package org.openrewrite.java.dependencies;

import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.dataformat.csv.CsvMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.function.Function;
import java.util.stream.Collectors;
import lombok.Generated;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Option;
import org.openrewrite.ScanningRecipe;
import org.openrewrite.SourceFile;
import org.openrewrite.Tree;
import org.openrewrite.TreeVisitor;
import org.openrewrite.Validated;
import org.openrewrite.gradle.marker.GradleDependencyConfiguration;
import org.openrewrite.gradle.marker.GradleProject;
import org.openrewrite.groovy.GroovyIsoVisitor;
import org.openrewrite.groovy.GroovyVisitor;
import org.openrewrite.groovy.tree.G;
import org.openrewrite.internal.StringUtils;
import org.openrewrite.java.dependencies.UpgradeDependencyVersion;
import org.openrewrite.java.dependencies.internal.StaticVersionComparator;
import org.openrewrite.java.dependencies.internal.VersionParser;
import org.openrewrite.java.dependencies.table.VulnerabilityReport;
import org.openrewrite.java.marker.JavaProject;
import org.openrewrite.marker.CommitMessage;
import org.openrewrite.maven.AddManagedDependency;
import org.openrewrite.maven.MavenDownloadingException;
import org.openrewrite.maven.MavenIsoVisitor;
import org.openrewrite.maven.MavenVisitor;
import org.openrewrite.maven.internal.MavenPomDownloader;
import org.openrewrite.maven.table.MavenMetadataFailures;
import org.openrewrite.maven.tree.GroupArtifact;
import org.openrewrite.maven.tree.MavenRepository;
import org.openrewrite.maven.tree.MavenResolutionResult;
import org.openrewrite.maven.tree.ResolvedDependency;
import org.openrewrite.maven.tree.ResolvedGroupArtifactVersion;
import org.openrewrite.maven.tree.ResolvedPom;
import org.openrewrite.maven.tree.Scope;
import org.openrewrite.semver.LatestMinor;
import org.openrewrite.semver.LatestPatch;
import org.openrewrite.semver.LatestRelease;
import org.openrewrite.semver.VersionComparator;
import org.openrewrite.xml.tree.Xml;

/* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.class */
public final class DependencyVulnerabilityCheck extends ScanningRecipe<Accumulator> {
    private final transient MavenMetadataFailures metadataFailures = new MavenMetadataFailures(this);
    private final transient VersionParser versionParser = new VersionParser();
    private final transient VulnerabilityReport report = new VulnerabilityReport(this);
    private transient VersionComparator versionComparator = null;

    @Option(displayName = "Scope", description = "Match dependencies with the specified scope. Default is `compile`.", valid = {"compile", "test", "runtime", "provided"}, example = "compile", required = false)
    private final String scope;

    @Option(displayName = "Override transitives", description = "When enabled transitive dependencies with vulnerabilities will have their versions overridden. By default only direct dependencies have their version numbers upgraded.", example = "false", required = false)
    private final Boolean overrideTransitive;

    @Option(displayName = "Maximum upgrade delta", description = "The maximum difference to allow when suggesting a dependency version upgrade. Patch version upgrades are the default and safest option, as patch releases assert full backwards compatibility with no breaking changes.Minor version upgrades can introduce new features but do not _typically_ include breaking changes. Major version upgrades will typically require code changes above and beyond this recipe. ", valid = {"patch", "minor", "major"}, example = "patch", required = false)
    private final UpgradeDelta maximumUpgradeDelta;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck$5, reason: invalid class name */
    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$org$openrewrite$maven$tree$Scope = new int[Scope.values().length];

