package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.commons.lang.StringUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.Settings;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.class */
public class AssemblyAnalyzer extends AbstractAnalyzer {
    private static final String ANALYZER_NAME = "Assembly Analyzer";
    private File grokAssemblyExe;
    private DocumentBuilder builder;
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final Set<String> SUPORTED_EXTENSIONS = newHashSet("dll", "exe");
    private static final Logger LOG = Logger.getLogger(AbstractAnalyzer.class.getName());

    private List<String> buildArgumentList() {
        ArrayList arrayList = new ArrayList();
        if (!"\\".equals(System.getProperty("file.separator"))) {
            if (Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH) != null) {
                arrayList.add(Settings.getString(Settings.KEYS.ANALYZER_ASSEMBLY_MONO_PATH));
            } else {
                arrayList.add("mono");
            }
        }
        arrayList.add(this.grokAssemblyExe.getPath());
        return arrayList;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.grokAssemblyExe == null) {
            LOG.warning("GrokAssembly didn't get deployed");
            return;
        }
        List<String> buildArgumentList = buildArgumentList();
        buildArgumentList.add(dependency.getActualFilePath());
        try {
            Document parse = this.builder.parse(new ProcessBuilder(buildArgumentList).start().getInputStream());
            XPath newXPath = XPathFactory.newInstance().newXPath();
            String evaluate = newXPath.evaluate("/assembly/error", parse);
            if (evaluate != null && !StringUtils.EMPTY.equals(evaluate)) {
                throw new AnalysisException(evaluate);
            }
            String evaluate2 = newXPath.evaluate("/assembly/version", parse);
            if (evaluate2 != null) {
                dependency.getVersionEvidence().addEvidence(new Evidence("grokassembly", "version", evaluate2, Confidence.HIGHEST));
            }
            String evaluate3 = newXPath.evaluate("/assembly/company", parse);
            if (evaluate3 != null) {
                dependency.getVendorEvidence().addEvidence(new Evidence("grokassembly", Fields.VENDOR, evaluate3, Confidence.HIGH));
            }
            String evaluate4 = newXPath.evaluate("/assembly/product", parse);
            if (evaluate4 != null) {
                dependency.getProductEvidence().addEvidence(new Evidence("grokassembly", Fields.PRODUCT, evaluate4, Confidence.HIGH));
            }
        } catch (IOException e) {
            throw new AnalysisException(e);
        } catch (XPathExpressionException e2) {
            throw new AnalysisException(e2);
        } catch (SAXException e3) {
            throw new AnalysisException("Couldn't parse GrokAssembly result", e3);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void initialize() throws Exception {
        super.initialize();
        File createTempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
        FileOutputStream fileOutputStream = null;
        InputStream inputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(createTempFile);
                inputStream = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
                byte[] bArr = new byte[4096];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read < 0) {
                        break;
                    } else {
                        fileOutputStream.write(bArr, 0, read);
                    }
                }
                this.grokAssemblyExe = createTempFile;
                this.grokAssemblyExe.deleteOnExit();
                LOG.log(Level.FINE, "Extracted GrokAssembly.exe to {0}", this.grokAssemblyExe.getPath());
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th) {
                        LOG.fine("Error closing output stream");
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        LOG.fine("Error closing input stream");
                    }
                }
                try {
                    Process start = new ProcessBuilder(buildArgumentList()).start();
                    String evaluate = XPathFactory.newInstance().newXPath().evaluate("/assembly/error", DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(start.getInputStream()));
                    if (start.waitFor() == 1 && evaluate != null && !StringUtils.EMPTY.equals(evaluate)) {
                        this.builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
                        return;
                    }
                    LOG.warning("An error occured with the .NET AssemblyAnalyzer, please see the log for more details.");
                    LOG.fine("GrokAssembly.exe is not working properly");
                    this.grokAssemblyExe = null;
                    throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
                } catch (Throwable th3) {
                    LOG.warning("An error occured with the .NET AssemblyAnalyzer; this can be ignored unless you are scanning .NET dlls. Please see the log for more details.");
                    LOG.log(Level.FINE, "Could not execute GrokAssembly {0}", th3.getMessage());
                    throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", th3);
                }
            } catch (IOException e) {
                LOG.log(Level.WARNING, "Could not extract GrokAssembly.exe: {0}", e.getMessage());
                throw new AnalysisException("Could not extract GrokAssembly.exe", e);
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th5) {
                    LOG.fine("Error closing output stream");
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th6) {
                    LOG.fine("Error closing input stream");
                }
            }
            throw th4;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void close() throws Exception {
        super.close();
        try {
            this.grokAssemblyExe.delete();
        } catch (SecurityException e) {
            LOG.fine("Can't delete temporary GrokAssembly.exe");
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public Set<String> getSupportedExtensions() {
        return SUPORTED_EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public boolean supportsExtension(String str) {
        return SUPORTED_EXTENSIONS.contains(str);
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }
}
