package net.ossindex.maven.plugin;

import com.google.gson.GsonBuilder;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import net.ossindex.common.VulnerabilityDescriptor;
import net.ossindex.maven.utils.DependencyAuditor;
import net.ossindex.maven.utils.MavenIdWrapper;
import net.ossindex.maven.utils.MavenPackageDescriptor;
import net.ossindex.maven.utils.OssIndexResultsWrapper;
import org.apache.commons.io.FileUtils;
import org.apache.log4j.BasicConfigurator;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.maven.model.Dependency;
import org.apache.maven.model.Exclusion;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.eclipse.aether.RepositorySystem;
import org.eclipse.aether.RepositorySystemSession;
import org.eclipse.aether.repository.RemoteRepository;

@Mojo(name = "audit")
/* loaded from: input_file:net/ossindex/maven/plugin/OssIndexMojo.class */
public class OssIndexMojo extends AbstractMojo {

    @Component
    private RepositorySystem repoSystem;

    @Parameter(defaultValue = "${repositorySystemSession}", readonly = true)
    private RepositorySystemSession repoSession;

    @Parameter(defaultValue = "${project.remoteProjectRepositories}", readonly = true)
    private List<RemoteRepository> projectRepos;

    @Parameter(defaultValue = "${project.remotePluginRepositories}", readonly = true)
    private List<RemoteRepository> pluginRepos;

    @Parameter(defaultValue = "${project}", readonly = true, required = true)
    private MavenProject project;

    @Parameter(property = "audit.ignore", defaultValue = "")
    private String ignore;

    @Parameter(property = "audit.failOnError", defaultValue = "true")
    private String failOnError;

    @Parameter(property = "audit.output", defaultValue = "")
    private String output;
    private Set<String> ignoreSet = new HashSet();
    private Set<File> outputFiles = new HashSet();

    public void execute() throws MojoExecutionException, MojoFailureException {
        if (this.ignore != null) {
            this.ignore = this.ignore.trim();
            if (!this.ignore.isEmpty()) {
                for (String str : this.ignore.split(",")) {
                    this.ignoreSet.add(str.trim());
                }
            }
        }
        if (this.output != null) {
            this.output = this.output.trim();
            if (!this.output.isEmpty()) {
                for (String str2 : this.output.split(",")) {
                    this.outputFiles.add(new File(str2));
                }
            }
        }
        DependencyAuditor dependencyAuditor = new DependencyAuditor(this.repoSystem, this.repoSession);
        try {
            try {
                getLog().info("OSS Index dependency audit");
                int i = 0;
                for (Dependency dependency : this.project.getDependencies()) {
                    List<Exclusion> exclusions = dependency.getExclusions();
                    HashSet hashSet = new HashSet();
                    for (Exclusion exclusion : exclusions) {
                        hashSet.add(exclusion.getGroupId() + ":" + exclusion.getArtifactId());
                    }
                    dependencyAuditor.add(dependency.getGroupId(), dependency.getArtifactId(), dependency.getVersion(), hashSet);
                }
                Collection<MavenPackageDescriptor> run = dependencyAuditor.run();
                for (MavenPackageDescriptor mavenPackageDescriptor : run) {
                    String mavenPackageId = mavenPackageDescriptor.getMavenPackageId();
                    String mavenVersionId = mavenPackageDescriptor.getMavenVersionId();
                    if (!this.ignoreSet.contains(mavenPackageId) && !this.ignoreSet.contains(mavenVersionId)) {
                        i += report(mavenPackageDescriptor.getParent(), mavenPackageDescriptor);
                    }
                }
                for (File file : this.outputFiles) {
                    if (file.getName().endsWith(".txt")) {
                        exportTxt(file, run);
                    }
                    if (file.getName().endsWith(".json")) {
                        exportJson(file, run);
                    }
                    if (file.getName().endsWith(".xml")) {
                        exportXml(file, run);
                    }
                }
                if (i > 0 && "true".equals(this.failOnError)) {
                    throw new MojoFailureException(i + " known vulnerabilities affecting project dependencies");
                }
            } catch (IOException e) {
                e.printStackTrace();
                dependencyAuditor.close();
            }
        } finally {
            dependencyAuditor.close();
        }
    }

