package org.owasp.dependencycheck.maven;

import com.github.packageurl.MalformedPackageURLException;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.DefaultArtifact;
import org.apache.maven.artifact.handler.DefaultArtifactHandler;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
import org.apache.maven.artifact.resolver.filter.ExcludesArtifactFilter;
import org.apache.maven.artifact.versioning.ArtifactVersion;
import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
import org.apache.maven.artifact.versioning.Restriction;
import org.apache.maven.artifact.versioning.VersionRange;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.model.Dependency;
import org.apache.maven.model.License;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.DefaultProjectBuildingRequest;
import org.apache.maven.project.MavenProject;
import org.apache.maven.project.ProjectBuildingRequest;
import org.apache.maven.reporting.MavenReport;
import org.apache.maven.reporting.MavenReportException;
import org.apache.maven.settings.Proxy;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.apache.maven.shared.artifact.filter.PatternExcludesArtifactFilter;
import org.apache.maven.shared.artifact.filter.resolve.TransformableFilter;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilder;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.shared.dependency.graph.filter.ArtifactDependencyNodeFilter;
import org.apache.maven.shared.dependency.graph.internal.DefaultDependencyNode;
import org.apache.maven.shared.dependency.graph.traversal.CollectingDependencyNodeVisitor;
import org.apache.maven.shared.dependency.graph.traversal.FilteringDependencyNodeVisitor;
import org.apache.maven.shared.model.fileset.FileSet;
import org.apache.maven.shared.model.fileset.util.FileSetManager;
import org.apache.maven.shared.transfer.artifact.DefaultArtifactCoordinate;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResolver;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResolverException;
import org.apache.maven.shared.transfer.artifact.resolve.ArtifactResult;
import org.apache.maven.shared.transfer.dependencies.resolve.DependencyResolver;
import org.apache.maven.shared.transfer.dependencies.resolve.DependencyResolverException;
import org.codehaus.doxia.sink.Sink;
import org.eclipse.aether.artifact.ArtifactType;
import org.eclipse.aether.resolution.DependencyResolutionException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.agent.DependencyCheckScanAgent;
import org.owasp.dependencycheck.analyzer.JarAnalyzer;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.DependencyNotFoundException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.CveUrlParser;
import org.owasp.dependencycheck.utils.Filter;
import org.owasp.dependencycheck.utils.SeverityUtil;
import org.owasp.dependencycheck.xml.pom.PomUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;

/* loaded from: input_file:org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.class */
public abstract class BaseDependencyCheckMojo extends AbstractMojo implements MavenReport {
    private static final String PROPERTIES_FILE = "mojo.properties";
    private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();
    private static final String INCLUDE_ALL = "**/*";

    @Parameter(property = "failOnError", defaultValue = "true", required = true)
    private boolean failOnError;

    @Parameter(property = "project", required = true, readonly = true)
    private MavenProject project;

    @Parameter(readonly = true, required = true, property = "reactorProjects")
    private List<MavenProject> reactorProjects;

    @Component
    private ArtifactResolver artifactResolver;

    @Component
    private DependencyResolver dependencyResolver;

    @Parameter(defaultValue = "${session}", readonly = true, required = true)
    private MavenSession session;

    @Component
    private DependencyGraphBuilder dependencyGraphBuilder;

    @Parameter(defaultValue = "${project.build.directory}", required = true, property = "odc.outputDirectory")
    private File outputDirectory;

    @Parameter(property = "project.reporting.outputDirectory", readonly = true)
    private File reportOutputDirectory;

    @Parameter(property = "autoUpdate")
    private Boolean autoUpdate;

    @Parameter(property = "enableExperimental")
    private Boolean enableExperimental;

    @Parameter(property = "enableRetired")
    private Boolean enableRetired;

    @Parameter(property = "golangDepEnabled")
    private Boolean golangDepEnabled;

    @Parameter(property = "golangModEnabled")
    private Boolean golangModEnabled;

    @Parameter(property = "pathToGo")
    private String pathToGo;

    @Parameter(property = "pathToYarn")
    private String pathToYarn;

    @Parameter(property = "pathToPnpm")
    private String pathToPnpm;

    @Parameter(property = "dependency-check.virtualSnapshotsFromReactor", defaultValue = "true")
    private Boolean virtualSnapshotsFromReactor;

    @Parameter(property = "prettyPrint")
    private Boolean prettyPrint;

    @Parameter(property = "formats", required = true)
    private String[] formats;

    @Parameter(property = "mavenSettings", defaultValue = "${settings}")
    private Settings mavenSettings;

    @Parameter(property = "mavenSettingsProxyId")
    private String mavenSettingsProxyId;

    @Parameter(property = "connectionTimeout")
    private String connectionTimeout;

    @Parameter(property = "readTimeout")
    private String readTimeout;

    @Parameter(property = "versionCheckEnabled", defaultValue = "true")
    private boolean versionCheckEnabled;

    @Parameter(property = "suppressionFiles")
    private String[] suppressionFiles;

    @Parameter(property = "suppressionFile")
    private String suppressionFile;

    @Parameter(property = "suppressionFileUser")
    private String suppressionFileUser;

    @Parameter(property = "suppressionFilePassword")
    private String suppressionFilePassword;

    @Parameter(property = "suppressionFileServerId")
    private String suppressionFileServerId;

    @Parameter(property = "hintsFile")
    private String hintsFile;

    @Parameter(property = "jarAnalyzerEnabled")
    private Boolean jarAnalyzerEnabled;

    @Parameter(property = "archiveAnalyzerEnabled")
    private Boolean archiveAnalyzerEnabled;

    @Parameter(property = "pyDistributionAnalyzerEnabled")
    private Boolean pyDistributionAnalyzerEnabled;

    @Parameter(property = "pyPackageAnalyzerEnabled")
    private Boolean pyPackageAnalyzerEnabled;

    @Parameter(property = "rubygemsAnalyzerEnabled")
    private Boolean rubygemsAnalyzerEnabled;

    @Parameter(property = "opensslAnalyzerEnabled")
    private Boolean opensslAnalyzerEnabled;

    @Parameter(property = "cmakeAnalyzerEnabled")
    private Boolean cmakeAnalyzerEnabled;

    @Parameter(property = "autoconfAnalyzerEnabled")
    private Boolean autoconfAnalyzerEnabled;

    @Parameter(property = "mavenInstallAnalyzerEnabled")
    private Boolean mavenInstallAnalyzerEnabled;

    @Parameter(property = "pipAnalyzerEnabled")
    private Boolean pipAnalyzerEnabled;

    @Parameter(property = "pipfileAnalyzerEnabled")
    private Boolean pipfileAnalyzerEnabled;

    @Parameter(property = "composerAnalyzerEnabled")
    private Boolean composerAnalyzerEnabled;

    @Parameter(property = "cpanfileAnalyzerEnabled")
    private Boolean cpanfileAnalyzerEnabled;

    @Parameter(property = "nodeAnalyzerEnabled")
    private Boolean nodeAnalyzerEnabled;

    @Parameter(property = "nodeAuditAnalyzerEnabled")
    private Boolean nodeAuditAnalyzerEnabled;

    @Parameter(property = "yarnAuditAnalyzerEnabled")
    private Boolean yarnAuditAnalyzerEnabled;

    @Parameter(property = "pnpmAuditAnalyzerEnabled")
    private Boolean pnpmAuditAnalyzerEnabled;

    @Parameter(property = "nodeAuditAnalyzerUseCache")
    private Boolean nodeAuditAnalyzerUseCache;

    @Parameter(property = "nodeAuditSkipDevDependencies")
    private Boolean nodeAuditSkipDevDependencies;

    @Parameter(property = "nodePackageSkipDevDependencies")
    private Boolean nodePackageSkipDevDependencies;

    @Parameter(property = "retireJsAnalyzerEnabled")
    private Boolean retireJsAnalyzerEnabled;

    @Parameter(property = "retireJsUrl")
    private String retireJsUrl;

    @Parameter(property = "retireJsForceUpdate")
    private Boolean retireJsForceUpdate;

    @Parameter(property = "assemblyAnalyzerEnabled")
    private Boolean assemblyAnalyzerEnabled;

    @Parameter(property = "msbuildAnalyzerEnabled")
    private Boolean msbuildAnalyzerEnabled;

