package org.owasp.dependencycheck.maven;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.filter.ArtifactFilter;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.model.Dependency;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.DefaultProjectBuildingRequest;
import org.apache.maven.project.MavenProject;
import org.apache.maven.project.ProjectBuildingRequest;
import org.apache.maven.reporting.MavenReport;
import org.apache.maven.reporting.MavenReportException;
import org.apache.maven.settings.Proxy;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.apache.maven.shared.artifact.TransferUtils;
import org.apache.maven.shared.artifact.resolve.ArtifactResolver;
import org.apache.maven.shared.artifact.resolve.ArtifactResolverException;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilder;
import org.apache.maven.shared.dependency.graph.DependencyGraphBuilderException;
import org.apache.maven.shared.dependency.graph.DependencyNode;
import org.apache.maven.shared.model.fileset.FileSet;
import org.apache.maven.shared.model.fileset.util.FileSetManager;
import org.codehaus.doxia.sink.Sink;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nexus.MavenArtifact;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.exception.DependencyNotFoundException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.utils.Filter;
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;

/* loaded from: input_file:org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.class */
public abstract class BaseDependencyCheckMojo extends AbstractMojo implements MavenReport {
    private static final String PROPERTIES_FILE = "mojo.properties";
    private static final String NEW_LINE = System.getProperty("line.separator", "\n").intern();

    @Parameter(property = "metaFileName", defaultValue = "dependency-check.ser", required = true)
    private String dataFileName;

    @Parameter(property = "failOnError", defaultValue = "true", required = true)
    private boolean failOnError;

    @Parameter(property = "project", required = true, readonly = true)
    private MavenProject project;

    @Parameter(readonly = true, required = true, property = "reactorProjects")
    private List<MavenProject> reactorProjects;

    @Component
    private ArtifactResolver artifactResolver;

    @Parameter(defaultValue = "${session}", readonly = true, required = true)
    private MavenSession session;

    @Parameter(defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true)
    private List<ArtifactRepository> remoteRepositories;

    @Component
    private DependencyGraphBuilder dependencyGraphBuilder;

    @Parameter(defaultValue = "${project.build.directory}", required = true)
    private File outputDirectory;

    @Parameter(property = "project.reporting.outputDirectory", required = true)
    private File reportOutputDirectory;

    @Parameter(property = "autoUpdate")
    private Boolean autoUpdate;

    @Parameter(property = "enableExperimental")
    private Boolean enableExperimental;

    @Parameter(property = "aggregate")
    @Deprecated
    private Boolean aggregate;

    @Parameter(property = "mavenSettings", defaultValue = "${settings}", required = false)
    private Settings mavenSettings;

    @Parameter(property = "mavenSettingsProxyId", required = false)
    private String mavenSettingsProxyId;

    @Parameter(property = "connectionTimeout", defaultValue = "", required = false)
    private String connectionTimeout;

    @Parameter(property = "suppressionFiles", required = false)
    private String[] suppressionFiles;

    @Parameter(property = "suppressionFile", required = false)
    private String suppressionFile;

    @Parameter(property = "hintsFile", defaultValue = "", required = false)
    private String hintsFile;

    @Parameter(property = "jarAnalyzerEnabled", required = false)
    private Boolean jarAnalyzerEnabled;

    @Parameter(property = "archiveAnalyzerEnabled", required = false)
    private Boolean archiveAnalyzerEnabled;

    @Parameter(property = "pyDistributionAnalyzerEnabled", required = false)
    private Boolean pyDistributionAnalyzerEnabled;

    @Parameter(property = "pyPackageAnalyzerEnabled", required = false)
    private Boolean pyPackageAnalyzerEnabled;

    @Parameter(property = "rubygemsAnalyzerEnabled", required = false)
    private Boolean rubygemsAnalyzerEnabled;

    @Parameter(property = "opensslAnalyzerEnabled", required = false)
    private Boolean opensslAnalyzerEnabled;

    @Parameter(property = "cmakeAnalyzerEnabled", required = false)
    private Boolean cmakeAnalyzerEnabled;

