package com.metaeffekt.artifact.enrichment.other.timeline;

import com.metaeffekt.artifact.analysis.utils.CountdownTimer;
import com.metaeffekt.artifact.analysis.utils.LruLinkedHashMap;
import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.analysis.version.Version;
import com.metaeffekt.artifact.analysis.version.curation.VersionContext;
import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.VersionComparator;
import com.metaeffekt.artifact.enrichment.matching.VulnerabilitiesFromCpeEnrichment;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ObjectUtils;
import org.json.JSONObject;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.security.cvss.CvssSeverityRanges;
import org.metaeffekt.core.security.cvss.CvssVector;
import org.metaeffekt.core.security.cvss.v2.Cvss2;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.exceptions.CpeValidationException;
import us.springett.parsers.cpe.values.Part;

/* loaded from: input_file:com/metaeffekt/artifact/enrichment/other/timeline/VulnerabilityTimeline.class */
public class VulnerabilityTimeline {
    private final String vendor;
    private final String product;
    private final VulnerabilityTimelineGenerator configuration;
    private final List<TimelineVersion> versions;
    private final List<String> relevantTimelineVulnerabilities;
    private static final Logger LOG = LoggerFactory.getLogger(VulnerabilityTimeline.class);
    private static final Cvss2 DUMMY_CVSS = new Cvss2();
    private static final Pattern VERSION_PATTERN = Pattern.compile("([0-9a-zA-Z]+)(?:[.:]+)?([0-9a-zA-Z]+)?(?:[.:]+)?((?:(?:[0-9a-zA-Z]+)?(?:[.:]+)?)+)");
    private static final LruLinkedHashMap<String, TimelineVersion> timelineVersionCache = new LruLinkedHashMap<>(1000);

    /* loaded from: input_file:com/metaeffekt/artifact/enrichment/other/timeline/VulnerabilityTimeline$TimelineVersion.class */
    public static class TimelineVersion {
        private final Version version;
        private final Map<CvssSeverityRanges.SeverityRange, Integer> vulnerabilitiesPerSeverity;
        private final List<String> vulnerabilityIdentifiers;

        private TimelineVersion(Version version) {
            this.vulnerabilitiesPerSeverity = new HashMap();
            this.vulnerabilityIdentifiers = new ArrayList();
            this.version = version;
        }

        public int getCountForSeverity(CvssSeverityRanges.SeverityRange severityRange) {
            return this.vulnerabilitiesPerSeverity.getOrDefault(severityRange, 0).intValue();
        }

        public boolean containsVulnerability(String str) {
            return this.vulnerabilityIdentifiers.contains(str);
        }

        public boolean containsVulnerability(Vulnerability vulnerability) {
            return this.vulnerabilityIdentifiers.contains(vulnerability.getId());
        }

        public int getVulnerabilityCount() {
            int i = 0;
            Iterator<Integer> it = this.vulnerabilitiesPerSeverity.values().iterator();
            while (it.hasNext()) {
                i += it.next().intValue();
            }
            return i;
        }

        public void putSeverityWithVulnerabilityIdentifier(CvssSeverityRanges.SeverityRange severityRange, String str) {
            putSeverity(severityRange);
            this.vulnerabilityIdentifiers.add(str);
        }

        public void putSeverity(CvssSeverityRanges.SeverityRange severityRange) {
            if (this.vulnerabilitiesPerSeverity.containsKey(severityRange)) {
                this.vulnerabilitiesPerSeverity.put(severityRange, Integer.valueOf(this.vulnerabilitiesPerSeverity.get(severityRange).intValue() + 1));
            } else {
                this.vulnerabilitiesPerSeverity.put(severityRange, 1);
            }
        }

        public String getVersionUpdate() {
            return this.version.getVersion() + (shouldUpdatePartBeIncludedInLabel(this.version.getUpdate()) ? ":" + this.version.getUpdate() : "");
        }

        private boolean shouldUpdatePartBeIncludedInLabel(String str) {
            return (!StringUtils.hasText(str) || "*".equals(str) || "-".equals(str)) ? false : true;
        }