        static {
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Test.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Compile.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Runtime.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Provided.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$openrewrite$java$dependencies$DependencyVulnerabilityCheck$UpgradeDelta = new int[UpgradeDelta.values().length];
            try {
                $SwitchMap$org$openrewrite$java$dependencies$DependencyVulnerabilityCheck$UpgradeDelta[UpgradeDelta.patch.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$openrewrite$java$dependencies$DependencyVulnerabilityCheck$UpgradeDelta[UpgradeDelta.minor.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$openrewrite$java$dependencies$DependencyVulnerabilityCheck$UpgradeDelta[UpgradeDelta.major.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$Accumulator.class */
    public static class Accumulator {
        final Map<GroupArtifact, List<Vulnerability>> db;
        final Scope scope;
        final UpgradeDependencyVersion.Accumulator dependencyAcc;
        final AddManagedDependency.Scanned transitiveAcc;
        final VersionComparator comparator;
        Map<String, Vulnerabilities> projectToVulnerabilities = new LinkedHashMap();
        private Set<MavenRepository> repositories = new LinkedHashSet();
        private List<MavenRepository> allRepositories = null;
        private Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> upgradeableVulnerabilities = null;

        public void repositoriesFrom(SourceFile sourceFile) {
            sourceFile.getMarkers().findFirst(MavenResolutionResult.class).ifPresent(mavenResolutionResult -> {
                this.repositories.addAll(mavenResolutionResult.getPom().getRepositories());
            });
            sourceFile.getMarkers().findFirst(GradleProject.class).ifPresent(gradleProject -> {
                this.repositories.addAll(gradleProject.getMavenRepositories());
            });
        }

        public List<MavenRepository> getRepositories() {
            if (this.allRepositories == null) {
                this.allRepositories = new ArrayList(this.repositories);
            }
            return this.allRepositories;
        }

        public Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> upgradeableVulnerabilities() {
            if (this.upgradeableVulnerabilities == null) {
                this.upgradeableVulnerabilities = new LinkedHashMap();
                Iterator<Vulnerabilities> it = this.projectToVulnerabilities.values().iterator();
                while (it.hasNext()) {
                    for (Map.Entry<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> entry : it.next().getGavToVulnerabilities().entrySet()) {
                        ResolvedGroupArtifactVersion key = entry.getKey();
                        Set<MinimumDepthVulnerability> value = entry.getValue();
                        this.upgradeableVulnerabilities.compute(key, (resolvedGroupArtifactVersion, set) -> {
                            Set set = (Set) value.stream().filter(minimumDepthVulnerability -> {
                                return StringUtils.isNotEmpty(minimumDepthVulnerability.vulnerability.getFixedVersion());
                            }).filter(minimumDepthVulnerability2 -> {
                                return this.comparator.isValid(key.getVersion(), minimumDepthVulnerability2.vulnerability.getFixedVersion());
                            }).collect(Collectors.toCollection(LinkedHashSet::new));
                            if (set.isEmpty()) {
                                return set;
                            }
                            if (set == null) {
                                set = set;
                            } else {
                                set.addAll(set);
                            }
                            return set;
                        });
                    }
                }
            }
            return this.upgradeableVulnerabilities;
        }

        @Generated
        public Map<GroupArtifact, List<Vulnerability>> getDb() {
            return this.db;
        }

        @Generated
        public Scope getScope() {
            return this.scope;
        }

        @Generated
        public UpgradeDependencyVersion.Accumulator getDependencyAcc() {
            return this.dependencyAcc;
        }

        @Generated
        public AddManagedDependency.Scanned getTransitiveAcc() {
            return this.transitiveAcc;
        }

        @Generated
        public VersionComparator getComparator() {
            return this.comparator;
        }

        @Generated
        public Map<String, Vulnerabilities> getProjectToVulnerabilities() {
            return this.projectToVulnerabilities;
        }

        @Generated
        public List<MavenRepository> getAllRepositories() {
            return this.allRepositories;
        }

        @Generated
        public Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> getUpgradeableVulnerabilities() {
            return this.upgradeableVulnerabilities;
        }

        @Generated
        @ConstructorProperties({"db", "scope", "dependencyAcc", "transitiveAcc", "comparator"})
        public Accumulator(Map<GroupArtifact, List<Vulnerability>> map, Scope scope, UpgradeDependencyVersion.Accumulator accumulator, AddManagedDependency.Scanned scanned, VersionComparator versionComparator) {
            this.db = map;
            this.scope = scope;
            this.dependencyAcc = accumulator;
            this.transitiveAcc = scanned;
            this.comparator = versionComparator;
        }
    }

