package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import javax.annotation.concurrent.ThreadSafe;
import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonString;
import javax.json.JsonValue;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.UnexpectedAnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.Identifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.class */
public abstract class AbstractNpmAnalyzer extends AbstractFileTypeAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractNpmAnalyzer.class);
    public static final String NPM_DEPENDENCY_ECOSYSTEM = "npm";
    private static final String PACKAGE_JSON = "package.json";

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer, java.io.FileFilter
    public boolean accept(File file) {
        boolean accept = super.accept(file);
        if (accept) {
            try {
                accept = shouldProcess(file);
            } catch (AnalysisException e) {
                throw new UnexpectedAnalysisException(e.getMessage(), e.getCause());
            }
        }
        return accept;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean shouldProcess(File file) throws AnalysisException {
        try {
            String canonicalPath = file.getCanonicalPath();
            if (!canonicalPath.contains(File.separator + "node_modules" + File.separator) && !canonicalPath.contains(File.separator + "bower_components" + File.separator)) {
                return true;
            }
            LOGGER.debug("Skipping analysis of node/bower module: {}", canonicalPath);
            return false;
        } catch (IOException e) {
            throw new AnalysisException("Unable to process dependency", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Dependency createDependency(Dependency dependency, String str, String str2, String str3) {
        Identifier genericIdentifier;
        Dependency dependency2 = new Dependency(new File(dependency.getActualFile() + "?" + str), true);
        dependency2.setEcosystem("npm");
        dependency2.setSha1sum(Checksum.getSHA1Checksum(String.format("%s:%s", str, str2)));
        dependency2.setSha256sum(Checksum.getSHA256Checksum(String.format("%s:%s", str, str2)));
        dependency2.setMd5sum(Checksum.getMD5Checksum(String.format("%s:%s", str, str2)));
        dependency2.addEvidence(EvidenceType.PRODUCT, "package.json", PomHandler.NAME, str, Confidence.HIGHEST);
        dependency2.addEvidence(EvidenceType.VENDOR, "package.json", PomHandler.NAME, str, Confidence.HIGH);
        if (!StringUtils.isBlank(str2)) {
            dependency2.addEvidence(EvidenceType.VERSION, "package.json", "version", str2, Confidence.HIGHEST);
            dependency2.setVersion(str2);
        }
        if (dependency.getName() != null) {
            dependency2.addProjectReference(dependency.getName() + ": " + str3);
        } else {
            dependency2.addProjectReference(dependency.getDisplayFileName() + ": " + str3);
        }
        dependency2.setName(str);
        try {
            genericIdentifier = new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("npm").withName(str).withVersion(str2).build(), Confidence.HIGHEST);
        } catch (MalformedPackageURLException e) {
            LOGGER.debug("Unable to generate Purl - using a generic identifier instead " + e.getMessage());
            genericIdentifier = new GenericIdentifier(String.format("npm:%s@%s", dependency.getName(), str2), Confidence.HIGHEST);
        }
        dependency2.addSoftwareIdentifier(genericIdentifier);
        return dependency2;
    }

    protected void processPackage(Engine engine, Dependency dependency, JsonArray jsonArray, String str) {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        jsonArray.getValuesAs(JsonString.class).forEach(jsonString -> {
            createObjectBuilder.add(jsonString.toString(), "");
        });
        processPackage(engine, dependency, createObjectBuilder.build(), str);
    }

    protected void processPackage(Engine engine, Dependency dependency, JsonObject jsonObject, String str) {
        for (int i = 0; i < jsonObject.size(); i++) {
            jsonObject.forEach((str2, jsonValue) -> {
                String str2 = "";
                if (jsonValue != null && jsonValue.getValueType() == JsonValue.ValueType.STRING) {
                    str2 = ((JsonString) jsonValue).getString();
                }
                Dependency findDependency = findDependency(engine, str2, str2);
                if (findDependency == null) {
                    engine.addDependency(createDependency(dependency, str2, str2, str));
                } else {
                    findDependency.addProjectReference(dependency.getName() + ": " + str);
                }
            });
        }
    }

