package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.concurrent.ThreadSafe;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.SearchException;
import org.owasp.dependencycheck.analyzer.exception.UnexpectedAnalysisException;
import org.owasp.dependencycheck.data.nodeaudit.Advisory;
import org.owasp.dependencycheck.data.nodeaudit.NpmPayloadBuilder;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.URLConnectionFailureException;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/NodeAuditAnalyzer.class */
public class NodeAuditAnalyzer extends AbstractNpmAnalyzer {
    public static final String DEFAULT_URL = "https://registry.npmjs.org/-/npm/v1/security/audits";
    public static final String DEPENDENCY_ECOSYSTEM = "nodejs";
    public static final String PACKAGE_LOCK_JSON = "package-lock.json";
    public static final String SHRINKWRAP_JSON = "npm-shrinkwrap.json";
    private static final Logger LOGGER = LoggerFactory.getLogger(NodeAuditAnalyzer.class);
    private static final FileFilter PACKAGE_JSON_FILTER = FileFilterBuilder.newInstance().addFilenames("package-lock.json", "npm-shrinkwrap.json").build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return PACKAGE_JSON_FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "Node Audit Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.FINDING_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.node.audit.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (dependency.getDisplayFileName().equals(dependency.getFileName())) {
            engine.removeDependency(dependency);
        }
        File actualFile = dependency.getActualFile();
        File file = new File(actualFile.getParentFile(), "npm-shrinkwrap.json");
        if ("package-lock.json".equals(dependency.getFileName()) && file.isFile()) {
            LOGGER.debug("Skipping {} because shrinkwrap lock file exists", dependency.getFilePath());
            return;
        }
        if (actualFile.isFile() && actualFile.length() != 0 && shouldProcess(actualFile)) {
            File file2 = new File(actualFile.getParentFile(), NodePackageAnalyzer.PACKAGE_JSON);
            HashMap hashMap = new HashMap();
            try {
                processResults(file2.isFile() ? analyzePackage(actualFile, file2, dependency, hashMap) : legacyAnalysis(actualFile, dependency, hashMap), engine, dependency, hashMap);
            } catch (CpeValidationException e) {
                throw new UnexpectedAnalysisException((Throwable) e);
            }
        }
    }

    private List<Advisory> analyzePackage(File file, File file2, Dependency dependency, Map<String, String> map) throws AnalysisException {
        try {
            return getSearcher().submitPackage(NpmPayloadBuilder.build(Json.createReader(FileUtils.openInputStream(file)).readObject(), Json.createReader(FileUtils.openInputStream(file2)).readObject(), map, getSettings().getBoolean("analyzer.node.audit.skipdev", false)));
        } catch (SearchException e) {
            if (!new File(file.getParentFile(), YarnAuditAnalyzer.YARN_PACKAGE_LOCK).exists()) {
                LOGGER.error("NodeAuditAnalyzer failed on {}", dependency.getActualFilePath());
                throw e;
            }
            String str = "NodeAuditAnalyzer failed on " + dependency.getActualFilePath() + " - yarn.lock was found; if package-lock.json was generated using synp, it may not be in the correct format.";
            LOGGER.error(str);
            throw new AnalysisException(str, e);
        } catch (JsonException e2) {
            throw new AnalysisException(String.format("Failed to parse %s file from the NPM Audit API (NodeAuditAnalyzer).", file.getPath()), e2);
        } catch (IOException e3) {
            LOGGER.debug("Error reading dependency or connecting to NPM Audit API", e3);
            setEnabled(false);
            throw new AnalysisException("Failed to read results from the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.", e3);
        } catch (URLConnectionFailureException e4) {
            setEnabled(false);
            throw new AnalysisException("Failed to connect to the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.", e4);
        }
    }

    private List<Advisory> legacyAnalysis(File file, Dependency dependency, Map<String, String> map) throws AnalysisException {
        try {
            JsonReader createReader = Json.createReader(FileUtils.openInputStream(file));
            Throwable th = null;
            try {
                JsonObject readObject = createReader.readObject();
                String string = readObject.getString(PomHandler.NAME, "");
                String string2 = readObject.getString("version", "");
                if (!string.isEmpty()) {
                    dependency.setName(string);
                }
                if (!string2.isEmpty()) {
                    dependency.setVersion(string2);
                }
                List<Advisory> submitPackage = getSearcher().submitPackage(NpmPayloadBuilder.build(readObject, map));
                if (createReader != null) {
                    if (0 != 0) {
                        try {
                            createReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createReader.close();
                    }
                }
                return submitPackage;
            } catch (Throwable th3) {
                if (createReader != null) {
                    if (0 != 0) {
                        try {
                            createReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        createReader.close();
                    }
                }
                throw th3;
            }
        } catch (JsonException e) {
            throw new AnalysisException(String.format("Failed to parse %s file from the NPM Audit API (NodeAuditAnalyzer).", file.getPath()), e);
        } catch (URLConnectionFailureException e2) {
            setEnabled(false);
            throw new AnalysisException("Failed to connect to the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.", e2);
        } catch (IOException e3) {
            LOGGER.debug("Error reading dependency or connecting to NPM Audit API", e3);
            setEnabled(false);
            throw new AnalysisException("Failed to read results from the NPM Audit API (NodeAuditAnalyzer); the analyzer is being disabled and may result in false negatives.", e3);
        } catch (SearchException e4) {
            LOGGER.error("NodeAuditAnalyzer failed on {}", dependency.getActualFilePath());
            throw e4;
        }
    }
}