    @Parameter(property = "nuspecAnalyzerEnabled")
    private Boolean nuspecAnalyzerEnabled;

    @Parameter(property = "nugetconfAnalyzerEnabled")
    private Boolean nugetconfAnalyzerEnabled;

    @Parameter(property = "centralAnalyzerEnabled")
    private Boolean centralAnalyzerEnabled;

    @Parameter(property = "centralAnalyzerUseCache")
    private Boolean centralAnalyzerUseCache;

    @Parameter(property = "artifactoryAnalyzerEnabled")
    private Boolean artifactoryAnalyzerEnabled;

    @Parameter(property = "artifactoryAnalyzerServerId")
    private String artifactoryAnalyzerServerId;

    @Parameter(property = "artifactoryAnalyzerUsername")
    private String artifactoryAnalyzerUsername;

    @Parameter(property = "artifactoryAnalyzerApiToken")
    private String artifactoryAnalyzerApiToken;

    @Parameter(property = "artifactoryAnalyzerBearerToken")
    private String artifactoryAnalyzerBearerToken;

    @Parameter(property = "artifactoryAnalyzerUrl")
    private String artifactoryAnalyzerUrl;

    @Parameter(property = "artifactoryAnalyzerUseProxy")
    private Boolean artifactoryAnalyzerUseProxy;

    @Parameter(property = "artifactoryAnalyzerParallelAnalysis", defaultValue = "true")
    private Boolean artifactoryAnalyzerParallelAnalysis;

    @Parameter(property = "nexusAnalyzerEnabled")
    private Boolean nexusAnalyzerEnabled;

    @Parameter(property = "ossindexAnalyzerEnabled")
    private Boolean ossindexAnalyzerEnabled;

    @Parameter(property = "ossindexAnalyzerUseCache")
    private Boolean ossindexAnalyzerUseCache;

    @Parameter(property = "ossindexAnalyzerUrl")
    private String ossindexAnalyzerUrl;

    @Parameter(property = "ossIndexServerId")
    private String ossIndexServerId;

    @Parameter(property = "ossIndexWarnOnlyOnRemoteErrors")
    private Boolean ossIndexWarnOnlyOnRemoteErrors;

    @Parameter(property = "mixAuditAnalyzerEnabled")
    private Boolean mixAuditAnalyzerEnabled;

    @Parameter(property = "mixAuditPath")
    private String mixAuditPath;

    @Parameter(property = "bundleAuditAnalyzerEnabled")
    private Boolean bundleAuditAnalyzerEnabled;

    @Parameter(property = "bundleAuditPath")
    private String bundleAuditPath;

    @Parameter(property = "bundleAuditWorkingDirectory")
    private String bundleAuditWorkingDirectory;

    @Parameter(property = "cocoapodsAnalyzerEnabled")
    private Boolean cocoapodsAnalyzerEnabled;

    @Parameter(property = "swiftPackageManagerAnalyzerEnabled")
    private Boolean swiftPackageManagerAnalyzerEnabled;

    @Parameter(property = "swiftPackageResolvedAnalyzerEnabled")
    private Boolean swiftPackageResolvedAnalyzerEnabled;

    @Parameter(property = "nexusUrl")
    private String nexusUrl;

    @Parameter(property = "nexusServerId")
    private String nexusServerId;

    @Parameter(property = "nexusUsesProxy")
    private Boolean nexusUsesProxy;

    @Parameter(property = "connectionString")
    private String connectionString;

    @Parameter(property = "databaseDriverName")
    private String databaseDriverName;

    @Parameter(property = "databaseDriverPath")
    private String databaseDriverPath;

    @Parameter(property = "serverId")
    private String serverId;

    @Parameter(defaultValue = "${settings}", readonly = true, required = true)
    private Settings settingsXml;

    @Component(role = SecDispatcher.class, hint = "default")
    private SecDispatcher securityDispatcher;

    @Parameter(property = "databaseUser")
    private String databaseUser;

    @Parameter(property = "databasePassword")
    private String databasePassword;

    @Parameter(property = "zipExtensions")
    private String zipExtensions;

    @Parameter(property = "skipArtifactType")
    private String skipArtifactType;

    @Parameter(property = "dataDirectory")
    private String dataDirectory;

    @Parameter(property = "dbFilename")
    private String dbFilename;

    @Parameter(property = "cveUrlModified")
    private String cveUrlModified;

    @Parameter(property = "cveUrlBase")
    private String cveUrlBase;

    @Parameter(property = "cveWaitTime")
    private String cveWaitTime;

    @Parameter(property = "cveUser")
    private String cveUser;

    @Parameter(property = "cvePassword")
    private String cvePassword;

    @Parameter(property = "cveServerId")
    private String cveServerId;

    @Parameter(property = "cveValidForHours")
    private Integer cveValidForHours;

    @Parameter(property = "cveStartYear")
    private Integer cveStartYear;

    @Parameter(property = "pathToCore")
    private String pathToCore;

    @Parameter(property = "retirejs")
    private Retirejs retirejs;

    @Parameter(property = "odc.excludes")
    private List<String> excludes;
    private Filter<String> artifactScopeExcluded;
    private Filter<String> artifactTypeExcluded;

    @Parameter
    private List<FileSet> scanSet;

    @Parameter(property = "scanDirectory")
    private List<String> scanDirectory;
    private boolean generatingSite = false;
    private org.owasp.dependencycheck.utils.Settings settings = null;
    private final List<File> scannedFiles = new ArrayList();

    @Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
    private float failBuildOnCVSS = 11.0f;

    @Parameter(property = "junitFailOnCVSS", defaultValue = "0", required = true)
    private float junitFailOnCVSS = 0.0f;

    @Parameter(property = "failBuildOnAnyVulnerability", defaultValue = "false", required = true)
    @Deprecated
    private boolean failBuildOnAnyVulnerability = false;

    @Parameter(property = "format", defaultValue = "HTML", required = true)
    private String format = "HTML";

    @Parameter(property = "showSummary", defaultValue = "true")
    private boolean showSummary = true;

    @Parameter(property = "dependency-check.skip", defaultValue = "false")
    private boolean skip = false;

    @Parameter(property = "skipTestScope", defaultValue = "true")
    private boolean skipTestScope = true;

    @Parameter(property = "skipRuntimeScope", defaultValue = "false")
    private boolean skipRuntimeScope = false;

    @Parameter(property = "skipProvidedScope", defaultValue = "false")
    private boolean skipProvidedScope = false;

    @Parameter(property = "skipSystemScope", defaultValue = "false")
    private boolean skipSystemScope = false;

    @Parameter(property = "skipDependencyManagement", defaultValue = "true")
    private boolean skipDependencyManagement = true;

    private static boolean artifactsMatch(Dependency dependency, Artifact artifact) {
        return isEqualOrNull(artifact.getArtifactId(), dependency.getArtifactId()) && isEqualOrNull(artifact.getGroupId(), dependency.getGroupId()) && isEqualOrNull(artifact.getVersion(), dependency.getVersion());
    }

    private static boolean isEqualOrNull(String str, String str2) {
        return (str != null && str.equals(str2)) || (str == null && str2 == null);
    }

    public void execute() throws MojoExecutionException, MojoFailureException {
        this.generatingSite = false;
        if (Boolean.parseBoolean(System.getProperty("dependency-check.skip", Boolean.toString(this.skip)))) {
            getLog().info("Skipping " + getName(Locale.US));
        } else {
            this.project.setContextValue("dependency-check-output-dir", this.outputDirectory);
            runCheck();
        }
    }

