package org.owasp.dependencycheck.maven;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.utils.Settings;

@Mojo(name = "aggregate", defaultPhase = LifecyclePhase.VERIFY, aggregator = true, threadSafe = false, requiresDependencyResolution = ResolutionScope.COMPILE_PLUS_RUNTIME, requiresOnline = true)
/* loaded from: input_file:org/owasp/dependencycheck/maven/AggregateMojo.class */
public class AggregateMojo extends BaseDependencyCheckMojo {

    @Parameter(property = "name", defaultValue = "dependency-check:aggregate", required = true)
    private String name = "dependency-check:aggregate";

    @Override // org.owasp.dependencycheck.maven.BaseDependencyCheckMojo
    public void runCheck() throws MojoExecutionException, MojoFailureException {
        Engine loadEngine = loadEngine();
        if (loadEngine == null) {
            return;
        }
        Exception scanArtifacts = scanArtifacts(getProject(), loadEngine);
        for (MavenProject mavenProject : getDescendants(getProject())) {
            Exception scanArtifacts2 = scanArtifacts(mavenProject, loadEngine);
            if (scanArtifacts2 != null) {
                if (scanArtifacts == null) {
                    scanArtifacts = scanArtifacts2;
                }
                scanArtifacts.getExceptions().addAll(scanArtifacts2.getExceptions());
                if (scanArtifacts2.isFatal()) {
                    scanArtifacts.setFatal(true);
                    String format = String.format("Fatal exception(s) analyzing %s", mavenProject.getName());
                    if (isFailOnError()) {
                        throw new MojoExecutionException(format, scanArtifacts);
                    }
                    getLog().error(format);
                    if (getLog().isDebugEnabled()) {
                        getLog().debug(scanArtifacts);
                    }
                } else {
                    continue;
                }
            }
        }
        try {
            loadEngine.analyzeDependencies();
        } catch (ExceptionCollection e) {
            if (scanArtifacts == null) {
                scanArtifacts = e;
            } else if (e.isFatal()) {
                scanArtifacts.setFatal(true);
                scanArtifacts.getExceptions().addAll(e.getExceptions());
            }
            if (scanArtifacts.isFatal()) {
                String format2 = String.format("Fatal exception(s) analyzing %s", getProject().getName());
                if (isFailOnError()) {
                    throw new MojoExecutionException(format2, scanArtifacts);
                }
                getLog().error(format2);
                if (getLog().isDebugEnabled()) {
                    getLog().debug(scanArtifacts);
                    return;
                }
                return;
            }
            String format3 = String.format("Exception(s) analyzing %s", getProject().getName());
            if (getLog().isDebugEnabled()) {
                getLog().debug(format3, scanArtifacts);
            }
        }
        File correctOutputDirectory = getCorrectOutputDirectory(getProject());
        if (correctOutputDirectory == null) {
            correctOutputDirectory = new File(getProject().getBuild().getDirectory());
        }
        try {
            MavenProject project = getProject();
            loadEngine.writeReports(project.getName(), project.getGroupId(), project.getArtifactId(), project.getVersion(), correctOutputDirectory, getFormat());
        } catch (ReportException e2) {
            if (scanArtifacts == null) {
                scanArtifacts = new ExceptionCollection("Error writing aggregate report", e2);
            } else {
                scanArtifacts.addException(e2);
            }
            if (isFailOnError()) {
                throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", scanArtifacts);
            }
            getLog().debug("One or more exceptions occurred during dependency-check analysis", scanArtifacts);
        }
        showSummary(getProject(), loadEngine.getDependencies());
        checkForFailure(loadEngine.getDependencies());
        if (scanArtifacts != null && isFailOnError()) {
            throw new MojoExecutionException("One or more exceptions occurred during dependency-check analysis", scanArtifacts);
        }
        loadEngine.cleanup();
        Settings.cleanup();
    }

