package org.owasp.dependencycheck.dependency;

import io.github.jeremylong.openvulnerability.client.nvd.CvssV2;
import io.github.jeremylong.openvulnerability.client.nvd.CvssV3;
import io.github.jeremylong.openvulnerability.client.nvd.CvssV4;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.annotation.concurrent.NotThreadSafe;
import org.apache.commons.lang3.builder.CompareToBuilder;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.jetbrains.annotations.NotNull;
import org.owasp.dependencycheck.utils.SeverityUtil;

@NotThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/dependency/Vulnerability.class */
public class Vulnerability implements Serializable, Comparable<Vulnerability> {
    private static final long serialVersionUID = 307319490326651053L;
    private String name;
    private String description;
    private org.owasp.dependencycheck.data.knownexploited.json.Vulnerability knownExploitedVulnerability;
    private String unscoredSeverity;
    private CvssV2 cvssV2;
    private CvssV3 cvssV3;
    private CvssV4 cvssV4;
    private VulnerableSoftware matchedVulnerableSoftware;
    private String notes;
    private final Set<Reference> references = Collections.synchronizedSet(new HashSet());
    private final Set<VulnerableSoftware> vulnerableSoftware = new HashSet();
    private final CweSet cwes = new CweSet();
    private Source source = null;

    /* loaded from: input_file:org/owasp/dependencycheck/dependency/Vulnerability$Source.class */
    public enum Source {
        NVD,
        NPM,
        RETIREJS,
        OSSINDEX,
        BUNDLEAUDIT,
        MIXAUDIT
    }

    public Vulnerability() {
    }

    public Vulnerability(String str) {
        this.name = str;
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getDescription() {
        return this.description;
    }

    public void setDescription(String str) {
        this.description = str;
    }

    public Set<Reference> getReferences() {
        return this.references;
    }

    public List<Reference> getReferences(boolean z) {
        ArrayList arrayList = new ArrayList(this.references);
        if (z) {
            Collections.sort(arrayList);
        }
        return arrayList;
    }

    public void addReferences(Set<Reference> set) {
        this.references.addAll(set);
    }

    public void addReference(Reference reference) {
        this.references.add(reference);
    }

    public void addReference(String str, String str2, String str3) {
        Reference reference = new Reference();
        reference.setSource(str);
        reference.setName(str2);
        reference.setUrl(str3);
        this.references.add(reference);
    }

    public void setKnownExploitedVulnerability(org.owasp.dependencycheck.data.knownexploited.json.Vulnerability vulnerability) {
        this.knownExploitedVulnerability = vulnerability;
    }

    public org.owasp.dependencycheck.data.knownexploited.json.Vulnerability getKnownExploitedVulnerability() {
        return this.knownExploitedVulnerability;
    }

    public Set<VulnerableSoftware> getVulnerableSoftware() {
        return this.vulnerableSoftware;
    }

    public List<VulnerableSoftware> getVulnerableSoftware(boolean z) {
        ArrayList arrayList;
        synchronized (this.vulnerableSoftware) {
            arrayList = new ArrayList(this.vulnerableSoftware);
            if (z) {
                Collections.sort(arrayList);
            }
        }
        return arrayList;
    }

    public void addVulnerableSoftware(Set<VulnerableSoftware> set) {
        this.vulnerableSoftware.addAll(set);
    }

    public void addVulnerableSoftware(VulnerableSoftware vulnerableSoftware) {
        this.vulnerableSoftware.add(vulnerableSoftware);
    }

    public CvssV2 getCvssV2() {
        return this.cvssV2;
    }

    public void setCvssV2(CvssV2 cvssV2) {
        this.cvssV2 = cvssV2;
    }

    public CvssV3 getCvssV3() {
        return this.cvssV3;
    }

    public void setCvssV3(CvssV3 cvssV3) {
        this.cvssV3 = cvssV3;
    }

    public CvssV4 getCvssV4() {
        return this.cvssV4;
    }

    public void setCvssV4(CvssV4 cvssV4) {
        this.cvssV4 = cvssV4;
    }

    public CweSet getCwes() {
        return this.cwes;
    }

    public void addCwe(String str) {
        this.cwes.addCwe(str);
    }

    public String getUnscoredSeverity() {
        return this.unscoredSeverity;
    }

    public void setUnscoredSeverity(String str) {
        this.unscoredSeverity = str;
    }

    public String getNotes() {
        return this.notes;
    }

    public void setNotes(String str) {
        this.notes = str;
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof Vulnerability)) {
            return false;
        }
        if (this == obj) {
            return true;
        }
        return new EqualsBuilder().append(this.name, ((Vulnerability) obj).name).isEquals();
    }

    public int hashCode() {
        return new HashCodeBuilder(3, 73).append(this.name).toHashCode();
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("Vulnerability ");
        sb.append(this.name);
        sb.append("\nReferences:\n");
        for (Reference reference : getReferences(true)) {
            sb.append("=> ");
            sb.append(reference);
            sb.append("\n");
        }
        sb.append("\nSoftware:\n");
        for (VulnerableSoftware vulnerableSoftware : getVulnerableSoftware(true)) {
            sb.append("=> ");
            sb.append(vulnerableSoftware);
            sb.append("\n");
        }
        return sb.toString();
    }

    @Override // java.lang.Comparable
    public int compareTo(@NotNull Vulnerability vulnerability) {
        return new CompareToBuilder().append(vulnerability.bestEffortSeverityLevelForSorting(), bestEffortSeverityLevelForSorting()).append(this.name, vulnerability.name).toComparison();
    }

    private Double bestEffortSeverityLevelForSorting() {
        return this.cvssV3 != null ? SeverityUtil.sortAdjustedCVSSv3BaseScore(this.cvssV3.getCvssData().getBaseScore()) : this.cvssV2 != null ? this.cvssV2.getCvssData().getBaseScore() : SeverityUtil.estimatedSortAdjustedCVSSv3(this.unscoredSeverity);
    }

    public String getHighestSeverityText() {
        return this.cvssV3 != null ? this.cvssV3.getCvssData().getBaseSeverity().value().toUpperCase() : this.cvssV2 != null ? this.cvssV2.getCvssData().getBaseSeverity().toUpperCase() : SeverityUtil.unscoredToSeveritytext(this.unscoredSeverity).toUpperCase();
    }

    public void setMatchedVulnerableSoftware(VulnerableSoftware vulnerableSoftware) {
        this.matchedVulnerableSoftware = vulnerableSoftware;
    }

    public VulnerableSoftware getMatchedVulnerableSoftware() {
        return this.matchedVulnerableSoftware;
    }

    public Source getSource() {
        return this.source;
    }

    public void setSource(Source source) {
        this.source = source;
    }
}