    @Deprecated
    public final void generate(Sink sink, Locale locale) throws MavenReportException {
        generate((org.apache.maven.doxia.sink.Sink) sink, locale);
    }

    protected boolean isGeneratingSite() {
        return this.generatingSite;
    }

    protected String getConnectionString() {
        return this.connectionString;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFailOnError() {
        return this.failOnError;
    }

    public void generate(org.apache.maven.doxia.sink.Sink sink, Locale locale) throws MavenReportException {
        if (Boolean.parseBoolean(System.getProperty("dependency-check.skip", Boolean.toString(this.skip)))) {
            getLog().info("Skipping report generation " + getName(Locale.US));
            return;
        }
        this.generatingSite = true;
        this.project.setContextValue("dependency-check-output-dir", getReportOutputDirectory());
        try {
            runCheck();
        } catch (MojoExecutionException e) {
            throw new MavenReportException(e.getMessage(), e);
        } catch (MojoFailureException e2) {
            getLog().warn("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build");
        }
    }

    protected File getCorrectOutputDirectory() throws MojoExecutionException {
        return getCorrectOutputDirectory(this.project);
    }

    protected File getCorrectOutputDirectory(MavenProject mavenProject) {
        Object contextValue = mavenProject.getContextValue("dependency-check-output-dir");
        if (contextValue != null && (contextValue instanceof File)) {
            return (File) contextValue;
        }
        File file = new File(mavenProject.getBuild().getDirectory());
        if (file.getParentFile() != null && "target".equals(file.getParentFile().getName())) {
            file = file.getParentFile();
        }
        return file;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExceptionCollection scanArtifacts(MavenProject mavenProject, Engine engine) {
        return scanArtifacts(mavenProject, engine, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExceptionCollection scanArtifacts(MavenProject mavenProject, Engine engine, boolean z) {
        try {
            List singletonList = Collections.singletonList(String.format("%s:%s", mavenProject.getGroupId(), mavenProject.getArtifactId()));
            ProjectBuildingRequest newResolveArtifactProjectBuildingRequest = newResolveArtifactProjectBuildingRequest(mavenProject);
            DependencyNode buildDependencyGraph = this.dependencyGraphBuilder.buildDependencyGraph(newResolveArtifactProjectBuildingRequest, (ArtifactFilter) null);
            CollectingDependencyNodeVisitor collectingDependencyNodeVisitor = new CollectingDependencyNodeVisitor();
            buildDependencyGraph.accept(new FilteringDependencyNodeVisitor(new FilteringDependencyTransitiveNodeVisitor(collectingDependencyNodeVisitor, new ArtifactDependencyNodeFilter(new PatternExcludesArtifactFilter(getExcludes()))), new ArtifactDependencyNodeFilter(new ExcludesArtifactFilter(singletonList))));
            return collectDependencies(engine, mavenProject, new ArrayList(collectingDependencyNodeVisitor.getNodes()), newResolveArtifactProjectBuildingRequest, z);
        } catch (DependencyGraphBuilderException e) {
            getLog().debug(String.format("Unable to build dependency graph on project %s", mavenProject.getName()), e);
            return new ExceptionCollection(e);
        }
    }

    private DependencyNode toDependencyNode(List<DependencyNode> list, ProjectBuildingRequest projectBuildingRequest, DependencyNode dependencyNode, Dependency dependency) throws ArtifactResolverException {
        DefaultArtifactCoordinate defaultArtifactCoordinate = new DefaultArtifactCoordinate();
        defaultArtifactCoordinate.setGroupId(dependency.getGroupId());
        defaultArtifactCoordinate.setArtifactId(dependency.getArtifactId());
        String str = null;
        try {
            VersionRange createFromVersionSpec = VersionRange.createFromVersionSpec(dependency.getVersion());
            if (createFromVersionSpec.hasRestrictions()) {
                str = findVersion(list, dependency.getGroupId(), dependency.getArtifactId());
                if (str == null) {
                    if (createFromVersionSpec.getRecommendedVersion() != null) {
                        str = createFromVersionSpec.getRecommendedVersion().toString();
                    } else if (createFromVersionSpec.hasRestrictions()) {
                        for (Restriction restriction : createFromVersionSpec.getRestrictions()) {
                            if (restriction.getLowerBound() != null) {
                                str = restriction.getLowerBound().toString();
                            }
                            if (restriction.getUpperBound() != null) {
                                str = restriction.getUpperBound().toString();
                            }
                        }
                    } else {
                        str = createFromVersionSpec.toString();
                    }
                }
            }
            if (str == null) {
                str = dependency.getVersion();
            }
            defaultArtifactCoordinate.setVersion(str);
            ArtifactType artifactType = this.session.getRepositorySession().getArtifactTypeRegistry().get(dependency.getType());
            defaultArtifactCoordinate.setExtension(artifactType.getExtension());
            defaultArtifactCoordinate.setClassifier((null == dependency.getClassifier() || dependency.getClassifier().isEmpty()) ? artifactType.getClassifier() : dependency.getClassifier());
            Artifact artifact = this.artifactResolver.resolveArtifact(projectBuildingRequest, defaultArtifactCoordinate).getArtifact();
            artifact.setScope(dependency.getScope());
            return new DefaultDependencyNode(dependencyNode, artifact, dependency.getVersion(), dependency.getScope(), (String) null);
        } catch (InvalidVersionSpecificationException e) {
            throw new ArtifactResolverException("Invalid version specification: " + dependency.getGroupId() + ":" + dependency.getArtifactId() + ":" + dependency.getVersion(), e);
        }
    }

    private String findVersion(List<DependencyNode> list, String str, String str2) {
        Optional<DependencyNode> findFirst = list.stream().filter(dependencyNode -> {
            return str.equals(dependencyNode.getArtifact().getGroupId()) && str2.equals(dependencyNode.getArtifact().getArtifactId());
        }).findFirst();
        if (findFirst.isPresent()) {
            return findFirst.get().getArtifact().getVersion();
        }
        return null;
    }

    private ExceptionCollection collectDependencyManagementDependencies(Engine engine, ProjectBuildingRequest projectBuildingRequest, MavenProject mavenProject, List<DependencyNode> list, boolean z) {
        if (this.skipDependencyManagement || mavenProject.getDependencyManagement() == null) {
            return null;
        }
        ExceptionCollection exceptionCollection = null;
        for (Dependency dependency : mavenProject.getDependencyManagement().getDependencies()) {
            try {
                list.add(toDependencyNode(list, projectBuildingRequest, null, dependency));
            } catch (ArtifactResolverException e) {
                getLog().debug(String.format("Aggregate : %s", Boolean.valueOf(z)));
                boolean z2 = true;
                if (z && addReactorDependency(engine, new DefaultArtifact(dependency.getGroupId(), dependency.getArtifactId(), dependency.getVersion(), dependency.getScope(), dependency.getType(), dependency.getClassifier(), new DefaultArtifactHandler()), mavenProject)) {
                    z2 = false;
                }
                if (z2) {
                    if (exceptionCollection == null) {
                        exceptionCollection = new ExceptionCollection();
                    }
                    exceptionCollection.addException(e);
                }
            }
        }
        return exceptionCollection;
    }

