package org.sonar.fortify.fvdl;

import java.io.File;
import java.io.InputStream;
import java.util.Iterator;
import javax.annotation.CheckForNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.batch.Sensor;
import org.sonar.api.batch.SensorContext;
import org.sonar.api.batch.fs.FileSystem;
import org.sonar.api.batch.rule.ActiveRule;
import org.sonar.api.batch.rule.ActiveRules;
import org.sonar.api.component.ResourcePerspectives;
import org.sonar.api.issue.Issuable;
import org.sonar.api.resources.Project;
import org.sonar.api.resources.Resource;
import org.sonar.api.rule.RuleKey;
import org.sonar.api.utils.SonarException;
import org.sonar.api.utils.TimeProfiler;
import org.sonar.fortify.base.FortifyConstants;
import org.sonar.fortify.base.FortifyMetrics;
import org.sonar.fortify.fvdl.element.Fvdl;
import org.sonar.fortify.fvdl.element.Vulnerability;

/* loaded from: input_file:org/sonar/fortify/fvdl/FortifySensor.class */
public class FortifySensor implements Sensor {
    private static final Logger LOG = LoggerFactory.getLogger(FortifySensor.class);
    private static final double BLOCKER_SECURITY_RATING_LEVEL = 1.0d;
    private static final double CRITICAL_SECURITY_RATING_LEVEL = 2.0d;
    private static final double MAJOR_SECURITY_RATING_LEVEL = 3.0d;
    private static final double MINOR_SECURITY_RATING_LEVEL = 4.0d;
    private static final double DEFAULT_SECURITY_RATING_LEVEL = 5.0d;
    private final FortifySensorConfiguration configuration;
    private final ResourcePerspectives resourcePerspectives;
    private final FileSystem fileSystem;
    private final ActiveRules activeRules;
    private final FortifyReportFile report;
    private int blockerIssuesCount = 0;
    private int criticalIssuesCount = 0;
    private int majorIssuesCount = 0;
    private int minorIssuesCount = 0;

    public FortifySensor(FortifySensorConfiguration fortifySensorConfiguration, ResourcePerspectives resourcePerspectives, FileSystem fileSystem, ActiveRules activeRules) {
        this.configuration = fortifySensorConfiguration;
        this.resourcePerspectives = resourcePerspectives;
        this.fileSystem = fileSystem;
        this.activeRules = activeRules;
        this.report = new FortifyReportFile(fortifySensorConfiguration, fileSystem);
    }

    public boolean shouldExecuteOnProject(Project project) {
        return this.configuration.isActive(this.fileSystem.languages()) && this.report.exist();
    }

    private void addIssue(Resource resource, Fvdl fvdl, Vulnerability vulnerability, ActiveRule activeRule) {
        Issuable as = this.resourcePerspectives.as(Issuable.class, resource);
        if (as != null) {
            String instanceSeverity = vulnerability.getInstanceSeverity();
            if (instanceSeverity == null) {
                instanceSeverity = activeRule.severity();
            }
            if (as.addIssue(as.newIssueBuilder().ruleKey(activeRule.ruleKey()).line(vulnerability.getLine()).message(fvdl.getDescription(vulnerability)).severity(instanceSeverity).build())) {
                incrementCount(instanceSeverity);
            }
        }
    }

    private void incrementCount(String str) {
        if ("BLOCKER".equals(str)) {
            this.blockerIssuesCount++;
            return;
        }
        if ("CRITICAL".equals(str)) {
            this.criticalIssuesCount++;
        } else if ("MAJOR".equals(str)) {
            this.majorIssuesCount++;
        } else if ("MINOR".equals(str)) {
            this.minorIssuesCount++;
        }
    }

    private void addIssues(SensorContext sensorContext, Project project, Fvdl fvdl) {
        String sourceBasePath = fvdl.getBuild().getSourceBasePath();
        for (Vulnerability vulnerability : fvdl.getVulnerabilities()) {
            Resource resourceOf = resourceOf(sensorContext, sourceBasePath, vulnerability, project);
            if (resourceOf != null) {
                ActiveRule rule = getRule(vulnerability);
                if (rule == null) {
                    LOG.debug("Fortify rule '{}' is not active in quality profiles of your project.", vulnerability.getClassID());
                } else {
                    addIssue(resourceOf, fvdl, vulnerability, rule);
                }
            }
        }
    }

