package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import com.google.common.collect.ImmutableList;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.CvssV2;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.dependency.VulnerableSoftwareBuilder;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.exceptions.CpeValidationException;
import us.springett.parsers.cpe.values.Part;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.class */
public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEPENDENCY_ECOSYSTEM = "ruby";
    private static final String ANALYZER_NAME = "Ruby Bundle Audit Analyzer";
    public static final String NAME = "Name: ";
    public static final String VERSION = "Version: ";
    public static final String ADVISORY = "Advisory: ";
    public static final String CRITICALITY = "Criticality: ";
    private CveDB cvedb = null;
    private boolean needToDisableGemspecAnalyzer = true;
    private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    private Process launchBundleAudit(File file, List<String> list) throws AnalysisException {
        if (!file.isDirectory()) {
            throw new AnalysisException(String.format("%s should have been a directory.", file.getAbsolutePath()));
        }
        ArrayList arrayList = new ArrayList();
        String string = getSettings().getString("analyzer.bundle.audit.path");
        File file2 = null;
        if (string != null) {
            file2 = new File(string);
            if (!file2.isFile()) {
                LOGGER.warn("Supplied `bundleAudit` path is incorrect: {}", string);
                file2 = null;
            }
        }
        arrayList.add(file2 != null ? file2.getAbsolutePath() : "bundle-audit");
        arrayList.addAll(list);
        ProcessBuilder processBuilder = new ProcessBuilder(arrayList);
        String string2 = getSettings().getString("analyzer.bundle.audit.working.directory");
        File file3 = null;
        if (string2 != null) {
            file3 = new File(string2);
            if (!file3.isDirectory()) {
                LOGGER.warn("Supplied `bundleAuditWorkingDirectory` path is incorrect: {}", string2);
                file3 = null;
            }
        }
        File file4 = file3 != null ? file3 : file;
        processBuilder.directory(file4);
        try {
            LOGGER.info("Launching: {} from {}", arrayList, file4);
            return processBuilder.start();
        } catch (IOException e) {
            throw new AnalysisException("bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified", e);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r12v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v7 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v7 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v3 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x010f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:24:0x010f */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x01d0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:69:0x01d0 */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x0114: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:26:0x0114 */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x01d5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:71:0x01d5 */
    /* JADX WARN: Type inference failed for: r12v3, types: [java.io.BufferedReader] */
    /* JADX WARN: Type inference failed for: r12v7, types: [java.io.BufferedReader] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r13v3, types: [java.lang.Throwable] */
    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        if (engine != null) {
            this.cvedb = engine.getDatabase();
        }
        try {
            Process launchBundleAudit = launchBundleAudit(getSettings().getTempDirectory(), ImmutableList.of("version"));
            try {
                int waitFor = launchBundleAudit.waitFor();
                if (waitFor != 0) {
                    try {
                        try {
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(launchBundleAudit.getErrorStream(), StandardCharsets.UTF_8));
                            if (!bufferedReader.ready()) {
                                LOGGER.warn("Unexpected exit value from bundle-audit process and error stream unexpectedly not ready to capture error details. Disabling {}. Exit value was: {}", ANALYZER_NAME, Integer.valueOf(waitFor));
                                setEnabled(false);
                                throw new InitializationException("Bundle-audit error stream unexpectedly not ready.");
                            }
                            String readLine = bufferedReader.readLine();
                            setEnabled(false);
                            LOGGER.warn("Unexpected exit value from bundle-audit process. Disabling {}. Exit value was: {}. error stream output from bundle-audit process was: {}", new Object[]{ANALYZER_NAME, Integer.valueOf(waitFor), readLine});
                            throw new InitializationException("Unexpected exit value from bundle-audit process.");
                        } finally {
                        }
                    } catch (UnsupportedEncodingException e) {
                        setEnabled(false);
                        throw new InitializationException("Unexpected bundle-audit encoding when reading error stream.", e);
                    } catch (IOException e2) {
                        setEnabled(false);
                        throw new InitializationException("Unable to read bundle-audit output from error stream.", e2);
                    }
                }
                try {
                    try {
                        BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(launchBundleAudit.getInputStream(), StandardCharsets.UTF_8));
                        Throwable th = null;
                        if (!bufferedReader2.ready()) {
                            LOGGER.warn("Bundle-audit input stream unexpectedly not ready to capture version details. Disabling {}", ANALYZER_NAME);
                            setEnabled(false);
                            throw new InitializationException("Bundle-audit input stream unexpectedly not ready to capture version details.");
                        }
                        String readLine2 = bufferedReader2.readLine();
                        if (bufferedReader2 != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                bufferedReader2.close();
                            }
                        }
                        if (isEnabled()) {
                            LOGGER.info("{} is enabled and is using bundle-audit with version details: {}. Note: It is necessary to manually run \"bundle-audit update\" occasionally to keep its database up to date.", ANALYZER_NAME, readLine2);
                        }
                    } finally {
                    }
                } catch (UnsupportedEncodingException e3) {
                    setEnabled(false);
                    throw new InitializationException("Unexpected bundle-audit encoding when reading input stream.", e3);
                } catch (IOException e4) {
                    setEnabled(false);
                    throw new InitializationException("Unable to read bundle-audit output from input stream.", e4);
                }
            } catch (InterruptedException e5) {
                setEnabled(false);
                String format = String.format("Bundle-audit process was interrupted. Disabling %s", ANALYZER_NAME);
                Thread.currentThread().interrupt();
                throw new InitializationException(format);
            }
        } catch (IOException e6) {
            setEnabled(false);
            throw new InitializationException("Unable to create temporary file, the Ruby Bundle Audit Analyzer will be disabled", e6);
        } catch (AnalysisException e7) {
            setEnabled(false);
            throw new InitializationException(String.format("Exception from bundle-audit process: %s. Disabling %s", e7.getCause(), ANALYZER_NAME), e7);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.bundle.audit.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.needToDisableGemspecAnalyzer) {
            boolean z = true;
            String name = RubyGemspecAnalyzer.class.getName();
            for (FileTypeAnalyzer fileTypeAnalyzer : engine.getFileTypeAnalyzers()) {
                if (fileTypeAnalyzer instanceof RubyBundlerAnalyzer) {
                    ((RubyBundlerAnalyzer) fileTypeAnalyzer).setEnabled(false);
                    LOGGER.info("Disabled {} to avoid noisy duplicate results.", RubyBundlerAnalyzer.class.getName());
                } else if (fileTypeAnalyzer instanceof RubyGemspecAnalyzer) {
                    ((RubyGemspecAnalyzer) fileTypeAnalyzer).setEnabled(false);
                    LOGGER.info("Disabled {} to avoid noisy duplicate results.", name);
                    z = false;
                }
            }
            if (z) {
                LOGGER.warn("Did not find {}.", name);
            }
            this.needToDisableGemspecAnalyzer = false;
        }
        Process launchBundleAudit = launchBundleAudit(dependency.getActualFile().getParentFile(), ImmutableList.of("check", "--verbose"));
        try {
            int waitFor = launchBundleAudit.waitFor();
            if (waitFor < 0 || waitFor > 1) {
                throw new AnalysisException(String.format("Unexpected exit code from bundle-audit process; exit code: %s", Integer.valueOf(waitFor)));
            }
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(launchBundleAudit.getErrorStream(), StandardCharsets.UTF_8));
                Throwable th = null;
                while (bufferedReader.ready()) {
                    try {
                        try {
                            LOGGER.warn(bufferedReader.readLine());
                        } finally {
                            if (bufferedReader != null) {
                                if (th != null) {
                                    try {
                                        bufferedReader.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    bufferedReader.close();
                                }
                            }
                        }
                    } catch (Throwable th3) {
                        th = th3;
                        throw th3;
                    }
                }
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                bufferedReader = new BufferedReader(new InputStreamReader(launchBundleAudit.getInputStream(), StandardCharsets.UTF_8));
                Throwable th5 = null;
                try {
                    try {
                        processBundlerAuditOutput(dependency, engine, bufferedReader);
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                    } catch (Throwable th7) {
                        th5 = th7;
                        throw th7;
                    }
                } finally {
                }
            } catch (IOException | CpeValidationException e) {
                LOGGER.warn("bundle-audit failure", e);
            }
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new AnalysisException("bundle-audit process interrupted", e2);
        }
    }

