package com.meterian.cli.reports.gitlab;

import com.meterian.cli.reports.gitlab.GitlabReport;
import com.meterian.common.concepts.bare.BareAdvice;
import com.meterian.common.concepts.bare.BareExclusionsMap;
import com.meterian.common.concepts.bare.reports.BareFullReport;
import com.meterian.common.concepts.bare.reports.BareSecurityAdvice;
import com.meterian.common.functions.CollectionFunctions;
import com.meterian.common.functions.StringFunctions;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/meterian/cli/reports/gitlab/GitlabVulnerabilityCollector.class */
public class GitlabVulnerabilityCollector {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) GitlabVulnerabilityCollector.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/meterian/cli/reports/gitlab/GitlabVulnerabilityCollector$GitlabSourceType.class */
    public enum GitlabSourceType {
        meterian(bareAdvice -> {
            return bareAdvice.id.toString();
        }),
        cve(bareAdvice2 -> {
            return bareAdvice2.cve;
        }),
        cwe(bareAdvice3 -> {
            return bareAdvice3.cwe;
        }),
        ghsa(bareAdvice4 -> {
            return bareAdvice4.cve;
        });

        private final Function<BareAdvice, String> sourceIdentifier;

        GitlabSourceType(Function function) {
            this.sourceIdentifier = function;
        }

        public static GitlabSourceType fromAdvice(BareAdvice bareAdvice) {
            boolean z = !StringFunctions.isEmptyOrWhitespaces(bareAdvice.cve);
            boolean z2 = !StringFunctions.isEmptyOrWhitespaces(bareAdvice.cwe);
            if (!z && !z2) {
                return meterian;
            }
            if (z && StringFunctions.startsWithIgnoreCase(bareAdvice.cve, "cve")) {
                return cve;
            }
            if (z && StringFunctions.startsWithIgnoreCase(bareAdvice.cve, "ghsa")) {
                return ghsa;
            }
            if (z2 && StringFunctions.startsWithIgnoreCase(bareAdvice.cwe, "cwe")) {
                return cwe;
            }
            GitlabVulnerabilityCollector.log.warn("could not determine the source of {}", bareAdvice.toString());
            return meterian;
        }

        public String getSourceIdentifier(BareAdvice bareAdvice) {
            return this.sourceIdentifier.apply(bareAdvice);
        }
    }

    /* loaded from: input_file:com/meterian/cli/reports/gitlab/GitlabVulnerabilityCollector$VulnerabilityBuilder.class */
    private static class VulnerabilityBuilder {
        private String id;
        private GitlabReport.Location location;
        private List<GitlabReport.InformationSource> identifiers;
        private String description;
        private GitlabReport.GitlabSeverity severity;
        private GitlabReport.GitlabScanner scanner;
        private List<GitlabReport.Link> links;
        private String solution;
        private GitlabReport.MarkdownDescription markdownDescription;

        private VulnerabilityBuilder() {
            this.identifiers = new ArrayList();
            this.links = new ArrayList();
        }

        public VulnerabilityBuilder withId(String str) {
            this.id = str;
            return this;
        }

        public VulnerabilityBuilder withSources(List<GitlabReport.InformationSource> list) {
            this.identifiers.addAll(list);
            return this;
        }

        public VulnerabilityBuilder withDescription(String str) {
            this.description = str;
            return this;
        }

        public VulnerabilityBuilder withSeverity(BareAdvice.Severity severity) {
            this.severity = GitlabReport.GitlabSeverity.fromMeterianSeverity(severity);
            return this;
        }

        public VulnerabilityBuilder withUrls(List<GitlabReport.Link> list) {
            this.links.addAll(list);
            return this;
        }

        public VulnerabilityBuilder withSolution(String str) {
            this.solution = str;
            return this;
        }

        public VulnerabilityBuilder withLocation(GitlabReport.Location location) {
            this.location = location;
            return this;
        }

        public VulnerabilityBuilder withMarkdown(GitlabReport.MarkdownDescription markdownDescription) {
            this.markdownDescription = markdownDescription;
            return this;
        }

        public GitlabReport.GitlabVulnerability build() {
            return new GitlabReport.GitlabVulnerability(this.id, this.location, this.identifiers, this.description, this.severity, this.solution, this.scanner, this.links, this.markdownDescription);
        }
    }

    public List<GitlabReport.GitlabVulnerability> collectAll(File file, BareFullReport bareFullReport, String str) {
        log.info("collecting vulnerability iniformation from full report");
        return (List) bareFullReport.security.reports.stream().flatMap(bareSecuritySingleReportV2 -> {
            return bareSecuritySingleReportV2.reports.stream();
        }).flatMap(bareSecurityAdvice -> {
            return getVulnerabilitiesFrom(file, bareFullReport.exclusions, bareSecurityAdvice, str).stream();
        }).collect(Collectors.toList());
    }

    public List<GitlabReport.GitlabVulnerability> getVulnerabilitiesFrom(File file, BareExclusionsMap bareExclusionsMap, BareSecurityAdvice bareSecurityAdvice, String str) {
        log.debug("recording securityAdvice {}", bareSecurityAdvice);
        GitlabReport.Location location = getLocation(file, bareSecurityAdvice);
        String remediation = getRemediation(bareSecurityAdvice);
        return (List) bareSecurityAdvice.advices.stream().filter(bareAdvice -> {
            return !isExcluded(bareExclusionsMap, bareAdvice);
        }).map(bareAdvice2 -> {
            return new VulnerabilityBuilder().withId(bareAdvice2.id.toString()).withSources(getVulnerabilityInfoSources(bareAdvice2)).withUrls(getLinksFrom(bareAdvice2.withExpandedUrls())).withLocation(location).withSeverity(bareAdvice2.severity).withSolution(remediation).withDescription(bareAdvice2.description).withMarkdown(getMarkdownDescription(bareSecurityAdvice, str)).build();
        }).collect(Collectors.toList());
    }

