package org.palladiosimulator.retriever.vulnerability.core;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.log4j.ConsoleAppender;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.log4j.SimpleLayout;
import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.common.util.URI;
import org.eclipse.emf.ecore.resource.Resource;
import org.eclipse.emf.ecore.resource.impl.ResourceSetImpl;
import org.eclipse.emf.ecore.xmi.impl.XMIResourceFactoryImpl;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.AttackerSystemSpecificationContainer;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.CategorySpecification;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.VulnerabilityContainer;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.attackSpecification.Vulnerability;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.impl.AttackerFactoryImpl;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.PCMElement;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.VulnerabilitySystemIntegration;
import org.palladiosimulator.pcm.confidentiality.attackerSpecification.pcmIntegration.impl.PcmIntegrationFactoryImpl;
import org.palladiosimulator.pcm.core.composition.AssemblyContext;
import org.palladiosimulator.pcm.core.entity.Entity;
import org.palladiosimulator.pcm.repository.RepositoryComponent;
import org.palladiosimulator.pcm.system.System;
import org.palladiosimulator.pcm.system.impl.SystemImpl;
import org.palladiosimulator.retriever.vulnerability.core.api.IStaticCodeAnalysisIssue;
import org.palladiosimulator.retriever.vulnerability.core.api.IStaticCodeAnalysisResult;
import org.palladiosimulator.retriever.vulnerability.core.api.IStaticCodeAnalyst;
import org.palladiosimulator.retriever.vulnerability.core.api.IVulnerabilityDatabase;
import org.palladiosimulator.retriever.vulnerability.core.api.VulnerabilityDatabaseException;

/* loaded from: input_file:org/palladiosimulator/retriever/vulnerability/core/SnykCLIStaticCodeAnalyst.class */
public class SnykCLIStaticCodeAnalyst implements IStaticCodeAnalyst {
    private static final Logger LOG = Logger.getLogger(SnykCLIStaticCodeAnalyst.class);
    private final IVulnerabilityDatabase vulnerabilityDatabase;
    private Path snykLocation;
    private Path outputLocation;
    private String snykToken;
    private boolean isSnykExeAuthenticated = false;
    private static String packagePattern;
    private static String issueNamePattern;
    private static String severityPattern;
    private static String urlPattern;
    private static String fullOutputPattern;

    static {
        LOG.setLevel(Level.DEBUG);
        LOG.addAppender(new ConsoleAppender(new SimpleLayout()));
        packagePattern = "(?<package>[a-zA-Z0-9\\.:@\\-]*)";
        issueNamePattern = "(?<name>[a-z A-Z\\(\\)]*)";
        severityPattern = "\\[(?<severity>[a-z A-Z]*)\\]";
        urlPattern = "\\[(?<url>(?:https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|])\\]";
        fullOutputPattern = String.valueOf(issueNamePattern) + severityPattern + urlPattern + " in " + packagePattern;
    }

    public SnykCLIStaticCodeAnalyst(Path path, Path path2, String str, String str2) {
        this.snykLocation = path;
        this.outputLocation = path2;
        this.snykToken = str2;
        this.vulnerabilityDatabase = new NistVulnerabilityDatabase(str);
    }

    @Override // org.palladiosimulator.retriever.vulnerability.core.api.IStaticCodeAnalyst
    public IStaticCodeAnalysisResult analyze(Map<System, Path> map) {
        return analyze(map, true);
    }

