package org.owasp.dependencycheck.data.cpe;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.search.ScoreDoc;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AnalysisException;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceCollection;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;

/* loaded from: input_file:org/owasp/dependencycheck/data/cpe/CPEAnalyzer.class */
public class CPEAnalyzer implements Analyzer {
    static final int MAX_QUERY_RESULTS = 25;
    static final String WEIGHTING_BOOST = "^5";
    static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]";
    static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*";
    static final int STRING_BUILDER_BUFFER = 20;
    private Index cpe;
    private CveDB cve;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/data/cpe/CPEAnalyzer$IdentifierConfidence.class */
    public enum IdentifierConfidence {
        EXACT_MATCH,
        BEST_GUESS
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/data/cpe/CPEAnalyzer$IdentifierMatch.class */
    public static class IdentifierMatch implements Comparable<IdentifierMatch> {
        private Evidence.Confidence evidenceConfidence;
        private IdentifierConfidence confidence;
        private Identifier identifier;

        IdentifierMatch(String str, String str2, String str3, IdentifierConfidence identifierConfidence, Evidence.Confidence confidence) {
            this.identifier = new Identifier(str, str2, str3);
            this.confidence = identifierConfidence;
            this.evidenceConfidence = confidence;
        }

        public Evidence.Confidence getEvidenceConfidence() {
            return this.evidenceConfidence;
        }

        public void setEvidenceConfidence(Evidence.Confidence confidence) {
            this.evidenceConfidence = confidence;
        }

        public IdentifierConfidence getConfidence() {
            return this.confidence;
        }

        public void setConfidence(IdentifierConfidence identifierConfidence) {
            this.confidence = identifierConfidence;
        }

        public Identifier getIdentifier() {
            return this.identifier;
        }

        public void setIdentifier(Identifier identifier) {
            this.identifier = identifier;
        }

        public String toString() {
            return "IdentifierMatch{evidenceConfidence=" + this.evidenceConfidence + ", confidence=" + this.confidence + ", identifier=" + this.identifier + '}';
        }

        public int hashCode() {
            return (97 * ((97 * ((97 * 5) + (this.evidenceConfidence != null ? this.evidenceConfidence.hashCode() : 0))) + (this.confidence != null ? this.confidence.hashCode() : 0))) + (this.identifier != null ? this.identifier.hashCode() : 0);
        }

        public boolean equals(Object obj) {
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            IdentifierMatch identifierMatch = (IdentifierMatch) obj;
            if (this.evidenceConfidence != identifierMatch.evidenceConfidence || this.confidence != identifierMatch.confidence) {
                return false;
            }
            if (this.identifier != identifierMatch.identifier) {
                return this.identifier != null && this.identifier.equals(identifierMatch.identifier);
            }
            return true;
        }

        @Override // java.lang.Comparable
        public int compareTo(IdentifierMatch identifierMatch) {
            int compareTo = this.confidence.compareTo(identifierMatch.confidence);
            if (compareTo == 0) {
                compareTo = this.evidenceConfidence.compareTo(identifierMatch.evidenceConfidence);
                if (compareTo == 0) {
                    compareTo = this.identifier.compareTo(identifierMatch.identifier);
                }
            }
            return compareTo;
        }
    }

    public void open() throws IOException, DatabaseException {
        this.cpe = new Index();
        this.cpe.open();
        this.cve = new CveDB();
        try {
            this.cve.open();
        } catch (ClassNotFoundException e) {
            Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
            throw new DatabaseException("Unable to open the cve db", e);
        } catch (SQLException e2) {
            Logger.getLogger(CPEAnalyzer.class.getName()).log(Level.FINE, (String) null, (Throwable) e2);
            throw new DatabaseException("Unable to open the cve db", e2);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void close() {
        this.cpe.close();
        this.cve.close();
    }

    public boolean isOpen() {
        return this.cpe != null && this.cpe.isOpen();
    }

    protected void finalize() throws Throwable {
        super.finalize();
        if (isOpen()) {
            close();
        }
    }

