package org.owasp.dependencycheck.analyzer;

import java.io.IOException;
import java.sql.SQLException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.xml.suppression.SuppressionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.class */
public class NvdCveAnalyzer extends AbstractAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger(NvdCveAnalyzer.class);
    static final int MAX_QUERY_RESULTS = 100;
    private CveDB cveDB;

    public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException {
        this.cveDB = new CveDB();
        this.cveDB.open();
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void closeAnalyzer() {
        this.cveDB.close();
        this.cveDB = null;
    }

    public boolean isOpen() {
        return this.cveDB != null;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        if (isOpen()) {
            close();
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        for (Identifier identifier : dependency.getIdentifiers()) {
            if (SuppressionHandler.CPE.equals(identifier.getType())) {
                try {
                    dependency.getVulnerabilities().addAll(this.cveDB.getVulnerabilities(identifier.getValue()));
                } catch (DatabaseException e) {
                    throw new AnalysisException(e);
                }
            }
        }
        for (Identifier identifier2 : dependency.getSuppressedIdentifiers()) {
            if (SuppressionHandler.CPE.equals(identifier2.getType())) {
                try {
                    dependency.getSuppressedVulnerabilities().addAll(this.cveDB.getVulnerabilities(identifier2.getValue()));
                } catch (DatabaseException e2) {
                    throw new AnalysisException(e2);
                }
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "NVD CVE Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.FINDING_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.nvdcve.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void initializeAnalyzer() throws InitializationException {
        try {
            open();
        } catch (IOException e) {
            LOGGER.debug("IO Exception initializing NvdCveAnalyzer", e);
            throw new InitializationException(e);
        } catch (ClassNotFoundException e2) {
            LOGGER.debug("Exception initializing NvdCveAnalyzer", e2);
            throw new InitializationException(e2);
        } catch (SQLException e3) {
            LOGGER.debug("SQL Exception initializing NvdCveAnalyzer", e3);
            throw new InitializationException(e3);
        } catch (DatabaseException e4) {
            LOGGER.debug("Database Exception initializing NvdCveAnalyzer", e4);
            throw new InitializationException(e4);
        }
    }
}
