package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.concurrent.ThreadSafe;
import javax.json.Json;
import javax.json.JsonException;
import javax.json.JsonObject;
import javax.json.JsonReader;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/LibmanAnalyzer.class */
public class LibmanAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String DEPENDENCY_ECOSYSTEM = "nodejs";
    private static final String ANALYZER_NAME = "Libman Analyzer";
    private static final Logger LOGGER = LoggerFactory.getLogger(LibmanAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final String FILE_NAME = "libman.json";
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames(FILE_NAME).build();
    private static final Pattern LIBRARY_REGEX = Pattern.compile("(\\@(?<package>[a-zA-Z]+)\\/)?(?<name>.+)\\@(?<version>.+)", 2);

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.libman.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        LOGGER.debug("Checking file {}", dependency.getActualFilePath());
        if (FILE_NAME.equals(dependency.getFileName()) && !dependency.isVirtual()) {
            engine.removeDependency(dependency);
        }
        File actualFile = dependency.getActualFile();
        if (!actualFile.isFile() || actualFile.length() == 0) {
            return;
        }
        try {
            JsonReader createReader = Json.createReader(FileUtils.openInputStream(actualFile));
            Throwable th = null;
            try {
                JsonObject readObject = createReader.readObject();
                if ("1.0".equals(readObject.getString("version"))) {
                    String string = readObject.getString("defaultProvider");
                    readObject.getJsonArray("libraries").forEach(jsonValue -> {
                        JsonObject jsonObject = (JsonObject) jsonValue;
                        String string2 = jsonObject.getString("provider", string);
                        String string3 = jsonObject.getString("library");
                        if ("filesystem".equals(string2)) {
                            LOGGER.warn("Unable to determine name and version for filesystem package: {}", string3);
                            return;
                        }
                        Matcher matcher = LIBRARY_REGEX.matcher(string3);
                        if (!matcher.find()) {
                            LOGGER.warn("Unable to parse library, unknown format: {}", string3);
                            return;
                        }
                        String group = matcher.group("package");
                        String group2 = matcher.group(PomHandler.NAME);
                        String group3 = matcher.group("version");
                        LOGGER.debug("Found Libman package: vendor {}, name {}, version {}", new Object[]{group, group2, group3});
                        Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
                        dependency2.setEcosystem("nodejs");
                        dependency2.setName(group2);
                        dependency2.setVersion(group3);
                        dependency2.addEvidence(EvidenceType.VENDOR, FILE_NAME, Fields.VENDOR, group != null ? group : group2, Confidence.HIGHEST);
                        dependency2.addEvidence(EvidenceType.PRODUCT, FILE_NAME, PomHandler.NAME, group2, Confidence.HIGHEST);
                        dependency2.addEvidence(EvidenceType.VERSION, FILE_NAME, "version", group3, Confidence.HIGHEST);
                        String format = String.format("%s:%s", group2, group3);
                        dependency2.setSha1sum(Checksum.getSHA1Checksum(format));
                        dependency2.setSha256sum(Checksum.getSHA256Checksum(format));
                        dependency2.setMd5sum(Checksum.getMD5Checksum(format));
                        dependency2.setPackagePath(format);
                        try {
                            dependency2.addSoftwareIdentifier(new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("libman").withName(group2).withVersion(group3).build(), Confidence.HIGHEST));
                        } catch (MalformedPackageURLException e) {
                            LOGGER.warn("Unable to build package url for {}", e.toString());
                        }
                        engine.addDependency(dependency2);
                    });
                    if (createReader != null) {
                        if (0 != 0) {
                            try {
                                createReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            createReader.close();
                        }
                    }
                    return;
                }
                LOGGER.warn("The Libman analyzer currently only supports Libman version 1.0");
                if (createReader != null) {
                    if (0 == 0) {
                        createReader.close();
                        return;
                    }
                    try {
                        createReader.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                }
            } finally {
            }
        } catch (JsonException e) {
            LOGGER.warn(String.format("Failed to parse %s file", FILE_NAME), e);
        } catch (IOException e2) {
            throw new AnalysisException("Problem occurred while reading dependency file", e2);
        }
    }
}
