package org.owasp.dependencycheck.analyzer;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Experimental
@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/PinnedMavenInstallAnalyzer.class */
public class PinnedMavenInstallAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String ANALYZER_NAME = "Pinned Maven install Analyzer";
    private static final ObjectReader INSTALL_FILE_READER;
    private static final Logger LOGGER = LoggerFactory.getLogger(PinnedMavenInstallAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final Pattern MAVEN_INSTALL_JSON_PATTERN = Pattern.compile("(.+install.*|.*install.+)\\.json");
    private static final FileFilter FILTER = file -> {
        return MAVEN_INSTALL_JSON_PATTERN.matcher(file.getName()).matches();
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/PinnedMavenInstallAnalyzer$DependencyTree.class */
    public static class DependencyTree {

        @JsonProperty("__AUTOGENERATED_FILE_DO_NOT_MODIFY_THIS_FILE_MANUALLY")
        private String autogeneratedSentinel;

        @JsonProperty("dependencies")
        private List<MavenDependency> dependencies;

        @JsonProperty("version")
        private String version;

        private DependencyTree() {
        }

        public String getAutogeneratedSentinel() {
            return this.autogeneratedSentinel;
        }

        public List<MavenDependency> getDependencies() {
            return this.dependencies;
        }

        public String getVersion() {
            return this.version;
        }
    }

    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/PinnedMavenInstallAnalyzer$InstallFile.class */
    private static class InstallFile {

        @JsonProperty("dependency_tree")
        private DependencyTree dependencyTree;

        private InstallFile() {
        }

        public DependencyTree getDependencyTree() {
            return this.dependencyTree;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/PinnedMavenInstallAnalyzer$MavenDependency.class */
    public static class MavenDependency {

        @JsonProperty("coord")
        private String coord;

        private MavenDependency() {
        }

        public String getCoord() {
            return this.coord;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.maveninstall.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        String str;
        LOGGER.debug("Checking file {}", dependency.getActualFilePath());
        File actualFile = dependency.getActualFile();
        if (!actualFile.isFile() || actualFile.length() == 0) {
            return;
        }
        try {
            DependencyTree dependencyTree = ((InstallFile) INSTALL_FILE_READER.readValue(actualFile)).getDependencyTree();
            if (dependencyTree != null && Objects.equals(dependencyTree.getAutogeneratedSentinel(), "THERE_IS_NO_DATA_ONLY_ZUUL")) {
                engine.removeDependency(dependency);
                if (!Objects.equals(dependencyTree.getVersion(), "0.1.0")) {
                    LOGGER.warn("Unsupported pinned maven_install.json version {}. Continuing optimistically.", dependencyTree.getVersion());
                }
                List<MavenDependency> dependencies = dependencyTree.getDependencies();
                if (dependencies == null) {
                    dependencies = Collections.emptyList();
                }
                for (MavenDependency mavenDependency : dependencies) {
                    if (mavenDependency.getCoord() == null) {
                        LOGGER.warn("Unexpected null coordinate in {}", dependency.getActualFilePath());
                    } else {
                        LOGGER.debug("Analyzing {}", mavenDependency.getCoord());
                        String[] split = mavenDependency.getCoord().split(":");
                        if (split.length < 3 || split.length > 5) {
                            LOGGER.warn("Invalid maven coordinate {}", mavenDependency.getCoord());
                        } else {
                            String str2 = split[0];
                            String str3 = split[1];
                            String str4 = null;
                            if (split.length == 3) {
                                str = split[2];
                            } else if (split.length == 4) {
                                str4 = split[2];
                                str = split[3];
                            } else {
                                str4 = split[3];
                                str = split[4];
                            }
                            if ("sources".equals(str4) || "javadoc".equals(str4)) {
                                LOGGER.debug("Skipping sources jar {}", mavenDependency.getCoord());
                            } else {
                                Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
                                dependency2.setEcosystem("java");
                                dependency2.addEvidence(EvidenceType.VENDOR, PomHandler.PROJECT, "groupid", str2, Confidence.HIGHEST);
                                dependency2.addEvidence(EvidenceType.PRODUCT, PomHandler.PROJECT, "artifactid", str3, Confidence.HIGHEST);
                                dependency2.addEvidence(EvidenceType.VERSION, PomHandler.PROJECT, "version", str, Confidence.HIGHEST);
                                dependency2.setName(String.format("%s:%s", str2, str3));
                                dependency2.setFilePath(String.format("%s>>%s", dependency.getActualFile(), mavenDependency.getCoord()));
                                dependency2.setFileName(mavenDependency.getCoord());
                                try {
                                    PackageURLBuilder withVersion = PackageURLBuilder.aPackageURL().withType("maven").withNamespace(str2).withName(str3).withVersion(str);
                                    if (str4 != null) {
                                        withVersion.withQualifier("classifier", str4);
                                    }
                                    dependency2.addSoftwareIdentifier(new PurlIdentifier(withVersion.build(), Confidence.HIGHEST));
                                } catch (MalformedPackageURLException e) {
                                    dependency2.addSoftwareIdentifier(new GenericIdentifier("maven_install JSON coord " + mavenDependency.getCoord(), Confidence.HIGH));
                                }
                                dependency2.setVersion(str);
                                engine.addDependency(dependency2);
                            }
                        }
                    }
                }
            }
        } catch (IOException e2) {
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) {
    }

    static {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        INSTALL_FILE_READER = objectMapper.readerFor(InstallFile.class);
    }
}