    private void processBundlerAuditOutput(Dependency dependency, Engine engine, BufferedReader bufferedReader) throws IOException, CpeValidationException {
        String readLine;
        String name = dependency.getActualFile().getParentFile().getName();
        String fileName = dependency.getFileName();
        String filePath = dependency.getFilePath();
        Dependency dependency2 = null;
        Vulnerability vulnerability = null;
        String str = null;
        HashMap hashMap = new HashMap();
        boolean z = false;
        while (bufferedReader.ready() && null != (readLine = bufferedReader.readLine())) {
            if (readLine.startsWith("Name: ")) {
                z = false;
                str = readLine.substring("Name: ".length());
                if (!hashMap.containsKey(str)) {
                    hashMap.put(str, createDependencyForGem(engine, name, fileName, filePath, str));
                }
                dependency2 = (Dependency) hashMap.get(str);
                LOGGER.debug("bundle-audit ({}): {}", name, readLine);
            } else if (readLine.startsWith("Version: ")) {
                vulnerability = createVulnerability(name, dependency2, str, readLine);
            } else if (readLine.startsWith("Advisory: ")) {
                setVulnerabilityName(name, dependency2, vulnerability, readLine);
            } else if (readLine.startsWith("Criticality: ")) {
                addCriticalityToVulnerability(name, vulnerability, readLine);
            } else if (readLine.startsWith("URL: ")) {
                addReferenceToVulnerability(name, vulnerability, readLine);
            } else if (readLine.startsWith("Description:")) {
                z = true;
                if (null != vulnerability) {
                    vulnerability.setDescription("*** Vulnerability obtained from bundle-audit verbose report. Title link may not work. CPE below is guessed. CVSS score is estimated (-1.0  indicates unknown). See link below for full details. *** ");
                }
            } else if (z && null != vulnerability) {
                vulnerability.setDescription(vulnerability.getDescription() + readLine + "\n");
            }
        }
    }

