package com.meterian.scanners.javascript.h3xe;

import com.h3xstream.retirejs.repo.JsLibrary;
import com.h3xstream.retirejs.repo.JsLibraryResult;
import com.h3xstream.retirejs.repo.JsVulnerability;
import com.h3xstream.retirejs.repo.VulnerabilitiesRepository;
import com.h3xstream.retirejs.util.CompareVersionUtil;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/meterian/scanners/javascript/h3xe/OurVulnerabilitiesRepository.class */
public class OurVulnerabilitiesRepository extends VulnerabilitiesRepository {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OurVulnerabilitiesRepository.class);

    public OurVulnerabilitiesRepository(VulnerabilitiesRepository vulnerabilitiesRepository) {
        this.jsLibrares = getLibraries(vulnerabilitiesRepository);
        addRegexForCDNs();
    }

    @Override // com.h3xstream.retirejs.repo.VulnerabilitiesRepository
    public List<JsLibraryResult> findByUri(String str) {
        try {
            return super.findByUri(str);
        } catch (Exception e) {
            log.warn("Unexpected!", (Throwable) e);
            return Collections.emptyList();
        }
    }

    public List<JsLibraryResult> findByNameAndVersion(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        for (JsLibrary jsLibrary : this.jsLibrares) {
            if (str.equalsIgnoreCase(jsLibrary.getName())) {
                for (JsVulnerability jsVulnerability : jsLibrary.getVulnerabilities()) {
                    if (str2 != null && CompareVersionUtil.isUnder(str2, jsVulnerability.getBelow()) && (jsVulnerability.getAtOrAbove() == null || CompareVersionUtil.atOrAbove(str2, jsVulnerability.getAtOrAbove()))) {
                        log.info("Vulnerability found: {} below {}", jsLibrary.getName(), jsVulnerability.getBelow());
                        arrayList.add(new JsLibraryResult(jsLibrary, jsVulnerability, str2, null, null));
                    }
                }
            }
        }
        return arrayList;
    }

    private void addRegexForCDNs() {
        ArrayList arrayList = new ArrayList();
        for (JsLibrary jsLibrary : this.jsLibrares) {
            if (jsLibrary.getName() == null || "dont check".equals(jsLibrary.getName())) {
                arrayList.add(jsLibrary);
            } else {
                List<String> uris = jsLibrary.getUris();
                if (uris == null) {
                    log.debug("No regex uris for library {}", jsLibrary.getName());
                    uris = new ArrayList();
                    jsLibrary.setUris(uris);
                }
                uris.add("/([0-9][0-9.a-z_\\\\-]+)/js/" + jsLibrary.getName() + "(\\.min)?\\.js");
            }
        }
        this.jsLibrares.removeAll(arrayList);
        log.debug("Added regexes for CDN style url recognition");
    }

    public static List<JsLibrary> getLibraries(VulnerabilitiesRepository vulnerabilitiesRepository) {
        try {
            Field declaredField = VulnerabilitiesRepository.class.getDeclaredField("jsLibrares");
            declaredField.setAccessible(true);
            return (List) declaredField.get(vulnerabilitiesRepository);
        } catch (Exception e) {
            log.warn("Unexpected!", (Throwable) e);
            throw new RuntimeException("Unable to access VulnerabilitiesRepository libraries!");
        }
    }
}
