package com.meterian.cli.contained.advisories;

import com.meterian.cli.contained.advisories.VersionMatchers;
import com.meterian.common.concepts.Language;
import com.meterian.common.concepts.bare.BareAdvice;
import com.meterian.common.concepts.bare.BareLibrary;
import com.meterian.common.functions.FileFunctions;
import com.meterian.common.functions.StringFunctions;
import java.math.BigDecimal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:com/meterian/cli/contained/advisories/Advisory.class */
public class Advisory {
    private UUID id;
    private String source;
    private BareLibrary library;
    private String description;
    private BareAdvice.Severity severity;
    private List<BareAdvice.Link> links;
    private BigDecimal cvss;
    private String versionRange;
    private String cve;
    private String cwe;
    private List<String> fixedVersions;
    private transient VersionMatchers.VersionMatcher versionMatcher;
    private static final Map<String, String> CVE_RANGE_CORRECTIONS;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Advisory.class);
    private static final BigDecimal SEVERITY_THRESHOLD_SUGG = BigDecimal.valueOf(1.0d);
    private static final BigDecimal SEVERITY_THRESHOLD_MEDI = BigDecimal.valueOf(4.0d);
    private static final BigDecimal SEVERITY_THRESHOLD_HIGH = BigDecimal.valueOf(7.0d);
    private static final Map<BareAdvice.Severity, BigDecimal> MAX_CVSS_BY_SEVERITY = new HashMap();

    public Advisory(UUID uuid, String str, BareLibrary bareLibrary, String str2, BareAdvice.Severity severity, BigDecimal bigDecimal, List<BareAdvice.Link> list, String str3) {
        this(uuid, str, bareLibrary, str2, severity, bigDecimal, list, str3, null, null);
    }

    public Advisory(UUID uuid, String str, BareLibrary bareLibrary, String str2, BareAdvice.Severity severity, BigDecimal bigDecimal, List<BareAdvice.Link> list, String str3, String str4, String str5) {
        this.id = uuid;
        this.source = str;
        this.library = bareLibrary;
        this.description = str2;
        this.severity = severity;
        this.links = list == null ? Collections.emptyList() : Collections.unmodifiableList(list);
        this.cvss = bigDecimal;
        this.versionRange = str3;
        this.cwe = str4;
        this.cve = str5 != null ? str5 : BareAdvice.computeCVE(this.links);
    }

    public UUID getId() {
        return this.id;
    }

    public String getSource() {
        return this.source;
    }

    public BareLibrary getLibrary() {
        return this.library;
    }

    public String getDescription() {
        return this.description;
    }

    public BareAdvice.Severity getSeverity() {
        return this.severity;
    }

    public List<BareAdvice.Link> getLinks() {
        return this.links;
    }

    public BigDecimal getCvss() {
        return this.cvss;
    }

    public String getVersionRange() {
        return this.versionRange;
    }

    public String getCve() {
        return this.cve;
    }

    public String getCwe() {
        return this.cwe;
    }

    public void forceSource(String str) {
        this.source = str;
    }

    public List<String> getFixedVersions() {
        return this.fixedVersions;
    }

    public boolean appliesTo(String str, String str2) {
        try {
            if (nameMatches(str)) {
                if (versionMatches(str2)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.error("Something went wrong with advice " + this.id + " while checking library " + this.library + " version " + str2, (Throwable) e);
            return false;
        }
    }

    public boolean versionMatches(String str) {
        if (str == null) {
            return true;
        }
        return versionMatcher().matches(this.versionRange, str);
    }

    private boolean nameMatches(String str) {
        String str2 = this.library.name;
        return str2.contains("*") ? str.toLowerCase().startsWith(str2.toLowerCase().replace("*", "")) : this.library.language == Language.golang ? str.toLowerCase().startsWith(str2.toLowerCase()) : this.library.language == Language.perl ? convertToCpanName(str).equals(str2) : str.equalsIgnoreCase(str2);
    }

    public static String convertToCpanName(String str) {
        return str.replaceAll("-", "::");
    }

    private final VersionMatchers.VersionMatcher versionMatcher() {
        if (this.versionMatcher == null) {
            this.versionMatcher = VersionMatchers.findForRange(this.versionRange);
        }
        return this.versionMatcher;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return this.id.equals(((Advisory) obj).id);
    }

    public int hashCode() {
        return this.id.hashCode();
    }

    public String toString() {
        return "[id=" + this.id + ", library=" + this.library + ", severity=" + this.severity + ", range=" + this.versionRange + ", cvss=" + this.cvss + PropertyAccessor.PROPERTY_KEY_SUFFIX;
    }

