package org.eclipse.steady.report;

import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import javax.validation.constraints.NotNull;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
import org.eclipse.steady.backend.BackendConnectionException;
import org.eclipse.steady.backend.BackendConnector;
import org.eclipse.steady.goals.GoalContext;
import org.eclipse.steady.shared.connectivity.PathBuilder;
import org.eclipse.steady.shared.connectivity.Service;
import org.eclipse.steady.shared.json.JacksonUtil;
import org.eclipse.steady.shared.json.model.AffectedLibrary;
import org.eclipse.steady.shared.json.model.Application;
import org.eclipse.steady.shared.json.model.Bug;
import org.eclipse.steady.shared.json.model.ExemptionBug;
import org.eclipse.steady.shared.json.model.ExemptionScope;
import org.eclipse.steady.shared.json.model.ExemptionSet;
import org.eclipse.steady.shared.json.model.IExemption;
import org.eclipse.steady.shared.json.model.LibraryId;
import org.eclipse.steady.shared.json.model.VulnerableDependency;
import org.eclipse.steady.shared.util.FileUtil;
import org.eclipse.steady.shared.util.StringUtil;
import org.eclipse.steady.shared.util.VulasConfiguration;

/* loaded from: input_file:org/eclipse/steady/report/Report.class */
public class Report {
    private static final Logger log = LogManager.getLogger();
    public static final String THRESHOLD_NONE = "noException";
    public static final String THRESHOLD_DEP_ON = "dependsOn";
    public static final String THRESHOLD_POT_EXE = "potentiallyExecutes";
    public static final String THRESHOLD_ACT_EXE = "actuallyExecutes";
    private static final String TEMPLATE_FILE_HTML = "velocity_template.html";
    static final String REPORT_FILE_HTML = "vulas-report.html";
    private static final String TEMPLATE_FILE_XML = "velocity_template.xml";
    static final String REPORT_FILE_XML = "vulas-report.xml";
    private static final String TEMPLATE_FILE_JSON = "velocity_template.json";
    static final String REPORT_FILE_JSON = "vulas-report.json";
    private Application app;
    private Set<Application> modules;
    private GoalContext goalContext;
    private final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyy HH:mm Z");
    private Map<String, Long> stats = new HashMap();
    private String exceptionThreshold = THRESHOLD_POT_EXE;
    private boolean createAffectedLibraries = false;
    private Set<AffectedLibrary> affectedLibraries = new HashSet();
    private ExemptionSet exemptions = new ExemptionSet();
    private Set<AggregatedVuln> vulns = new TreeSet();
    private Set<AggregatedVuln> vulnsAboveThreshold = new TreeSet();
    private Set<AggregatedVuln> vulnsBelowThreshold = new TreeSet();
    private Set<String> historicalVulns = new HashSet();
    private Set<String> relevantVulns = new HashSet();
    final VelocityContext context = new VelocityContext();

    /* loaded from: input_file:org/eclipse/steady/report/Report$AggregatedVuln.class */
    public static class AggregatedVuln implements Comparable {
        public String archiveid;
        public String filename;
        public Bug bug;
        public Set<VulnerableDependency> analyses = new HashSet();
        public boolean aboveThreshold = false;

        public String getArchiveid() {
            return this.archiveid;
        }

        public String getFilename() {
            return this.filename;
        }

        public Bug getBug() {
            return this.bug;
        }

        public void addAnalysis(VulnerableDependency vulnerableDependency) {
            if (this.analyses.contains(vulnerableDependency)) {
                return;
            }
            this.analyses.add(vulnerableDependency);
        }

        public Set<VulnerableDependency> getAnalyses() {
            return this.analyses;
        }

        public AggregatedVuln(String str, String str2, Bug bug) {
            this.bug = null;
            this.archiveid = str;
            this.filename = str2;
            this.bug = bug;
        }

        public boolean hasFindingsAboveThreshold() {
            return this.aboveThreshold;
        }

        public String toString() {
            return "[" + this.filename + ", " + this.bug.getBugId() + ", #analyses=" + this.analyses.size() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * 1) + (this.aboveThreshold ? 1231 : 1237))) + (this.archiveid == null ? 0 : this.archiveid.hashCode()))) + (this.bug.getBugId() == null ? 0 : this.bug.getBugId().hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            AggregatedVuln aggregatedVuln = (AggregatedVuln) obj;
            if (this.archiveid == null) {
                if (aggregatedVuln.archiveid != null) {
                    return false;
                }
            } else if (!this.archiveid.equals(aggregatedVuln.archiveid)) {
                return false;
            }
            return this.bug == null ? aggregatedVuln.bug == null : this.bug.equals(aggregatedVuln.bug);
        }