    public IStaticCodeAnalysisResult analyze(Map<System, Path> map, boolean z) {
        StaticCodeAnalyisResult staticCodeAnalyisResult = null;
        Iterator<System> it = map.keySet().iterator();
        while (it.hasNext()) {
            SystemImpl systemImpl = (System) it.next();
            Path path = map.get(systemImpl);
            boolean equals = path.getFileName().toString().equals("pom.xml");
            boolean equals2 = path.getFileName().toString().equals("Dockerfile");
            boolean equals3 = path.getFileName().toString().equals("build.gradle");
            if (equals || equals2 || equals3) {
                String scanWithSnykCLI = scanWithSnykCLI(path);
                StaticCodeAnalyisResult parseSnykCLIOutput = parseSnykCLIOutput(scanWithSnykCLI);
                staticCodeAnalyisResult = parseSnykCLIOutput;
                if (z) {
                    AttackerSystemSpecificationContainer createAttackerSystemSpecificationContainer = AttackerFactoryImpl.eINSTANCE.createAttackerSystemSpecificationContainer();
                    EList vulnerabilities = createAttackerSystemSpecificationContainer.getVulnerabilities();
                    if (systemImpl instanceof SystemImpl) {
                        systemImpl.getAssemblyContexts__ComposedStructure().forEach(assemblyContext -> {
                            vulnerabilities.addAll(annotateResultToEntity(assemblyContext, parseSnykCLIOutput));
                        });
                    } else {
                        vulnerabilities.addAll(annotateResultToEntity(systemImpl, staticCodeAnalyisResult));
                    }
                    String path2 = path.getParent().getFileName().toString();
                    saveModel(path2, createAttackerSystemSpecificationContainer, this.vulnerabilityDatabase.getCategorySpecification());
                    saveSnykOutput(path2, scanWithSnykCLI);
                }
            }
        }
        return staticCodeAnalyisResult;
    }

    private List<VulnerabilitySystemIntegration> annotateResultToEntity(Entity entity, StaticCodeAnalyisResult staticCodeAnalyisResult) {
        ArrayList arrayList = new ArrayList();
        Iterator<IStaticCodeAnalysisIssue> it = staticCodeAnalyisResult.getIssues().iterator();
        while (it.hasNext()) {
            Vulnerability vulnerability = getVulnerability(it.next().getUrl());
            if (vulnerability != null) {
                VulnerabilitySystemIntegration createVulnerabilitySystemIntegration = PcmIntegrationFactoryImpl.eINSTANCE.createVulnerabilitySystemIntegration();
                createVulnerabilitySystemIntegration.setVulnerability(vulnerability);
                PCMElement createPCMElement = PcmIntegrationFactoryImpl.eINSTANCE.createPCMElement();
                if (entity instanceof RepositoryComponent) {
                    createPCMElement.setBasiccomponent((RepositoryComponent) entity);
                } else {
                    if (!(entity instanceof AssemblyContext)) {
                        throw new IllegalArgumentException("Please use RepositoryComponents or AssemblyContexts as arguments");
                    }
                    createPCMElement.setBasiccomponent(((AssemblyContext) entity).getEncapsulatedComponent__AssemblyContext());
                }
                createVulnerabilitySystemIntegration.setPcmelement(createPCMElement);
                arrayList.add(createVulnerabilitySystemIntegration);
            }
        }
        return arrayList;
    }

    private Vulnerability getVulnerability(String str) {
        try {
            Document document = Jsoup.connect(str).get();
            List<String> list = (List) document.select("a[href]").stream().map(element -> {
                return element.ownText();
            }).filter(str2 -> {
                return str2.startsWith("CVE-");
            }).collect(Collectors.toList());
            List<Integer> list2 = (List) document.select("a[href]").stream().map(element2 -> {
                return element2.ownText();
            }).filter(str3 -> {
                return str3.startsWith("CWE-");
            }).map(str4 -> {
                return str4.substring(4);
            }).map(str5 -> {
                try {
                    return Integer.valueOf(Integer.parseInt(str5));
                } catch (NumberFormatException unused) {
                    return null;
                }
            }).filter(num -> {
                return num != null;
            }).collect(Collectors.toList());
            for (String str6 : list) {
                try {
                    return this.vulnerabilityDatabase.getCVEVulnerability(str6, list2);
                } catch (VulnerabilityDatabaseException e) {
                    LOG.warn("Database error for \"" + str6 + "\":\n" + e.getMessage());
                }
            }
            return null;
        } catch (IOException unused) {
            LOG.error("Could not get vulnerability definitions from \"" + str + "\"!");
            return null;
        }
    }

    private String scanWithSnykCLI(Path path) {
        if (!this.isSnykExeAuthenticated) {
            authenticateSnykExe();
        }
        if (path.toFile().exists()) {
            String runSnykCommand = runSnykCommand(path.getParent().toFile(), "test", "--all-sub-projects", "--file=" + path);
            return runSnykCommand == null ? "" : runSnykCommand;
        }
        LOG.error("File does not exist.");
        return "";
    }

