package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.io.input.BOMInputStream;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nuget.DirectoryBuildPropsParser;
import org.owasp.dependencycheck.data.nuget.DirectoryPackagesPropsParser;
import org.owasp.dependencycheck.data.nuget.MSBuildProjectParseException;
import org.owasp.dependencycheck.data.nuget.NugetPackageReference;
import org.owasp.dependencycheck.data.nuget.XPathMSBuildProjectParser;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/MSBuildProjectAnalyzer.class */
public class MSBuildProjectAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String ANALYZER_NAME = "MSBuild Project Analyzer";
    private static final String IMPORT_GET_DIRECTORY = "$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildThisFileDirectory)..,Directory.Build.props))\\Directory.Build.props";
    private static final String IMPORT_GET_PATH_OF_FILE = "$([MSBuild]::GetPathOfFileAbove('Directory.Build.props','$(MSBuildThisFileDirectory)../'))";
    private static final String DIRECTORY_BUILDPROPS = "Directory.Build.props";
    private static final String DIRECTORY_PACKAGESPROPS = "Directory.Packages.props";
    private static final Logger LOGGER = LoggerFactory.getLogger(NuspecAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final String[] SUPPORTED_EXTENSIONS = {"csproj", "vbproj"};
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.msbuildproject.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        File parentFile = dependency.getActualFile().getParentFile();
        try {
            Properties loadDirectoryBuildProps = loadDirectoryBuildProps(parentFile);
            Map<String, String> loadCentrallyManaged = loadCentrallyManaged(parentFile, loadDirectoryBuildProps);
            LOGGER.debug("Checking MSBuild project file {}", dependency);
            XPathMSBuildProjectParser xPathMSBuildProjectParser = new XPathMSBuildProjectParser();
            try {
                FileInputStream fileInputStream = new FileInputStream(dependency.getActualFilePath());
                try {
                    BOMInputStream bOMInputStream = BOMInputStream.builder().setInputStream(fileInputStream).get();
                    try {
                        bOMInputStream.getBOM();
                        List<NugetPackageReference> parse = xPathMSBuildProjectParser.parse(bOMInputStream, loadDirectoryBuildProps, loadCentrallyManaged);
                        if (bOMInputStream != null) {
                            bOMInputStream.close();
                        }
                        fileInputStream.close();
                        if (parse == null || parse.isEmpty()) {
                            return;
                        }
                        for (NugetPackageReference nugetPackageReference : parse) {
                            Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
                            String id = nugetPackageReference.getId();
                            String version = nugetPackageReference.getVersion();
                            dependency2.setEcosystem("dotnet");
                            dependency2.setName(id);
                            dependency2.setVersion(version);
                            try {
                                dependency2.addSoftwareIdentifier(new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("nuget").withName(id).withVersion(version).build(), Confidence.HIGHEST));
                            } catch (MalformedPackageURLException e) {
                                LOGGER.debug("Unable to build package url for msbuild", e);
                                dependency2.addSoftwareIdentifier(new GenericIdentifier("msbuild:" + id + "@" + version, Confidence.HIGHEST));
                            }
                            dependency2.setPackagePath(String.format("%s:%s", id, version));
                            dependency2.setSha1sum(Checksum.getSHA1Checksum(String.format("%s:%s", id, version)));
                            dependency2.setSha256sum(Checksum.getSHA256Checksum(String.format("%s:%s", id, version)));
                            dependency2.setMd5sum(Checksum.getMD5Checksum(String.format("%s:%s", id, version)));
                            dependency2.addEvidence(EvidenceType.PRODUCT, "msbuild", "id", id, Confidence.HIGHEST);
                            dependency2.addEvidence(EvidenceType.VENDOR, "msbuild", "id", id, Confidence.MEDIUM);
                            dependency2.addEvidence(EvidenceType.VERSION, "msbuild", "version", version, Confidence.HIGHEST);
                            if (id.indexOf(46) > 0) {
                                String[] split = id.split("\\.");
                                dependency2.addEvidence(EvidenceType.VENDOR, "msbuild", "id", split[0], Confidence.MEDIUM);
                                dependency2.addEvidence(EvidenceType.PRODUCT, "msbuild", "id", split[1], Confidence.MEDIUM);
                                dependency2.addEvidence(EvidenceType.VENDOR, "msbuild", "id", split[1], Confidence.LOW);
                                if (split.length > 2) {
                                    String substring = id.substring(id.indexOf(46) + 1);
                                    dependency2.addEvidence(EvidenceType.PRODUCT, "msbuild", "id", substring, Confidence.MEDIUM);
                                    dependency2.addEvidence(EvidenceType.VENDOR, "msbuild", "id", substring, Confidence.LOW);
                                }
                            } else {
                                dependency2.addEvidence(EvidenceType.VENDOR, "msbuild", "id", id, Confidence.LOW);
                            }
                            engine.addDependency(dependency2);
                        }
                    } catch (Throwable th) {
                        if (bOMInputStream != null) {
                            try {
                                bOMInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } catch (FileNotFoundException | MSBuildProjectParseException e2) {
                throw new AnalysisException(e2);
            }
        } catch (Throwable th5) {
            throw new AnalysisException(th5);
        }
    }

