package org.sonar.plugins.python.bandit;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.sonar.api.batch.fs.InputFile;
import org.sonar.api.batch.rule.Severity;
import org.sonar.api.batch.sensor.Sensor;
import org.sonar.api.batch.sensor.SensorContext;
import org.sonar.api.batch.sensor.SensorDescriptor;
import org.sonar.api.batch.sensor.issue.NewExternalIssue;
import org.sonar.api.batch.sensor.issue.NewIssueLocation;
import org.sonar.api.rule.RuleKey;
import org.sonar.api.rules.RuleType;
import org.sonar.api.utils.Version;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonar.plugins.python.Python;
import org.sonar.plugins.python.bandit.BanditJsonReportReader;
import org.sonarsource.analyzer.commons.ExternalReportProvider;
import org.sonarsource.analyzer.commons.internal.json.simple.parser.ParseException;

/* loaded from: input_file:org/sonar/plugins/python/bandit/BanditSensor.class */
public class BanditSensor implements Sensor {
    public static final String LINTER_NAME = "Bandit";
    public static final String LINTER_KEY = "bandit";
    public static final String REPORT_PATH_KEY = "sonar.python.bandit.reportPaths";
    private static final int MAX_LOGGED_FILE_NAMES = 20;
    private static final Logger LOG = Loggers.get(BanditSensor.class);
    private static final Long DEFAULT_CONSTANT_DEBT_MINUTES = 5L;

    public void describe(SensorDescriptor sensorDescriptor) {
        sensorDescriptor.onlyWhenConfiguration(configuration -> {
            return configuration.hasKey(REPORT_PATH_KEY);
        }).onlyOnLanguage(Python.KEY).name("Import of Bandit issues");
    }

    public void execute(SensorContext sensorContext) {
        HashSet hashSet = new HashSet();
        ExternalReportProvider.getReportFiles(sensorContext, REPORT_PATH_KEY).forEach(file -> {
            importReport(file, sensorContext, hashSet);
        });
        logUnresolvedInputFiles(hashSet);
    }

    private static void logUnresolvedInputFiles(Set<String> set) {
        if (set.isEmpty()) {
            return;
        }
        String str = (String) set.stream().sorted().limit(20L).collect(Collectors.joining(";"));
        if (set.size() > 20) {
            str = str + ";...";
        }
        LOG.warn("Fail to resolve {} file path(s) in Bandit report. No issues imported related to file(s): {}", Integer.valueOf(set.size()), str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void importReport(File file, SensorContext sensorContext, Set<String> set) {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                LOG.info("Importing {}", file);
                boolean isGreaterThanOrEqual = sensorContext.getSonarQubeVersion().isGreaterThanOrEqual(Version.create(7, 4));
                BanditJsonReportReader.read(fileInputStream, issue -> {
                    saveIssue(sensorContext, issue, set, isGreaterThanOrEqual);
                });
                fileInputStream.close();
            } finally {
            }
        } catch (IOException | RuntimeException | ParseException e) {
            LOG.error("No issues information will be saved as the report file '{}' can't be read. " + e.getClass().getSimpleName() + ": " + e.getMessage(), file, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void saveIssue(SensorContext sensorContext, BanditJsonReportReader.Issue issue, Set<String> set, boolean z) {
        if (StringUtils.isEmpty(issue.ruleKey) || StringUtils.isEmpty(issue.filePath) || StringUtils.isEmpty(issue.message)) {
            LOG.debug("Missing information for ruleKey:'{}', filePath:'{}', message:'{}'", new Object[]{issue.ruleKey, issue.filePath, issue.message});
            return;
        }
        InputFile inputFile = sensorContext.fileSystem().inputFile(sensorContext.fileSystem().predicates().hasPath(issue.filePath));
        if (inputFile == null) {
            set.add(issue.filePath);
            return;
        }
        NewExternalIssue newExternalIssue = sensorContext.newExternalIssue();
        newExternalIssue.type(RuleType.VULNERABILITY).severity(toSonarQubeSeverity(issue.severity, issue.confidence)).remediationEffortMinutes(DEFAULT_CONSTANT_DEBT_MINUTES);
        NewIssueLocation on = newExternalIssue.newLocation().message(issue.message).on(inputFile);
        if (issue.lineNumber != null) {
            on.at(inputFile.selectLine(issue.lineNumber.intValue()));
        }
        newExternalIssue.at(on);
        if (z) {
            newExternalIssue.engineId(LINTER_KEY).ruleId(issue.ruleKey);
        } else {
            newExternalIssue.forRule(RuleKey.of(LINTER_KEY, issue.ruleKey));
        }
        newExternalIssue.save();
    }

    private static Severity toSonarQubeSeverity(String str, String str2) {
        return "HIGH".equalsIgnoreCase(str) ? "HIGH".equalsIgnoreCase(str2) ? Severity.BLOCKER : Severity.CRITICAL : "MEDIUM".equalsIgnoreCase(str) ? Severity.MAJOR : Severity.MINOR;
    }
}