    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$MinimumDepthVulnerability.class */
    public static final class MinimumDepthVulnerability {
        private int minDepth;
        private final Vulnerability vulnerability;

        @Generated
        @ConstructorProperties({"minDepth", "vulnerability"})
        public MinimumDepthVulnerability(int i, Vulnerability vulnerability) {
            this.minDepth = i;
            this.vulnerability = vulnerability;
        }

        @Generated
        public int getMinDepth() {
            return this.minDepth;
        }

        @Generated
        public Vulnerability getVulnerability() {
            return this.vulnerability;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof MinimumDepthVulnerability)) {
                return false;
            }
            MinimumDepthVulnerability minimumDepthVulnerability = (MinimumDepthVulnerability) obj;
            if (getMinDepth() != minimumDepthVulnerability.getMinDepth()) {
                return false;
            }
            Vulnerability vulnerability = getVulnerability();
            Vulnerability vulnerability2 = minimumDepthVulnerability.getVulnerability();
            return vulnerability == null ? vulnerability2 == null : vulnerability.equals(vulnerability2);
        }

        @Generated
        public int hashCode() {
            int minDepth = (1 * 59) + getMinDepth();
            Vulnerability vulnerability = getVulnerability();
            return (minDepth * 59) + (vulnerability == null ? 43 : vulnerability.hashCode());
        }

        @Generated
        public String toString() {
            return "DependencyVulnerabilityCheck.MinimumDepthVulnerability(minDepth=" + getMinDepth() + ", vulnerability=" + getVulnerability() + ")";
        }
    }

    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$UpgradeDelta.class */
    public enum UpgradeDelta {
        patch,
        minor,
        major
    }

    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$Vulnerabilities.class */
    public static final class Vulnerabilities {
        private final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> gavToVulnerabilities;

        public Set<MinimumDepthVulnerability> computeIfAbsent(ResolvedGroupArtifactVersion resolvedGroupArtifactVersion, Function<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> function) {
            return this.gavToVulnerabilities.computeIfAbsent(resolvedGroupArtifactVersion, function);
        }

        @Generated
        @ConstructorProperties({"gavToVulnerabilities"})
        public Vulnerabilities(Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map) {
            this.gavToVulnerabilities = map;
        }

        @Generated
        public Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> getGavToVulnerabilities() {
            return this.gavToVulnerabilities;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Vulnerabilities)) {
                return false;
            }
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> gavToVulnerabilities = getGavToVulnerabilities();
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> gavToVulnerabilities2 = ((Vulnerabilities) obj).getGavToVulnerabilities();
            return gavToVulnerabilities == null ? gavToVulnerabilities2 == null : gavToVulnerabilities.equals(gavToVulnerabilities2);
        }

        @Generated
        public int hashCode() {
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> gavToVulnerabilities = getGavToVulnerabilities();
            return (1 * 59) + (gavToVulnerabilities == null ? 43 : gavToVulnerabilities.hashCode());
        }

        @Generated
        public String toString() {
            return "DependencyVulnerabilityCheck.Vulnerabilities(gavToVulnerabilities=" + getGavToVulnerabilities() + ")";
        }
    }

    private VersionComparator versionComparator() {
        if (this.versionComparator == null) {
            if (this.maximumUpgradeDelta != null) {
                switch (this.maximumUpgradeDelta) {
                    case patch:
                        this.versionComparator = new LatestPatch((String) null);
                        break;
                    case minor:
                        this.versionComparator = new LatestMinor((String) null);
                        break;
                    case major:
                        this.versionComparator = new LatestRelease((String) null);
                        break;
                }
            } else {
                this.versionComparator = new LatestPatch((String) null);
            }
        }
        return this.versionComparator;
    }

    public String getDisplayName() {
        return "Find and fix vulnerable dependencies";
    }

    public String getDescription() {
        return "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe **only** upgrades to the latest **patch** version.  If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the [GitHub Security Advisory Database](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database), which aggregates vulnerability data from several public databases, including the [National Vulnerability Database](https://nvd.nist.gov/) maintained by the United States government. Upgrades dependencies versioned according to [Semantic Versioning](https://semver.org/).";
    }

    public Validated<Object> validate() {
        return super.validate().and(Validated.test("scope", "scope is a valid Maven scope", this.scope, str -> {
            try {
                Scope.fromName(str);
                return true;
            } catch (Throwable th) {
                return false;
            }
        }));
    }