    public void analyse(Project project, SensorContext sensorContext) {
        TimeProfiler start = new TimeProfiler().start("Process Fortify report");
        try {
            try {
                InputStream inputStream = this.report.getInputStream();
                try {
                    addIssues(sensorContext, project, new FvdlStAXParser().parse(inputStream));
                    inputStream.close();
                    saveMeasures(sensorContext);
                } catch (Throwable th) {
                    inputStream.close();
                    throw th;
                }
            } catch (Exception e) {
                throw new SonarException("Can not process Fortify report", e);
            }
        } finally {
            start.stop();
        }
    }

    private void saveMeasures(SensorContext sensorContext) {
        sensorContext.saveMeasure(FortifyMetrics.CFPO, Double.valueOf(this.blockerIssuesCount));
        sensorContext.saveMeasure(FortifyMetrics.HFPO, Double.valueOf(this.criticalIssuesCount));
        sensorContext.saveMeasure(FortifyMetrics.MFPO, Double.valueOf(this.majorIssuesCount));
        sensorContext.saveMeasure(FortifyMetrics.LFPO, Double.valueOf(this.minorIssuesCount));
        if (this.blockerIssuesCount > 0) {
            sensorContext.saveMeasure(FortifyMetrics.SECURITY_RATING, Double.valueOf(BLOCKER_SECURITY_RATING_LEVEL));
            return;
        }
        if (this.criticalIssuesCount > 0) {
            sensorContext.saveMeasure(FortifyMetrics.SECURITY_RATING, Double.valueOf(CRITICAL_SECURITY_RATING_LEVEL));
            return;
        }
        if (this.majorIssuesCount > 0) {
            sensorContext.saveMeasure(FortifyMetrics.SECURITY_RATING, Double.valueOf(MAJOR_SECURITY_RATING_LEVEL));
        } else if (this.minorIssuesCount > 0) {
            sensorContext.saveMeasure(FortifyMetrics.SECURITY_RATING, Double.valueOf(MINOR_SECURITY_RATING_LEVEL));
        } else {
            sensorContext.saveMeasure(FortifyMetrics.SECURITY_RATING, Double.valueOf(DEFAULT_SECURITY_RATING_LEVEL));
        }
    }

    @CheckForNull
    private ActiveRule getRule(Vulnerability vulnerability) {
        ActiveRule activeRule = null;
        Iterator it = this.fileSystem.languages().iterator();
        while (it.hasNext()) {
            activeRule = this.activeRules.find(RuleKey.of(FortifyConstants.fortifyRepositoryKey((String) it.next()), vulnerability.getClassID()));
            if (activeRule != null) {
                return activeRule;
            }
        }
        return activeRule;
    }

    @CheckForNull
    private Resource resourceOf(SensorContext sensorContext, String str, Vulnerability vulnerability, Project project) {
        File file = new File(str, vulnerability.getPath());
        if (file.exists()) {
            org.sonar.api.resources.File fromIOFile = org.sonar.api.resources.File.fromIOFile(file, project);
            if (fromIOFile != null && sensorContext.getResource(fromIOFile) != null) {
                return fromIOFile;
            }
            LOG.debug("File \"{}\" is not under module basedir or is not indexed. Skip it.", vulnerability.getPath());
            return null;
        }
        LOG.debug("Unable to find \"{}\". Trying relative path.", file);
        File file2 = new File(this.fileSystem.baseDir(), vulnerability.getPath());
        if (!file2.exists()) {
            LOG.debug("Unable to find \"{}\". Your Fortify analysis was probably started from a different location than current SonarQube analysis.", file2);
            return null;
        }
        org.sonar.api.resources.File fromIOFile2 = org.sonar.api.resources.File.fromIOFile(file2, project);
        if (fromIOFile2 != null && sensorContext.getResource(fromIOFile2) != null) {
            return fromIOFile2;
        }
        LOG.debug("File \"{}\" is not indexed. Skip it.", vulnerability.getPath());
        return null;
    }

    public String toString() {
        return "Fortify sensor";
    }
}