    @Parameter(property = "autoconfAnalyzerEnabled", required = false)
    private Boolean autoconfAnalyzerEnabled;

    @Parameter(property = "composerAnalyzerEnabled", required = false)
    private Boolean composerAnalyzerEnabled;

    @Parameter(property = "nodeAnalyzerEnabled", required = false)
    private Boolean nodeAnalyzerEnabled;

    @Parameter(property = "nspAnalyzerEnabled", required = false)
    private Boolean nspAnalyzerEnabled;

    @Parameter(property = "assemblyAnalyzerEnabled", required = false)
    private Boolean assemblyAnalyzerEnabled;

    @Parameter(property = "nuspecAnalyzerEnabled", required = false)
    private Boolean nuspecAnalyzerEnabled;

    @Parameter(property = "centralAnalyzerEnabled", required = false)
    private Boolean centralAnalyzerEnabled;

    @Parameter(property = "nexusAnalyzerEnabled", required = false)
    private Boolean nexusAnalyzerEnabled;

    @Parameter(property = "bundleAuditAnalyzerEnabled", required = false)
    private Boolean bundleAuditAnalyzerEnabled;

    @Parameter(property = "bundleAuditPath", defaultValue = "", required = false)
    private String bundleAuditPath;

    @Parameter(property = "cocoapodsAnalyzerEnabled", required = false)
    private Boolean cocoapodsAnalyzerEnabled;

    @Parameter(property = "swiftPackageManagerAnalyzerEnabled", required = false)
    private Boolean swiftPackageManagerAnalyzerEnabled;

    @Parameter(property = "nexusUrl", required = false)
    private String nexusUrl;

    @Parameter(property = "nexusUsesProxy", required = false)
    private Boolean nexusUsesProxy;

    @Parameter(property = "connectionString", defaultValue = "", required = false)
    private String connectionString;

    @Parameter(property = "databaseDriverName", defaultValue = "", required = false)
    private String databaseDriverName;

    @Parameter(property = "databaseDriverPath", defaultValue = "", required = false)
    private String databaseDriverPath;

    @Parameter(property = "serverId", defaultValue = "", required = false)
    private String serverId;

    @Parameter(defaultValue = "${settings}", readonly = true, required = true)
    private Settings settingsXml;

    @Component(role = SecDispatcher.class, hint = "default")
    private SecDispatcher securityDispatcher;

    @Parameter(property = "databaseUser", defaultValue = "", required = false)
    private String databaseUser;

    @Parameter(property = "databasePassword", defaultValue = "", required = false)
    private String databasePassword;

    @Parameter(property = "zipExtensions", required = false)
    private String zipExtensions;

    @Parameter(property = "skipArtifactType", required = false)
    private String skipArtifactType;

    @Parameter(property = "dataDirectory", defaultValue = "", required = false)
    private String dataDirectory;

    @Parameter(property = "cveUrl12Modified", defaultValue = "", required = false)
    private String cveUrl12Modified;

    @Parameter(property = "cveUrl20Modified", defaultValue = "", required = false)
    private String cveUrl20Modified;

    @Parameter(property = "cveUrl12Base", defaultValue = "", required = false)
    private String cveUrl12Base;

    @Parameter(property = "cveUrl20Base", defaultValue = "", required = false)
    private String cveUrl20Base;

    @Parameter(property = "cveValidForHours", defaultValue = "", required = false)
    private Integer cveValidForHours;

    @Parameter(property = "pathToMono", defaultValue = "", required = false)
    private String pathToMono;
    private Filter<String> artifactScopeExcluded;
    private Filter<String> artifactTypeExcluded;

    @Parameter(property = "scanSet", required = false)
    private FileSet[] scanSet;
    private boolean generatingSite = false;

    @Parameter(property = "failBuildOnCVSS", defaultValue = "11", required = true)
    private float failBuildOnCVSS = 11.0f;

    @Parameter(property = "failBuildOnAnyVulnerability", defaultValue = "false", required = true)
    private boolean failBuildOnAnyVulnerability = false;

