package org.owasp.dependencycheck.analyzer;

import java.io.BufferedInputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileFilter;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.compress.archivers.ArchiveInputStream;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipFile;
import org.apache.commons.compress.compressors.CompressorInputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
import org.apache.commons.compress.compressors.bzip2.BZip2Utils;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.apache.commons.compress.compressors.gzip.GzipUtils;
import org.apache.commons.compress.utils.IOUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
import org.owasp.dependencycheck.data.update.cpe.CPEHandler;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.class */
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
    private File tempFileLocation = null;
    private int scanDepth = 0;
    private static final String ANALYZER_NAME = "Archive Analyzer";
    private static final FileFilter FILTER;
    private static final FileFilter ZIP_FILTER;
    private static final Set<Dependency> EMPTY_DEPENDENCY_SET;
    private static final Logger LOGGER = LoggerFactory.getLogger(ArchiveAnalyzer.class);
    private static int dirCount = 0;
    private static final int MAX_SCAN_DEPTH = Settings.getInt("archive.scan.depth", 3);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INITIAL;
    private static final Set<String> ZIPPABLES = newHashSet("zip", "ear", "war", "jar", "sar", "apk", "nupkg");
    private static final Set<String> EXTENSIONS = newHashSet("tar", "gz", "tgz", "bz2", "tbz2");
    private static final FileFilter REMOVE_FROM_ANALYSIS = FileFilterBuilder.newInstance().addExtensions("zip", "tar", "gz", "tgz", "bz2", "tbz2").build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.archive.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        this.tempFileLocation = File.createTempFile(CPEHandler.Element.CHECK, "tmp", Settings.getTempDirectory());
        if (!this.tempFileLocation.delete()) {
            throw new AnalysisException(String.format("Unable to delete temporary file '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
        if (!this.tempFileLocation.mkdirs()) {
            throw new AnalysisException(String.format("Unable to create directory '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void close() throws Exception {
        String[] list;
        if (this.tempFileLocation == null || !this.tempFileLocation.exists()) {
            return;
        }
        LOGGER.debug("Attempting to delete temporary files");
        if (FileUtils.delete(this.tempFileLocation) || !this.tempFileLocation.exists() || (list = this.tempFileLocation.list()) == null || list.length <= 0) {
            return;
        }
        LOGGER.warn("Failed to delete some temporary files, see the log for more details");
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        File file = new File(dependency.getActualFilePath());
        File nextTempDirectory = getNextTempDirectory();
        extractFiles(file, nextTempDirectory, engine);
        Set<Dependency> findMoreDependencies = findMoreDependencies(engine, nextTempDirectory);
        if (!findMoreDependencies.isEmpty()) {
            for (Dependency dependency2 : findMoreDependencies) {
                String format = String.format("%s%s", dependency.getFilePath(), dependency2.getActualFilePath().substring(nextTempDirectory.getAbsolutePath().length()));
                String format2 = String.format("%s: %s", dependency.getFileName(), dependency2.getFileName());
                dependency2.setFilePath(format);
                dependency2.setFileName(format2);
                if (accept(dependency2.getActualFile()) && this.scanDepth < MAX_SCAN_DEPTH) {
                    this.scanDepth++;
                    analyze(dependency2, engine);
                    this.scanDepth--;
                }
            }
        }
        if (REMOVE_FROM_ANALYSIS.accept(dependency.getActualFile())) {
            addDisguisedJarsToDependencies(dependency, engine);
            engine.getDependencies().remove(dependency);
        }
        Collections.sort(engine.getDependencies());
    }

    private void addDisguisedJarsToDependencies(Dependency dependency, Engine engine) throws AnalysisException {
        if (ZIP_FILTER.accept(dependency.getActualFile()) && isZipFileActuallyJarFile(dependency)) {
            File nextTempDirectory = getNextTempDirectory();
            String fileName = dependency.getFileName();
            LOGGER.info("The zip file '{}' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName);
            File file = new File(nextTempDirectory, fileName.substring(0, fileName.length() - 3) + "jar");
            try {
                org.apache.commons.io.FileUtils.copyFile(nextTempDirectory, file);
                Set<Dependency> findMoreDependencies = findMoreDependencies(engine, file);
                if (!findMoreDependencies.isEmpty()) {
                    if (findMoreDependencies.size() != 1) {
                        LOGGER.info("Deep copy of ZIP to JAR file resulted in more than one dependency?");
                    }
                    for (Dependency dependency2 : findMoreDependencies) {
                        dependency2.setFilePath(dependency.getFilePath());
                        dependency2.setDisplayFileName(dependency.getFileName());
                    }
                }
            } catch (IOException e) {
                LOGGER.debug("Unable to perform deep copy on '{}'", dependency.getActualFile().getPath(), e);
            }
        }
    }