    private ExceptionCollection collectMavenDependencies(Engine engine, MavenProject mavenProject, List<DependencyNode> list, ProjectBuildingRequest projectBuildingRequest, boolean z) {
        Artifact artifact;
        ExceptionCollection collectDependencyManagementDependencies = collectDependencyManagementDependencies(engine, projectBuildingRequest, mavenProject, list, z);
        ArrayList arrayList = new ArrayList();
        for (DependencyNode dependencyNode : list) {
            if (!this.artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope()) && !this.artifactTypeExcluded.passes(dependencyNode.getArtifact().getType())) {
                boolean z2 = false;
                File file = null;
                String str = null;
                String str2 = null;
                String str3 = null;
                List list2 = null;
                if ("system".equals(dependencyNode.getArtifact().getScope())) {
                    Artifact artifact2 = dependencyNode.getArtifact();
                    if (!artifact2.isResolved() || !artifact2.getFile().isFile()) {
                        Iterator it = mavenProject.getDependencies().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Dependency dependency = (Dependency) it.next();
                            if (dependency.getSystemPath() != null && artifactsMatch(dependency, artifact2)) {
                                file = new File(dependency.getSystemPath());
                                z2 = file.isFile();
                                str2 = artifact2.getGroupId();
                                str = artifact2.getArtifactId();
                                str3 = artifact2.getVersion();
                                list2 = artifact2.getAvailableVersions();
                                break;
                            }
                        }
                    } else {
                        file = artifact2.getFile();
                        z2 = file.isFile();
                        str2 = artifact2.getGroupId();
                        str = artifact2.getArtifactId();
                        str3 = artifact2.getVersion();
                        list2 = artifact2.getAvailableVersions();
                    }
                    if (!z2) {
                        getLog().error("Unable to resolve system scoped dependency: " + dependencyNode.toNodeString());
                        if (collectDependencyManagementDependencies == null) {
                            collectDependencyManagementDependencies = new ExceptionCollection();
                        }
                        collectDependencyManagementDependencies.addException(new DependencyNotFoundException("Unable to resolve system scoped dependency: " + dependencyNode.toNodeString()));
                    }
                } else {
                    Artifact artifact3 = dependencyNode.getArtifact();
                    if (artifact3.isResolved()) {
                        getLog().debug(String.format("Skipping artifact %s, already resolved", artifact3.getArtifactId()));
                        artifact = artifact3;
                    } else {
                        try {
                            if (arrayList.isEmpty()) {
                                try {
                                    Iterable resolveDependencies = this.dependencyResolver.resolveDependencies(projectBuildingRequest, mavenProject.getDependencies(), mavenProject.getDependencyManagement() == null ? null : mavenProject.getDependencyManagement().getDependencies(), (TransformableFilter) null);
                                    arrayList.getClass();
                                    resolveDependencies.forEach((v1) -> {
                                        r1.add(v1);
                                    });
                                } catch (DependencyResolverException e) {
                                    if (!(e.getCause() instanceof DependencyResolutionException)) {
                                        throw e;
                                        break;
                                    }
                                    arrayList.addAll(Mshared998Util.getResolutionResults(e.getCause()));
                                }
                            }
                            artifact = findInAllDeps(arrayList, dependencyNode.getArtifact(), mavenProject);
                        } catch (DependencyNotFoundException | DependencyResolverException e2) {
                            getLog().debug(String.format("Aggregate : %s", Boolean.valueOf(z)));
                            boolean z3 = true;
                            if (z && addReactorDependency(engine, dependencyNode.getArtifact(), mavenProject)) {
                                z3 = false;
                            }
                            if (z3) {
                                if (collectDependencyManagementDependencies == null) {
                                    collectDependencyManagementDependencies = new ExceptionCollection();
                                }
                                collectDependencyManagementDependencies.addException(e2);
                            }
                        }
                    }
                    if (!z || !this.virtualSnapshotsFromReactor.booleanValue() || !dependencyNode.getArtifact().isSnapshot() || !addSnapshotReactorDependency(engine, dependencyNode.getArtifact(), mavenProject)) {
                        z2 = artifact.isResolved();
                        file = artifact.getFile();
                        str2 = artifact.getGroupId();
                        str = artifact.getArtifactId();
                        str3 = artifact.getVersion();
                        list2 = artifact.getAvailableVersions();
                    }
                }
                if (!z2 || file == null) {
                    getLog().debug(String.format("Unable to resolve '%s' in project %s", dependencyNode.getArtifact().getId(), mavenProject.getName()));
                    if (collectDependencyManagementDependencies == null) {
                        collectDependencyManagementDependencies = new ExceptionCollection();
                    }
                } else {
                    List scan = engine.scan(file.getAbsoluteFile(), createProjectReferenceName(mavenProject, dependencyNode));
                    if (scan != null) {
                        this.scannedFiles.add(file);
                        org.owasp.dependencycheck.dependency.Dependency dependency2 = null;
                        if (scan.size() != 1) {
                            Iterator it2 = scan.iterator();
                            while (true) {
                                if (!it2.hasNext()) {
                                    break;
                                }
                                org.owasp.dependencycheck.dependency.Dependency dependency3 = (org.owasp.dependencycheck.dependency.Dependency) it2.next();
                                if (file.getAbsoluteFile().equals(dependency3.getActualFile())) {
                                    dependency2 = dependency3;
                                    break;
                                }
                            }
                        } else {
                            dependency2 = (org.owasp.dependencycheck.dependency.Dependency) scan.get(0);
                        }
                        if (dependency2 != null) {
                            dependency2.addAsEvidence("pom", new MavenArtifact(str2, str, str3), Confidence.HIGHEST);
                            if (list2 != null) {
                                Iterator it3 = list2.iterator();
                                while (it3.hasNext()) {
                                    dependency2.addAvailableVersion(((ArtifactVersion) it3.next()).toString());
                                }
                            }
                            getLog().debug(String.format("Adding project reference %s on dependency %s", mavenProject.getName(), dependency2.getDisplayFileName()));
                        } else if (getLog().isDebugEnabled()) {
                            getLog().debug(String.format("More than 1 dependency was identified in first pass scan of '%s' in project %s", dependencyNode.getArtifact().getId(), mavenProject.getName()));
                        }
                    } else if ("import".equals(dependencyNode.getArtifact().getScope())) {
                        getLog().debug(String.format("Skipping '%s:%s' in project %s as it uses an `import` scope", dependencyNode.getArtifact().getId(), dependencyNode.getArtifact().getScope(), mavenProject.getName()));
                    } else if ("pom".equals(dependencyNode.getArtifact().getType())) {
                        try {
                            org.owasp.dependencycheck.dependency.Dependency dependency4 = new org.owasp.dependencycheck.dependency.Dependency(file.getAbsoluteFile());
                            JarAnalyzer.setPomEvidence(dependency4, PomUtils.readPom(file.getAbsoluteFile()), (List) null, true);
                            engine.addDependency(dependency4);
                        } catch (AnalysisException e3) {
                            if (collectDependencyManagementDependencies == null) {
                                collectDependencyManagementDependencies = new ExceptionCollection();
                            }
                            collectDependencyManagementDependencies.addException(e3);
                            getLog().debug("Error reading pom " + file.getAbsoluteFile(), e3);
                        }
                    } else if (!this.scannedFiles.contains(file)) {
                        getLog().warn(String.format("No analyzer could be found or the artifact has been scanned twice for '%s:%s' in project %s", dependencyNode.getArtifact().getId(), dependencyNode.getArtifact().getScope(), mavenProject.getName()));
                    }
                }
            }
        }
        return collectDependencyManagementDependencies;
    }

    private Artifact findInAllDeps(List<ArtifactResult> list, Artifact artifact, MavenProject mavenProject) throws DependencyNotFoundException {
        Artifact artifact2 = null;
        Iterator<ArtifactResult> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            ArtifactResult next = it.next();
            if (sameArtifact(next, artifact)) {
                artifact2 = next.getArtifact();
                break;
            }
        }
        if (artifact2 == null) {
            throw new DependencyNotFoundException(String.format("Expected dependency not found in resolved artifacts for dependency %s of project-artifact %s", artifact, mavenProject.getArtifactId()));
        }
        return artifact2;
    }

    private boolean sameArtifact(ArtifactResult artifactResult, Artifact artifact) {
        if (artifactResult == null || artifactResult.getArtifact() == null || artifact == null) {
            return false;
        }
        return Objects.equals(artifactResult.getArtifact().getGroupId(), artifact.getGroupId()) & Objects.equals(artifactResult.getArtifact().getArtifactId(), artifact.getArtifactId()) & Objects.equals(artifactResult.getArtifact().getBaseVersion(), artifact.getBaseVersion()) & Objects.equals(artifactResult.getArtifact().getClassifier(), artifact.getClassifier()) & Objects.equals(artifactResult.getArtifact().getType(), artifact.getType());
    }