    /* renamed from: getInitialValue, reason: merged with bridge method [inline-methods] */
    public Accumulator m529getInitialValue(ExecutionContext executionContext) {
        Scope fromName = Scope.fromName(this.scope);
        CsvMapper csvMapper = new CsvMapper();
        csvMapper.registerModule(new JavaTimeModule());
        HashMap hashMap = new HashMap();
        try {
            InputStream resourceAsStream = DependencyVulnerabilityCheck.class.getResourceAsStream("/advisories-maven.csv");
            try {
                MappingIterator readValues = csvMapper.readerWithSchemaFor(Vulnerability.class).readValues(resourceAsStream);
                try {
                    readValues.forEachRemaining(vulnerability -> {
                        String[] split = vulnerability.getGroupArtifact().split(":");
                        ((List) hashMap.computeIfAbsent(new GroupArtifact(split[0], split[1]), groupArtifact -> {
                            return new ArrayList();
                        })).add(vulnerability);
                    });
                    if (readValues != null) {
                        readValues.close();
                    }
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return new Accumulator(hashMap, fromName, new UpgradeDependencyVersion("", "", "", (String) null, (Boolean) null, (List) null).getInitialValue(executionContext), new UpgradeTransitiveDependencyVersion("", "", "", (String) null, (String) null, (String) null, (String) null, (String) null, (Boolean) null, (String) null, true).getInitialValue(executionContext), versionComparator());
                } catch (Throwable th) {
                    if (readValues != null) {
                        try {
                            readValues.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public TreeVisitor<?, ExecutionContext> getScanner(final Accumulator accumulator) {
        return new TreeVisitor<Tree, ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.1
            public Tree visit(Tree tree, ExecutionContext executionContext) {
                if (!(tree instanceof SourceFile)) {
                    return tree;
                }
                accumulator.repositoriesFrom((SourceFile) tree);
                DependencyVulnerabilityCheck.this.scanMaven(accumulator.getDb(), accumulator.getProjectToVulnerabilities(), accumulator.getScope()).visitNonNull(tree, executionContext);
                DependencyVulnerabilityCheck.this.scanGradleGroovy(accumulator.getDb(), accumulator.getProjectToVulnerabilities(), accumulator.getScope()).visitNonNull(tree, executionContext);
                new UpgradeDependencyVersion("", "", "", (String) null, (Boolean) null, (List) null).getScanner(accumulator.getDependencyAcc()).visit(tree, executionContext);
                new UpgradeTransitiveDependencyVersion("", "", "", (String) null, (String) null, (String) null, (String) null, (String) null, (Boolean) null, (String) null, true).getScanner(accumulator.getTransitiveAcc()).visit(tree, executionContext);
                return tree;
            }
        };
    }

    public Collection<SourceFile> generate(Accumulator accumulator, ExecutionContext executionContext) {
        for (Map.Entry<String, Vulnerabilities> entry : accumulator.getProjectToVulnerabilities().entrySet()) {
            String key = entry.getKey();
            for (Map.Entry<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> entry2 : entry.getValue().getGavToVulnerabilities().entrySet()) {
                for (MinimumDepthVulnerability minimumDepthVulnerability : entry2.getValue()) {
                    Vulnerability vulnerability = minimumDepthVulnerability.getVulnerability();
                    ResolvedGroupArtifactVersion key2 = entry2.getKey();
                    this.report.insertRow(executionContext, new VulnerabilityReport.Row(key, vulnerability.getCve(), key2.getGroupId(), key2.getArtifactId(), key2.getVersion(), vulnerability.getFixedVersion(), versionComparator().isValid(key2.getVersion(), vulnerability.getFixedVersion()), vulnerability.getSummary(), vulnerability.getSeverity().toString(), Integer.valueOf(minimumDepthVulnerability.getMinDepth()), vulnerability.getCwes()));
                }
            }
        }
        return Collections.emptyList();
    }