    private void setVulnerabilityName(String str, Dependency dependency, Vulnerability vulnerability, String str2) {
        String substring = str2.substring("Advisory: ".length());
        if (null != vulnerability) {
            vulnerability.setName(substring);
        }
        if (null != dependency) {
            dependency.addVulnerability(vulnerability);
        }
        LOGGER.debug("bundle-audit ({}): {}", str, str2);
    }

    private void addReferenceToVulnerability(String str, Vulnerability vulnerability, String str2) {
        String substring = str2.substring("URL: ".length());
        if (null != vulnerability) {
            Reference reference = new Reference();
            reference.setName(vulnerability.getName());
            reference.setSource("bundle-audit");
            reference.setUrl(substring);
            vulnerability.getReferences().add(reference);
        }
        LOGGER.debug("bundle-audit ({}): {}", str, str2);
    }

    private void addCriticalityToVulnerability(String str, Vulnerability vulnerability, String str2) {
        if (null != vulnerability) {
            String trim = str2.substring("Criticality: ".length()).trim();
            float f = -1.0f;
            Vulnerability vulnerability2 = null;
            if (this.cvedb != null) {
                try {
                    vulnerability2 = this.cvedb.getVulnerability(vulnerability.getName());
                } catch (DatabaseException e) {
                    LOGGER.debug("Unable to look up vulnerability {}", vulnerability.getName());
                }
            }
            if (vulnerability2 == null || (vulnerability2.getCvssV2() == null && vulnerability2.getCvssV3() == null)) {
                if ("High".equalsIgnoreCase(trim)) {
                    f = 8.5f;
                } else if ("Medium".equalsIgnoreCase(trim)) {
                    f = 5.5f;
                } else if ("Low".equalsIgnoreCase(trim)) {
                    f = 2.0f;
                }
                vulnerability.setCvssV2(new CvssV2(f, "-", "-", "-", "-", "-", "-", trim));
            } else {
                if (vulnerability2.getCvssV2() != null) {
                    vulnerability.setCvssV2(vulnerability2.getCvssV2());
                }
                if (vulnerability2.getCvssV3() != null) {
                    vulnerability.setCvssV3(vulnerability2.getCvssV3());
                }
            }
        }
        LOGGER.debug("bundle-audit ({}): {}", str, str2);
    }

    private Vulnerability createVulnerability(String str, Dependency dependency, String str2, String str3) throws CpeValidationException {
        Vulnerability vulnerability = null;
        if (null != dependency) {
            String substring = str3.substring("Version: ".length());
            dependency.addEvidence(EvidenceType.VERSION, "bundler-audit", "Version", substring, Confidence.HIGHEST);
            dependency.setVersion(substring);
            dependency.setName(str2);
            try {
                dependency.addSoftwareIdentifier(new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("gem").withName(dependency.getName()).withVersion(dependency.getVersion()).build(), Confidence.HIGHEST));
            } catch (MalformedPackageURLException e) {
                LOGGER.debug("Unable to build package url for python", e);
                dependency.addSoftwareIdentifier(new GenericIdentifier("gem:" + dependency.getName() + "@" + dependency.getVersion(), Confidence.HIGHEST));
            }
            vulnerability = new Vulnerability();
            vulnerability.setSource(Vulnerability.Source.BUNDLEAUDIT);
            VulnerableSoftware m106build = new VulnerableSoftwareBuilder().m138part(Part.APPLICATION).m136vendor(str2).m135product(String.format("%s_project", str2)).m134version(substring).m106build();
            vulnerability.addVulnerableSoftware(m106build);
            vulnerability.setMatchedVulnerableSoftware(m106build);
            vulnerability.setCvssV2(new CvssV2(-1.0f, "-", "-", "-", "-", "-", "-", "unknown"));
        }
        LOGGER.debug("bundle-audit ({}): {}", str, str3);
        return vulnerability;
    }

    private Dependency createDependencyForGem(Engine engine, String str, String str2, String str3, String str4) throws IOException {
        try {
            File createTempFile = File.createTempFile(str4, "_Gemfile.lock", getSettings().getTempDirectory());
            String format = String.format("%s%c%s:%s", str, Character.valueOf(File.separatorChar), str2, str4);
            FileUtils.write(createTempFile, format, Charset.defaultCharset());
            Dependency dependency = new Dependency(createTempFile);
            dependency.setEcosystem("ruby");
            dependency.addEvidence(EvidenceType.PRODUCT, "bundler-audit", "Name", str4, Confidence.HIGHEST);
            dependency.setDisplayFileName(format);
            dependency.setFileName(str2);
            dependency.setFilePath(str3);
            engine.addDependency(dependency);
            return dependency;
        } catch (IOException e) {
            throw new IOException("Unable to create temporary gem file");
        }
    }
}
