package org.owasp.dependencycheck.processing;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.ElixirMixAuditAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.elixir.MixAuditJsonParser;
import org.owasp.dependencycheck.data.elixir.MixAuditResult;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.CvssV2;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.dependency.VulnerableSoftwareBuilder;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.processing.Processor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.exceptions.CpeValidationException;
import us.springett.parsers.cpe.values.Part;

/* loaded from: input_file:org/owasp/dependencycheck/processing/MixAuditProcessor.class */
public class MixAuditProcessor extends Processor<InputStream> {
    private static final Logger LOGGER = LoggerFactory.getLogger(MixAuditProcessor.class);
    private final Engine engine;
    private final Dependency mixDependency;
    private IOException ioException;
    private CpeValidationException cpeException;
    private AnalysisException analysisException;

    public MixAuditProcessor(Dependency dependency, Engine engine) {
        this.engine = engine;
        this.mixDependency = dependency;
    }

    public void run() {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) getInput(), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                processMixAuditOutput(bufferedReader);
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
            } catch (Throwable th3) {
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            this.ioException = e;
        } catch (AnalysisException e2) {
            this.analysisException = e2;
        } catch (CpeValidationException e3) {
            this.cpeException = e3;
        }
    }

    public void close() throws IOException, AnalysisException, CpeValidationException {
        if (this.ioException != null) {
            addSuppressedExceptions(this.ioException, new Throwable[]{this.analysisException, this.cpeException});
            throw this.ioException;
        }
        if (this.analysisException != null) {
            addSuppressedExceptions(this.analysisException, new Throwable[]{this.cpeException});
            throw this.analysisException;
        }
        if (this.cpeException != null) {
            throw this.cpeException;
        }
    }

    private void processMixAuditOutput(BufferedReader bufferedReader) throws AnalysisException, CpeValidationException {
        MixAuditJsonParser mixAuditJsonParser = new MixAuditJsonParser(bufferedReader);
        mixAuditJsonParser.process();
        for (MixAuditResult mixAuditResult : mixAuditJsonParser.getResults()) {
            Dependency createDependency = createDependency(this.mixDependency, mixAuditResult.getDependencyPackage(), mixAuditResult.getDependencyVersion());
            Vulnerability vulnerability = this.engine.getDatabase().getVulnerability(mixAuditResult.getCve());
            if (vulnerability == null) {
                vulnerability = createVulnerability(mixAuditResult);
            }
            createDependency.addVulnerability(vulnerability);
            this.engine.addDependency(createDependency);
        }
    }

    private Dependency createDependency(Dependency dependency, String str, String str2) {
        Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
        String format = String.format("%s:%s", str, str2);
        dependency2.setEcosystem(ElixirMixAuditAnalyzer.DEPENDENCY_ECOSYSTEM);
        dependency2.setDisplayFileName(format);
        dependency2.setName(str);
        dependency2.setVersion(str2);
        dependency2.setPackagePath(format);
        dependency2.setMd5sum(Checksum.getMD5Checksum(format));
        dependency2.setSha1sum(Checksum.getSHA1Checksum(format));
        dependency2.setSha256sum(Checksum.getSHA256Checksum(format));
        dependency2.addEvidence(EvidenceType.VERSION, "mix_audit", "Version", str2, Confidence.HIGHEST);
        dependency2.addEvidence(EvidenceType.PRODUCT, "mix_audit", "Package", str, Confidence.HIGHEST);
        try {
            dependency2.addSoftwareIdentifier(new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("hex").withName(str).withVersion(str2).build(), Confidence.HIGHEST));
        } catch (MalformedPackageURLException e) {
            LOGGER.debug("Unable to build package url for hex", e);
            dependency2.addSoftwareIdentifier(new GenericIdentifier("hex:" + str + "@" + str2, Confidence.HIGHEST));
        }
        return dependency2;
    }

    private Vulnerability createVulnerability(MixAuditResult mixAuditResult) throws CpeValidationException {
        String dependencyPackage = mixAuditResult.getDependencyPackage();
        String dependencyVersion = mixAuditResult.getDependencyVersion();
        Vulnerability vulnerability = new Vulnerability();
        vulnerability.setSource(Vulnerability.Source.MIXAUDIT);
        VulnerableSoftware m112build = new VulnerableSoftwareBuilder().m144part(Part.APPLICATION).m142vendor(String.format("%s_project", dependencyPackage)).m141product(dependencyPackage).m140version(dependencyVersion).m112build();
        vulnerability.addVulnerableSoftware(m112build);
        vulnerability.setMatchedVulnerableSoftware(m112build);
        vulnerability.setCvssV2(new CvssV2(-1.0f, "-", "-", "-", "-", "-", "-", "unknown"));
        vulnerability.setDescription(mixAuditResult.getDescription());
        vulnerability.setName(mixAuditResult.getCve());
        return vulnerability;
    }
}