        @Override // java.lang.Comparable
        public int compareTo(Object obj) {
            if (!(obj instanceof AggregatedVuln)) {
                throw new IllegalArgumentException();
            }
            AggregatedVuln aggregatedVuln = (AggregatedVuln) obj;
            int compareTo = (this.filename == null || aggregatedVuln.filename == null) ? 0 : this.filename.compareTo(aggregatedVuln.filename);
            return compareTo != 0 ? compareTo : this.bug.compareTo(aggregatedVuln.getBug());
        }
    }

    public Report(GoalContext goalContext, Application application, Set<Application> set) {
        this.app = null;
        this.modules = null;
        this.goalContext = null;
        this.goalContext = goalContext;
        this.app = application;
        if (set == null) {
            this.modules = new HashSet();
            this.modules.add(this.app);
        } else {
            this.modules = set;
        }
        log.info("Report to be done for " + this.app + ", [" + this.modules.size() + "] modules in total: " + this.modules);
    }

    public String getExceptionThreshold() {
        return this.exceptionThreshold;
    }

    public void setExceptionThreshold(String str) {
        if (str != null) {
            this.exceptionThreshold = str;
        }
        log.info("Exception threshold: " + this.exceptionThreshold);
    }

    public boolean isCreateAffectedLibraries() {
        return this.createAffectedLibraries;
    }

    public void setCreateAffectedLibraries(boolean z) {
        this.createAffectedLibraries = z;
    }

    private void writeAffectedLibraries(@NotNull Path path) {
        for (AffectedLibrary affectedLibrary : this.affectedLibraries) {
            Path path2 = null;
            try {
                path2 = path.resolve(affectedLibrary.getBugId().getBugId() + "-" + Math.abs(Math.random() * 100000.0d) + ".json");
                FileUtil.writeToFile(path2.toFile(), JacksonUtil.asJsonString(new AffectedLibrary[]{affectedLibrary}));
                log.info("Created affected library at [" + path2.getFileName() + "], upload with [curl -X PUT " + this.goalContext.getVulasConfiguration().getServiceUrl(Service.BACKEND) + PathBuilder.bugAffectedLibs(affectedLibrary.getBugId().getBugId()) + "?source=MANUAL -H \"Content-Type: application/json\" -H \"X-Vulas-Client-Token: <token>\" --upload-file " + path2 + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            } catch (Exception e) {
                log.error("Cannot write affected library to [" + path2 + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    public void setExemptions(ExemptionSet exemptionSet) {
        this.exemptions = exemptionSet;
    }

    private boolean isAmongAggregatedModules(LibraryId libraryId) {
        for (Application application : this.modules) {
            if (application.getMvnGroup().equals(libraryId.getMvnGroup()) && application.getArtifact().equals(libraryId.getArtifact()) && application.getVersion().equals(libraryId.getVersion())) {
                return true;
            }
        }
        return false;
    }

    public void fetchAppVulnerabilities() throws IOException, BackendConnectionException {
        for (Application application : this.modules) {
            try {
                Iterator<VulnerableDependency> it = BackendConnector.getInstance().getAppVulnDeps(this.goalContext, application, true, false, true).iterator();
                while (it.hasNext()) {
                    this.historicalVulns.add(it.next().getBug().getBugId());
                }
                for (VulnerableDependency vulnerableDependency : BackendConnector.getInstance().getAppVulnDeps(this.goalContext, application, false, true, true)) {
                    this.relevantVulns.add(vulnerableDependency.getBug().getBugId());
                    vulnerableDependency.setApp(application);
                    AggregatedVuln update = update(this.vulns, new AggregatedVuln(vulnerableDependency.getDep().getLib().getDigest(), vulnerableDependency.getDep().getFilename(), vulnerableDependency.getBug()));
                    if (vulnerableDependency.getDep().getLib().getLibraryId() == null || !isAmongAggregatedModules(vulnerableDependency.getDep().getLib().getLibraryId())) {
                        update.addAnalysis(vulnerableDependency);
                    } else {
                        log.warn("Skipping [" + vulnerableDependency.getBug().getBugId() + "] for dependency of " + application + " on " + vulnerableDependency.getDep().getLib().getLibraryId() + ", the latter is one of the aggregated modules");
                    }
                }
            } catch (BackendConnectionException e) {
                BackendConnectionException backendConnectionException = new BackendConnectionException("Error fetching vulnerable dependencies for application (module) " + application + ": " + e.getMessage(), e);
                log.error(backendConnectionException);
                throw backendConnectionException;
            }
        }
    }