    public TreeVisitor<?, ExecutionContext> getVisitor(final Accumulator accumulator) {
        return new TreeVisitor<Tree, ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.2
            public Tree visit(Tree tree, ExecutionContext executionContext) {
                if (tree == null) {
                    return null;
                }
                Tree tree2 = tree;
                for (Map.Entry<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> entry : accumulator.upgradeableVulnerabilities().entrySet()) {
                    ResolvedGroupArtifactVersion key = entry.getKey();
                    Set<MinimumDepthVulnerability> value = entry.getValue();
                    String versionToRequest = DependencyVulnerabilityCheck.this.versionToRequest(value, accumulator.getRepositories(), executionContext);
                    Tree visitNonNull = new UpgradeDependencyVersion(key.getGroupId(), key.getArtifactId(), versionToRequest, (String) null, DependencyVulnerabilityCheck.this.overrideTransitive, (List) null).getVisitor(accumulator.getDependencyAcc()).visitNonNull(tree2, executionContext);
                    String str = null;
                    if (visitNonNull == tree2 && DependencyVulnerabilityCheck.this.overrideTransitive != null && DependencyVulnerabilityCheck.this.overrideTransitive.booleanValue()) {
                        str = DependencyVulnerabilityCheck.because(value);
                        visitNonNull = new UpgradeTransitiveDependencyVersion(key.getGroupId(), key.getArtifactId(), versionToRequest, DependencyVulnerabilityCheck.this.scope, (String) null, (String) null, (String) null, str, (Boolean) null, (String) null, true).getVisitor(accumulator.getTransitiveAcc()).visitNonNull(visitNonNull, executionContext);
                    }
                    tree2 = visitNonNull;
                    if (tree2 != tree) {
                        if (str == null) {
                            str = DependencyVulnerabilityCheck.because(value);
                        }
                        CommitMessage.message(visitNonNull, DependencyVulnerabilityCheck.this, str);
                    }
                }
                return tree2;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String versionToRequest(Set<MinimumDepthVulnerability> set, List<MavenRepository> list, ExecutionContext executionContext) {
        Vulnerability vulnerability = (Vulnerability) set.stream().max(Comparator.comparing(minimumDepthVulnerability -> {
            return this.versionParser.transform(stripExtraneousVersionSuffix(minimumDepthVulnerability.getVulnerability().getFixedVersion()));
        }, new StaticVersionComparator())).map((v0) -> {
            return v0.getVulnerability();
        }).orElse(null);
        if (vulnerability == null) {
            return "latest.patch";
        }
        String[] split = vulnerability.getGroupArtifact().split(":");
        String str = split[0];
        String str2 = split[1];
        try {
            return this.metadataFailures.insertRows(executionContext, () -> {
                return new MavenPomDownloader(executionContext).downloadMetadata(new GroupArtifact(str, str2), (ResolvedPom) null, list);
            }).getVersioning().getVersions().contains(vulnerability.getFixedVersion()) ? vulnerability.getFixedVersion() : "latest.patch";
        } catch (MavenDownloadingException e) {
            return "latest.patch";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String because(Collection<MinimumDepthVulnerability> collection) {
        String str = (String) collection.stream().map((v0) -> {
            return v0.getVulnerability();
        }).map((v0) -> {
            return v0.getCve();
        }).filter(StringUtils::isNotEmpty).distinct().collect(Collectors.joining(", "));
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MavenVisitor<ExecutionContext> scanMaven(final Map<GroupArtifact, List<Vulnerability>> map, final Map<String, Vulnerabilities> map2, final Scope scope) {
        return new MavenIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.3
            /* renamed from: visitDocument, reason: merged with bridge method [inline-methods] */
            public Xml.Document m530visitDocument(Xml.Document document, ExecutionContext executionContext) {
                List list = (List) getResolutionResult().getDependencies().get(scope);
                if (list != null) {
                    String projectName = DependencyVulnerabilityCheck.projectName(document);
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        DependencyVulnerabilityCheck.this.analyzeDependency(map, (Vulnerabilities) map2.computeIfAbsent(projectName, str -> {
                            return new Vulnerabilities(new LinkedHashMap());
                        }), (ResolvedDependency) it.next());
                    }
                }
                return document;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String projectName(Tree tree) {
        return (String) tree.getMarkers().findFirst(JavaProject.class).map((v0) -> {