    @Parameter(property = "format", defaultValue = "HTML", required = true)
    private String format = "HTML";

    @Parameter(property = "showSummary", defaultValue = "true", required = false)
    private boolean showSummary = true;

    @Parameter(property = "dependency-check.skip", defaultValue = "false", required = false)
    private boolean skip = false;

    @Parameter(property = "skipTestScope", defaultValue = "true", required = false)
    private boolean skipTestScope = true;

    @Parameter(property = "skipRuntimeScope", defaultValue = "false", required = false)
    private boolean skipRuntimeScope = false;

    @Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
    private boolean skipProvidedScope = false;

    @Parameter(property = "skipSystemScope", defaultValue = "false", required = false)
    private boolean skipSystemScope = false;

    @Parameter(property = "proxyUrl", defaultValue = "", required = false)
    @Deprecated
    private String proxyUrl = null;

    @Parameter(property = "externalReport")
    @Deprecated
    private String externalReport = null;

    public void execute() throws MojoExecutionException, MojoFailureException {
        this.generatingSite = false;
        if (this.skip) {
            getLog().info("Skipping " + getName(Locale.US));
            return;
        }
        validateAggregate();
        this.project.setContextValue(getOutputDirectoryContextKey(), this.outputDirectory);
        runCheck();
    }

    private void validateAggregate() throws MojoExecutionException {
        if (this.aggregate != null && this.aggregate.booleanValue()) {
            throw new MojoExecutionException("Aggregate configuration detected - as of dependency-check 1.2.8 this no longer supported. Please use the aggregate goal instead.");
        }
    }

    @Deprecated
    public final void generate(Sink sink, Locale locale) throws MavenReportException {
        generate((org.apache.maven.doxia.sink.Sink) sink, locale);
    }

    protected boolean isGeneratingSite() {
        return this.generatingSite;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getConnectionString() {
        return this.connectionString;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFailOnError() {
        return this.failOnError;
    }

    public void generate(org.apache.maven.doxia.sink.Sink sink, Locale locale) throws MavenReportException {
        this.generatingSite = true;
        try {
            validateAggregate();
            this.project.setContextValue(getOutputDirectoryContextKey(), getReportOutputDirectory());
            try {
                runCheck();
            } catch (MojoExecutionException e) {
                throw new MavenReportException(e.getMessage(), e);
            } catch (MojoFailureException e2) {
                getLog().warn("Vulnerabilities were identifies that exceed the CVSS threshold for failing the build");
            }
        } catch (MojoExecutionException e3) {
            throw new MavenReportException(e3.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public File getCorrectOutputDirectory() throws MojoExecutionException {
        return getCorrectOutputDirectory(this.project);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public File getCorrectOutputDirectory(MavenProject mavenProject) {
        Object contextValue = mavenProject.getContextValue(getOutputDirectoryContextKey());
        if (contextValue != null && (contextValue instanceof File)) {
            return (File) contextValue;
        }
        File file = new File(mavenProject.getBuild().getDirectory());
        if (file.getParentFile() != null && "target".equals(file.getParentFile().getName())) {
            file = file.getParentFile();
        }
        return file;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ExceptionCollection scanArtifacts(MavenProject mavenProject, Engine engine) {
        try {
            return collectDependencies(engine, mavenProject, this.dependencyGraphBuilder.buildDependencyGraph(mavenProject, (ArtifactFilter) null, this.reactorProjects).getChildren(), newResolveArtifactProjectBuildingRequest());
        } catch (DependencyGraphBuilderException e) {
            String format = String.format("Unable to build dependency graph on project %s", mavenProject.getName());
            getLog().debug(format, e);
            return new ExceptionCollection(format, e);
        }
    }

