package org.owasp.dependencycheck.analyzer;

import java.util.Map;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.knownexploited.json.Vulnerability;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/KnownExploitedVulnerabilityAnalyzer.class */
public class KnownExploitedVulnerabilityAnalyzer extends AbstractAnalyzer {
    private Map<String, Vulnerability> knownExploited = null;
    private static final String ANALYZER_NAME = "Known Exploited Vulnerability Analyzer";
    private static final Logger LOGGER = LoggerFactory.getLogger(KnownExploitedVulnerabilityAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_FINDING_ANALYSIS;

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.knownexploited.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void prepareAnalyzer(Engine engine) throws InitializationException {
        try {
            this.knownExploited = engine.getDatabase().getknownExploitedVulnerabilities();
        } catch (DatabaseException e) {
            LOGGER.debug("Unable to load the known exploited vulnerabilities", e);
            throw new InitializationException("Unable to load the known exploited vulnerabilities", e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        for (org.owasp.dependencycheck.dependency.Vulnerability vulnerability : dependency.getVulnerabilities()) {
            Vulnerability vulnerability2 = this.knownExploited.get(vulnerability.getName());
            if (vulnerability2 != null) {
                vulnerability.setKnownExploitedVulnerability(vulnerability2);
            }
        }
    }
}