    private void authenticateSnykExe() {
        String runSnykCommand = runSnykCommand(false, null, "config", "get", "api");
        if (runSnykCommand != null && !runSnykCommand.isBlank()) {
            LOG.info("Snyk executable is already authenticated");
            return;
        }
        if (this.snykToken == null || this.snykToken.isBlank()) {
            LOG.warn("Snyk executable could not be authenticated!\nAuthenticate it manually by running \"snyk auth\" or supply an authentication token!\nIf the authentication token is supplied via an environment variable, ignore this warning.");
        } else if (runSnykCommand("auth", this.snykToken) != null) {
            this.isSnykExeAuthenticated = true;
        }
    }

    private String runSnykCommand(String... strArr) {
        return runSnykCommand(null, strArr);
    }

    private String runSnykCommand(File file, String... strArr) {
        return runSnykCommand(true, file, strArr);
    }

    private String runSnykCommand(boolean z, File file, String... strArr) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.snykLocation.toString());
        arrayList.addAll(List.of((Object[]) strArr));
        ProcessBuilder processBuilder = new ProcessBuilder(new String[0]);
        processBuilder.command(arrayList);
        if (file != null) {
            processBuilder.directory(file);
        }
        try {
            Process start = processBuilder.start();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (z) {
                    LOG.debug(readLine);
                }
                sb.append(readLine).append('\n');
            }
            int waitFor = start.waitFor();
            if (z) {
                LOG.info("\nExited with error code : " + waitFor);
            }
            return sb.toString();
        } catch (IOException | InterruptedException e) {
            LOG.error(e);
            return null;
        }
    }

    public StaticCodeAnalyisResult parseSnykCLIOutput(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null || str.isEmpty()) {
            return new StaticCodeAnalyisResult(arrayList, null);
        }
        String[] split = str.split("\\u2717");
        if (split.length <= 1) {
            split = new String(str.getBytes(), StandardCharsets.UTF_8).split("\\u2717");
        }
        Pattern compile = Pattern.compile(fullOutputPattern);
        for (int i = 1; i < split.length; i++) {
            Matcher matcher = compile.matcher(split[i]);
            if (matcher.find()) {
                arrayList.add(new SnykIssue(matcher.group("url"), matcher.group("name"), matcher.group("package"), matcher.group("severity")));
            }
        }
        return new StaticCodeAnalyisResult(arrayList, null);
    }

    private void saveModel(String str, AttackerSystemSpecificationContainer attackerSystemSpecificationContainer, CategorySpecification categorySpecification) {
        Resource.Factory.Registry.INSTANCE.getExtensionToFactoryMap().put("vulnerabilitySystemIntegration", new XMIResourceFactoryImpl());
        Resource createResource = new ResourceSetImpl().createResource(URI.createURI(this.outputLocation.resolve(String.valueOf(str) + ".attacker").toUri().toString()));
        createResource.getContents().add(attackerSystemSpecificationContainer);
        VulnerabilityContainer createVulnerabilityContainer = AttackerFactoryImpl.eINSTANCE.createVulnerabilityContainer();
        for (VulnerabilitySystemIntegration vulnerabilitySystemIntegration : attackerSystemSpecificationContainer.getVulnerabilities()) {
            if (vulnerabilitySystemIntegration.getVulnerability() != null) {
                createVulnerabilityContainer.getVulnerability().add(vulnerabilitySystemIntegration.getVulnerability());
            }
        }
        createResource.getContents().add(createVulnerabilityContainer);
        createResource.getContents().add(categorySpecification);
        try {
            createResource.save(Collections.emptyMap());
        } catch (IOException e) {
            LOG.error("An error occurred while saving the result:\n" + e.getMessage());
        }
    }

    private void saveSnykOutput(String str, String str2) {
        Throwable th = null;
        try {
            try {
                FileWriter fileWriter = new FileWriter(this.outputLocation.resolve(String.valueOf(str) + ".log").toFile());
                try {
                    fileWriter.append((CharSequence) str2);
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                } catch (Throwable th2) {
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            LOG.error("An error occurred while saving the result:\n" + e.getMessage());
        }
    }

    @Override // org.palladiosimulator.retriever.vulnerability.core.api.ICodeAnalyst
    public IStaticCodeAnalysisResult analyze(String str) {
        return parseSnykCLIOutput(str);
    }
}