    protected String createProjectReferenceName(MavenProject mavenProject, DependencyNode dependencyNode) {
        return mavenProject.getName() + ":" + dependencyNode.getArtifact().getScope();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ExceptionCollection collectDependencies(Engine engine, MavenProject mavenProject, List<DependencyNode> list, ProjectBuildingRequest projectBuildingRequest, boolean z) {
        List<FileSet> arrayList;
        ExceptionCollection collectMavenDependencies = collectMavenDependencies(engine, mavenProject, list, projectBuildingRequest, z);
        if (this.scanDirectory != null && !this.scanDirectory.isEmpty()) {
            if (this.scanSet == null) {
                this.scanSet = new ArrayList();
            }
            this.scanDirectory.forEach(str -> {
                FileSet fileSet = new FileSet();
                fileSet.setDirectory(str);
                fileSet.addInclude(INCLUDE_ALL);
                this.scanSet.add(fileSet);
            });
        }
        if (this.scanSet == null || this.scanSet.isEmpty()) {
            FileSet fileSet = new FileSet();
            FileSet fileSet2 = new FileSet();
            FileSet fileSet3 = new FileSet();
            FileSet fileSet4 = new FileSet();
            try {
                fileSet.setDirectory(new File(mavenProject.getBasedir(), "src/main/resources").getCanonicalPath());
                fileSet.addInclude(INCLUDE_ALL);
                fileSet2.setDirectory(new File(mavenProject.getBasedir(), "src/main/filters").getCanonicalPath());
                fileSet2.addInclude(INCLUDE_ALL);
                fileSet3.setDirectory(new File(mavenProject.getBasedir(), "src/main/webapp").getCanonicalPath());
                fileSet3.addInclude(INCLUDE_ALL);
                fileSet4.setDirectory(mavenProject.getBasedir().getCanonicalPath());
                fileSet4.addInclude("package.json");
                fileSet4.addInclude("package-lock.json");
                fileSet4.addInclude("npm-shrinkwrap.json");
                fileSet4.addInclude("Gopkg.lock");
                fileSet4.addInclude("go.mod");
                fileSet4.addInclude("yarn.lock");
                fileSet4.addInclude("pnpm-lock.yaml");
            } catch (IOException e) {
                if (collectMavenDependencies == null) {
                    collectMavenDependencies = new ExceptionCollection();
                }
                collectMavenDependencies.addException(e);
            }
            arrayList = new ArrayList();
            arrayList.add(fileSet);
            arrayList.add(fileSet2);
            arrayList.add(fileSet3);
            arrayList.add(fileSet4);
        } else if (z) {
            arrayList = new ArrayList();
            for (FileSet fileSet5 : this.scanSet) {
                FileSet fileSet6 = new FileSet();
                if (new File(fileSet5.getDirectory()).isAbsolute()) {
                    fileSet6.setDirectory(fileSet5.getDirectory());
                } else {
                    try {
                        fileSet6.setDirectory(new File(mavenProject.getBasedir(), fileSet5.getDirectory()).getCanonicalPath());
                    } catch (IOException e2) {
                        if (collectMavenDependencies == null) {
                            collectMavenDependencies = new ExceptionCollection();
                        }
                        collectMavenDependencies.addException(e2);
                        fileSet6.setDirectory(fileSet5.getDirectory());
                    }
                }
                fileSet6.setDirectoryMode(fileSet5.getDirectoryMode());
                fileSet6.setExcludes(fileSet5.getExcludes());
                fileSet6.setFileMode(fileSet5.getFileMode());
                fileSet6.setFollowSymlinks(fileSet5.isFollowSymlinks());
                fileSet6.setIncludes(fileSet5.getIncludes());
                fileSet6.setLineEnding(fileSet5.getLineEnding());
                fileSet6.setMapper(fileSet5.getMapper());
                fileSet6.setModelEncoding(fileSet5.getModelEncoding());
                fileSet6.setOutputDirectory(fileSet5.getOutputDirectory());
                fileSet6.setUseDefaultExcludes(fileSet5.isUseDefaultExcludes());
                arrayList.add(fileSet6);
            }
        } else {
            arrayList = this.scanSet;
        }
        FileSetManager fileSetManager = new FileSetManager();
        for (FileSet fileSet7 : arrayList) {
            getLog().debug("Scanning fileSet: " + fileSet7.getDirectory());
            for (String str2 : fileSetManager.getIncludedFiles(fileSet7)) {
                File absoluteFile = new File(fileSet7.getDirectory(), str2).getAbsoluteFile();
                if (absoluteFile.exists()) {
                    engine.scan(absoluteFile, mavenProject.getName());
                }
            }
        }
        return collectMavenDependencies;
    }

    private boolean addReactorDependency(Engine engine, Artifact artifact, MavenProject mavenProject) {
        return addVirtualDependencyFromReactor(engine, artifact, mavenProject, "Unable to resolve %s as it has not been built yet - creating a virtual dependency instead.");
    }

    private boolean addVirtualDependencyFromReactor(Engine engine, Artifact artifact, MavenProject mavenProject, String str) {
        PurlIdentifier genericIdentifier;
        getLog().debug(String.format("Checking the reactor projects (%d) for %s:%s:%s", Integer.valueOf(this.reactorProjects.size()), artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion()));
        for (MavenProject mavenProject2 : this.reactorProjects) {
            getLog().debug(String.format("Comparing %s:%s:%s to %s:%s:%s", artifact.getGroupId(), artifact.getArtifactId(), artifact.getBaseVersion(), mavenProject2.getGroupId(), mavenProject2.getArtifactId(), mavenProject2.getVersion()));
            if (mavenProject2.getArtifactId().equals(artifact.getArtifactId()) && mavenProject2.getGroupId().equals(artifact.getGroupId()) && mavenProject2.getVersion().equals(artifact.getBaseVersion())) {
                String format = String.format("%s:%s:%s", mavenProject2.getGroupId(), mavenProject2.getArtifactId(), mavenProject2.getVersion());
                getLog().info(String.format(str, format));
                org.owasp.dependencycheck.dependency.Dependency newDependency = newDependency(mavenProject2);
                String format2 = String.format("%s:%s:%s", mavenProject2.getGroupId(), mavenProject2.getArtifactId(), mavenProject2.getVersion());
                newDependency.setSha1sum(Checksum.getSHA1Checksum(format2));
                newDependency.setSha256sum(Checksum.getSHA256Checksum(format2));
                newDependency.setMd5sum(Checksum.getMD5Checksum(format2));
                newDependency.setEcosystem("java");
                newDependency.setDisplayFileName(format);
                newDependency.addProjectReference(mavenProject.getName());
                newDependency.addEvidence(EvidenceType.PRODUCT, "project", "artifactid", mavenProject2.getArtifactId(), Confidence.HIGHEST);
                newDependency.addEvidence(EvidenceType.VENDOR, "project", "artifactid", mavenProject2.getArtifactId(), Confidence.LOW);
                newDependency.addEvidence(EvidenceType.VENDOR, "project", "groupid", mavenProject2.getGroupId(), Confidence.HIGHEST);
                newDependency.addEvidence(EvidenceType.PRODUCT, "project", "groupid", mavenProject2.getGroupId(), Confidence.LOW);
                newDependency.setEcosystem("java");
                try {
                    genericIdentifier = new PurlIdentifier("maven", artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(), Confidence.HIGHEST);
                } catch (MalformedPackageURLException e) {
                    getLog().debug("Unable to create PackageURL object:" + format2);
                    genericIdentifier = new GenericIdentifier("maven:" + format2, Confidence.HIGHEST);
                }
                newDependency.addSoftwareIdentifier(genericIdentifier);
                newDependency.setName(String.format("%s:%s", mavenProject2.getGroupId(), mavenProject2.getArtifactId()));
                newDependency.setVersion(mavenProject2.getVersion());
                newDependency.setPackagePath(format);
                if (mavenProject2.getDescription() != null) {
                    JarAnalyzer.addDescription(newDependency, mavenProject2.getDescription(), "project", "description");
                }
                for (License license : mavenProject2.getLicenses()) {
                    StringBuilder sb = new StringBuilder();
                    if (license.getName() != null) {
                        sb.append(license.getName());
                    }
                    if (license.getUrl() != null) {
                        sb.append(" ").append(license.getUrl());
                    }
                    if (newDependency.getLicense() == null) {
                        newDependency.setLicense(sb.toString());
                    } else if (!newDependency.getLicense().contains(sb)) {
                        newDependency.setLicense(String.format("%s%n%s", newDependency.getLicense(), sb));
                    }
                }
                engine.addDependency(newDependency);
                return true;
            }
        }
        return false;
    }

    org.owasp.dependencycheck.dependency.Dependency newDependency(MavenProject mavenProject) {
        File file = new File(mavenProject.getBasedir(), "pom.xml");
        if (file.isFile()) {
            getLog().debug("Adding virtual dependency from pom.xml");
            return new org.owasp.dependencycheck.dependency.Dependency(file, true);
        }
        if (!mavenProject.getFile().isFile()) {
            return new org.owasp.dependencycheck.dependency.Dependency(true);
        }
        getLog().debug("Adding virtual dependency from file");
        return new org.owasp.dependencycheck.dependency.Dependency(mavenProject.getFile(), true);
    }

    private boolean addSnapshotReactorDependency(Engine engine, Artifact artifact, MavenProject mavenProject) {
        if (artifact.isSnapshot()) {
            return addVirtualDependencyFromReactor(engine, artifact, mavenProject, "Found snapshot reactor project in aggregate for %s - creating a virtual dependency as the snapshot found in the repository may contain outdated dependencies.");
        }
        return false;
    }

    public ProjectBuildingRequest newResolveArtifactProjectBuildingRequest(MavenProject mavenProject) {
        DefaultProjectBuildingRequest defaultProjectBuildingRequest = new DefaultProjectBuildingRequest(this.session.getProjectBuildingRequest());
        defaultProjectBuildingRequest.setRemoteRepositories(new ArrayList(mavenProject.getRemoteArtifactRepositories()));
        defaultProjectBuildingRequest.setProject(mavenProject);
        return defaultProjectBuildingRequest;
    }