    private ExceptionCollection collectDependencies(Engine engine, MavenProject mavenProject, List<DependencyNode> list, ProjectBuildingRequest projectBuildingRequest) {
        ExceptionCollection exceptionCollection = null;
        for (DependencyNode dependencyNode : list) {
            if (!this.artifactScopeExcluded.passes(dependencyNode.getArtifact().getScope()) && !this.artifactTypeExcluded.passes(dependencyNode.getArtifact().getType())) {
                exceptionCollection = collectDependencies(engine, mavenProject, dependencyNode.getChildren(), projectBuildingRequest);
                try {
                    boolean z = false;
                    File file = null;
                    String str = null;
                    String str2 = null;
                    String str3 = null;
                    if ("system".equals(dependencyNode.getArtifact().getScope())) {
                        Iterator it = mavenProject.getDependencies().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Dependency dependency = (Dependency) it.next();
                            Artifact artifact = dependencyNode.getArtifact();
                            if (dependency.getSystemPath() != null && artifactsMatch(dependency, artifact)) {
                                file = new File(dependency.getSystemPath());
                                z = file.isFile();
                                str2 = artifact.getGroupId();
                                str = artifact.getArtifactId();
                                str3 = artifact.getVersion();
                                break;
                            }
                        }
                        if (!z) {
                            getLog().error("Unable to resolve system scoped dependency: " + dependencyNode.toNodeString());
                            if (exceptionCollection == null) {
                                exceptionCollection = new ExceptionCollection();
                            }
                            exceptionCollection.addException(new DependencyNotFoundException("Unable to resolve system scoped dependency: " + dependencyNode.toNodeString()));
                        }
                    } else {
                        Artifact artifact2 = this.artifactResolver.resolveArtifact(projectBuildingRequest, TransferUtils.toArtifactCoordinate(dependencyNode.getArtifact())).getArtifact();
                        z = artifact2.isResolved();
                        file = artifact2.getFile();
                        str2 = artifact2.getGroupId();
                        str = artifact2.getArtifactId();
                        str3 = artifact2.getVersion();
                    }
                    if (!z || file == null) {
                        getLog().debug(String.format("Unable to resolve '%s' in project %s", dependencyNode.getArtifact().getId(), mavenProject.getName()));
                        if (exceptionCollection == null) {
                            exceptionCollection = new ExceptionCollection();
                        }
                    } else {
                        List scan = engine.scan(file.getAbsoluteFile(), mavenProject.getName() + ":" + dependencyNode.getArtifact().getScope());
                        if (scan == null) {
                            String format = String.format("Error resolving '%s' in project %s", dependencyNode.getArtifact().getId(), mavenProject.getName());
                            if (exceptionCollection == null) {
                                exceptionCollection = new ExceptionCollection();
                            }
                            getLog().error(format);
                        } else if (scan.size() == 1) {
                            org.owasp.dependencycheck.dependency.Dependency dependency2 = (org.owasp.dependencycheck.dependency.Dependency) scan.get(0);
                            if (dependency2 != null) {
                                dependency2.addAsEvidence("pom", new MavenArtifact(str2, str, str3), Confidence.HIGHEST);
                                if (getLog().isDebugEnabled()) {
                                    getLog().debug(String.format("Adding project reference %s on dependency %s", mavenProject.getName(), dependency2.getDisplayFileName()));
                                }
                            }
                        } else if (getLog().isDebugEnabled()) {
                            getLog().debug(String.format("More than 1 dependency was identified in first pass scan of '%s' in project %s", dependencyNode.getArtifact().getId(), mavenProject.getName()));
                        }
                    }
                } catch (ArtifactResolverException e) {
                    if (exceptionCollection == null) {
                        exceptionCollection = new ExceptionCollection();
                    }
                    exceptionCollection.addException(e);
                }
            }
        }
        if (this.scanSet == null || this.scanSet.length == 0) {
            FileSet fileSet = new FileSet();
            FileSet fileSet2 = new FileSet();
            FileSet fileSet3 = new FileSet();
            try {
                fileSet.setDirectory(new File(mavenProject.getBasedir(), "src/main/resources").getCanonicalPath());
                fileSet2.setDirectory(new File(mavenProject.getBasedir(), "src/main/filters").getCanonicalPath());
                fileSet3.setDirectory(new File(mavenProject.getBasedir(), "src/main/webapp").getCanonicalPath());
            } catch (IOException e2) {
                if (exceptionCollection == null) {
                    exceptionCollection = new ExceptionCollection();
                }
                exceptionCollection.addException(e2);
            }
            this.scanSet = new FileSet[]{fileSet, fileSet2, fileSet3};
        }
        FileSetManager fileSetManager = new FileSetManager();
        for (FileSet fileSet4 : this.scanSet) {
            for (String str4 : fileSetManager.getIncludedFiles(fileSet4)) {
                File absoluteFile = new File(fileSet4.getDirectory(), str4).getAbsoluteFile();
                if (absoluteFile.exists()) {
                    engine.scan(absoluteFile, mavenProject.getName());
                }
            }
        }
        return exceptionCollection;
    }