        public String toString() {
            return "[" + getVersionUpdate() + ": " + this.vulnerabilitiesPerSeverity + "]";
        }

        public Version getVersion() {
            return this.version;
        }

        public Map<CvssSeverityRanges.SeverityRange, Integer> getVulnerabilitiesPerSeverity() {
            return this.vulnerabilitiesPerSeverity;
        }

        public List<String> getVulnerabilityIdentifiers() {
            return this.vulnerabilityIdentifiers;
        }
    }

    public VulnerabilityTimeline(String str, String str2, VulnerabilityTimelineGenerator vulnerabilityTimelineGenerator) {
        this.vendor = str;
        this.product = str2;
        this.configuration = vulnerabilityTimelineGenerator;
        this.versions = generateTimelineVersions(str, str2);
        this.relevantTimelineVulnerabilities = (List) findVulnerabilitiesForAnyVersion(str, str2).stream().map((v0) -> {
            return v0.getId();
        }).filter(str3 -> {
            return vulnerabilityTimelineGenerator.getRelevantVulnerabilities().contains(str3);
        }).collect(Collectors.toList());
    }

    public String getVendor() {
        return this.vendor;
    }

    public String getProduct() {
        return this.product;
    }

    private List<TimelineVersion> generateTimelineVersions(String str, String str2) {
        List<Cpe> findCpeByVendorProduct;
        ArrayList arrayList = new ArrayList();
        CountdownTimer countdownTimer = new CountdownTimer(this.configuration.getVadConfiguration().getMaximumTimeSpentPerTimeline() * 1000);
        countdownTimer.start();
        this.configuration.getTimelineGenerationTime().start();
        try {
            try {
                findCpeByVendorProduct = this.configuration.getCpeDictionaryQuery().findCpeByVendorProduct(str, str2);
            } catch (Exception e) {
                LOG.error("Failed to generate vulnerability timeline for [{} {}]", new Object[]{str, str2, e});
                this.configuration.getTimelineGenerationTime().stop();
                countdownTimer.stop();
            }
            if (findCpeByVendorProduct == null || findCpeByVendorProduct.isEmpty()) {
                LOG.error("NVD mirror did not contain any CPE for vendor/product [{} {}]", str, str2);
                this.configuration.getTimelineGenerationTime().stop();
                countdownTimer.stop();
                return arrayList;
            }
            LOG.info("Generating vulnerability timeline for [{} {}] with [~{}] versions", new Object[]{str, str2, Integer.valueOf(findCpeByVendorProduct.size())});
            List list = (List) findCpeByVendorProduct.stream().sorted((cpe, cpe2) -> {
                return VersionComparator.INSTANCE.compare(cpe.getVersion(), cpe2.getVersion());
            }).distinct().collect(Collectors.toList());
            int i = 0;
            long currentTimeMillis = System.currentTimeMillis();
            long j = 0;
            int size = list.size() - 1;
            while (true) {
                if (size >= 0) {
                    if (this.configuration.getVadConfiguration().getMaximumVersionsPerTimeline() != -1 && arrayList.size() > this.configuration.getVadConfiguration().getMaximumVersionsPerTimeline()) {
                        LOG.info("Configured limit of [{}] versions has been reached for vulnerability timeline [{} {}], skipping [{}/{}]", new Object[]{Integer.valueOf(this.configuration.getVadConfiguration().getMaximumVersionsPerTimeline()), str, str2, Integer.valueOf(size), Integer.valueOf(list.size())});
                        break;
                    }
                    if (size % 100 == 0) {
                        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                        if (currentTimeMillis2 - j > 10000) {
                            j = currentTimeMillis2;
                            int size2 = list.size() - size;
                            LOG.info("Generating vulnerability timeline for [{} {}] with [{}] versions, currently at [{}/{}] ({}s passed, ~{}s remaining)", new Object[]{str, str2, Integer.valueOf(list.size()), Integer.valueOf(size2), Integer.valueOf(list.size()), Long.valueOf(currentTimeMillis2 / 1000), Long.valueOf(((currentTimeMillis2 / size2) * (list.size() - size2)) / 1000)});
                            if (!this.configuration.getTimelineGenerationTime().isEndReached()) {
                                if (countdownTimer.isEndReached()) {
                                    LOG.info("Timeline generation time limit of [{}]s has been reached for timeline [{} {}], skipping [{}/{}]", new Object[]{Integer.valueOf(this.configuration.getVadConfiguration().getMaximumTimeSpentPerTimeline()), str, str2, Integer.valueOf(size), Integer.valueOf(list.size())});
                                    break;
                                }
                            } else {
                                LOG.info("Timeline generation time limit of [{}]s has been reached, skipping [{}/{}]", new Object[]{Integer.valueOf(this.configuration.getVadConfiguration().getMaximumTimeSpentOnTimelines()), Integer.valueOf(size), Integer.valueOf(list.size())});
                                break;
                            }
                        }
                    }
                    TimelineVersion generateTimelineVersion = generateTimelineVersion(null, (Cpe) list.get(size));
                    if (generateTimelineVersion != null) {
                        i += generateTimelineVersion.getVulnerabilityCount();
                        arrayList.add(generateTimelineVersion);
                        if (i > this.configuration.getVadConfiguration().getMaximumVulnerabilitiesPerTimeline()) {
                            LOG.info("Configured limit of [{}] vulnerabilities has been reached for vulnerability timeline [{} {}], skipping [{}/{}]", new Object[]{Integer.valueOf(this.configuration.getVadConfiguration().getMaximumVulnerabilitiesPerTimeline()), str, str2, Integer.valueOf(size), Integer.valueOf(list.size())});
                            break;
                        }
                    }
                    size--;
                } else {
                    break;
                }
            }
            Collections.reverse(arrayList);
            LOG.info("Generated vulnerability timeline for [{} {}] with [{}] versions and [{}] vulnerabilities", new Object[]{str, str2, Integer.valueOf(arrayList.size()), Integer.valueOf(i)});
            this.configuration.getTimelineGenerationTime().stop();
            countdownTimer.stop();
            return arrayList;
        } catch (Throwable th) {
            this.configuration.getTimelineGenerationTime().stop();
            countdownTimer.stop();
            throw th;
        }
    }

