package org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.parts;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.SystemUtils;
import org.eclipse.emf.ecore.resource.Resource;
import org.eclipse.emf.ecore.resource.impl.ResourceSetImpl;
import org.eclipse.emf.ecore.xmi.impl.XMIResourceFactoryImpl;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.attackSpecification.CVEVulnerability;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.VulnerabilitySystemIntegration;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.impl.PCMElementImpl;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.impl.PcmIntegrationFactoryImpl;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.impl.VulnerabilitySystemIntegrationImpl;
import org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.iface.parts.interfaces.IStaticCodeAnalysisIssue;
import org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.iface.parts.interfaces.IStaticCodeAnalysisResult;
import org.palladiosimulator.pcm.confidentiality.reverseengineering.staticcodeanalysis.iface.parts.interfaces.IStaticCodeAnalyst;
import org.palladiosimulator.pcm.core.composition.AssemblyContext;
import org.palladiosimulator.pcm.core.entity.Entity;
import org.palladiosimulator.pcm.repository.RepositoryComponent;

/* loaded from: input_file:org/palladiosimulator/pcm/confidentiality/reverseengineering/staticcodeanalysis/parts/SnykCLIStaticCodeAnalyst.class */
public class SnykCLIStaticCodeAnalyst implements IStaticCodeAnalyst {
    private String fakeoutput = "Testing /home/lukas/git/sms/...\n\nTested 44 dependencies for known issues, found 18 issues, 18 vulnerable paths.\n\n\nIssues with no direct upgrade or patch:\n  ✗ XML External Entity (XXE) Injection [High Severity][https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302] in com.fasterxml.jackson.core:jackson-databind@2.10.0\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-actuator@2.2.0.RELEASE > org.springframework.boot:spring-boot-actuator-autoconfigure@2.2.0.RELEASE > com.fasterxml.jackson.core:jackson-databind@2.10.0\n  This issue was fixed in versions: 2.6.7.4, 2.9.10.7, 2.10.5.1\n  ✗ Information Exposure [Low Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-559327] in org.apache.commons:commons-dbcp2@2.7.0\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.apache.commons:commons-dbcp2@2.7.0\n  No upgrade or patch available\n  ✗ HTTP Request Smuggling [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1017119] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.0-M8, 9.0.38, 8.5.5\n  ✗ Information Exposure [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1048292] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 8.5.60, 9.0.40, 10.0.0-M10\n  ✗ Information Disclosure [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1061939] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.0-M10, 9.0.40, 8.5.60, 7.0.107\n  ✗ Remote Code Execution (RCE) [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080637] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.2, 9.0.43, 8.5.63, 7.0.108\n  ✗ HTTP Request Smuggling [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-1080638] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.2, 9.0.43, 8.5.63\n  ✗ Session Fixation [Low Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538488] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 9.0.30, 8.5.50, 7.0.99\n  ✗ Privilege Escalation [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-538490] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 9.0.29\n  ✗ Remote Code Execution (RCE) [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-570072] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.0-M5, 9.0.35, 8.5.55, 7.0.104\n  ✗ Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-584427] in org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-tomcat@2.2.0.RELEASE > org.apache.tomcat.embed:tomcat-embed-core@9.0.27\n  This issue was fixed in versions: 10.0.0-M7, 9.0.37, 8.5.57\n  ✗ Cross-site Scripting (XSS) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATEVALIDATOR-541187] in org.hibernate.validator:hibernate-validator@6.0.17.Final\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-validation@2.2.0.RELEASE > org.hibernate.validator:hibernate-validator@6.0.17.Final\n  This issue was fixed in versions: 6.0.18.Final, 6.1.0.Final\n  ✗ Improper Input Validation [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGHIBERNATEVALIDATOR-568163] in org.hibernate.validator:hibernate-validator@6.0.17.Final\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-validation@2.2.0.RELEASE > org.hibernate.validator:hibernate-validator@6.0.17.Final\n  This issue was fixed in versions: 6.0.19.Final, 6.1.3.Final\n  ✗ Improper Input Validation [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1009832] in org.springframework:spring-web@5.2.0.RELEASE\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework:spring-web@5.2.0.RELEASE\n  This issue was fixed in versions: 4.3.29.RELEASE, 5.0.19.RELEASE, 5.1.18.RELEASE, 5.2.9.RELEASE\n  ✗ Privilege Escalation [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-1296829] in org.springframework:spring-web@5.2.0.RELEASE\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework:spring-web@5.2.0.RELEASE\n  This issue was fixed in versions: 5.3.7, 5.2.15.RELEASE\n  ✗ Reflected File Download (RFD) [High Severity][https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-559346] in org.springframework:spring-web@5.2.0.RELEASE\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework:spring-web@5.2.0.RELEASE\n  This issue was fixed in versions: 5.2.3, 5.1.13, 5.0.16\n  ✗ Cross-Site Request Forgery (CSRF) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-542933] in org.springframework:spring-webmvc@5.2.0.RELEASE\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-web@2.2.0.RELEASE > org.springframework:spring-webmvc@5.2.0.RELEASE\n  This issue was fixed in versions: 5.2.3\n  ✗ Denial of Service (DoS) [Medium Severity][https://snyk.io/vuln/SNYK-JAVA-ORGYAML-537645] in org.yaml:snakeyaml@1.25\n    introduced by org.springframework.boot:smsApplication@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter-actuator@2.2.0.RELEASE > org.springframework.boot:spring-boot-starter@2.2.0.RELEASE > org.yaml:snakeyaml@1.25\n  This issue was fixed in versions: 1.26";
    private Path snykLocation;
    private static String packagePattern = "(?<package>[a-zA-Z0-9\\.:@\\-]*)";
    private static String issueNamePattern = "(?<name>[a-z A-Z\\(\\)]*)";
    private static String severityPattern = "\\[(?<severity>[a-z A-Z]*)\\]";
    private static String urlPattern = "\\[(?<url>(?:https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|])\\]";
    private static String fullOutputPattern = String.valueOf(issueNamePattern) + severityPattern + urlPattern + " in " + packagePattern;

