package com.metaeffekt.artifact.enrichment.vulnerability.ghsa;

import com.metaeffekt.artifact.analysis.utils.LazySupplier;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.GhsaVulnerabilitiesEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.advisory.GhsaAdvisorEntry;
import com.metaeffekt.mirror.contents.base.DataSourceIndicator;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.store.VulnerabilityTypeStore;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import com.metaeffekt.mirror.query.GhsaAdvisorIndexQuery;
import java.io.File;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EnricherMetadata(name = "GHSA Vulnerabilities", phase = InventoryEnrichmentPhase.VULNERABILITY_MATCHING, intermediateFileSuffix = "ghsa-cve", mavenPropertyName = "ghsaVulnerabilitiesEnrichment")
/* loaded from: input_file:com/metaeffekt/artifact/enrichment/vulnerability/ghsa/GhsaVulnerabilitiesEnrichment.class */
public class GhsaVulnerabilitiesEnrichment extends InventoryEnricher {
    private static final Logger LOG = LoggerFactory.getLogger(GhsaVulnerabilitiesEnrichment.class);
    private final LazySupplier<GhsaAdvisorIndexQuery> ghsaAdvisorQuery;
    private GhsaVulnerabilitiesEnrichmentConfiguration configuration = new GhsaVulnerabilitiesEnrichmentConfiguration();

    public GhsaVulnerabilitiesEnrichment(File file) {
        this.ghsaAdvisorQuery = new LazySupplier<>(() -> {
            return new GhsaAdvisorIndexQuery(file);
        });
    }

    public void setConfiguration(GhsaVulnerabilitiesEnrichmentConfiguration ghsaVulnerabilitiesEnrichmentConfiguration) {
        this.configuration = ghsaVulnerabilitiesEnrichmentConfiguration;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    public GhsaVulnerabilitiesEnrichmentConfiguration getConfiguration() {
        return this.configuration;
    }

    @Override // com.metaeffekt.artifact.enrichment.InventoryEnricher
    protected void performEnrichment(Inventory inventory) {
        List<GhsaArtifactVulnerabilityMatcher> buildMatchers = this.configuration.buildMatchers(this.ghsaAdvisorQuery.get());
        VulnerabilityContextInventory fromInventory = VulnerabilityContextInventory.fromInventory(inventory);
        Logger logger = LOG;
        Object[] objArr = new Object[3];
        objArr[0] = Integer.valueOf(inventory.getArtifacts().size());
        objArr[1] = Integer.valueOf(buildMatchers.size());
        objArr[2] = buildMatchers.size() > 1 ? "s" : "";
        logger.info("Matching GHSA vulnerabilities for [{}] artifacts using [{}] matcher{}", objArr);
        for (Artifact artifact : inventory.getArtifacts()) {
            for (GhsaArtifactVulnerabilityMatcher ghsaArtifactVulnerabilityMatcher : buildMatchers) {
                if (ghsaArtifactVulnerabilityMatcher.mayMatch(artifact)) {
                    for (Map.Entry<GhsaAdvisorEntry, DataSourceIndicator> entry : ghsaArtifactVulnerabilityMatcher.match(artifact).entrySet()) {
                        GhsaAdvisorEntry key = entry.getKey();
                        DataSourceIndicator value = entry.getValue();
                        Set<String> referencedVulnerabilities = key.getReferencedVulnerabilities(VulnerabilityTypeStore.CVE);
                        if (referencedVulnerabilities.isEmpty()) {
                            fromInventory.add(fromInventory.findOrCreateAdvisoryEntryByName(key.getId(), GhsaAdvisorEntry::new).addMatchingSource(value));
                        } else {
                            Iterator<String> it = referencedVulnerabilities.iterator();
                            while (it.hasNext()) {
                                Vulnerability addMatchingSource = fromInventory.findOrCreateVulnerabilityByName(it.next()).addMatchingSource(value);
                                addMatchingSource.setSourceIdentifier(VulnerabilityTypeStore.CVE);
                                fromInventory.add(addMatchingSource);
                            }
                        }
                    }
                }
            }
        }
        fromInventory.writeBack(true);
    }
}