    private static boolean artifactsMatch(Dependency dependency, Artifact artifact) {
        return isEqualOrNull(artifact.getArtifactId(), dependency.getArtifactId()) && isEqualOrNull(artifact.getGroupId(), dependency.getGroupId()) && isEqualOrNull(artifact.getVersion(), dependency.getVersion());
    }

    private static boolean isEqualOrNull(String str, String str2) {
        return (str != null && str.equals(str2)) || (str == null && str2 == null);
    }

    public ProjectBuildingRequest newResolveArtifactProjectBuildingRequest() {
        DefaultProjectBuildingRequest defaultProjectBuildingRequest = new DefaultProjectBuildingRequest(this.session.getProjectBuildingRequest());
        defaultProjectBuildingRequest.setRemoteRepositories(this.remoteRepositories);
        return defaultProjectBuildingRequest;
    }

    public abstract void runCheck() throws MojoExecutionException, MojoFailureException;

    public void setReportOutputDirectory(File file) {
        this.reportOutputDirectory = file;
    }

    public File getReportOutputDirectory() {
        return this.reportOutputDirectory;
    }

    public File getOutputDirectory() {
        return this.outputDirectory;
    }

    public final boolean isExternalReport() {
        return true;
    }

    public String getOutputName() {
        if ("HTML".equalsIgnoreCase(this.format) || "ALL".equalsIgnoreCase(this.format)) {
            return "dependency-check-report";
        }
        if ("XML".equalsIgnoreCase(this.format)) {
            return "dependency-check-report.xml#";
        }
        if ("VULN".equalsIgnoreCase(this.format)) {
            return "dependency-check-vulnerability";
        }
        if ("JSON".equalsIgnoreCase(this.format)) {
            return "dependency-check-report.json";
        }
        if ("CSV".equalsIgnoreCase(this.format)) {
            return "dependency-check-report.csv";
        }
        getLog().warn("Unknown report format used during site generation.");
        return "dependency-check-report";
    }