    /* JADX WARN: Finally extract failed */
    protected void runCheck() throws MojoExecutionException, MojoFailureException {
        muteJCS();
        try {
            try {
                Engine initializeEngine = initializeEngine();
                Throwable th = null;
                try {
                    ExceptionCollection scanDependencies = scanDependencies(initializeEngine);
                    try {
                        initializeEngine.analyzeDependencies();
                    } catch (ExceptionCollection e) {
                        scanDependencies = handleAnalysisExceptions(scanDependencies, e);
                    }
                    if (scanDependencies == null || !scanDependencies.isFatal()) {
                        File correctOutputDirectory = getCorrectOutputDirectory(getProject());
                        if (correctOutputDirectory == null) {
                            correctOutputDirectory = new File(getProject().getBuild().getDirectory());
                        }
                        try {
                            MavenProject project = getProject();
                            Iterator<String> it = getFormats().iterator();
                            while (it.hasNext()) {
                                initializeEngine.writeReports(project.getName(), project.getGroupId(), project.getArtifactId(), project.getVersion(), correctOutputDirectory, it.next(), scanDependencies);
                            }
                        } catch (ReportException e2) {
                            if (scanDependencies == null) {
                                scanDependencies = new ExceptionCollection(e2);
                            } else {
                                scanDependencies.addException(e2);
                            }
                            if (isFailOnError()) {
                                throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", scanDependencies);
                            }
                            getLog().debug("Error writing the report", e2);
                        }
                        showSummary(getProject(), initializeEngine.getDependencies());
                        checkForFailure(initializeEngine.getDependencies());
                        if (scanDependencies != null && isFailOnError()) {
                            throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", scanDependencies);
                        }
                    }
                    if (initializeEngine != null) {
                        if (0 != 0) {
                            try {
                                initializeEngine.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            initializeEngine.close();
                        }
                    }
                    getSettings().cleanup();
                } catch (Throwable th3) {
                    if (initializeEngine != null) {
                        if (0 != 0) {
                            try {
                                initializeEngine.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            initializeEngine.close();
                        }
                    }
                    throw th3;
                }
            } catch (DatabaseException e3) {
                if (getLog().isDebugEnabled()) {
                    getLog().debug("Database connection error", e3);
                }
                if (isFailOnError()) {
                    throw new MojoExecutionException("An exception occurred connecting to the local database. Please see the log file for more details.", e3);
                }
                getLog().error("An exception occurred connecting to the local database. Please see the log file for more details.", e3);
                getSettings().cleanup();
            }
        } catch (Throwable th5) {
            getSettings().cleanup();
            throw th5;
        }
    }

    private ExceptionCollection handleAnalysisExceptions(ExceptionCollection exceptionCollection, ExceptionCollection exceptionCollection2) throws MojoExecutionException {
        ExceptionCollection exceptionCollection3 = exceptionCollection;
        if (exceptionCollection3 == null) {
            exceptionCollection3 = exceptionCollection2;
        } else {
            exceptionCollection3.getExceptions().addAll(exceptionCollection2.getExceptions());
            if (exceptionCollection2.isFatal()) {
                exceptionCollection3.setFatal(true);
            }
        }
        if (exceptionCollection3.isFatal()) {
            String format = String.format("Fatal exception(s) analyzing %s", getProject().getName());
            if (isFailOnError()) {
                throw new MojoExecutionException(format, exceptionCollection3);
            }
            getLog().error(format);
            if (getLog().isDebugEnabled()) {
                getLog().debug(exceptionCollection3);
            }
        } else {
            String format2 = String.format("Exception(s) analyzing %s", getProject().getName());
            if (getLog().isDebugEnabled()) {
                getLog().debug(format2, exceptionCollection3);
            }
        }
        return exceptionCollection3;
    }

    protected abstract ExceptionCollection scanDependencies(Engine engine) throws MojoExecutionException;

    public File getReportOutputDirectory() {
        return this.reportOutputDirectory;
    }

    public void setReportOutputDirectory(File file) {
        this.reportOutputDirectory = file;
    }

    public File getOutputDirectory() {
        return this.outputDirectory;
    }

    public final boolean isExternalReport() {
        return true;
    }

    public String getOutputName() {
        Set<String> formats = getFormats();
        if (formats.contains("HTML") || formats.contains("ALL") || formats.size() > 1) {
            return "dependency-check-report";
        }
        if (formats.contains("XML")) {
            return "dependency-check-report.xml";
        }
        if (formats.contains("JUNIT")) {
            return "dependency-check-junit.xml";
        }
        if (formats.contains("JSON")) {
            return "dependency-check-report.json";
        }
        if (formats.contains("CSV")) {
            return "dependency-check-report.csv";
        }
        getLog().warn("Unknown report format used during site generation.");
        return "dependency-check-report";
    }