    protected void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException {
        Evidence.Confidence confidence = Evidence.Confidence.HIGHEST;
        Evidence.Confidence confidence2 = Evidence.Confidence.HIGHEST;
        String addEvidenceWithoutDuplicateTerms = addEvidenceWithoutDuplicateTerms("", dependency.getVendorEvidence(), confidence);
        String addEvidenceWithoutDuplicateTerms2 = addEvidenceWithoutDuplicateTerms("", dependency.getProductEvidence(), confidence2);
        int i = 0;
        do {
            if (!addEvidenceWithoutDuplicateTerms.isEmpty() && !addEvidenceWithoutDuplicateTerms2.isEmpty()) {
                for (IndexEntry indexEntry : searchCPE(addEvidenceWithoutDuplicateTerms, addEvidenceWithoutDuplicateTerms2, dependency.getProductEvidence().getWeighting(), dependency.getVendorEvidence().getWeighting())) {
                    if (verifyEntry(indexEntry, dependency)) {
                        determineIdentifiers(dependency, indexEntry.getVendor(), indexEntry.getProduct());
                    }
                }
            }
            confidence = reduceConfidence(confidence);
            if (dependency.getVendorEvidence().contains(confidence)) {
                addEvidenceWithoutDuplicateTerms = addEvidenceWithoutDuplicateTerms(addEvidenceWithoutDuplicateTerms, dependency.getVendorEvidence(), confidence);
            }
            confidence2 = reduceConfidence(confidence2);
            if (dependency.getProductEvidence().contains(confidence2)) {
                addEvidenceWithoutDuplicateTerms2 = addEvidenceWithoutDuplicateTerms(addEvidenceWithoutDuplicateTerms2, dependency.getProductEvidence(), confidence2);
            }
            i++;
        } while (i < 4);
    }

    private String addEvidenceWithoutDuplicateTerms(String str, EvidenceCollection evidenceCollection, Evidence.Confidence confidence) {
        String str2 = str == null ? "" : str;
        StringBuilder sb = new StringBuilder(str2.length() + (STRING_BUILDER_BUFFER * evidenceCollection.size()));
        sb.append(' ').append(str2).append(' ');
        Iterator<Evidence> it = evidenceCollection.iterator(confidence).iterator();
        while (it.hasNext()) {
            String value = it.next().getValue();
            if (value.startsWith("http://")) {
                value = value.substring(7).replaceAll("\\.", " ");
            }
            if (value.startsWith("https://")) {
                value = value.substring(8).replaceAll("\\.", " ");
            }
            if (sb.indexOf(" " + value + " ") < 0) {
                sb.append(value).append(' ');
            }
        }
        return sb.toString().trim();
    }

    private Evidence.Confidence reduceConfidence(Evidence.Confidence confidence) {
        return confidence == Evidence.Confidence.HIGHEST ? Evidence.Confidence.HIGH : confidence == Evidence.Confidence.HIGH ? Evidence.Confidence.MEDIUM : Evidence.Confidence.LOW;
    }

    protected List<IndexEntry> searchCPE(String str, String str2, Set<String> set, Set<String> set2) throws CorruptIndexException, IOException, ParseException {
        ArrayList arrayList = new ArrayList(MAX_QUERY_RESULTS);
        String buildSearch = buildSearch(str, str2, set, set2);
        if (buildSearch == null) {
            return arrayList;
        }
        for (ScoreDoc scoreDoc : this.cpe.search(buildSearch, MAX_QUERY_RESULTS).scoreDocs) {
            Document document = this.cpe.getDocument(scoreDoc.doc);
            IndexEntry indexEntry = new IndexEntry();
            indexEntry.setVendor(document.get(Fields.VENDOR));
            indexEntry.setProduct(document.get(Fields.PRODUCT));
            indexEntry.setSearchScore(scoreDoc.score);
            if (!arrayList.contains(indexEntry)) {
                arrayList.add(indexEntry);
            }
        }
        return arrayList;
    }

    protected String buildSearch(String str, String str2, Set<String> set, Set<String> set2) {
        StringBuilder sb = new StringBuilder(str.length() + str2.length() + Fields.PRODUCT.length() + Fields.VENDOR.length() + STRING_BUILDER_BUFFER);
        if (!appendWeightedSearch(sb, Fields.PRODUCT, str2, set2)) {
            return null;
        }
        sb.append(" AND ");
        if (appendWeightedSearch(sb, Fields.VENDOR, str, set)) {
            return sb.toString();
        }
        return null;
    }