    private static Set<Dependency> findMoreDependencies(Engine engine, File file) {
        Set<Dependency> set;
        ArrayList arrayList = new ArrayList(engine.getDependencies());
        engine.scan(file);
        List<Dependency> dependencies = engine.getDependencies();
        if (arrayList.size() != dependencies.size()) {
            set = new HashSet(dependencies);
            set.removeAll(arrayList);
        } else {
            set = EMPTY_DEPENDENCY_SET;
        }
        return set;
    }

    private File getNextTempDirectory() throws AnalysisException {
        dirCount++;
        File file = new File(this.tempFileLocation, String.valueOf(dirCount));
        if (file.exists()) {
            return getNextTempDirectory();
        }
        if (file.mkdirs()) {
            return file;
        }
        throw new AnalysisException(String.format("Unable to create temp directory '%s'.", file.getAbsolutePath()));
    }

    private void extractFiles(File file, File file2, Engine engine) throws AnalysisException {
        if (file == null || file2 == null) {
            return;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            String lowerCase = FileUtils.getFileExtension(file.getName()).toLowerCase();
            try {
                try {
                    if (ZIPPABLES.contains(lowerCase)) {
                        extractArchive(new ZipArchiveInputStream(new BufferedInputStream(fileInputStream)), file2, engine);
                    } else if ("tar".equals(lowerCase)) {
                        extractArchive(new TarArchiveInputStream(new BufferedInputStream(fileInputStream)), file2, engine);
                    } else if ("gz".equals(lowerCase) || "tgz".equals(lowerCase)) {
                        File file3 = new File(file2, GzipUtils.getUncompressedFilename(file.getName()));
                        if (engine.accept(file3)) {
                            decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fileInputStream)), file3);
                        }
                    } else if ("bz2".equals(lowerCase) || "tbz2".equals(lowerCase)) {
                        File file4 = new File(file2, BZip2Utils.getUncompressedFilename(file.getName()));
                        if (engine.accept(file4)) {
                            decompressFile(new BZip2CompressorInputStream(new BufferedInputStream(fileInputStream)), file4);
                        }
                    }
                    close(fileInputStream);
                } catch (IOException e) {
                    LOGGER.warn("Exception reading archive '{}'.", file.getName());
                    LOGGER.debug("", e);
                    close(fileInputStream);
                } catch (ArchiveExtractionException e2) {
                    LOGGER.warn("Exception extracting archive '{}'.", file.getName());
                    LOGGER.debug("", e2);
                    close(fileInputStream);
                }
            } catch (Throwable th) {
                close(fileInputStream);
                throw th;
            }
        } catch (FileNotFoundException e3) {
            LOGGER.debug("", e3);
            throw new AnalysisException("Archive file was not found.", e3);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0051, code lost:
    
        throw new org.owasp.dependencycheck.analyzer.exception.AnalysisException(java.lang.String.format("Unable to create directory '%s'.", r0.getAbsolutePath()));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void extractArchive(org.apache.commons.compress.archivers.ArchiveInputStream r7, java.io.File r8, org.owasp.dependencycheck.Engine r9) throws org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException {
        /*
            r6 = this;
        L0:
            r0 = r7
            org.apache.commons.compress.archivers.ArchiveEntry r0 = r0.getNextEntry()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r1 = r0
            r10 = r1
            if (r0 == 0) goto L64
            java.io.File r0 = new java.io.File     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r1 = r0
            r2 = r8
            r3 = r10
            java.lang.String r3 = r3.getName()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r11 = r0
            r0 = r10
            boolean r0 = r0.isDirectory()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            if (r0 == 0) goto L52
            r0 = r11
            boolean r0 = r0.exists()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            if (r0 != 0) goto L61
            r0 = r11
            boolean r0 = r0.mkdirs()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            if (r0 != 0) goto L61
            java.lang.String r0 = "Unable to create directory '%s'."
            r1 = 1
            java.lang.Object[] r1 = new java.lang.Object[r1]     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r2 = r1
            r3 = 0
            r4 = r11
            java.lang.String r4 = r4.getAbsolutePath()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r2[r3] = r4     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            java.lang.String r0 = java.lang.String.format(r0, r1)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r12 = r0
            org.owasp.dependencycheck.analyzer.exception.AnalysisException r0 = new org.owasp.dependencycheck.analyzer.exception.AnalysisException     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            r1 = r0
            r2 = r12
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            throw r0     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
        L52:
            r0 = r9
            r1 = r11
            boolean r0 = r0.accept(r1)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
            if (r0 == 0) goto L61
            r0 = r7
            r1 = r11
            extractAcceptedFile(r0, r1)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L77
        L61:
            goto L0
        L64:
            r0 = r7
            close(r0)
            goto L80
        L6b:
            r11 = move-exception
            org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException r0 = new org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException     // Catch: java.lang.Throwable -> L77
            r1 = r0
            r2 = r11
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L77
            throw r0     // Catch: java.lang.Throwable -> L77
        L77:
            r13 = move-exception
            r0 = r7
            close(r0)
            r0 = r13
            throw r0
        L80:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(org.apache.commons.compress.archivers.ArchiveInputStream, java.io.File, org.owasp.dependencycheck.Engine):void");
    }