    public String getCategoryName() {
        return "Project Reports";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Engine initializeEngine() throws DatabaseException {
        populateSettings();
        return new Engine(this.settings);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateSettings() {
        this.settings = new org.owasp.dependencycheck.utils.Settings();
        InputStream inputStream = null;
        try {
            try {
                inputStream = getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
                this.settings.mergeProperties(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        if (getLog().isDebugEnabled()) {
                            getLog().debug("", e);
                        }
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        if (getLog().isDebugEnabled()) {
                            getLog().debug("", e2);
                        }
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            getLog().warn("Unable to load the dependency-check maven mojo.properties file.");
            if (getLog().isDebugEnabled()) {
                getLog().debug("", e3);
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    if (getLog().isDebugEnabled()) {
                        getLog().debug("", e4);
                    }
                }
            }
        }
        this.settings.setStringIfNotEmpty("odc.maven.local.repo", this.mavenSettings.getLocalRepository());
        this.settings.setBooleanIfNotNull("odc.autoupdate", this.autoUpdate);
        this.settings.setBooleanIfNotNull("analyzer.experimental.enabled", this.enableExperimental);
        this.settings.setBooleanIfNotNull("analyzer.retired.enabled", this.enableRetired);
        this.settings.setBooleanIfNotNull("analyzer.golang.dep.enabled", this.golangDepEnabled);
        this.settings.setBooleanIfNotNull("analyzer.golang.mod.enabled", this.golangModEnabled);
        this.settings.setStringIfNotNull("analyzer.golang.path", this.pathToGo);
        this.settings.setStringIfNotNull("analyzer.yarn.path", this.pathToYarn);
        this.settings.setStringIfNotNull("analyzer.pnpm.path", this.pathToPnpm);
        Proxy mavenProxy = getMavenProxy();
        if (mavenProxy != null) {
            this.settings.setString("proxy.server", mavenProxy.getHost());
            this.settings.setString("proxy.port", Integer.toString(mavenProxy.getPort()));
            String username = mavenProxy.getUsername();
            String password = mavenProxy.getPassword();
            if (password != null && !password.isEmpty()) {
                if (this.settings.getBoolean("proxy.disableSchemas", true)) {
                    System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
                }
                try {
                    password = decryptPasswordFromSettings(password);
                } catch (SecDispatcherException e5) {
                    password = handleSecDispatcherException("proxy", mavenProxy.getId(), password, e5);
                }
            }
            this.settings.setStringIfNotNull("proxy.username", username);
            this.settings.setStringIfNotNull("proxy.password", password);
            this.settings.setStringIfNotNull("proxy.nonproxyhosts", mavenProxy.getNonProxyHosts());
        }
        this.settings.setArrayIfNotEmpty("suppression.file", determineSuppressions());
        this.settings.setBooleanIfNotNull("updater.versioncheck.enabled", Boolean.valueOf(this.versionCheckEnabled));
        this.settings.setStringIfNotEmpty("connection.timeout", this.connectionTimeout);
        this.settings.setStringIfNotEmpty("connection.read.timeout", this.readTimeout);
        this.settings.setStringIfNotEmpty("hints.file", this.hintsFile);
        this.settings.setFloat("junit.fail.on.cvss", this.junitFailOnCVSS);
        this.settings.setBooleanIfNotNull("analyzer.jar.enabled", this.jarAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.nuspec.enabled", this.nuspecAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.nugetconf.enabled", this.nugetconfAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.central.enabled", this.centralAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.central.use.cache", this.centralAnalyzerUseCache);
        this.settings.setBooleanIfNotNull("analyzer.artifactory.enabled", this.artifactoryAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.nexus.enabled", this.nexusAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.assembly.enabled", this.assemblyAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.msbuildproject.enabled", this.msbuildAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.archive.enabled", this.archiveAnalyzerEnabled);
        this.settings.setStringIfNotEmpty("extensions.zip", this.zipExtensions);
        this.settings.setStringIfNotEmpty("analyzer.assembly.dotnet.path", this.pathToCore);
        this.settings.setStringIfNotEmpty("analyzer.nexus.url", this.nexusUrl);
        configureServerCredentials(this.nexusServerId, "analyzer.nexus.username", "analyzer.nexus.password");
        this.settings.setBooleanIfNotNull("analyzer.nexus.proxy", this.nexusUsesProxy);
        this.settings.setStringIfNotNull("analyzer.artifactory.url", this.artifactoryAnalyzerUrl);
        this.settings.setBooleanIfNotNull("analyzer.artifactory.proxy", this.artifactoryAnalyzerUseProxy);
        this.settings.setBooleanIfNotNull("analyzer.artifactory.parallel.analysis", this.artifactoryAnalyzerParallelAnalysis);
        if (Boolean.TRUE.equals(this.artifactoryAnalyzerEnabled)) {
            if (this.artifactoryAnalyzerServerId != null) {
                configureServerCredentials(this.artifactoryAnalyzerServerId, "analyzer.artifactory.api.username", "analyzer.artifactory.api.token");
            } else {
                this.settings.setStringIfNotNull("analyzer.artifactory.api.username", this.artifactoryAnalyzerUsername);
                this.settings.setStringIfNotNull("analyzer.artifactory.api.token", this.artifactoryAnalyzerApiToken);
            }
            this.settings.setStringIfNotNull("analyzer.artifactory.bearer.token", this.artifactoryAnalyzerBearerToken);
        }
        this.settings.setBooleanIfNotNull("analyzer.python.distribution.enabled", this.pyDistributionAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.python.package.enabled", this.pyPackageAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.ruby.gemspec.enabled", this.rubygemsAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.openssl.enabled", this.opensslAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.cmake.enabled", this.cmakeAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.autoconf.enabled", this.autoconfAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.maveninstall.enabled", this.mavenInstallAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.pip.enabled", this.pipAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.pipfile.enabled", this.pipfileAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.composer.lock.enabled", this.composerAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.cpanfile.enabled", this.cpanfileAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.node.package.enabled", this.nodeAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.node.audit.enabled", this.nodeAuditAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.node.audit.use.cache", this.nodeAuditAnalyzerUseCache);
        this.settings.setBooleanIfNotNull("analyzer.node.package.skipdev", this.nodePackageSkipDevDependencies);
        this.settings.setBooleanIfNotNull("analyzer.node.audit.skipdev", this.nodeAuditSkipDevDependencies);
        this.settings.setBooleanIfNotNull("analyzer.yarn.audit.enabled", this.yarnAuditAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.pnpm.audit.enabled", this.pnpmAuditAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.retirejs.enabled", this.retireJsAnalyzerEnabled);
        this.settings.setStringIfNotNull("analyzer.retirejs.repo.js.url", this.retireJsUrl);
        this.settings.setBooleanIfNotNull("analyzer.retirejs.forceupdate", this.retireJsForceUpdate);
        this.settings.setBooleanIfNotNull("analyzer.mix.audit.enabled", this.mixAuditAnalyzerEnabled);
        this.settings.setStringIfNotNull("analyzer.mix.audit.path", this.mixAuditPath);
        this.settings.setBooleanIfNotNull("analyzer.bundle.audit.enabled", this.bundleAuditAnalyzerEnabled);
        this.settings.setStringIfNotNull("analyzer.bundle.audit.path", this.bundleAuditPath);
        this.settings.setStringIfNotNull("analyzer.bundle.audit.working.directory", this.bundleAuditWorkingDirectory);
        this.settings.setBooleanIfNotNull("analyzer.cocoapods.enabled", this.cocoapodsAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.swift.package.manager.enabled", this.swiftPackageManagerAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.swift.package.resolved.enabled", this.swiftPackageResolvedAnalyzerEnabled);
        this.settings.setBooleanIfNotNull("analyzer.ossindex.enabled", this.ossindexAnalyzerEnabled);
        this.settings.setStringIfNotEmpty("analyzer.ossindex.url", this.ossindexAnalyzerUrl);
        configureServerCredentials(this.ossIndexServerId, "analyzer.ossindex.user", "analyzer.ossindex.password");
        this.settings.setBooleanIfNotNull("analyzer.ossindex.use.cache", this.ossindexAnalyzerUseCache);
        this.settings.setBooleanIfNotNull("analyzer.ossindex.remote-error.warn-only", this.ossIndexWarnOnlyOnRemoteErrors);
        if (this.retirejs != null) {
            this.settings.setBooleanIfNotNull("analyzer.retirejs.filternonvulnerable", this.retirejs.getFilterNonVulnerable());
            this.settings.setArrayIfNotEmpty("analyzer.retirejs.filters", this.retirejs.getFilters());
        }
        this.settings.setStringIfNotEmpty("data.driver_name", this.databaseDriverName);
        this.settings.setStringIfNotEmpty("data.driver_path", this.databaseDriverPath);
        this.settings.setStringIfNotEmpty("data.connection_string", this.connectionString);
        if (this.databaseUser == null && this.databasePassword == null && this.serverId != null) {
            configureServerCredentials(this.serverId, "data.user", "data.password");
        } else {
            this.settings.setStringIfNotEmpty("data.user", this.databaseUser);
            this.settings.setStringIfNotEmpty("data.password", this.databasePassword);
        }
        this.settings.setStringIfNotEmpty("data.directory", this.dataDirectory);
        this.settings.setStringIfNotEmpty("data.file_name", this.dbFilename);
        this.settings.setStringIfNotEmpty("cve.url.modified", (String) Optional.ofNullable(this.cveUrlModified).filter(str -> {
            return !str.isEmpty();
        }).orElseGet(this::getDefaultCveUrlModified));
        this.settings.setStringIfNotEmpty("cve.url.base", this.cveUrlBase);
        this.settings.setStringIfNotEmpty("cve.download.waittime", this.cveWaitTime);
        this.settings.setIntIfNotNull("cve.check.validforhours", this.cveValidForHours);
        if (this.cveStartYear != null && this.cveStartYear.intValue() < 2002) {
            getLog().warn("Invalid configuration: cveStartYear must be 2002 or greater");
            this.cveStartYear = 2002;
        }
        this.settings.setIntIfNotNull("cve.startyear", this.cveStartYear);
        this.settings.setBooleanIfNotNull("odc.reports.pretty.print", this.prettyPrint);
        this.artifactScopeExcluded = new ArtifactScopeExcluded(this.skipTestScope, this.skipProvidedScope, this.skipSystemScope, this.skipRuntimeScope);
        this.artifactTypeExcluded = new ArtifactTypeExcluded(this.skipArtifactType);
        if (this.cveUser == null && this.cvePassword == null && this.cveServerId != null) {
            configureServerCredentials(this.cveServerId, "cve.user", "cve.password");
        } else {
            this.settings.setStringIfNotEmpty("cve.user", this.cveUser);
            this.settings.setStringIfNotEmpty("cve.password", this.cvePassword);
        }
        if (this.suppressionFileUser == null && this.suppressionFilePassword == null && this.suppressionFileServerId != null) {
            configureServerCredentials(this.suppressionFileServerId, "suppression.file.user", "suppression.file.password");
        } else {
            this.settings.setStringIfNotEmpty("suppression.file.user", this.suppressionFileUser);
            this.settings.setStringIfNotEmpty("suppression.file.password", this.suppressionFilePassword);
        }
    }

