package com.meterian.cli.reports.sarif;

import com.meterian.cli.builds.MeterianAnalysisResult;
import com.meterian.cli.reports.Section;
import com.meterian.cli.reports.sarif.SarifReport;
import com.meterian.common.concepts.Language;
import com.meterian.common.concepts.bare.BareAdvice;
import com.meterian.common.concepts.bare.BareDependency;
import com.meterian.common.concepts.bare.BareLatestVersions;
import com.meterian.common.concepts.bare.reports.BareLicenseV2;
import com.meterian.common.concepts.bare.reports.BareLicensingEntry;
import com.meterian.common.concepts.bare.reports.BareLicensingSingleReportV2;
import com.meterian.common.concepts.bare.reports.BareSecurityAdvice;
import com.meterian.common.concepts.bare.reports.BareSecuritySingleReportV2;
import com.meterian.common.concepts.bare.reports.BareStabilityAdvice;
import com.meterian.common.concepts.bare.reports.BareStabilitySingleReport;
import com.meterian.common.functions.CollectionFunctions;
import com.meterian.common.functions.StringFunctions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/meterian/cli/reports/sarif/RulesGenerator.class */
public class RulesGenerator {
    private static final String PREFIX = "METERIAN";
    private List<BareSecuritySingleReportV2> securityReports = new ArrayList();
    private List<BareStabilitySingleReport> stabilityReports = new ArrayList();
    private List<BareLicensingSingleReportV2> licensingReports = new ArrayList();
    private MeterianAnalysisResult results;

    public RulesGenerator withSecurityReports(List<BareSecuritySingleReportV2> list) {
        this.securityReports = list;
        return this;
    }

    public RulesGenerator withStabilityReports(List<BareStabilitySingleReport> list) {
        this.stabilityReports = list;
        return this;
    }

    public RulesGenerator withLicensingReports(List<BareLicensingSingleReportV2> list) {
        this.licensingReports = list;
        return this;
    }

    public RulesGenerator withMeterianAnalysisResults(MeterianAnalysisResult meterianAnalysisResult) {
        this.results = meterianAnalysisResult;
        return this;
    }

    public List<SarifReport.Rule> get() {
        ArrayList arrayList = new ArrayList();
        loadSecurityRules(arrayList);
        loadStabilityRules(arrayList);
        loadLicensingRules(arrayList);
        return arrayList;
    }

    private void loadLicensingRules(List<SarifReport.Rule> list) {
        for (BareLicensingSingleReportV2 bareLicensingSingleReportV2 : this.licensingReports) {
            for (BareLicensingEntry bareLicensingEntry : bareLicensingSingleReportV2.results) {
                if (bareLicensingEntry.exclusions == null || bareLicensingEntry.exclusions.isEmpty() || safe(bareLicensingEntry)) {
                    if (!bareLicensingEntry.violations.isEmpty()) {
                        list.add(SarifReport.Rule.createLicensingRule(createRuleId(bareLicensingSingleReportV2.language, bareLicensingEntry), "[licensing] " + fullDefinition(bareLicensingEntry.name, bareLicensingEntry.version) + " goes against your company policies", new HelpTextBuilder().forSection(Section.licensing).withLicensingAdvice(fullDefinition(bareLicensingEntry.name, bareLicensingEntry.version) + " licensed under " + licensesList(bareLicensingEntry) + ", does not align with your company policies. Review which policies are being violated below.").withLicensingViolations(bareLicensingEntry.violations).withReportUrl(reportUrl()), new String[0]));
                    }
                    if (bareLicensingEntry.licenses.isEmpty()) {
                        list.add(SarifReport.Rule.createLicensingRule(createRuleId(bareLicensingSingleReportV2.language, bareLicensingEntry), "[licensing] " + fullDefinition(bareLicensingEntry.name, bareLicensingEntry.version) + " is missing a valid license", new HelpTextBuilder().forSection(Section.licensing).withLicensingAdvice(fullDefinition(bareLicensingEntry.name, bareLicensingEntry.version) + " is unlicensed. Take a moment to understand the intellectual property implications and your rights associated with its usage."), new String[0]));
                    }
                }
            }
        }
    }

    private void loadStabilityRules(List<SarifReport.Rule> list) {
        for (BareStabilitySingleReport bareStabilitySingleReport : this.stabilityReports) {
            for (BareStabilityAdvice bareStabilityAdvice : bareStabilitySingleReport.versions) {
                if (bareStabilityAdvice.exclusions == null || bareStabilityAdvice.exclusions.isEmpty()) {
                    list.add(SarifReport.Rule.createStabilityRule(createRuleId(bareStabilitySingleReport.language, bareStabilityAdvice.name, bareStabilityAdvice.version, collectUpdates(bareStabilityAdvice)), "[stability] " + fullDefinition(bareStabilityAdvice.name, bareStabilityAdvice.version) + " is outdated", new HelpTextBuilder().forSection(Section.stability).withStabilityAdvice(fullDefinition(bareStabilityAdvice.name, bareStabilityAdvice.version) + " is out of date. Review the safest upgrade paths we have detected below.").withSafeVersion(new BareLatestVersions(bareStabilityAdvice.latestPatch, bareStabilityAdvice.latestMinor, bareStabilityAdvice.latestMajor)).withReportUrl(reportUrl()), new String[0]));
                }
            }
        }
    }