    private static String addToEvidence(Dependency dependency, EvidenceType evidenceType, JsonObject jsonObject, String str) {
        String str2 = null;
        if (jsonObject.containsKey(str)) {
            JsonString jsonString = (JsonValue) jsonObject.get(str);
            if (jsonString instanceof JsonString) {
                str2 = jsonString.getString();
                dependency.addEvidence(evidenceType, "package.json", str, str2, Confidence.HIGHEST);
            } else if (jsonString instanceof JsonObject) {
                for (Map.Entry entry : ((JsonObject) jsonString).entrySet()) {
                    String str3 = (String) entry.getKey();
                    JsonString jsonString2 = (JsonValue) entry.getValue();
                    if (jsonString2 instanceof JsonString) {
                        str2 = jsonString2.getString();
                        dependency.addEvidence(evidenceType, "package.json", String.format("%s.%s", str, str3), str2, Confidence.HIGHEST);
                    } else {
                        LOGGER.warn("JSON sub-value not string as expected: {}", jsonString2);
                    }
                }
            } else {
                LOGGER.warn("JSON value not string or JSON object as expected: {}", jsonString);
            }
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Dependency findDependency(Engine engine, String str, String str2) {
        for (Dependency dependency : engine.getDependencies()) {
            if ("npm".equals(dependency.getEcosystem()) && str.equals(dependency.getName()) && str2 != null && dependency.getVersion() != null && DependencyBundlingAnalyzer.npmVersionsMatch(str2, dependency.getVersion())) {
                return dependency;
            }
        }
        return null;
    }

    public void gatherEvidence(JsonObject jsonObject, Dependency dependency) {
        Identifier genericIdentifier;
        String str = null;
        if (jsonObject.containsKey(PomHandler.NAME)) {
            Object obj = jsonObject.get(PomHandler.NAME);
            if (obj instanceof JsonString) {
                String string = ((JsonString) obj).getString();
                str = string;
                dependency.setName(string);
                dependency.setPackagePath(string);
                dependency.addEvidence(EvidenceType.PRODUCT, "package.json", PomHandler.NAME, string, Confidence.HIGHEST);
                dependency.addEvidence(EvidenceType.VENDOR, "package.json", PomHandler.NAME, string, Confidence.HIGH);
            } else {
                LOGGER.warn("JSON value not string as expected: {}", obj);
            }
        }
        dependency.setDescription(addToEvidence(dependency, EvidenceType.PRODUCT, jsonObject, PomHandler.DESCRIPTION));
        String addToEvidence = addToEvidence(dependency, EvidenceType.VENDOR, jsonObject, "author");
        String addToEvidence2 = addToEvidence(dependency, EvidenceType.VERSION, jsonObject, "version");
        if (addToEvidence2 != null) {
            str = String.format("%s:%s", str, addToEvidence2);
            dependency.setVersion(addToEvidence2);
            try {
                genericIdentifier = new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("npm").withName(dependency.getName()).withVersion(addToEvidence2).build(), Confidence.HIGHEST);
            } catch (MalformedPackageURLException e) {
                LOGGER.debug("Unable to generate Purl - using a generic identifier instead " + e.getMessage());
                genericIdentifier = new GenericIdentifier(String.format("npm:%s:%s", dependency.getName(), addToEvidence2), Confidence.HIGHEST);
            }
            dependency.addSoftwareIdentifier(genericIdentifier);
        }
        if (str != null) {
            dependency.setDisplayFileName(str);
            dependency.setPackagePath(str);
        } else {
            LOGGER.warn("Unable to determine package name or version for {}", dependency.getActualFilePath());
            if (addToEvidence != null && !addToEvidence.isEmpty()) {
                dependency.setDisplayFileName(String.format("%s package.json", addToEvidence));
            }
        }
        if (jsonObject.containsKey(PomHandler.LICENSE)) {
            Object obj2 = jsonObject.get(PomHandler.LICENSE);
            if (obj2 instanceof JsonString) {
                dependency.setLicense(jsonObject.getString(PomHandler.LICENSE));
                return;
            }
            if (!(obj2 instanceof JsonArray)) {
                dependency.setLicense(jsonObject.getJsonObject(PomHandler.LICENSE).getString("type"));
                return;
            }
            JsonArray jsonArray = (JsonArray) obj2;
            StringBuilder sb = new StringBuilder();
            boolean z = false;
            for (int i = 0; i < jsonArray.size(); i++) {
                if (!jsonArray.isNull(i)) {
                    if (z) {
                        sb.append(", ");
                    } else {
                        z = true;
                    }
                    if (JsonValue.ValueType.STRING == ((JsonValue) jsonArray.get(i)).getValueType()) {
                        sb.append(jsonArray.getString(i));
                    } else {
                        JsonObject jsonObject2 = jsonArray.getJsonObject(i);
                        if (jsonObject2.containsKey("type") && !jsonObject2.isNull("type") && jsonObject2.containsKey(PomHandler.URL) && !jsonObject2.isNull(PomHandler.URL)) {
                            sb.append(String.format("%s (%s)", jsonObject2.getString("type"), jsonObject2.getString(PomHandler.URL)));
                        } else if (jsonObject2.containsKey("type") && !jsonObject2.isNull("type")) {
                            sb.append(jsonObject2.getString("type"));
                        } else if (jsonObject2.containsKey(PomHandler.URL) && !jsonObject2.isNull(PomHandler.URL)) {
                            sb.append(jsonObject2.getString(PomHandler.URL));
                        }
                    }
                }
            }
            dependency.setLicense(sb.toString());
        }
    }
}