            return v0.getProjectName();
        }).orElse("");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean scopeExcludesConfiguration(GradleDependencyConfiguration gradleDependencyConfiguration, Scope scope) {
        switch (AnonymousClass5.$SwitchMap$org$openrewrite$maven$tree$Scope[scope.ordinal()]) {
            case 1:
                return !gradleDependencyConfiguration.getName().contains("test");
            case 2:
            case 3:
                return gradleDependencyConfiguration.getName().contains("test");
            case 4:
                return (gradleDependencyConfiguration.getName().contains("provided") || gradleDependencyConfiguration.getName().contains("compileOnly")) ? false : true;
            default:
                return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroovyVisitor<ExecutionContext> scanGradleGroovy(final Map<GroupArtifact, List<Vulnerability>> map, final Map<String, Vulnerabilities> map2, final Scope scope) {
        return new GroovyIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.4
            /* renamed from: visitCompilationUnit, reason: merged with bridge method [inline-methods] */
            public G.CompilationUnit m531visitCompilationUnit(G.CompilationUnit compilationUnit, ExecutionContext executionContext) {
                Optional findFirst = compilationUnit.getMarkers().findFirst(GradleProject.class);
                Scope scope2 = scope;
                Map map3 = map;
                Map map4 = map2;
                findFirst.ifPresent(gradleProject -> {
                    String projectName = DependencyVulnerabilityCheck.projectName(compilationUnit);
                    for (GradleDependencyConfiguration gradleDependencyConfiguration : gradleProject.getConfigurations()) {
                        if (!DependencyVulnerabilityCheck.scopeExcludesConfiguration(gradleDependencyConfiguration, scope2)) {
                            for (ResolvedDependency resolvedDependency : gradleDependencyConfiguration.getResolved()) {
                                if (!StringUtils.isBlank(resolvedDependency.getVersion())) {
                                    DependencyVulnerabilityCheck.this.analyzeDependency(map3, (Vulnerabilities) map4.computeIfAbsent(projectName, str -> {
                                        return new Vulnerabilities(new LinkedHashMap());
                                    }), resolvedDependency);
                                }
                            }
                        }
                    }
                });
                return compilationUnit;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void analyzeDependency(Map<GroupArtifact, List<Vulnerability>> map, Vulnerabilities vulnerabilities, ResolvedDependency resolvedDependency) {
        List<Vulnerability> list = map.get(new GroupArtifact(resolvedDependency.getGroupId(), resolvedDependency.getArtifactId()));
        if (list != null) {
            Set<MinimumDepthVulnerability> set = null;
            StaticVersionComparator staticVersionComparator = new StaticVersionComparator();
            for (Vulnerability vulnerability : list) {
                boolean isBlank = StringUtils.isBlank(vulnerability.getFixedVersion());
                if (!isBlank && staticVersionComparator.compare(this.versionParser.transform(stripExtraneousVersionSuffix(vulnerability.getFixedVersion())), this.versionParser.transform(stripExtraneousVersionSuffix(resolvedDependency.getVersion()))) > 0) {
                    isBlank = true;
                }
                if (isBlank && staticVersionComparator.compare(this.versionParser.transform(stripExtraneousVersionSuffix(vulnerability.getIntroducedVersion())), this.versionParser.transform(stripExtraneousVersionSuffix(resolvedDependency.getVersion()))) <= 0) {
                    if (set == null) {
                        set = vulnerabilities.computeIfAbsent(resolvedDependency.getGav(), resolvedGroupArtifactVersion -> {
                            return new TreeSet(Comparator.comparing(minimumDepthVulnerability -> {
                                return minimumDepthVulnerability.getVulnerability().getSeverity();
                            }).reversed().thenComparing(minimumDepthVulnerability2 -> {
                                return minimumDepthVulnerability2.getVulnerability().getCve();
                            }));
                        });
                    }
                    Iterator<MinimumDepthVulnerability> it = set.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            set.add(new MinimumDepthVulnerability(resolvedDependency.getDepth(), vulnerability));
                            break;
                        }
                        MinimumDepthVulnerability next = it.next();
                        if (next.getVulnerability().equals(vulnerability)) {
                            next.minDepth = Math.min(next.minDepth, resolvedDependency.getDepth());
                            break;
                        }
                    }
                }
            }
        }
    }

