package com.meterian.cli.reports.threadfix;

import com.meterian.cli.reports.CWEDatabase;
import com.meterian.cli.reports.threadfix.TfxMapping;
import com.meterian.common.concepts.Language;
import com.meterian.common.concepts.bare.BareAdvice;
import com.meterian.common.concepts.bare.BareLatestVersions;
import com.meterian.common.concepts.bare.reports.BareFullReport;
import com.meterian.common.concepts.bare.reports.BareSecurityAdvice;
import com.meterian.common.concepts.bare.reports.BareSecuritySingleReportV2;
import com.meterian.common.functions.CollectionFunctions;
import com.meterian.common.functions.StringFunctions;
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/meterian/cli/reports/threadfix/ThreadfixReportGenerator.class */
public class ThreadfixReportGenerator {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ThreadfixReportGenerator.class);
    private static final BigDecimal SEVERITY_CRITICAL_TRESHOLD = BigDecimal.valueOf(9L);
    private static final String NO_SAFE_VERSION_TEXT = "We were not able to provide a safe version for this library. You should consider replacing this component as it could be an issue for the safety of your application.";
    private static final int MAX_SUMMARY_LENGTH = 120;
    private final CWEDatabase cweDatabase = new CWEDatabase();

    public ThreadfixReport build(BareFullReport bareFullReport) {
        ThreadfixReport threadfixReport = new ThreadfixReport(bareFullReport.timestamp);
        addSecurityFindings(threadfixReport, bareFullReport);
        return threadfixReport;
    }

    private void addSecurityFindings(ThreadfixReport threadfixReport, BareFullReport bareFullReport) {
        if (bareFullReport.security != null) {
            for (BareSecuritySingleReportV2 bareSecuritySingleReportV2 : CollectionFunctions.parseNull(bareFullReport.security.reports)) {
                Iterator it = CollectionFunctions.parseNull(bareSecuritySingleReportV2.reports).iterator();
                while (it.hasNext()) {
                    addSecurityFinding(threadfixReport, bareFullReport, (BareSecurityAdvice) it.next(), bareSecuritySingleReportV2.language);
                }
            }
        }
    }

    private void addSecurityFinding(ThreadfixReport threadfixReport, BareFullReport bareFullReport, BareSecurityAdvice bareSecurityAdvice, Language language) {
        Iterator<BareAdvice> it = bareSecurityAdvice.advices.iterator();
        while (it.hasNext()) {
            BareAdvice withValidatedCWE = withValidatedCWE(it.next());
            TfxDependencyDetails computeDependencyDetails = computeDependencyDetails(bareFullReport, bareSecurityAdvice, withValidatedCWE);
            TfxFinding tfxFinding = new TfxFinding();
            tfxFinding.setNativeId(withValidatedCWE.id.toString());
            tfxFinding.setSeverity(computeSeverity(withValidatedCWE));
            tfxFinding.setNativeSeverity(withValidatedCWE.severity.name());
            tfxFinding.setDescription(withValidatedCWE.description);
            tfxFinding.setSummary(computeSummary(withValidatedCWE));
            tfxFinding.setScannerDetail("Details available at: " + computeDependencyDetails.getReferenceLink());
            tfxFinding.setScannerRecommendation(computeReccomendations(bareSecurityAdvice.safeVersions));
            tfxFinding.setDependencyDetails(computeDependencyDetails);
            tfxFinding.setMetadata(computeMetadata(language));
            tfxFinding.setTags(computeTags(language));
            tfxFinding.setMappings(computeMappings(withValidatedCWE));
            threadfixReport.addFinding(tfxFinding);
        }
    }

    private BareAdvice withValidatedCWE(BareAdvice bareAdvice) {
        try {
            return bareAdvice.cwe == null ? updateAdviceCWEWhenNotPresent(bareAdvice) : updateAdviceCWEIfRequired(bareAdvice);
        } catch (Exception e) {
            return bareAdvice;
        }
    }

    private BareAdvice updateAdviceCWEIfRequired(BareAdvice bareAdvice) {
        CWEDatabase.CWEData findBestMatch;
        BareAdvice bareAdvice2 = bareAdvice;
        if (this.cweDatabase.find(bareAdvice.cwe) == null && (findBestMatch = this.cweDatabase.findBestMatch(bareAdvice.description)) != null) {
            bareAdvice2 = withUpdatedCWE(bareAdvice, findBestMatch);
        }
        return bareAdvice2;
    }