    private List<Vulnerability> findVulnerabilitiesForAnyVersion(String str, String str2) {
        try {
            return this.configuration.getVulnerabilityQuery().findVulnerabilitiesByFlatAffectedConfiguration(CommonEnumerationUtil.builder().part(Part.ANY).vendor(str).product(str2).version("*").build());
        } catch (CpeValidationException e) {
            LOG.warn("Failed to generate CPE for vendor/product [{} {}]", new Object[]{str, str2, e});
            return new ArrayList();
        }
    }

    private TimelineVersion generateTimelineVersion(Artifact artifact, Cpe cpe) {
        Cpe cpe2;
        TimelineVersion timelineVersion;
        if ((artifact == null || StringUtils.isEmpty(artifact.getVersion()) || artifact.getVersion().equals("*") || artifact.getVersion().equals("-")) && (cpe.getVersion().equals("*") || cpe.getVersion().equals("-"))) {
            return null;
        }
        if (artifact != null) {
            cpe2 = VulnerabilitiesFromCpeEnrichment.deriveQueryCpe(null, null, artifact, cpe).orElse(cpe);
            timelineVersion = new TimelineVersion(Version.of(artifact.getVersion(), VersionContext.fromArtifact(artifact)));
        } else {
            cpe2 = cpe;
            timelineVersion = new TimelineVersion(Version.of(cpe2.getVersion(), cpe2.getUpdate(), VersionContext.fromCpe(cpe2)));
        }
        String cpe22UriOrFallbackToCpe23FS = CommonEnumerationUtil.toCpe22UriOrFallbackToCpe23FS(cpe2);
        if (timelineVersionCache.containsKey(cpe22UriOrFallbackToCpe23FS)) {
            return timelineVersionCache.get(cpe22UriOrFallbackToCpe23FS);
        }
        for (Vulnerability vulnerability : this.configuration.getVulnerabilityQuery().findVulnerabilitiesByFlatAffectedConfiguration(cpe2)) {
            vulnerability.selectEffectiveCvssVectors(this.configuration.getCentralSecurityPolicyConfiguration());
            CvssSeverityRanges.SeverityRange range = this.configuration.getCentralSecurityPolicyConfiguration().getCvssSeverityRanges().getRange(((CvssVector) ObjectUtils.firstNonNull(new CvssVector[]{vulnerability.getCvssSelectionResult().getSelectedInitialCvss(), new Cvss2()})).getBakedScores().getNormalizedBaseScore());
            if (this.configuration.getRelevantVulnerabilities().contains(vulnerability.getId())) {
                timelineVersion.putSeverityWithVulnerabilityIdentifier(range, vulnerability.getId());
            } else {
                timelineVersion.putSeverity(range);
            }
        }
        timelineVersionCache.put(cpe22UriOrFallbackToCpe23FS, timelineVersion);
        return timelineVersion;
    }