    private static String stripExtraneousVersionSuffix(String str) {
        return str.endsWith(".RELEASE") ? str.substring(0, str.length() - ".RELEASE".length()) : str;
    }

    @Generated
    public MavenMetadataFailures getMetadataFailures() {
        return this.metadataFailures;
    }

    @Generated
    public VersionParser getVersionParser() {
        return this.versionParser;
    }

    @Generated
    public VulnerabilityReport getReport() {
        return this.report;
    }

    @Generated
    public VersionComparator getVersionComparator() {
        return this.versionComparator;
    }

    @Generated
    public String getScope() {
        return this.scope;
    }

    @Generated
    public Boolean getOverrideTransitive() {
        return this.overrideTransitive;
    }

    @Generated
    public UpgradeDelta getMaximumUpgradeDelta() {
        return this.maximumUpgradeDelta;
    }

    @Generated
    public String toString() {
        return "DependencyVulnerabilityCheck(metadataFailures=" + getMetadataFailures() + ", versionParser=" + getVersionParser() + ", report=" + getReport() + ", versionComparator=" + getVersionComparator() + ", scope=" + getScope() + ", overrideTransitive=" + getOverrideTransitive() + ", maximumUpgradeDelta=" + getMaximumUpgradeDelta() + ")";
    }

    @Generated
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof DependencyVulnerabilityCheck)) {
            return false;
        }
        DependencyVulnerabilityCheck dependencyVulnerabilityCheck = (DependencyVulnerabilityCheck) obj;
        if (!dependencyVulnerabilityCheck.canEqual(this)) {
            return false;
        }
        Boolean overrideTransitive = getOverrideTransitive();
        Boolean overrideTransitive2 = dependencyVulnerabilityCheck.getOverrideTransitive();
        if (overrideTransitive == null) {
            if (overrideTransitive2 != null) {
                return false;
            }
        } else if (!overrideTransitive.equals(overrideTransitive2)) {
            return false;
        }
        String scope = getScope();
        String scope2 = dependencyVulnerabilityCheck.getScope();
        if (scope == null) {
            if (scope2 != null) {
                return false;
            }
        } else if (!scope.equals(scope2)) {
            return false;
        }
        UpgradeDelta maximumUpgradeDelta = getMaximumUpgradeDelta();
        UpgradeDelta maximumUpgradeDelta2 = dependencyVulnerabilityCheck.getMaximumUpgradeDelta();
        return maximumUpgradeDelta == null ? maximumUpgradeDelta2 == null : maximumUpgradeDelta.equals(maximumUpgradeDelta2);
    }

    @Generated
    protected boolean canEqual(Object obj) {
        return obj instanceof DependencyVulnerabilityCheck;
    }

    @Generated
    public int hashCode() {
        Boolean overrideTransitive = getOverrideTransitive();
        int hashCode = (1 * 59) + (overrideTransitive == null ? 43 : overrideTransitive.hashCode());
        String scope = getScope();
        int hashCode2 = (hashCode * 59) + (scope == null ? 43 : scope.hashCode());
        UpgradeDelta maximumUpgradeDelta = getMaximumUpgradeDelta();
        return (hashCode2 * 59) + (maximumUpgradeDelta == null ? 43 : maximumUpgradeDelta.hashCode());
    }

    @Generated
    @ConstructorProperties({"scope", "overrideTransitive", "maximumUpgradeDelta"})
    public DependencyVulnerabilityCheck(String str, Boolean bool, UpgradeDelta upgradeDelta) {
        this.scope = str;
        this.overrideTransitive = bool;
        this.maximumUpgradeDelta = upgradeDelta;
    }
}
