package net.ossindex.maven.plugin;

import java.io.IOException;
import java.net.SocketException;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import net.ossindex.common.resource.ScmResource;
import net.ossindex.common.resource.VulnerabilityResource;
import net.ossindex.common.utils.PackageDependency;
import net.ossindex.maven.utils.DependencyAuditor;
import org.apache.maven.model.Dependency;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.eclipse.aether.RepositorySystem;
import org.eclipse.aether.RepositorySystemSession;
import org.eclipse.aether.repository.RemoteRepository;

@Mojo(name = "audit")
/* loaded from: input_file:net/ossindex/maven/plugin/OssIndexMojo.class */
public class OssIndexMojo extends AbstractMojo {

    @Component
    private RepositorySystem repoSystem;

    @Parameter(defaultValue = "${repositorySystemSession}", readonly = true)
    private RepositorySystemSession repoSession;

    @Parameter(defaultValue = "${project.remoteProjectRepositories}", readonly = true)
    private List<RemoteRepository> projectRepos;

    @Parameter(defaultValue = "${project.remotePluginRepositories}", readonly = true)
    private List<RemoteRepository> pluginRepos;

    @Parameter(defaultValue = "${project}", readonly = true, required = true)
    private MavenProject project;

    public void execute() throws MojoExecutionException, MojoFailureException {
        DependencyAuditor dependencyAuditor = new DependencyAuditor(this.repoSystem, this.repoSession);
        try {
            getLog().info("OSS Index dependency audit");
            int i = 0;
            for (Dependency dependency : this.project.getDependencies()) {
                try {
                    Iterator<PackageDependency> it = dependencyAuditor.auditArtifact(dependency.getGroupId(), dependency.getArtifactId(), dependency.getVersion()).iterator();
                    while (it.hasNext()) {
                        i += report(it.next());
                    }
                } catch (SocketException e) {
                    getLog().error(e.getMessage());
                } catch (IOException e2) {
                    getLog().error("Exception auditing dependency " + dependency.getGroupId() + ":" + dependency.getArtifactId() + ":" + dependency.getVersion(), e2);
                }
            }
            if (i > 0) {
                throw new MojoFailureException(i + " known vulnerabilities affecting project dependencies");
            }
        } finally {
            dependencyAuditor.close();
        }
    }

    private int report(PackageDependency packageDependency) throws IOException {
        int i = 0;
        String id = packageDependency.getId();
        ScmResource scm = packageDependency.getScm();
        if (scm != null) {
            VulnerabilityResource[] vulnerabilities = scm.getVulnerabilities();
            if (vulnerabilities == null) {
                getLog().info(id + "  No known vulnerabilities");
            } else if (vulnerabilities.length > 0) {
                LinkedList<VulnerabilityResource> linkedList = new LinkedList();
                for (VulnerabilityResource vulnerabilityResource : vulnerabilities) {
                    if (vulnerabilityResource.appliesTo(packageDependency.getVersion())) {
                        linkedList.add(vulnerabilityResource);
                    }
                    vulnerabilityResource.getUri();
                    vulnerabilityResource.getDescription();
                }
                if (linkedList.isEmpty()) {
                    getLog().info(id + "  " + vulnerabilities.length + " known vulnerabilities, 0 affecting installed version");
                } else {
                    getLog().error("");
                    getLog().error("--------------------------------------------------------------");
                    getLog().error(id + "  [VULNERABLE]");
                    getLog().error(vulnerabilities.length + " known vulnerabilities, " + linkedList.size() + " affecting installed version");
                    getLog().error("");
                    for (VulnerabilityResource vulnerabilityResource2 : linkedList) {
                        getLog().error(vulnerabilityResource2.getUri().toString());
                        getLog().error(vulnerabilityResource2.getDescription());
                        getLog().error("");
                    }
                    getLog().error("--------------------------------------------------------------");
                    getLog().error("");
                    i = 0 + linkedList.size();
                }
            } else {
                getLog().info(id + "  No known vulnerabilities");
            }
        } else {
            getLog().info(id + "  Unknown source for package");
        }
        return i;
    }
}