    public boolean containsVulnerability(String str) {
        return this.relevantTimelineVulnerabilities.contains(str);
    }

    public boolean containsVulnerability(Vulnerability vulnerability) {
        return this.relevantTimelineVulnerabilities.contains(vulnerability.getId());
    }

    public List<TimelineVersion> getVersions() {
        return this.versions;
    }

    public String toString() {
        return new JSONObject().put("vendor", this.vendor).put("product", this.product).put("versions", this.versions.size()).toString();
    }

    public List<TimelineVersion> generateCustomVersionsFromArtifacts(Collection<Artifact> collection) {
        HashSet<Cpe> hashSet = new HashSet();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Artifact artifact : collection) {
            try {
                hashSet.add(CommonEnumerationUtil.builder().part(Part.APPLICATION).vendor(this.vendor).product(this.product).build());
            } catch (CpeValidationException e) {
                LOG.warn("Cannot create CPE from artifact [{}] for vulnerability timeline [{} {}]: {}", new Object[]{artifact.getId(), this.vendor, this.product, e.getMessage()});
            }
            if (StringUtils.hasText(artifact.getVersion()) && !linkedHashMap.containsKey(artifact.getVersion())) {
                linkedHashMap.put(artifact.getVersion(), artifact);
            }
        }
        ArrayList arrayList = new ArrayList();
        for (Cpe cpe : hashSet) {
            Iterator it = linkedHashMap.values().iterator();
            while (it.hasNext()) {
                TimelineVersion generateTimelineVersion = generateTimelineVersion((Artifact) it.next(), cpe);
                if (generateTimelineVersion != null) {
                    arrayList.add(generateTimelineVersion);
                }
            }
        }
        return arrayList;
    }

    public List<TimelineVersion> getOfficialAndArtifactMergedVersions(Collection<TimelineVersion> collection) {
        ArrayList arrayList = new ArrayList(this.versions);
        for (TimelineVersion timelineVersion : collection) {
            if (arrayList.stream().noneMatch(timelineVersion2 -> {
                return timelineVersion2.getVersion().matchesVersionOf(timelineVersion.getVersion());
            })) {
                arrayList.add(timelineVersion);
            }
        }
        arrayList.sort((timelineVersion3, timelineVersion4) -> {
            return VersionComparator.INSTANCE.compare(timelineVersion3.getVersionUpdate(), timelineVersion4.getVersionUpdate());
        });
        return arrayList;
    }