    private AggregatedVuln update(Set<AggregatedVuln> set, AggregatedVuln aggregatedVuln) {
        for (AggregatedVuln aggregatedVuln2 : set) {
            if (aggregatedVuln2.equals(aggregatedVuln)) {
                return aggregatedVuln2;
            }
        }
        set.add(aggregatedVuln);
        return aggregatedVuln;
    }

    public void processVulnerabilities() {
        AffectedLibrary createAffectedLibrary;
        TreeSet<AggregatedVuln> treeSet = new TreeSet();
        long j = 0;
        long j2 = 0;
        long j3 = 0;
        long j4 = 0;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator<IExemption> it = this.exemptions.iterator();
        while (it.hasNext()) {
            IExemption next = it.next();
            if (next instanceof ExemptionBug) {
                if (this.historicalVulns.contains(((ExemptionBug) next).getBugId()) && !this.relevantVulns.contains(((ExemptionBug) next).getBugId())) {
                    hashSet.add(((ExemptionBug) next).getBugId());
                } else if (!this.historicalVulns.contains(((ExemptionBug) next).getBugId()) && !this.relevantVulns.contains(((ExemptionBug) next).getBugId())) {
                    hashSet2.add(((ExemptionBug) next).getBugId());
                }
            }
        }
        if (!hashSet.isEmpty()) {
            log.warn("Exemptions for the following vulnerabilities are obsolete, because they concern previous version(s) of the respective application dependency(ies) (historical vulnerability): [" + StringUtil.join(hashSet, ", ") + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
        }
        if (!hashSet2.isEmpty()) {
            log.warn("Exemptions for the following vulnerabilities are obsolete, because none of the application dependencies contain potentially affected code signatures: [" + StringUtil.join(hashSet2, ", ") + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
        }
        for (AggregatedVuln aggregatedVuln : this.vulns) {
            for (VulnerableDependency vulnerableDependency : aggregatedVuln.getAnalyses()) {
                IExemption applicableExemption = this.exemptions.getApplicableExemption(vulnerableDependency);
                vulnerableDependency.setExemption(applicableExemption);
                if (applicableExemption != null && (applicableExemption instanceof ExemptionBug) && isCreateAffectedLibraries() && (createAffectedLibrary = ((ExemptionBug) applicableExemption).createAffectedLibrary(vulnerableDependency)) != null) {
                    this.affectedLibraries.add(createAffectedLibrary);
                }
                if (!vulnerableDependency.isNoneAffectedVersion()) {
                    treeSet.add(aggregatedVuln);
                    j++;
                }
                if (!vulnerableDependency.isNoneAffectedVersion() && (vulnerableDependency.isReachable() || !vulnerableDependency.isReachableConfirmed())) {
                    j2++;
                }
                if (!vulnerableDependency.isNoneAffectedVersion() && (vulnerableDependency.isTraced() || !vulnerableDependency.isTracedConfirmed())) {
                    j3++;
                }
                if (vulnerableDependency.isTraced() && vulnerableDependency.isReachable() && vulnerableDependency.isReachableConfirmed()) {
                    j4++;
                }
                if ((!this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_DEP_ON) || (!vulnerableDependency.isAffectedVersion() && vulnerableDependency.isAffectedVersionConfirmed())) && ((!this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_POT_EXE) || vulnerableDependency.isNoneAffectedVersion() || (!vulnerableDependency.isReachable() && vulnerableDependency.isReachableConfirmed())) && (!this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_ACT_EXE) || vulnerableDependency.isNoneAffectedVersion() || (!vulnerableDependency.isTraced() && vulnerableDependency.isTracedConfirmed())))) {
                    vulnerableDependency.setAboveThreshold(false);