    public String getCategoryName() {
        return "Project Reports";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Engine initializeEngine() throws DatabaseException {
        populateSettings();
        return new Engine();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateSettings() {
        org.owasp.dependencycheck.utils.Settings.initialize();
        InputStream inputStream = null;
        try {
            try {
                inputStream = getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE);
                org.owasp.dependencycheck.utils.Settings.mergeProperties(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        if (getLog().isDebugEnabled()) {
                            getLog().debug("", e);
                        }
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        if (getLog().isDebugEnabled()) {
                            getLog().debug("", e2);
                        }
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            getLog().warn("Unable to load the dependency-check ant task.properties file.");
            if (getLog().isDebugEnabled()) {
                getLog().debug("", e3);
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    if (getLog().isDebugEnabled()) {
                        getLog().debug("", e4);
                    }
                }
            }
        }
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("autoupdate", this.autoUpdate);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.experimental.enabled", this.enableExperimental);
        if (this.externalReport != null) {
            getLog().warn("The 'externalReport' option was set; this configuration option has been removed. Please update the dependency-check-maven plugin's configuration");
        }
        if (this.proxyUrl != null && !this.proxyUrl.isEmpty()) {
            getLog().warn("Deprecated configuration detected, proxyUrl will be ignored; use the maven settings to configure the proxy instead");
        }
        Proxy mavenProxy = getMavenProxy();
        if (mavenProxy != null) {
            org.owasp.dependencycheck.utils.Settings.setString("proxy.server", mavenProxy.getHost());
            org.owasp.dependencycheck.utils.Settings.setString("proxy.port", Integer.toString(mavenProxy.getPort()));
            String username = mavenProxy.getUsername();
            String password = mavenProxy.getPassword();
            org.owasp.dependencycheck.utils.Settings.setStringIfNotNull("proxy.username", username);
            org.owasp.dependencycheck.utils.Settings.setStringIfNotNull("proxy.password", password);
            org.owasp.dependencycheck.utils.Settings.setStringIfNotNull("proxy.nonproxyhosts", mavenProxy.getNonProxyHosts());
        }
        org.owasp.dependencycheck.utils.Settings.setArrayIfNotEmpty("suppression.file", determineSuppressions());
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("connection.timeout", this.connectionTimeout);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("hints.file", this.hintsFile);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.jar.enabled", this.jarAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.nuspec.enabled", this.nuspecAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.central.enabled", this.centralAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.nexus.enabled", this.nexusAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("analyzer.nexus.url", this.nexusUrl);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.nexus.proxy", this.nexusUsesProxy);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.assembly.enabled", this.assemblyAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.archive.enabled", this.archiveAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("extensions.zip", this.zipExtensions);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("analyzer.assembly.mono.path", this.pathToMono);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.python.distribution.enabled", this.pyDistributionAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.python.package.enabled", this.pyPackageAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.ruby.gemspec.enabled", this.rubygemsAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.openssl.enabled", this.opensslAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.cmake.enabled", this.cmakeAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.autoconf.enabled", this.autoconfAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.composer.lock.enabled", this.composerAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.node.package.enabled", this.nodeAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.nsp.package.enabled", this.nspAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.bundle.audit.enabled", this.bundleAuditAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotNull("analyzer.bundle.audit.path", this.bundleAuditPath);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.cocoapods.enabled", this.cocoapodsAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setBooleanIfNotNull("analyzer.swift.package.manager.enabled", this.swiftPackageManagerAnalyzerEnabled);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.driver_name", this.databaseDriverName);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.driver_path", this.databaseDriverPath);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.connection_string", this.connectionString);
        if (this.databaseUser == null && this.databasePassword == null && this.serverId != null) {
            Server server = this.settingsXml.getServer(this.serverId);
            if (server != null) {
                this.databaseUser = server.getUsername();
                try {
                    if (this.securityDispatcher instanceof DefaultSecDispatcher) {
                        this.securityDispatcher.setConfigurationFile("~/.m2/settings-security.xml");
                    }
                    this.databasePassword = this.securityDispatcher.decrypt(server.getPassword());
                } catch (SecDispatcherException e5) {
                    if ((e5.getCause() instanceof FileNotFoundException) || (e5.getCause() != null && (e5.getCause().getCause() instanceof FileNotFoundException))) {
                        String password2 = server.getPassword();
                        if (password2.startsWith("{") && password2.endsWith("}")) {
                            getLog().error(String.format("Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s", this.serverId, e5.getMessage()));
                        } else {
                            this.databasePassword = password2;
                        }
                    } else {
                        getLog().error(String.format("Unable to decrypt the server password for server id '%s' in settings.xml%n\tCause: %s", this.serverId, e5.getMessage()));
                    }
                }
            } else {
                getLog().error(String.format("Server '%s' not found in the settings.xml file", this.serverId));
            }
        }
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.user", this.databaseUser);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.password", this.databasePassword);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("data.directory", this.dataDirectory);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("cve.url-1.2.modified", this.cveUrl12Modified);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("cve.url-2.0.modified", this.cveUrl20Modified);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("cve.url-1.2.base", this.cveUrl12Base);
        org.owasp.dependencycheck.utils.Settings.setStringIfNotEmpty("cve.url-2.0.base", this.cveUrl20Base);
        org.owasp.dependencycheck.utils.Settings.setIntIfNotNull("cve.check.validforhours", this.cveValidForHours);
        this.artifactScopeExcluded = new ArtifactScopeExcluded(this.skipTestScope, this.skipProvidedScope, this.skipSystemScope, this.skipRuntimeScope);
        this.artifactTypeExcluded = new ArtifactTypeExcluded(this.skipArtifactType);
    }