    private void loadSecurityRules(List<SarifReport.Rule> list) {
        Iterator<BareSecuritySingleReportV2> it = this.securityReports.iterator();
        while (it.hasNext()) {
            for (BareSecurityAdvice bareSecurityAdvice : it.next().reports) {
                for (BareAdvice bareAdvice : bareSecurityAdvice.advices) {
                    if (bareAdvice.exclusions == null || bareAdvice.exclusions.isEmpty()) {
                        if (!bareAdvice.severity.equals(BareAdvice.Severity.NONE)) {
                            String createRuleId = createRuleId(bareAdvice);
                            String str = "[security] " + fullDefinition(bareSecurityAdvice.dependency) + " is vulnerable (" + getCveOrDefault(bareAdvice, toMETId(bareAdvice)) + ")";
                            HelpTextBuilder withLinks = new HelpTextBuilder().forSection(Section.security).withSecurityAdvice(bareAdvice.description).withCvss(bareAdvice.cvss).withReportUrl(reportUrl()).withSafeVersion(bareSecurityAdvice.safeVersions).withEpss(bareAdvice.epss).withLinks(bareAdvice.links);
                            list.add(bareAdvice.cwe != null ? SarifReport.Rule.createSecurityRule(createRuleId, bareAdvice.cvss.intValue(), str, withLinks, bareAdvice.cwe) : SarifReport.Rule.createSecurityRule(createRuleId, bareAdvice.cvss.intValue(), str, withLinks, new String[0]));
                        }
                    }
                }
            }
        }
    }

    private String licensesList(BareLicensingEntry bareLicensingEntry) {
        ArrayList arrayList = new ArrayList(bareLicensingEntry.licenses);
        if (arrayList.size() == 1) {
            return ((BareLicenseV2) arrayList.get(0)).id;
        }
        String str = "";
        for (int i = 0; i < arrayList.size() - 1; i++) {
            str = str + " " + ((BareLicenseV2) arrayList.get(i)).id + ",";
        }
        return (str + ",").replace(",,", " and " + ((BareLicenseV2) arrayList.get(arrayList.size() - 1)).id);
    }

    private boolean safe(BareLicensingEntry bareLicensingEntry) {
        return bareLicensingEntry.violations.isEmpty() && bareLicensingEntry.warnings.isEmpty();
    }

    private List<String> collectUpdates(BareStabilityAdvice bareStabilityAdvice) {
        ArrayList arrayList = new ArrayList();
        for (String str : Arrays.asList(bareStabilityAdvice.latestPatch, bareStabilityAdvice.latestMinor, bareStabilityAdvice.latestMajor)) {
            if (str != null) {
                arrayList.add(str);
            }
        }
        return arrayList;
    }

    private String reportUrl() {
        if (this.results == null) {
            return null;
        }
        return this.results.url;
    }

    private String toMETId(BareAdvice bareAdvice) {
        return "MET-" + endOfUuid(bareAdvice.id);
    }

    private String getCveOrDefault(BareAdvice bareAdvice, String str) {
        return !StringFunctions.isEmpty(bareAdvice.cve) ? bareAdvice.cve : str;
    }

    private String fullDefinition(BareDependency bareDependency) {
        return fullDefinition(bareDependency.name(), bareDependency.version());
    }

    private String fullDefinition(String str, String str2) {
        return str + "@" + str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createRuleId(BareAdvice bareAdvice) {
        return String.join("-", PREFIX, bareAdvice.library.language.name(), replaceSlashesWithDashes(bareAdvice.library.name), endOfUuid(bareAdvice.id.toString())).toUpperCase();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createRuleId(Language language, String str, String str2, List<String> list) {
        return String.join("-", PREFIX, language.name(), replaceSlashesWithDashes(str), endOfUuid(UUID.nameUUIDFromBytes((str + str2 + String.join("", list)).getBytes()).toString())).toUpperCase();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String createRuleId(Language language, BareLicensingEntry bareLicensingEntry) {
        if (!bareLicensingEntry.warnings.isEmpty()) {
            return String.join("-", PREFIX, language.name(), replaceSlashesWithDashes(bareLicensingEntry.name), endOfUuid(UUID.nameUUIDFromBytes((bareLicensingEntry.name + bareLicensingEntry.version + ((String) CollectionFunctions.first(bareLicensingEntry.warnings))).getBytes()).toString())).toUpperCase();
        }
        if (bareLicensingEntry.violations.isEmpty()) {
            return null;
        }
        return String.join("-", PREFIX, language.name(), replaceSlashesWithDashes(bareLicensingEntry.name), endOfUuid(UUID.nameUUIDFromBytes((bareLicensingEntry.name + bareLicensingEntry.version + String.join("", (List) bareLicensingEntry.violations.stream().map(bareLicenseViolation -> {
            return bareLicenseViolation.policyName;
        }).collect(Collectors.toList()))).getBytes()).toString())).toUpperCase();
    }

    private static String replaceSlashesWithDashes(String str) {
        return str.replace(AntPathMatcher.DEFAULT_PATH_SEPARATOR, "-").replace("\\", "-");
    }

    private static String endOfUuid(UUID uuid) {
        return endOfUuid(uuid.toString());
    }

    private static String endOfUuid(String str) {
        return str.substring(str.lastIndexOf("-") + 1);
    }
}
