries.size()), Integer.valueOf(size2 - size), Integer.valueOf(size), Integer.valueOf(size2)});
            for (Vulnerability vulnerability : fromInventory.getVulnerabilities()) {
                addStatusEntriesForVulnerability(fromInventory, collection, vulnerability, hashMap.containsKey(vulnerability));
            }
            fromInventory.writeBack(true);
            VulnerabilityStatus.LOG_MATCHING_CRITERIA = z;
        } catch (Throwable th) {
            VulnerabilityStatus.LOG_MATCHING_CRITERIA = z;
            throw th;
        }
    }

    private void addStatusEntriesForVulnerability(VulnerabilityContextInventory vulnerabilityContextInventory, Collection<VulnerabilityStatus> collection, Vulnerability vulnerability, boolean z) {
        VulnerabilityTypeStore.get().inferSourceIdentifierFromIdIfAbsent(vulnerability);
        if (z) {
            vulnerability.addTag("added by status");
            LOG.info("Added [{}] to the inventory via status file", vulnerability);
        }
        Map<VulnerabilityStatus.MatchType, List<VulnerabilityStatus>> findAffectedEntriesRetainMatchingCondition = VulnerabilityStatus.findAffectedEntriesRetainMatchingCondition(collection, vulnerability);
        List<VulnerabilityStatus> list = (List) VulnerabilityStatus.MatchType.findHighestPriority(findAffectedEntriesRetainMatchingCondition);
        modifyVulnerabilityStatusHistoryEntryDateBasedOnMatchType(findAffectedEntriesRetainMatchingCondition, true);
        List asList = Arrays.asList(this.configuration.getActiveLabels());
        if (!findAffectedEntriesRetainMatchingCondition.isEmpty()) {
            for (Map.Entry<VulnerabilityStatus.MatchType, List<VulnerabilityStatus>> entry : findAffectedEntriesRetainMatchingCondition.entrySet()) {
                VulnerabilityStatus.MatchType key = entry.getKey();
                List<VulnerabilityStatus> value = entry.getValue();
                boolean z2 = list == value;
                value.forEach(vulnerabilityStatus -> {
                    vulnerabilityStatus.checkValidation(vulnerabilityContextInventory.getInventory(), vulnerability, this.configuration.isFailOnValidationErrors());
                });
                for (VulnerabilityStatus vulnerabilityStatus2 : value) {
                    if (z) {
                        vulnerabilityStatus2.addHistoryEntry(VulnerabilityStatusHistoryEntry.VOID);
                    }
                    vulnerabilityStatus2.appendStatusHistoryOnlyToVulnerabilityStatus(vulnerability.getOrCreateNewVulnerabilityStatus(), asList);
                    if (z) {
                        vulnerabilityStatus2.removeHistoryEntry(VulnerabilityStatusHistoryEntry.VOID);
                    }
                }
                if (z2) {
                    if (value.size() != 1) {
                        LOG.warn("Multiple status entries match for [{}] on criteria level [{}], picking arbitrary: [{}]. Please check file(s) [{}]", new Object[]{vulnerability.getId(), key, value.get(0).getOriginYamlFile().getAbsolutePath(), value.stream().map((v0) -> {
                            return v0.getOriginYamlFile();
                        }).filter((v0) -> {
                            return Objects.nonNull(v0);
                        }).map((v0) -> {
                            return v0.getAbsolutePath();
                        }).collect(Collectors.joining(", "))});
                        if (this.configuration.isFailOnAmbiguousMatchingInformation()) {
                            throw new IllegalStateException("[failOnAmbiguousMatchingInformation] Ambiguous assessment matching information found for vulnerability [" + vulnerability.getId() + "] on criteria level [" + key + "] from files:\n - " + ((String) value.stream().map((v0) -> {
                                return v0.getOriginYamlFile();
                            }).filter((v0) -> {
                                return Objects.nonNull(v0);
                            }).map((v0) -> {
                                return v0.getAbsolutePath();
                            }).collect(Collectors.joining("\n - "))));
                        }
                    }
                    value.get(0).appendAllExceptStatusHistoryToVulnerabilityStatus(vulnerability.getOrCreateNewVulnerabilityStatus());
                }
            }
        } else if (z) {
            VulnerabilityStatus vulnerabilityStatus3 = new VulnerabilityStatus();
            vulnerabilityStatus3.addHistoryEntry(VulnerabilityStatusHistoryEntry.VOID);
            vulnerabilityStatus3.appendToVulnerabilityStatus(vulnerability.getOrCreateNewVulnerabilityStatus(), asList);
        }
        if (vulnerability.getVulnerabilityStatus() != null) {
            vulnerability.getVulnerabilityStatus().applyToVulnerability(vulnerability);
        }
        modifyVulnerabilityStatusHistoryEntryDateBasedOnMatchType(findAffectedEntriesRetainMatchingCondition, false);
    }

    private static void modifyVulnerabilityStatusHistoryEntryDateBasedOnMatchType(Map<VulnerabilityStatus.MatchType, List<VulnerabilityStatus>> map, boolean z) {
        for (Map.Entry<VulnerabilityStatus.MatchType, List<VulnerabilityStatus>> entry : map.entrySet()) {
            int length = VulnerabilityStatus.MatchType.values().length - entry.getKey().ordinal();
            Iterator<VulnerabilityStatus> it = entry.getValue().iterator();
            while (it.hasNext()) {
                for (VulnerabilityStatusHistoryEntry vulnerabilityStatusHistoryEntry : it.next().getStatusHistory()) {
                    if (vulnerabilityStatusHistoryEntry.getDate() != null) {
                        vulnerabilityStatusHistoryEntry.setDate(new Date(vulnerabilityStatusHistoryEntry.getDate().getTime() + (z ? length : -length)));
                    }
                }
            }
        }
    }
}
