package com.meterian.cli.reports;

import com.meterian.common.functions.CollectionFunctions;
import com.meterian.common.functions.GsonFunctions;
import com.meterian.common.functions.StringFunctions;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/meterian/cli/reports/CWEDatabase.class */
public class CWEDatabase {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CWEDatabase.class);
    private Map<String, CWEData> mitre;
    private Map<String, CWEData> meterian;

    /* loaded from: input_file:com/meterian/cli/reports/CWEDatabase$CWEData.class */
    public static class CWEData {
        public final String id;
        public final String summary;
        public final String description;

        public CWEData(String str, String str2, String str3) {
            this.id = str;
            this.summary = str2;
            this.description = str3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/meterian/cli/reports/CWEDatabase$CWESearchResult.class */
    public static class CWESearchResult {
        final CWEData cwe;
        final int score;
        final int count;

        CWESearchResult(CWEData cWEData, int i, int i2) {
            this.cwe = cWEData;
            this.score = i;
            this.count = i2;
        }
    }

    public CWEDatabase() {
        try {
            loadCWES();
        } catch (Exception e) {
            log.warn("Unexpected");
        }
    }

    public CWEData find(String str) {
        CWEData cWEData = this.mitre.get(str);
        if (cWEData == null) {
            cWEData = this.meterian.get(str);
        }
        return cWEData;
    }

    public CWEData findBestMatch(String str) {
        Set<String> asSet = CollectionFunctions.asSet(str.toLowerCase().split("\\s+|\\)|\\(|\\|\\.'"));
        CWESearchResult findBestMatch = findBestMatch(this.mitre, asSet);
        if (findBestMatch.count == 1) {
            return findBestMatch.cwe;
        }
        CWESearchResult findBestMatch2 = findBestMatch(this.meterian, asSet);
        CWESearchResult cWESearchResult = findBestMatch.score > findBestMatch2.score ? findBestMatch : findBestMatch2;
        if (cWESearchResult.count == 1) {
            return cWESearchResult.cwe;
        }
        return null;
    }

    private CWESearchResult findBestMatch(Map<String, CWEData> map, Set<String> set) {
        int i = 0;
        int i2 = 0;
        CWEData cWEData = null;
        for (CWEData cWEData2 : map.values()) {
            int computeScore = computeScore(cWEData2.summary, set);
            if (computeScore > i2) {
                cWEData = cWEData2;
                i2 = computeScore;
                i = 1;
            } else if (computeScore == i2) {
                i++;
            }
        }
        return new CWESearchResult(cWEData, i2, i);
    }

    private int computeScore(String str, Set<String> set) {
        int i = 0;
        for (String str2 : str.toLowerCase().split("\\s+")) {
            if (str2.length() >= 3 && set.contains(str2)) {
                i++;
            }
        }
        return i;
    }

    private void loadCWES() throws IOException {
        this.mitre = loadCWES("/cwe-lists/mitre.csv");
        this.meterian = loadCWES("/cwe-lists/meterian.csv");
    }

    private Map<String, CWEData> loadCWES(String str) throws IOException {
        HashMap hashMap = new HashMap();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(getClass().getResourceAsStream(str)));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return hashMap;
                }
                if (!StringFunctions.isEmptyOrWhitespaces(readLine)) {
                    int indexOf = readLine.indexOf(44);
                    int indexOf2 = readLine.indexOf(44, indexOf + 1);
                    if (indexOf == -1 || indexOf2 == -1) {
                        log.warn("Unable to parse line {}", readLine);
                    } else {
                        String substring = readLine.substring(0, indexOf);
                        hashMap.put(substring, new CWEData(substring, unquote(readLine.substring(indexOf + 1, indexOf2)), unquote(readLine.substring(indexOf2 + 1))));
                    }
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    private String unquote(String str) {
        return (str.length() > 2 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '#') ? str.substring(1, str.length() - 1) : str;
    }

    public static void main(String[] strArr) {
        CWEDatabase cWEDatabase = new CWEDatabase();
        showMatch(cWEDatabase, "A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.");
        showMatch(cWEDatabase, "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.");
    }

    private static void showMatch(CWEDatabase cWEDatabase, String str) {
        CWEData findBestMatch = cWEDatabase.findBestMatch(str);
        System.err.println("\n" + str);
        System.err.println(GsonFunctions.prettyGson.toJson(findBestMatch));
    }
}