    private static void extractAcceptedFile(ArchiveInputStream archiveInputStream, File file) throws AnalysisException {
        LOGGER.debug("Extracting '{}'", file.getPath());
        try {
            try {
                File parentFile = file.getParentFile();
                if (!parentFile.isDirectory() && !parentFile.mkdirs()) {
                    throw new AnalysisException(String.format("Unable to build directory '%s'.", parentFile.getAbsolutePath()));
                }
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                IOUtils.copy(archiveInputStream, fileOutputStream);
                close(fileOutputStream);
            } catch (FileNotFoundException e) {
                LOGGER.debug("", e);
                throw new AnalysisException(String.format("Unable to find file '%s'.", file.getName()), e);
            } catch (IOException e2) {
                LOGGER.debug("", e2);
                throw new AnalysisException(String.format("IO Exception while parsing file '%s'.", file.getName()), e2);
            }
        } catch (Throwable th) {
            close(null);
            throw th;
        }
    }

    private void decompressFile(CompressorInputStream compressorInputStream, File file) throws ArchiveExtractionException {
        LOGGER.debug("Decompressing '{}'", file.getPath());
        FileOutputStream fileOutputStream = null;
        try {
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                    IOUtils.copy(compressorInputStream, fileOutputStream);
                    close(fileOutputStream);
                } catch (FileNotFoundException e) {
                    LOGGER.debug("", e);
                    throw new ArchiveExtractionException(e);
                }
            } catch (IOException e2) {
                LOGGER.debug("", e2);
                throw new ArchiveExtractionException(e2);
            }
        } catch (Throwable th) {
            close(fileOutputStream);
            throw th;
        }
    }

    private static void close(Closeable closeable) {
        if (null != closeable) {
            try {
                closeable.close();
            } catch (IOException e) {
                LOGGER.trace("", e);
            }
        }
    }

    private boolean isZipFileActuallyJarFile(Dependency dependency) {
        boolean z = false;
        ZipFile zipFile = null;
        try {
            try {
                zipFile = new ZipFile(dependency.getActualFilePath());
                if (zipFile.getEntry("META-INF/MANIFEST.MF") != null || zipFile.getEntry("META-INF/maven") != null) {
                    Enumeration entries = zipFile.getEntries();
                    while (true) {
                        if (!entries.hasMoreElements()) {
                            break;
                        }
                        ZipArchiveEntry zipArchiveEntry = (ZipArchiveEntry) entries.nextElement();
                        if (!zipArchiveEntry.isDirectory() && zipArchiveEntry.getName().toLowerCase().endsWith(".class")) {
                            z = true;
                            break;
                        }
                    }
                }
                ZipFile.closeQuietly(zipFile);
            } catch (IOException e) {
                LOGGER.debug("Unable to unzip zip file '{}'", dependency.getFilePath(), e);
                ZipFile.closeQuietly(zipFile);
            }
            return z;
        } catch (Throwable th) {
            ZipFile.closeQuietly(zipFile);
            throw th;
        }
    }

    static {
        String string = Settings.getString("extensions.zip");
        if (string != null) {
            Collections.addAll(ZIPPABLES, string.split("\\s*,\\s*"));
        }
        EXTENSIONS.addAll(ZIPPABLES);
        FILTER = FileFilterBuilder.newInstance().addExtensions(EXTENSIONS).build();
        ZIP_FILTER = FileFilterBuilder.newInstance().addExtensions("zip").build();
        EMPTY_DEPENDENCY_SET = Collections.emptySet();
    }
}