    public Advisory cleanup() {
        this.versionRange = cleanupVersionRange(this.versionRange);
        if (this.fixedVersions == null) {
            this.fixedVersions = computeFixedVersions();
        }
        if (this.cve == null) {
            this.cve = computeCVE();
        }
        if (this.cve != null) {
            this.cve = this.cve.trim();
            if (!isValidCVE(this.cve)) {
                this.cve = null;
            }
        }
        if (!isValidCWE(this.cwe)) {
            if (this.cwe != null) {
                log.debug("Detected advice with invalid CWE: {}", this.cwe);
            }
            this.cwe = null;
        }
        if (this.library.name.indexOf(32) != -1) {
            log.debug("Detected advice with name containing spaces: library='{}', uuid={} - trimmed it :)", this.library, this.id);
            this.library = new BareLibrary(this.library.name.trim(), this.library.language);
        }
        if (this.cvss == null || this.severity == null) {
            boolean z = this.cvss == null && this.severity == null;
            if (this.severity == null) {
                if (this.cvss == null) {
                    this.severity = BareAdvice.Severity.MEDIUM;
                } else {
                    this.severity = computeSeverity(this.cvss);
                }
                log.debug("Advice {} in database {} does not declare severity, asssuming severity = {}, cvss = {}", this.id, this.source, this.severity, this.cvss);
            }
            if (this.cvss == null) {
                this.cvss = computeCvss(this.severity);
                log.debug("Advice {} in database {} does not declare cvss, asssuming severity = {}, cvss = {}", this.id, this.source, this.severity, this.cvss);
            }
            if (z) {
                log.warn("Advice {} in database {} does not declare cvss or severity: asssuming severity = {}, cvss = {}", this.id, this.source, this.severity, this.cvss);
            }
        }
        if (this.severity != BareAdvice.Severity.HIGH) {
            BigDecimal orDefault = MAX_CVSS_BY_SEVERITY.getOrDefault(this.severity, BigDecimal.TEN);
            if (log.isDebugEnabled() && this.cvss.compareTo(orDefault) > 0) {
                log.debug("Advice {} in database {} has severity {} and cvsss {}: will be adjusted!", this.id, this.source, this.severity, this.cvss);
            }
            this.cvss = this.cvss.min(orDefault);
        }
        if (this.library.language == Language.perl) {
            this.library = new BareLibrary(convertToCpanName(this.library.name), this.library.language);
        }
        if (StringFunctions.hasHighSurrogateChars(this.description)) {
            this.description = StringFunctions.removeHighSurrogateChars(this.description);
        }
        return this;
    }

    private List<String> computeFixedVersions() {
        List<String> fixedVersions = versionMatcher().getFixedVersions(this.versionRange);
        if (fixedVersions == null) {
            log.debug("No fixes for advice {}", this);
        }
        return fixedVersions;
    }

    private String computeCVE() {
        if (this.links == null) {
            return null;
        }
        Iterator<BareAdvice.Link> it = this.links.iterator();
        while (it.hasNext()) {
            String computeCVE = it.next().computeCVE();
            if (computeCVE != null) {
                return computeCVE;
            }
        }
        return null;
    }

    public static boolean isValidCVE(String str) {
        return str != null && str.toLowerCase().startsWith("cve-");
    }

    private static String cleanupVersionRange(String str) {
        if (str != null) {
            str = str.replaceAll("\\s", "");
        }
        return str;
    }

    public static boolean isValidCWE(String str) {
        return str != null && str.toLowerCase().startsWith("cwe-");
    }

    public static BareAdvice.Severity computeSeverity(BigDecimal bigDecimal) {
        return (bigDecimal == null || bigDecimal.doubleValue() == 0.0d) ? BareAdvice.Severity.NONE : bigDecimal.compareTo(SEVERITY_THRESHOLD_SUGG) < 0 ? BareAdvice.Severity.SUGGEST : bigDecimal.compareTo(SEVERITY_THRESHOLD_MEDI) < 0 ? BareAdvice.Severity.LOW : bigDecimal.compareTo(SEVERITY_THRESHOLD_HIGH) < 0 ? BareAdvice.Severity.MEDIUM : BareAdvice.Severity.HIGH;
    }

    public static BigDecimal computeCvss(BareAdvice.Severity severity) {
        BigDecimal bigDecimal;
        switch (severity) {
            case HIGH:
                bigDecimal = BigDecimal.valueOf(9L);
                break;
            case MEDIUM:
                bigDecimal = BigDecimal.valueOf(5L);
                break;
            case LOW:
                bigDecimal = BigDecimal.valueOf(2L);
                break;
            case SUGGEST:
                bigDecimal = BigDecimal.valueOf(0.25d);
                break;
            case NA:
            case NONE:
                bigDecimal = BigDecimal.ZERO;
                break;
            default:
                log.warn("Unknown severity when parsing advice - wtf?");
                bigDecimal = BigDecimal.ZERO;
                break;
        }
        return bigDecimal;
    }

    public void applyCveRangeCorrection() {
        applyCveRangeCorrection(this.cve);
    }

    private void applyCveRangeCorrection(String str) {
        String str2;
        if (str == null || (str2 = CVE_RANGE_CORRECTIONS.get(str)) == null) {
            return;
        }
        this.versionRange = cleanupVersionRange(str2);
        if (log.isDebugEnabled()) {
            log.debug("Advice {} CVE {} corrected its range to {}", this.id, str, str2);
        }
    }

    public BareAdvice toBareAdvice() {
        return new BareAdvice(this.id, this.library, this.description, this.severity, this.cvss, BareAdvice.AdviceType.SECURITY, this.links, this.versionRange, Collections.emptySet(), this.cwe, this.cve);
    }

    static {
        BigDecimal valueOf = BigDecimal.valueOf(0.25d);
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.HIGH, BigDecimal.TEN);
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.MEDIUM, computeCvss(BareAdvice.Severity.HIGH).subtract(valueOf));
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.LOW, computeCvss(BareAdvice.Severity.MEDIUM).subtract(valueOf));
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.SUGGEST, valueOf);
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.NONE, BigDecimal.ZERO);
        MAX_CVSS_BY_SEVERITY.put(BareAdvice.Severity.NA, BigDecimal.ZERO);
        CVE_RANGE_CORRECTIONS = new HashMap();
        for (Map.Entry entry : FileFunctions.loadPropertiesFromResource("/cve-range-corrections.properties", false).entrySet()) {
            CVE_RANGE_CORRECTIONS.put(entry.getKey().toString(), entry.getValue().toString());
        }
        log.debug("Loaded {} range corrections from internal database", Integer.valueOf(CVE_RANGE_CORRECTIONS.size()));
    }
}
