package org.owasp.dependencycheck.analyzer;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.LambdaExceptionWrapper;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.dependency.naming.CpeIdentifier;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.class */
public class NvdCveAnalyzer extends AbstractAnalyzer {
    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        CveDB database = engine.getDatabase();
        try {
            dependency.getVulnerableSoftwareIdentifiers().stream().filter(identifier -> {
                return identifier instanceof CpeIdentifier;
            }).map(identifier2 -> {
                return (CpeIdentifier) identifier2;
            }).forEach(cpeIdentifier -> {
                try {
                    List<Vulnerability> filterEcosystem = filterEcosystem(dependency.getEcosystem(), database.getVulnerabilities(cpeIdentifier.getCpe()));
                    if ("nodejs".equals(dependency.getEcosystem())) {
                        replaceOrAddVulnerability(dependency, filterEcosystem);
                    } else {
                        dependency.addVulnerabilities(filterEcosystem);
                    }
                } catch (DatabaseException e) {
                    throw new LambdaExceptionWrapper(new AnalysisException(e));
                }
            });
            dependency.getSuppressedIdentifiers().stream().filter(identifier3 -> {
                return identifier3 instanceof CpeIdentifier;
            }).map(identifier4 -> {
                return (CpeIdentifier) identifier4;
            }).forEach(cpeIdentifier2 -> {
                try {
                    dependency.addSuppressedVulnerabilities(database.getVulnerabilities(cpeIdentifier2.getCpe()));
                } catch (DatabaseException e) {
                    throw new LambdaExceptionWrapper(new AnalysisException(e));
                }
            });
        } catch (LambdaExceptionWrapper e) {
            throw ((AnalysisException) e.getCause());
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "NVD CVE Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.FINDING_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.nvdcve.enabled";
    }

    private void replaceOrAddVulnerability(Dependency dependency, List<Vulnerability> list) {
        list.forEach(vulnerability -> {
            vulnerability.getReferences().forEach(reference -> {
                dependency.getVulnerabilities().forEach(vulnerability -> {
                    if (vulnerability.getSource() == Vulnerability.Source.NPM && reference.getName() != null && reference.getName().equals("https://nodesecurity.io/advisories/" + vulnerability.getName())) {
                        dependency.removeVulnerability(vulnerability);
                    }
                });
            });
        });
        dependency.addVulnerabilities(list);
    }

    private synchronized List<Vulnerability> filterEcosystem(String str, List<Vulnerability> list) {
        ArrayList arrayList = new ArrayList();
        list.forEach(vulnerability -> {
            boolean z = false;
            HashSet hashSet = new HashSet();
            for (VulnerableSoftware vulnerableSoftware : vulnerability.getVulnerableSoftware()) {
                if (ecosystemMatchesTargetSoftware(str, vulnerableSoftware.getTargetSw())) {
                    z = true;
                } else {
                    hashSet.add(vulnerableSoftware);
                }
            }
            if (!z) {
                arrayList.add(vulnerability);
            } else {
                if (hashSet.isEmpty()) {
                    return;
                }
                vulnerability.removeVulnerableSoftware(hashSet);
            }
        });
        if (!arrayList.isEmpty()) {
            list.removeAll(arrayList);
        }
        return list;
    }

    private boolean ecosystemMatchesTargetSoftware(String str, String str2) {
        if ("*".equals(str2) || "-".equals(str2) || !"nodejs".equals(str)) {
            return true;
        }
        String lowerCase = str2.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1040170293:
                if (lowerCase.equals("nodejs")) {
                    z = false;
                    break;
                }
                break;
            case 109291:
                if (lowerCase.equals("npm")) {
                    z = 3;
                    break;
                }
                break;
            case 2114400500:
                if (lowerCase.equals("node-js")) {
                    z = 4;
                    break;
                }
                break;
            case 2114401461:
                if (lowerCase.equals("node.js")) {
                    z = true;
                    break;
                }
                break;
            case 2114448550:
                if (lowerCase.equals("node_js")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case true:
            case true:
                return true;
            default:
                return false;
        }
    }
}