    public List<TimelineVersion> getReducedOfficialAndArtifactMergedCpeVersions(Set<Artifact> set, List<TimelineVersion> list) {
        int vulnerabilityCount;
        List<TimelineVersion> officialAndArtifactMergedVersions = getOfficialAndArtifactMergedVersions(list);
        if (officialAndArtifactMergedVersions.size() <= 10) {
            return officialAndArtifactMergedVersions;
        }
        HashSet hashSet = new HashSet(createVersionsForArtifactVersion(set, list));
        hashSet.add(officialAndArtifactMergedVersions.get(officialAndArtifactMergedVersions.size() - 1));
        hashSet.addAll(list);
        ArrayList arrayList = new ArrayList();
        String str = null;
        int i = -1;
        for (int i2 = 0; i2 < officialAndArtifactMergedVersions.size(); i2++) {
            if (hashSet.contains(officialAndArtifactMergedVersions.get(i2))) {
                arrayList.add(officialAndArtifactMergedVersions.get(i2));
            } else {
                Matcher matcher = VERSION_PATTERN.matcher(officialAndArtifactMergedVersions.get(i2).getVersionUpdate());
                if (matcher.find()) {
                    if (str == null) {
                        arrayList.add(officialAndArtifactMergedVersions.get(i2));
                    } else if (!str.equals(matcher.group(1)) || i != officialAndArtifactMergedVersions.get(i2).getVulnerabilityCount()) {
                        arrayList.add(officialAndArtifactMergedVersions.get(i2 - 1));
                    }
                    str = matcher.group(1);
                    i = officialAndArtifactMergedVersions.get(i2).getVulnerabilityCount();
                } else {
                    arrayList.add(officialAndArtifactMergedVersions.get(i2));
                    str = officialAndArtifactMergedVersions.get(i2).getVersion().getVersion();
                }
            }
        }
        if (arrayList.size() <= 10 && officialAndArtifactMergedVersions.size() <= 20) {
            return officialAndArtifactMergedVersions;
        }
        removeDoubles(arrayList);
        int i3 = 2;
        while (i3 < arrayList.size() - 2) {
            if (!hashSet.contains(arrayList.get(i3)) && (vulnerabilityCount = arrayList.get(i3).getVulnerabilityCount()) < 4) {
                double d = 0.0d;
                int i4 = 0;
                for (int max = Math.max(0, i3 - 2); max < i3; max++) {
                    d += arrayList.get(max).getVulnerabilityCount();
                    i4++;
                }
                double max2 = d / Math.max(1.0d, i4);
                double d2 = 0.0d;
                int i5 = 0;
                for (int i6 = i3 + 1; i6 < Math.min(arrayList.size() - 1, i3 + 3); i6++) {
                    d2 += arrayList.get(i6).getVulnerabilityCount();
                    i5++;
                }
                double max3 = d2 / Math.max(1.0d, i5);
                boolean hasText = StringUtils.hasText(arrayList.get(i3).getVersion().getUpdate());
                double max4 = Math.max(5.0d, ((max2 + max3) / 2.0d) * 0.2d);
                int abs = (int) Math.abs(vulnerabilityCount - max2);
                int abs2 = (int) Math.abs(vulnerabilityCount - max3);
                boolean z = ((double) abs) > max4;
                boolean z2 = ((double) abs2) > max4;
                if ((z && z2) || (hasText && (z || z2))) {
                    arrayList.remove(i3);
                    i3--;
                }
            }
            i3++;
        }
        return arrayList;
    }

    public List<TimelineVersion> createVersionsForArtifactVersion(Collection<Artifact> collection, Collection<TimelineVersion> collection2) {
        List list = (List) collection.stream().map(artifact -> {
            return Version.of(artifact.getVersion(), VersionContext.fromArtifact(artifact));
        }).collect(Collectors.toList());
        List<TimelineVersion> officialAndArtifactMergedVersions = getOfficialAndArtifactMergedVersions(collection2);
        ArrayList arrayList = new ArrayList();
        for (TimelineVersion timelineVersion : officialAndArtifactMergedVersions) {
            Iterator it = list.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (timelineVersion.getVersion().matchesVersionOf((Version) it.next())) {
                        arrayList.add(timelineVersion);
                        break;
                    }
                }
            }
        }
        return arrayList;
    }

    private void removeDoubles(List<TimelineVersion> list) {
        for (int size = list.size() - 1; size >= 0; size--) {
            for (int size2 = list.size() - 1; size2 >= 0; size2--) {
                if (size != size2) {
                    if (size >= list.size()) {
                        break;
                    }
                    if (size2 < list.size() && list.get(size).getVersionUpdate().equals(list.get(size2).getVersionUpdate())) {
                        if (list.get(size).getVulnerabilityCount() >= list.get(size2).getVulnerabilityCount()) {
                            list.remove(size2);
                        } else {
                            list.remove(size);
                        }
                    }
                }
            }
        }
    }
}