    protected Set<MavenProject> getDescendants(MavenProject mavenProject) {
        int size;
        if (mavenProject == null) {
            return Collections.emptySet();
        }
        HashSet<MavenProject> hashSet = new HashSet();
        if (getLog().isDebugEnabled()) {
            getLog().debug(String.format("Collecting descendants of %s", mavenProject.getName()));
        }
        for (String str : mavenProject.getModules()) {
            for (MavenProject mavenProject2 : getReactorProjects()) {
                try {
                    if (new File(mavenProject.getBasedir(), str).getCanonicalFile().compareTo(mavenProject2.getBasedir()) == 0 && hashSet.add(mavenProject2) && getLog().isDebugEnabled()) {
                        getLog().debug(String.format("Descendant module %s added", mavenProject2.getName()));
                    }
                } catch (IOException e) {
                    if (getLog().isDebugEnabled()) {
                        getLog().debug("Unable to determine module path", e);
                    }
                }
            }
        }
        do {
            size = hashSet.size();
            for (MavenProject mavenProject3 : getReactorProjects()) {
                if (mavenProject.equals(mavenProject3.getParent()) || hashSet.contains(mavenProject3.getParent())) {
                    if (hashSet.add(mavenProject3) && getLog().isDebugEnabled()) {
                        getLog().debug(String.format("Descendant %s added", mavenProject3.getName()));
                    }
                    for (MavenProject mavenProject4 : getReactorProjects()) {
                        if (mavenProject3.getModules() != null && mavenProject3.getModules().contains(mavenProject4.getName()) && hashSet.add(mavenProject4) && getLog().isDebugEnabled()) {
                            getLog().debug(String.format("Descendant %s added", mavenProject4.getName()));
                        }
                    }
                }
                HashSet<MavenProject> hashSet2 = new HashSet();
                for (MavenProject mavenProject5 : hashSet) {
                    Iterator it = mavenProject5.getModules().iterator();
                    while (it.hasNext()) {
                        try {
                            if (new File(mavenProject5.getBasedir(), (String) it.next()).getCanonicalFile().compareTo(mavenProject3.getBasedir()) == 0) {
                                hashSet2.add(mavenProject3);
                            }
                        } catch (IOException e2) {
                            if (getLog().isDebugEnabled()) {
                                getLog().debug("Unable to determine module path", e2);
                            }
                        }
                    }
                }
                for (MavenProject mavenProject6 : hashSet2) {
                    if (hashSet.add(mavenProject6) && getLog().isDebugEnabled()) {
                        getLog().debug(String.format("Descendant module %s added", mavenProject6.getName()));
                    }
                }
            }
            if (size == 0) {
                break;
            }
        } while (size != hashSet.size());
        if (getLog().isDebugEnabled()) {
            getLog().debug(String.format("%s has %d children", mavenProject, Integer.valueOf(hashSet.size())));
        }
        return hashSet;
    }

    protected boolean isMultiModule(MavenProject mavenProject) {
        return "pom".equals(mavenProject.getPackaging());
    }

    protected Engine loadEngine() throws MojoExecutionException, MojoFailureException {
        Engine engine = null;
        try {
            engine = initializeEngine();
        } catch (DatabaseException e) {
            if (getLog().isDebugEnabled()) {
                getLog().debug("Database connection error", e);
            }
            if (isFailOnError()) {
                throw new MojoExecutionException("An exception occurred connecting to the local database. Please see the log file for more details.", e);
            }
            getLog().error("An exception occurred connecting to the local database. Please see the log file for more details.", e);
        }
        return engine;
    }

    public boolean canGenerateReport() {
        return true;
    }

    public String getName(Locale locale) {
        return this.name;
    }

    public String getDescription(Locale locale) {
        return "Generates an aggregate report of all child Maven projects providing details on any published vulnerabilities within project dependencies. This report is a best effort and may contain false positives and false negatives.";
    }
}