    private boolean isExcluded(BareExclusionsMap bareExclusionsMap, BareAdvice bareAdvice) {
        if (bareAdvice.exclusions != null && !bareAdvice.exclusions.isEmpty()) {
            log.debug("for component::{} advice {} is excluded", bareAdvice.library.name, bareAdvice.id);
            return true;
        }
        boolean z = bareExclusionsMap.getSecurity().getAdvices().stream().anyMatch(bareExclusionByUUID -> {
            return bareExclusionByUUID.uuid.equals(bareAdvice.id.toString());
        }) || bareExclusionsMap.getSecurity().getCves().stream().anyMatch(bareExclusionByCVE -> {
            return bareExclusionByCVE.cve.equals(bareAdvice.cve);
        }) || bareExclusionsMap.getSecurity().getLibraries().stream().anyMatch(bareExclusionByLibrary -> {
            return bareExclusionByLibrary.library.equals(bareAdvice.library);
        });
        log.debug("{} is excluded", bareAdvice.id.toString());
        return z;
    }

    private String getRemediation(BareSecurityAdvice bareSecurityAdvice) {
        log.debug("{} :: safe versions {}", bareSecurityAdvice.dependency.name(), bareSecurityAdvice.safeVersions);
        if (!bareSecurityAdvice.safeVersions.hasSafeVersion()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        sb.append("This issue is fixed in versions:");
        if (bareSecurityAdvice.safeVersions.getLatestPatch() != null) {
            sb.append(' ');
            sb.append(bareSecurityAdvice.safeVersions.getLatestPatch());
            sb.append(',');
        }
        if (bareSecurityAdvice.safeVersions.getLatestMinor() != null) {
            sb.append(' ');
            sb.append(bareSecurityAdvice.safeVersions.getLatestMinor());
            sb.append(',');
        }
        if (bareSecurityAdvice.safeVersions.getLatestMajor() != null) {
            sb.append(' ');
            sb.append(bareSecurityAdvice.safeVersions.getLatestMajor());
        }
        if (sb.charAt(sb.length() - 1) == ',') {
            sb.setCharAt(sb.length() - 1, ' ');
        } else {
            sb.append(' ');
        }
        sb.append("of ");
        sb.append(bareSecurityAdvice.dependency.name());
        return sb.toString();
    }

    private List<GitlabReport.InformationSource> getVulnerabilityInfoSources(BareAdvice bareAdvice) {
        ArrayList arrayList = new ArrayList();
        GitlabSourceType fromAdvice = GitlabSourceType.fromAdvice(bareAdvice);
        arrayList.add(new GitlabReport.InformationSource(fromAdvice.toString(), fromAdvice.getSourceIdentifier(bareAdvice), fromAdvice.getSourceIdentifier(bareAdvice)));
        return arrayList;
    }

    private GitlabReport.MarkdownDescription getMarkdownDescription(BareSecurityAdvice bareSecurityAdvice, String str) {
        StringBuilder sb = new StringBuilder();
        sb.append("### Heirarchy");
        sb.append("  \n");
        StringBuilder sb2 = new StringBuilder();
        for (String str2 : bareSecurityAdvice.hierarchy) {
            sb.append(sb2.toString());
            sb.append("+ ");
            sb.append(str2);
            sb.append("  \n");
            sb2.append("  ");
        }
        return new GitlabReport.MarkdownDescription("More info", sb.toString() + (!StringFunctions.isEmptyOrWhitespaces(str) ? String.format("### Full Meterian Report  \n[%s](%s)  \n", str, str) : ""));
    }

    private GitlabReport.Location getLocation(File file, BareSecurityAdvice bareSecurityAdvice) {
        String dependencyPath = getDependencyPath(file, bareSecurityAdvice);
        log.debug("{} location: {}", bareSecurityAdvice.dependency.name(), dependencyPath);
        return new GitlabReport.Location(dependencyPath, bareSecurityAdvice.dependency.name(), bareSecurityAdvice.dependency.version());
    }

    private String getDependencyPath(File file, BareSecurityAdvice bareSecurityAdvice) {
        List<String> list = bareSecurityAdvice.locations;
        Set<String> locations = bareSecurityAdvice.dependency.locations();
        return !list.isEmpty() ? GitlabDependencyCollector.getRelativeLocation(file, (String) CollectionFunctions.first(list)) : !locations.isEmpty() ? GitlabDependencyCollector.getRelativeLocation(file, (String) CollectionFunctions.first(locations)) : " ";
    }

    private List<GitlabReport.Link> getLinksFrom(BareAdvice bareAdvice) {
        log.debug("gettings links");
        List<GitlabReport.Link> list = (List) bareAdvice.links.stream().peek(link -> {
            log.debug("type: {}, url: {}", link.type, link.url);
        }).map(link2 -> {
            return new GitlabReport.Link(forceNormalizedCVEUrl(link2.url));
        }).distinct().collect(Collectors.toList());
        log.debug("collected {} links", Integer.valueOf(list.size()));
        return list;
    }

    private String forceNormalizedCVEUrl(String str) {
        return StringFunctions.startsWithIgnoreCase(str, "cve") ? BareAdvice.Link.normalizeCVEUrl(str) : str;
    }
}