                } else {
                    vulnerableDependency.setAboveThreshold(true);
                }
                if (vulnerableDependency.isThrowsException().booleanValue()) {
                    aggregatedVuln.aboveThreshold = true;
                }
            }
        }
        for (AggregatedVuln aggregatedVuln2 : treeSet) {
            if (aggregatedVuln2.aboveThreshold) {
                this.vulnsAboveThreshold.add(aggregatedVuln2);
            } else {
                this.vulnsBelowThreshold.add(aggregatedVuln2);
            }
        }
        this.stats.put("report.vulnsIncluded", Long.valueOf(j));
        this.stats.put("report.vulnsReachable", Long.valueOf(j2));
        this.stats.put("report.vulnsTraced", Long.valueOf(j3));
        this.stats.put("report.vulnsTracedNotReachable", Long.valueOf(j4));
        this.stats.put("report.buildFailure", Long.valueOf(isThrowBuildException() ? 1L : 0L));
        this.stats.put("report.vulnsAboveThreshold", Long.valueOf(this.vulnsAboveThreshold.size()));
        this.stats.put("report.vulnsBelowThreshold", Long.valueOf(this.vulnsBelowThreshold.size()));
        this.stats.put("report.isAggregated", Long.valueOf(isAggregated() ? 1 : 0));
        this.stats.put("report.projectsReportedOn", Long.valueOf(this.modules.size()));
        this.context.put("vulnsToReport", treeSet);
        this.context.put("vulnsAboveThreshold", this.vulnsAboveThreshold);
        this.context.put("vulnsBelowThreshold", this.vulnsBelowThreshold);
        this.context.put("obsoleteExemptionsHistorical", StringUtil.join(hashSet, ", "));
        this.context.put("obsoleteExemptionsSignatureNotPresent", StringUtil.join(hashSet2, ", "));
        this.context.put("vulasBackendServiceUrl", this.goalContext.getVulasConfiguration().getServiceUrl(Service.BACKEND));
        this.context.put("app", this.app);
        this.context.put("space", this.goalContext.getSpace());
        this.context.put("projects", this.modules);
        this.context.put("generatedAt", this.dateFormat.format(new Date()));
        this.context.put("generatedWith", this.goalContext.getVulasConfiguration().getConfiguration().getString(VulasConfiguration.VERSION, "unknown"));
        this.context.put("buildTimestamp", this.goalContext.getVulasConfiguration().getConfiguration().getString(VulasConfiguration.BUILD_TIMESTAMP, "unknown"));
        this.context.put("buildNumber", this.goalContext.getVulasConfiguration().getConfiguration().getString(VulasConfiguration.BUILD_NUMBER, "unknown"));
        this.context.put("buildBranch", this.goalContext.getVulasConfiguration().getConfiguration().getString(VulasConfiguration.BUILD_BRANCH, "unknown"));
        this.context.put("vulasSharedHomepage", this.goalContext.getVulasConfiguration().getConfiguration().getString(VulasConfiguration.HOMEPAGE, "undefined"));
        this.context.put("exceptionThreshold", this.exceptionThreshold);
        this.context.put("exemptScopes", this.exemptions.subset(ExemptionScope.class).toString());
        this.context.put("exemptBugs", this.exemptions.subset(ExemptionBug.class).toString());
        this.context.put("isAggregated", Boolean.valueOf(isAggregated()));
        this.context.put("thresholdMet", Boolean.valueOf(this.vulnsAboveThreshold.isEmpty()));
    }

    private boolean isAggregated() {
        return this.modules != null && this.modules.size() > 1;
    }

    public boolean isThrowBuildException() {
        return (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_NONE) || this.vulnsAboveThreshold.isEmpty()) ? false : true;
    }

    public Map<String, String> getConfiguration() {
        HashMap hashMap = new HashMap();
        hashMap.put("report.exceptionThreshold", this.exceptionThreshold);
        hashMap.put("report.exemptions", StringUtil.join(this.exemptions, ", "));
        hashMap.put("report.aggregated", Boolean.toString(isAggregated()));
        return hashMap;
    }