    public SnykCLIStaticCodeAnalyst(Path path) {
        this.snykLocation = path;
    }

    public IStaticCodeAnalysisResult analyze(Map<Entity, Set<Path>> map) {
        return analyze(map, true);
    }

    public IStaticCodeAnalysisResult analyze(Map<Entity, Set<Path>> map, boolean z) {
        StaticCodeAnalyisResult staticCodeAnalyisResult = null;
        for (Entity entity : map.keySet()) {
            for (Path path : map.get(entity)) {
                if (path.endsWith("pom") || path.endsWith("dockerfile")) {
                    staticCodeAnalyisResult = parseSnykCLIOutput(runCLICommand(path));
                    if (z) {
                        annotateResultToEntity(entity, staticCodeAnalyisResult);
                    }
                }
            }
        }
        return staticCodeAnalyisResult;
    }

    private void annotateResultToEntity(Entity entity, StaticCodeAnalyisResult staticCodeAnalyisResult) {
        SnykVulnerabilityDatabase snykVulnerabilityDatabase = new SnykVulnerabilityDatabase(new SnykDatabaseParser());
        CVEVulnerability cVEVulnerability = null;
        try {
            for (IStaticCodeAnalysisIssue iStaticCodeAnalysisIssue : staticCodeAnalyisResult.getIssues()) {
                if (iStaticCodeAnalysisIssue.getIdentifiers().containsKey("CWE")) {
                    cVEVulnerability = snykVulnerabilityDatabase.getCWEVulnerability(new URI(iStaticCodeAnalysisIssue.getUrl()));
                } else if (iStaticCodeAnalysisIssue.getIdentifiers().containsKey("CVE")) {
                    cVEVulnerability = snykVulnerabilityDatabase.getCVEVulnerability(new URI(iStaticCodeAnalysisIssue.getUrl()));
                }
            }
        } catch (URISyntaxException e) {
            e.printStackTrace();
        }
        VulnerabilitySystemIntegrationImpl createVulnerabilitySystemIntegration = PcmIntegrationFactoryImpl.eINSTANCE.createVulnerabilitySystemIntegration();
        if (cVEVulnerability != null) {
            createVulnerabilitySystemIntegration.setVulnerability(cVEVulnerability);
        }
        PCMElementImpl createPCMElement = PcmIntegrationFactoryImpl.eINSTANCE.createPCMElement();
        if (entity instanceof RepositoryComponent) {
            createPCMElement.setBasiccomponent((RepositoryComponent) entity);
        } else {
            if (!(entity instanceof AssemblyContext)) {
                throw new IllegalArgumentException("Please use RpositoryComponents or AssemblyContexts as arguments");
            }
            createPCMElement.setAssemblycontext((AssemblyContext) entity);
        }
        createVulnerabilitySystemIntegration.setPcmelement(createPCMElement);
        saveModel(createVulnerabilitySystemIntegration);
    }

    private String runCLICommand(Path path) {
        if (!path.toFile().exists()) {
            System.out.println("File does not exist.");
            return "";
        }
        ProcessBuilder processBuilder = new ProcessBuilder(new String[0]);
        if (SystemUtils.IS_OS_WINDOWS) {
            processBuilder.command(this.snykLocation.resolve("snyk-win.exe").toString(), "test " + path);
        } else if (SystemUtils.IS_OS_MAC_OSX) {
            processBuilder.command(this.snykLocation.resolve("snyk-macos").toString(), "test " + path);
        } else {
            processBuilder.command(this.snykLocation.resolve("snyk-linux").toString(), "test " + path);
        }
        try {
            Process start = processBuilder.start();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    System.out.println("\nExited with error code : " + start.waitFor());
                    return sb.toString();
                }
                System.out.println(readLine);
                sb.append(readLine);
            }
        } catch (IOException e) {
            e.printStackTrace();
            return "";
        } catch (InterruptedException e2) {
            e2.printStackTrace();
            return "";
        }
    }

    public StaticCodeAnalyisResult parseSnykCLIOutput(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null || str.isEmpty()) {
            return new StaticCodeAnalyisResult(arrayList, null);
        }
        String[] split = str.split("✗");
        Pattern compile = Pattern.compile(fullOutputPattern);
        for (int i = 1; i < split.length; i++) {
            Matcher matcher = compile.matcher(split[i]);
            if (matcher.find()) {
                arrayList.add(new SnykIssue(matcher.group("url"), matcher.group("name"), matcher.group("package"), matcher.group("severity")));
            }
        }
        return new StaticCodeAnalyisResult(arrayList, null);
    }

    private void saveModel(VulnerabilitySystemIntegration vulnerabilitySystemIntegration) {
        Resource.Factory.Registry.INSTANCE.getExtensionToFactoryMap().put("vulnerabilitySystemIntegration", new XMIResourceFactoryImpl());
        Resource createResource = new ResourceSetImpl().createResource(org.eclipse.emf.common.util.URI.createURI("vulSysInteg/newVulSysInteg"));
        createResource.getContents().add(vulnerabilitySystemIntegration);
        try {
            createResource.save(Collections.emptyMap());
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    /* renamed from: analyze, reason: merged with bridge method [inline-methods] */
    public IStaticCodeAnalysisResult m1analyze(String str) {
        return null;
    }
}
