package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Arrays;
import java.util.HashSet;
import javax.annotation.concurrent.ThreadSafe;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonReader;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.SearchException;
import org.owasp.dependencycheck.data.nsp.Advisory;
import org.owasp.dependencycheck.data.nsp.NspSearch;
import org.owasp.dependencycheck.data.nsp.SanitizePackage;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.URLConnectionFailureException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/NspAnalyzer.class */
public class NspAnalyzer extends AbstractNpmAnalyzer {
    public static final String DEFAULT_URL = "https://api.nodesecurity.io/check";
    public static final String DEPENDENCY_ECOSYSTEM = "npm";
    private static final String PACKAGE_JSON = "package.json";
    private NspSearch searcher;
    private static final Logger LOGGER = LoggerFactory.getLogger(NspAnalyzer.class);
    private static final FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance().addFilenames("package.json").build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return PACKAGE_JSON_FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        LOGGER.debug("Initializing {}", getName());
        try {
            this.searcher = new NspSearch(getSettings());
            try {
                if (!engine.getSettings().getBoolean("analyzer.node.package.enabled")) {
                    LOGGER.warn("The Node Package Analyzer has been disabled; the resulting report will only  contain the known vulnerable dependency - not a bill of materials for the node project.");
                }
            } catch (InvalidSettingException e) {
                throw new InitializationException("Unable to read configuration settings", e);
            }
        } catch (MalformedURLException e2) {
            setEnabled(false);
            throw new InitializationException("The configured URL to Node Security Platform is malformed", e2);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "Node Security Platform Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.FINDING_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.nsp.package.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        File actualFile = dependency.getActualFile();
        if (actualFile.isFile() && actualFile.length() != 0 && shouldProcess(actualFile)) {
            try {
                JsonReader createReader = Json.createReader(FileUtils.openInputStream(actualFile));
                Throwable th = null;
                try {
                    try {
                        for (Advisory advisory : this.searcher.submitPackage(Json.createObjectBuilder().add("package", SanitizePackage.sanitize(createReader.readObject())).build())) {
                            Vulnerability vulnerability = new Vulnerability();
                            vulnerability.setCvssScore(advisory.getCvssScore());
                            vulnerability.setDescription(advisory.getOverview());
                            vulnerability.setName(String.valueOf(advisory.getId()));
                            vulnerability.setSource(Vulnerability.Source.NSP);
                            vulnerability.addReference("NSP", "Advisory " + advisory.getId() + ": " + advisory.getTitle(), advisory.getAdvisory());
                            VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
                            vulnerableSoftware.setName(advisory.getModule() + ":" + advisory.getVulnerableVersions());
                            vulnerability.setVulnerableSoftware(new HashSet(Arrays.asList(vulnerableSoftware)));
                            Dependency findDependency = findDependency(engine, advisory.getModule(), advisory.getVersion());
                            if (findDependency == null) {
                                Dependency createDependency = createDependency(dependency, advisory.getModule(), advisory.getVersion(), "transitive");
                                createDependency.addVulnerability(vulnerability);
                                engine.addDependency(createDependency);
                            } else {
                                findDependency.addVulnerability(vulnerability);
                            }
                        }
                        if (createReader != null) {
                            if (0 != 0) {
                                try {
                                    createReader.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                createReader.close();
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (createReader != null) {
                        if (th != null) {
                            try {
                                createReader.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            createReader.close();
                        }
                    }
                    throw th4;
                }
            } catch (JsonException e) {
                throw new AnalysisException(String.format("Failed to parse %s file.", actualFile.getPath()), e);
            } catch (URLConnectionFailureException e2) {
                setEnabled(false);
                throw new AnalysisException(e2.getMessage(), e2);
            } catch (IOException e3) {
                LOGGER.debug("Error reading dependency or connecting to Node Security Platform - check API", e3);
                setEnabled(false);
                throw new AnalysisException(e3.getMessage(), e3);
            } catch (SearchException e4) {
                LOGGER.error("NSP Analisys failed on {}", dependency.getActualFilePath());
                throw e4;
            }
        }
    }
}