    private void exportTxt(File file, Collection<MavenPackageDescriptor> collection) {
        PrintWriter printWriter = null;
        try {
            try {
                printWriter = new PrintWriter(new FileWriter(file));
                for (MavenPackageDescriptor mavenPackageDescriptor : collection) {
                    MavenIdWrapper parent = mavenPackageDescriptor.getParent();
                    String mavenVersionId = mavenPackageDescriptor.getMavenVersionId();
                    int vulnerabilityTotal = mavenPackageDescriptor.getVulnerabilityTotal();
                    List<VulnerabilityDescriptor> vulnerabilities = mavenPackageDescriptor.getVulnerabilities();
                    if (vulnerabilities != null && !vulnerabilities.isEmpty()) {
                        int vulnerabilityMatches = mavenPackageDescriptor.getVulnerabilityMatches();
                        printWriter.println("");
                        printWriter.println("--------------------------------------------------------------");
                        printWriter.println(mavenVersionId + "  [VULNERABLE]");
                        if (parent != null) {
                            printWriter.println("  required by " + parent.getMavenVersionId());
                        }
                        printWriter.println(vulnerabilityTotal + " known vulnerabilities, " + vulnerabilityMatches + " affecting installed version");
                        printWriter.println("");
                        for (VulnerabilityDescriptor vulnerabilityDescriptor : vulnerabilities) {
                            printWriter.println(vulnerabilityDescriptor.getTitle());
                            printWriter.println(vulnerabilityDescriptor.getUriString());
                            printWriter.println(vulnerabilityDescriptor.getDescription());
                            printWriter.println("");
                        }
                        printWriter.println("--------------------------------------------------------------");
                        printWriter.println("");
                    } else if (vulnerabilityTotal > 0) {
                        printWriter.println(mavenVersionId + ": " + vulnerabilityTotal + " known vulnerabilities, 0 affecting installed version");
                    } else {
                        printWriter.println(mavenVersionId + ": No known vulnerabilities");
                    }
                }
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                getLog().warn("Cannot export to " + file + ": " + e.getMessage());
                if (printWriter != null) {
                    printWriter.close();
                }
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }

    private void exportJson(File file, Collection<MavenPackageDescriptor> collection) {
        try {
            FileUtils.writeStringToFile(file, new GsonBuilder().disableHtmlEscaping().setPrettyPrinting().create().toJson(collection));
        } catch (IOException e) {
            getLog().warn("Cannot export to " + file + ": " + e.getMessage());
        }
    }

    private void exportXml(File file, Collection<MavenPackageDescriptor> collection) {
        OssIndexResultsWrapper ossIndexResultsWrapper = new OssIndexResultsWrapper(collection);
        FileOutputStream fileOutputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(file);
                Marshaller createMarshaller = JAXBContext.newInstance(new Class[]{OssIndexResultsWrapper.class}).createMarshaller();
                createMarshaller.setProperty("jaxb.formatted.output", Boolean.TRUE);
                createMarshaller.marshal(ossIndexResultsWrapper, fileOutputStream);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        getLog().warn("Exception closing " + file + ": " + e.getMessage());
                    }
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                        getLog().warn("Exception closing " + file + ": " + e2.getMessage());
                    }
                }
                throw th;
            }
        } catch (JAXBException e3) {
            e3.printStackTrace();
            getLog().warn("Cannot export to " + file + ": " + e3.getMessage());
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    getLog().warn("Exception closing " + file + ": " + e4.getMessage());
                }
            }
        } catch (FileNotFoundException e5) {
            getLog().warn("Cannot export to " + file + ": " + e5.getMessage());
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e6) {
                    getLog().warn("Exception closing " + file + ": " + e6.getMessage());
                }
            }
        }
    }

    private int report(MavenIdWrapper mavenIdWrapper, MavenPackageDescriptor mavenPackageDescriptor) throws IOException {
        int i = 0;
        String mavenVersionId = mavenPackageDescriptor.getMavenVersionId();
        int vulnerabilityTotal = mavenPackageDescriptor.getVulnerabilityTotal();
        List<VulnerabilityDescriptor> vulnerabilities = mavenPackageDescriptor.getVulnerabilities();
        if (vulnerabilities != null && !vulnerabilities.isEmpty()) {
            int vulnerabilityMatches = mavenPackageDescriptor.getVulnerabilityMatches();
            getLog().error("");
            getLog().error("--------------------------------------------------------------");
            getLog().error(mavenVersionId + "  [VULNERABLE]");
            if (mavenIdWrapper != null) {
                getLog().error("  required by " + mavenIdWrapper.getMavenVersionId());
            }
            getLog().error(vulnerabilityTotal + " known vulnerabilities, " + vulnerabilityMatches + " affecting installed version");
            getLog().error("");
            for (VulnerabilityDescriptor vulnerabilityDescriptor : vulnerabilities) {
                getLog().error(vulnerabilityDescriptor.getTitle());
                getLog().error(vulnerabilityDescriptor.getUriString());
                getLog().error(vulnerabilityDescriptor.getDescription());
                getLog().error("");
            }
            getLog().error("--------------------------------------------------------------");
            getLog().error("");
            i = 0 + vulnerabilityMatches;
        } else if (vulnerabilityTotal > 0) {
            getLog().info(mavenVersionId + " - " + vulnerabilityTotal + " known vulnerabilities, 0 affecting installed version");
        } else {
            getLog().info(mavenVersionId + " - No known vulnerabilities");
        }
        return i;
    }

    static {
        BasicConfigurator.configure();
        Logger.getRootLogger().setLevel(Level.WARN);
    }
}