    public Map<String, Long> getStats() {
        return this.stats;
    }

    public String getExceptionMessage() {
        StringBuilder sb = new StringBuilder();
        if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_DEP_ON)) {
            sb.append("Application depends on archives with vulnerable code");
        } else if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_POT_EXE)) {
            sb.append("Application potentially executes vulnerable code");
        } else if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_ACT_EXE)) {
            sb.append("Application actually executes vulnerable code");
        }
        return sb.toString();
    }

    public String getResultAsString() {
        StringBuilder sb = new StringBuilder();
        if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_DEP_ON)) {
            sb.append("The application depends on the following vulnerable archives: ");
        } else if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_POT_EXE)) {
            sb.append("The application potentially executes vulnerable code of the following vulnerable archives (or reachability was not checked): ");
        } else if (this.exceptionThreshold.equalsIgnoreCase(THRESHOLD_ACT_EXE)) {
            sb.append("The application actually executes vulnerable code of the following vulnerable archives (or no tests were run): ");
        }
        int i = 0;
        for (AggregatedVuln aggregatedVuln : this.vulnsAboveThreshold) {
            for (VulnerableDependency vulnerableDependency : aggregatedVuln.getAnalyses()) {
                if (vulnerableDependency.isThrowsException().booleanValue()) {
                    i++;
                    sb.append(System.getProperty("line.separator")).append("      ").append(i).append(": ");
                    sb.append("[filename=").append(aggregatedVuln.filename);
                    sb.append(", digest=").append(vulnerableDependency.getDep().getLib().getDigest());
                    sb.append(", scope=").append(vulnerableDependency.getDep().getScope());
                    sb.append(", transitive=").append(vulnerableDependency.getDep().getTransitive());
                    sb.append(", wellknownSha1=").append(vulnerableDependency.getDep().getLib().isWellknownDigest());
                    sb.append(", isAffectedVersionConfirmed=").append(vulnerableDependency.isAffectedVersionConfirmed());
                    sb.append(", bug=").append(aggregatedVuln.bug.getBugId()).append(DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
                }
            }
        }
        return sb.toString();
    }

    public void writeResult(@NotNull Path path) {
        writeResultAsHtml(path);
        writeResultAsXml(path);
        writeResultAsJson(path);
        writeAffectedLibraries(path);
    }

    public Path writeResult(@NotNull Path path, String str, String str2) {
        VelocityEngine velocityEngine = new VelocityEngine();
        velocityEngine.setProperty("resource.loader", "classpath");
        velocityEngine.setProperty("classpath.resource.loader.class", ClasspathResourceLoader.class.getName());
        velocityEngine.init();
        PrintWriter printWriter = null;
        File file = null;
        try {
            try {
            } catch (Exception e) {
                log.error("Exception while creating report [" + ((Object) null) + "] with template [" + str + "]: " + e.getMessage());
                if (0 != 0) {
                    printWriter.flush();
                    printWriter.close();
                }
            }
            if (getClass().getClassLoader().getResourceAsStream(str) == null) {
                throw new IOException("Template file doesn't exist");
            }
            Template template = velocityEngine.getTemplate(str);
            if (!FileUtil.isAccessibleDirectory(path)) {
                Files.createDirectories(path, new FileAttribute[0]);
            }
            file = Paths.get(path.toString(), str2).toFile();
            PrintWriter printWriter2 = new PrintWriter(file, FileUtil.getCharsetName());
            template.merge(this.context, printWriter2);
            log.info("Report with analysis results has been written to [" + file.toPath().toAbsolutePath().normalize() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            if (printWriter2 != null) {
                printWriter2.flush();
                printWriter2.close();
            }
            if (file == null) {
                return null;
            }
            return file.toPath().toAbsolutePath();
        } catch (Throwable th) {
            if (0 != 0) {
                printWriter.flush();
                printWriter.close();
            }
            throw th;
        }
    }

    public Path writeResultAsHtml(@NotNull Path path) {
        return writeResult(path, TEMPLATE_FILE_HTML, REPORT_FILE_HTML);
    }

    public Path writeResultAsXml(@NotNull Path path) {
        return writeResult(path, TEMPLATE_FILE_XML, REPORT_FILE_XML);
    }

    public Path writeResultAsJson(@NotNull Path path) {
        return writeResult(path, TEMPLATE_FILE_JSON, REPORT_FILE_JSON);
    }
}