    private void configureServerCredentials(String str, String str2, String str3) {
        String handleSecDispatcherException;
        if (str != null) {
            Server server = this.settingsXml.getServer(str);
            if (server == null) {
                getLog().error(String.format("Server '%s' not found in the settings.xml file", str));
                return;
            }
            String username = server.getUsername();
            try {
                handleSecDispatcherException = decryptPasswordFromSettings(server.getPassword());
            } catch (SecDispatcherException e) {
                handleSecDispatcherException = handleSecDispatcherException("server", str, server.getPassword(), e);
            }
            this.settings.setStringIfNotEmpty(str2, username);
            this.settings.setStringIfNotEmpty(str3, handleSecDispatcherException);
        }
    }

    private String decryptPasswordFromSettings(String str) throws SecDispatcherException {
        if (this.securityDispatcher instanceof DefaultSecDispatcher) {
            this.securityDispatcher.setConfigurationFile("~/.m2/settings-security.xml");
        }
        return this.securityDispatcher.decrypt(str);
    }

    private String handleSecDispatcherException(String str, String str2, String str3, SecDispatcherException secDispatcherException) {
        String str4 = str3;
        if (!(secDispatcherException.getCause() instanceof FileNotFoundException) && (secDispatcherException.getCause() == null || !(secDispatcherException.getCause().getCause() instanceof FileNotFoundException))) {
            getLog().error(String.format("Unable to decrypt the %s password for %s id '%s' in settings.xml%n\tCause: %s", str, str, str2, secDispatcherException.getMessage()));
        } else if (str3.startsWith("{") && str3.endsWith("}")) {
            getLog().error(String.format("Unable to decrypt the %s password for %s id '%s' in settings.xml%n\tCause: %s", str, str, str2, secDispatcherException.getMessage()));
        } else {
            str4 = str3;
        }
        return str4;
    }

    private String[] determineSuppressions() {
        String[] strArr = this.suppressionFiles;
        if (this.suppressionFile != null) {
            if (strArr == null) {
                strArr = new String[]{this.suppressionFile};
            } else {
                strArr = (String[]) Arrays.copyOf(strArr, strArr.length + 1);
                strArr[strArr.length - 1] = this.suppressionFile;
            }
        }
        return strArr;
    }

    private void muteJCS() {
        for (String str : new String[]{"org.apache.commons.jcs.auxiliary.disk.AbstractDiskCache", "org.apache.commons.jcs.engine.memory.AbstractMemoryCache", "org.apache.commons.jcs.engine.control.CompositeCache", "org.apache.commons.jcs.auxiliary.disk.indexed.IndexedDiskCache", "org.apache.commons.jcs.engine.control.CompositeCache", "org.apache.commons.jcs.engine.memory.AbstractMemoryCache", "org.apache.commons.jcs.engine.control.event.ElementEventQueue", "org.apache.commons.jcs.engine.memory.AbstractDoubleLinkedListMemoryCache", "org.apache.commons.jcs.auxiliary.AuxiliaryCacheConfigurator", "org.apache.commons.jcs.engine.control.CompositeCacheManager", "org.apache.commons.jcs.utils.threadpool.ThreadPoolManager", "org.apache.commons.jcs.engine.control.CompositeCacheConfigurator"}) {
            try {
                Logger logger = LoggerFactory.getLogger(str);
                Field declaredField = logger.getClass().getSuperclass().getDeclaredField("currentLogLevel");
                declaredField.setAccessible(true);
                declaredField.set(logger, 40);
            } catch (IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
                getLog().debug("Failed to reset the log level of " + str + ", it will continue being noisy.");
            }
        }
    }

    private Proxy getMavenProxy() {
        List<Proxy> proxies;
        if (this.mavenSettings == null || (proxies = this.mavenSettings.getProxies()) == null || proxies.isEmpty()) {
            return null;
        }
        if (this.mavenSettingsProxyId != null) {
            for (Proxy proxy : proxies) {
                if (this.mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
                    return proxy;
                }
            }
            return null;
        }
        for (Proxy proxy2 : proxies) {
            if (proxy2.isActive()) {
                return proxy2;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MavenProject getProject() {
        return this.project;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<MavenProject> getReactorProjects() {
        return this.reactorProjects;
    }

    private Set<String> getFormats() {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = (this.formats == null || this.formats.length == 0) ? new HashSet() : new HashSet(Arrays.asList(this.formats));
        hashSet2.forEach(str -> {
            try {
                ReportGenerator.Format.valueOf(str.toUpperCase());
            } catch (IllegalArgumentException e) {
                hashSet.add(str);
            }
        });
        hashSet.forEach(str2 -> {
            getLog().warn("Invalid report format specified: " + str2);
        });
        if (hashSet2.contains("true")) {
            hashSet2.remove("true");
        }
        if (this.format != null && hashSet2.isEmpty()) {
            hashSet2.add(this.format);
        }
        return hashSet2;
    }

    public List<String> getExcludes() {
        if (this.excludes == null) {
            this.excludes = new ArrayList();
        }
        return this.excludes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Filter<String> getArtifactScopeExcluded() {
        return this.artifactScopeExcluded;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public org.owasp.dependencycheck.utils.Settings getSettings() {
        return this.settings;
    }

    protected void checkForFailure(org.owasp.dependencycheck.dependency.Dependency[] dependencyArr) throws MojoFailureException {
        StringBuilder sb = new StringBuilder();
        for (org.owasp.dependencycheck.dependency.Dependency dependency : dependencyArr) {
            boolean z = true;
            for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                float score = vulnerability.getCvssV2() != null ? vulnerability.getCvssV2().getScore() : -1.0f;
                float baseScore = vulnerability.getCvssV3() != null ? vulnerability.getCvssV3().getBaseScore() : -1.0f;
                float estimateCvssV2 = vulnerability.getUnscoredSeverity() != null ? SeverityUtil.estimateCvssV2(vulnerability.getUnscoredSeverity()) : -1.0f;
                if (this.failBuildOnAnyVulnerability || score >= this.failBuildOnCVSS || baseScore >= this.failBuildOnCVSS || estimateCvssV2 >= this.failBuildOnCVSS || this.failBuildOnCVSS <= 0.0f) {
                    String name = vulnerability.getName();
                    if (baseScore >= 0.0f) {
                        name = name + "(" + baseScore + ")";
                    } else if (score >= 0.0f) {
                        name = name + "(" + score + ")";
                    } else if (estimateCvssV2 >= 0.0f) {
                        name = name + "(" + estimateCvssV2 + ")";
                    }
                    if (z) {
                        z = false;
                        sb.append(NEW_LINE).append(dependency.getFileName()).append(": ");
                        sb.append(name);
                    } else {
                        sb.append(", ").append(name);
                    }
                }
            }
        }
        if (sb.length() > 0) {
            throw new MojoFailureException(this.showSummary ? this.failBuildOnAnyVulnerability ? String.format("%n%nOne or more dependencies were identified with vulnerabilities: %n%s%n%nSee the dependency-check report for more details.%n%n", sb) : String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %n%s%n%nSee the dependency-check report for more details.%n%n", Float.valueOf(this.failBuildOnCVSS), sb) : String.format("%n%nOne or more dependencies were identified with vulnerabilities.%n%nSee the dependency-check report for more details.%n%n", new Object[0]));
        }
    }

    protected void showSummary(MavenProject mavenProject, org.owasp.dependencycheck.dependency.Dependency[] dependencyArr) {
        if (this.showSummary) {
            DependencyCheckScanAgent.showSummary(mavenProject.getName(), dependencyArr);
        }
    }

    private String getDefaultCveUrlModified() {
        return CveUrlParser.newInstance(getSettings()).getDefaultCveUrlModified(this.cveUrlBase);
    }
}