    private BareAdvice updateAdviceCWEWhenNotPresent(BareAdvice bareAdvice) {
        CWEDatabase.CWEData findBestMatch = this.cweDatabase.findBestMatch(bareAdvice.description);
        return findBestMatch != null ? withUpdatedCWE(bareAdvice, findBestMatch) : bareAdvice;
    }

    private BareAdvice withUpdatedCWE(BareAdvice bareAdvice, CWEDatabase.CWEData cWEData) {
        log.debug("CWE {} added to advice {}", cWEData.id, bareAdvice);
        return new BareAdvice(bareAdvice.id, bareAdvice.library, bareAdvice.description, bareAdvice.severity, bareAdvice.cvss, bareAdvice.type, bareAdvice.links, bareAdvice.versionRange, bareAdvice.exclusions, cWEData.id, bareAdvice.cve);
    }

    private String computeSummary(BareAdvice bareAdvice) {
        CWEDatabase.CWEData find;
        return (bareAdvice.cwe == null || (find = this.cweDatabase.find(bareAdvice.cwe)) == null) ? StringFunctions.isEmptyOrWhitespaces(bareAdvice.description) ? "No summary available." : computeSummaryFromText(bareAdvice.description) : find.summary + ".";
    }

    private String computeSummaryFromText(String str) {
        return str.length() > 120 ? str.substring(0, 117) + "..." : str;
    }

    private List<TfxMapping> computeMappings(BareAdvice bareAdvice) {
        ArrayList arrayList = new ArrayList();
        boolean z = true;
        if (bareAdvice.cwe != null && bareAdvice.cwe.startsWith("CWE-")) {
            arrayList.add(new TfxMapping(TfxMapping.TfxMappingType.CWE, bareAdvice.cwe.substring("CWE-".length()), true));
            z = false;
        }
        if (bareAdvice.cve != null && bareAdvice.cve.startsWith("CVE-")) {
            arrayList.add(new TfxMapping(TfxMapping.TfxMappingType.CVE, bareAdvice.cve, Boolean.valueOf(z)));
            z = false;
        }
        arrayList.add(new TfxMapping(TfxMapping.TfxMappingType.TOOL_VENDOR, bareAdvice.id.toString(), Boolean.valueOf(z), "meterian-uuids"));
        return arrayList;
    }

    private List<String> computeTags(Language language) {
        return Arrays.asList("language:" + language);
    }

    private Map<String, String> computeMetadata(Language language) {
        HashMap hashMap = new HashMap();
        hashMap.put("language", language.name());
        return hashMap;
    }

    private String computeReccomendations(BareLatestVersions bareLatestVersions) {
        if (bareLatestVersions == null || !bareLatestVersions.hasSafeVersion()) {
            return NO_SAFE_VERSION_TEXT;
        }
        StringBuilder sb = new StringBuilder();
        appendVersion(sb, "patch", () -> {
            return bareLatestVersions.getLatestPatch();
        });
        appendVersion(sb, "minor", () -> {
            return bareLatestVersions.getLatestMinor();
        });
        appendVersion(sb, "major", () -> {
            return bareLatestVersions.getLatestMajor();
        });
        sb.insert(0, "Safe versions are available: ");
        return sb.toString();
    }

    private void appendVersion(StringBuilder sb, String str, Supplier<String> supplier) {
        String str2 = supplier.get();
        if (str2 == null || str2.isEmpty()) {
            return;
        }
        if (sb.length() != 0) {
            sb.append(", ");
        }
        sb.append(str2);
        sb.append(" (");
        sb.append(str);
        sb.append(")");
    }

    TfxDependencyDetails computeDependencyDetails(BareFullReport bareFullReport, BareSecurityAdvice bareSecurityAdvice, BareAdvice bareAdvice) {
        return new TfxDependencyDetails(bareFullReport, bareSecurityAdvice, bareAdvice);
    }

    private TfxSeverity computeSeverity(BareAdvice bareAdvice) {
        if (bareAdvice.cvss != null && SEVERITY_CRITICAL_TRESHOLD.compareTo(bareAdvice.cvss) < 0) {
            return TfxSeverity.Critical;
        }
        switch (bareAdvice.severity) {
            case HIGH:
                return TfxSeverity.High;
            case MEDIUM:
                return TfxSeverity.Medium;
            case LOW:
                return TfxSeverity.Low;
            default:
                return TfxSeverity.Info;
        }
    }
}