    private String[] determineSuppressions() {
        String[] strArr = this.suppressionFiles;
        if (this.suppressionFile != null) {
            if (strArr == null) {
                strArr = new String[]{this.suppressionFile};
            } else {
                strArr = (String[]) Arrays.copyOf(strArr, strArr.length + 1);
                strArr[strArr.length - 1] = this.suppressionFile;
            }
        }
        return strArr;
    }

    private Proxy getMavenProxy() {
        List<Proxy> proxies;
        if (this.mavenSettings == null || (proxies = this.mavenSettings.getProxies()) == null || proxies.isEmpty()) {
            return null;
        }
        if (this.mavenSettingsProxyId == null) {
            if (proxies.size() == 1) {
                return (Proxy) proxies.get(0);
            }
            getLog().warn("Multiple proxy definitions exist in the Maven settings. In the dependency-check configuration set the mavenSettingsProxyId so that the correct proxy will be used.");
            throw new IllegalStateException("Ambiguous proxy definition");
        }
        for (Proxy proxy : proxies) {
            if (this.mavenSettingsProxyId.equalsIgnoreCase(proxy.getId())) {
                return proxy;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MavenProject getProject() {
        return this.project;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<MavenProject> getReactorProjects() {
        return this.reactorProjects;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getFormat() {
        return this.format;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Filter<String> getArtifactScopeExcluded() {
        return this.artifactScopeExcluded;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkForFailure(List<org.owasp.dependencycheck.dependency.Dependency> list) throws MojoFailureException {
        StringBuilder sb = new StringBuilder();
        for (org.owasp.dependencycheck.dependency.Dependency dependency : list) {
            boolean z = true;
            for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                if (this.failBuildOnAnyVulnerability || vulnerability.getCvssScore() >= this.failBuildOnCVSS) {
                    if (z) {
                        z = false;
                        sb.append(NEW_LINE).append(dependency.getFileName()).append(": ");
                        sb.append(vulnerability.getName());
                    } else {
                        sb.append(", ").append(vulnerability.getName());
                    }
                }
            }
        }
        if (sb.length() > 0) {
            throw new MojoFailureException(this.failBuildOnAnyVulnerability ? String.format("%n%nOne or more dependencies were identified with vulnerabilities: %n%s%n%nSee the dependency-check report for more details.%n%n", sb.toString()) : String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %n%s%n%nSee the dependency-check report for more details.%n%n", Float.valueOf(this.failBuildOnCVSS), sb.toString()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void showSummary(MavenProject mavenProject, List<org.owasp.dependencycheck.dependency.Dependency> list) {
        if (this.showSummary) {
            StringBuilder sb = new StringBuilder();
            for (org.owasp.dependencycheck.dependency.Dependency dependency : list) {
                boolean z = true;
                StringBuilder sb2 = new StringBuilder();
                for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                    if (z) {
                        z = false;
                    } else {
                        sb2.append(", ");
                    }
                    sb2.append(vulnerability.getName());
                }
                if (sb2.length() > 0) {
                    sb.append(dependency.getFileName()).append(" (");
                    boolean z2 = true;
                    for (Identifier identifier : dependency.getIdentifiers()) {
                        if (z2) {
                            z2 = false;
                        } else {
                            sb.append(", ");
                        }
                        sb.append(identifier.getValue());
                    }
                    sb.append(") : ").append((CharSequence) sb2).append(NEW_LINE);
                }
            }
            if (sb.length() > 0) {
                getLog().warn(String.format("%n%nOne or more dependencies were identified with known vulnerabilities in %s:%n%n%s%n%nSee the dependency-check report for more details.%n%n", mavenProject.getName(), sb.toString()));
            }
        }
    }

    protected String getDataFileContextKey() {
        return "dependency-check-path-" + this.dataFileName;
    }

    protected String getOutputDirectoryContextKey() {
        return "dependency-output-dir-" + this.dataFileName;
    }
}