    private Properties loadDirectoryBuildProps(File file) throws MSBuildProjectParseException {
        Map<String, String> readDirectoryBuildProps;
        Properties properties = new Properties();
        if (file == null || !file.isDirectory()) {
            return properties;
        }
        File locateDirectoryBuildFile = locateDirectoryBuildFile(DIRECTORY_BUILDPROPS, file);
        if (locateDirectoryBuildFile != null && (readDirectoryBuildProps = readDirectoryBuildProps(locateDirectoryBuildFile)) != null) {
            for (Map.Entry<String, String> entry : readDirectoryBuildProps.entrySet()) {
                properties.put(entry.getKey(), entry.getValue());
            }
        }
        return properties;
    }

    private File locateDirectoryBuildFile(String str, File file) {
        File file2 = file;
        while (true) {
            File file3 = file2;
            if (file3 == null || !file3.isDirectory()) {
                return null;
            }
            File file4 = new File(file3, str);
            if (file4.isFile()) {
                return file4;
            }
            file2 = file3.getParentFile();
        }
    }

    private File getImport(String str, File file) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        if (str.startsWith("$")) {
            String replaceAll = str.replaceAll("\\s", "");
            if (IMPORT_GET_PATH_OF_FILE.equalsIgnoreCase(replaceAll) || IMPORT_GET_DIRECTORY.equalsIgnoreCase(replaceAll)) {
                return locateDirectoryBuildFile(DIRECTORY_BUILDPROPS, file.getParentFile().getParentFile());
            }
            if (str.startsWith("$(MSBuildThisFileDirectory)")) {
                File file2 = Paths.get(file.getParentFile().getAbsolutePath(), str.substring(27).replace('\\', File.separatorChar).replace('/', File.separatorChar)).normalize().toFile();
                if (file2.isFile() && !file2.equals(file)) {
                    return file2;
                }
            }
        } else {
            File file3 = Paths.get(file.getParentFile().getAbsolutePath(), str.replace('\\', File.separatorChar).replace('/', File.separatorChar)).normalize().toFile();
            if (file3.isFile() && !file3.equals(file)) {
                return file3;
            }
        }
        LOGGER.warn("Unable to import Directory.Build.props import `{}` in `{}`", str, file);
        return null;
    }

    private Map<String, String> readDirectoryBuildProps(File file) throws MSBuildProjectParseException {
        Map<String, String> readDirectoryBuildProps;
        HashSet hashSet = new HashSet();
        if (file == null || !file.isFile()) {
            return null;
        }
        DirectoryBuildPropsParser directoryBuildPropsParser = new DirectoryBuildPropsParser();
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                BOMInputStream bOMInputStream = BOMInputStream.builder().setInputStream(fileInputStream).get();
                try {
                    bOMInputStream.getBOM();
                    Map<String, String> parse = directoryBuildPropsParser.parse(bOMInputStream);
                    hashSet.addAll(directoryBuildPropsParser.getImports());
                    if (bOMInputStream != null) {
                        bOMInputStream.close();
                    }
                    fileInputStream.close();
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        File file2 = getImport((String) it.next(), file);
                        if (file2 != null && !file.equals(file2) && (readDirectoryBuildProps = readDirectoryBuildProps(file2)) != null) {
                            readDirectoryBuildProps.putAll(parse);
                            parse = readDirectoryBuildProps;
                        }
                    }
                    return parse;
                } catch (Throwable th) {
                    if (bOMInputStream != null) {
                        try {
                            bOMInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new MSBuildProjectParseException("Error reading Directory.Build.props", e);
        }
    }

    private Map<String, String> loadCentrallyManaged(File file, Properties properties) throws MSBuildProjectParseException {
        File locateDirectoryBuildFile = locateDirectoryBuildFile(DIRECTORY_PACKAGESPROPS, file);
        if (locateDirectoryBuildFile == null || !locateDirectoryBuildFile.isFile()) {
            return new HashMap();
        }
        DirectoryPackagesPropsParser directoryPackagesPropsParser = new DirectoryPackagesPropsParser();
        try {
            FileInputStream fileInputStream = new FileInputStream(locateDirectoryBuildFile);
            try {
                BOMInputStream bOMInputStream = BOMInputStream.builder().setInputStream(fileInputStream).get();
                try {
                    bOMInputStream.getBOM();
                    Map<String, String> parse = directoryPackagesPropsParser.parse(bOMInputStream, properties);
                    if (bOMInputStream != null) {
                        bOMInputStream.close();
                    }
                    fileInputStream.close();
                    return parse;
                } catch (Throwable th) {
                    if (bOMInputStream != null) {
                        try {
                            bOMInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw new MSBuildProjectParseException("Error reading Directory.Build.props", e);
        }
    }
}