    private boolean appendWeightedSearch(StringBuilder sb, String str, String str2, Set<String> set) {
        sb.append(" ").append(str).append(":( ");
        String cleanseText = cleanseText(str2);
        if ("".equals(cleanseText)) {
            return false;
        }
        if (set == null || set.isEmpty()) {
            LuceneUtils.appendEscapedLuceneQuery(sb, cleanseText);
        } else {
            StringTokenizer stringTokenizer = new StringTokenizer(cleanseText);
            while (stringTokenizer.hasMoreElements()) {
                String nextToken = stringTokenizer.nextToken();
                String str3 = null;
                Iterator<String> it = set.iterator();
                while (it.hasNext()) {
                    String cleanseText2 = cleanseText(it.next());
                    if (equalsIgnoreCaseAndNonAlpha(nextToken, cleanseText2)) {
                        str3 = LuceneUtils.escapeLuceneQuery(nextToken) + WEIGHTING_BOOST;
                        if (!nextToken.equalsIgnoreCase(cleanseText2)) {
                            str3 = str3 + " " + LuceneUtils.escapeLuceneQuery(cleanseText2) + WEIGHTING_BOOST;
                        }
                    }
                }
                if (str3 == null) {
                    str3 = LuceneUtils.escapeLuceneQuery(nextToken);
                }
                sb.append(" ").append(str3);
            }
        }
        sb.append(" ) ");
        return true;
    }

    private String cleanseText(String str) {
        return str.replaceAll(CLEANSE_CHARACTER_RX, " ");
    }

    private boolean equalsIgnoreCaseAndNonAlpha(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return str.replaceAll(CLEANSE_NONALPHA_RX, "").equalsIgnoreCase(str2.replaceAll(CLEANSE_NONALPHA_RX, ""));
    }

    private boolean verifyEntry(IndexEntry indexEntry, Dependency dependency) {
        boolean z = false;
        if (collectionContainsString(dependency.getProductEvidence(), indexEntry.getProduct()) && collectionContainsString(dependency.getVendorEvidence(), indexEntry.getVendor())) {
            z = true;
        }
        return z;
    }

    private boolean collectionContainsString(EvidenceCollection evidenceCollection, String str) {
        String[] split = str.split("[\\s_-]");
        ArrayList arrayList = new ArrayList();
        String str2 = null;
        for (String str3 : split) {
            if (str2 != null) {
                arrayList.add(str2 + str3);
                str2 = null;
            } else if (str3.length() <= 2) {
                str2 = str3;
            } else {
                arrayList.add(str3);
            }
        }
        boolean z = true;
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            z &= evidenceCollection.containsUsedString((String) it.next());
        }
        return z;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
        try {
            determineCPE(dependency);
        } catch (ParseException e) {
            throw new AnalysisException("Unable to parse the generated Lucene query for this dependency.", e);
        } catch (IOException e2) {
            throw new AnalysisException("Failure opening the CPE Index.", e2);
        } catch (CorruptIndexException e3) {
            throw new AnalysisException("CPE Index is corrupt.", e3);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "CPE Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public boolean supportsExtension(String str) {
        return true;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.IDENTIFIER_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void initialize() throws Exception {
        open();
    }

    private void determineIdentifiers(Dependency dependency, String str, String str2) throws UnsupportedEncodingException {
        Set<VulnerableSoftware> cPEs = this.cve.getCPEs(str, str2);
        DependencyVersion dependencyVersion = new DependencyVersion("-");
        Evidence.Confidence confidence = null;
        ArrayList<IdentifierMatch> arrayList = new ArrayList();
        for (Evidence.Confidence confidence2 : Evidence.Confidence.values()) {
            Iterator<Evidence> it = dependency.getVersionEvidence().iterator(confidence2).iterator();
            while (it.hasNext()) {
                DependencyVersion parseVersion = DependencyVersionUtil.parseVersion(it.next().getValue());
                if (parseVersion != null) {
                    for (VulnerableSoftware vulnerableSoftware : cPEs) {
                        DependencyVersion parseVersion2 = (vulnerableSoftware.getRevision() == null || vulnerableSoftware.getRevision().isEmpty()) ? DependencyVersionUtil.parseVersion(vulnerableSoftware.getVersion()) : DependencyVersionUtil.parseVersion(vulnerableSoftware.getVersion() + "." + vulnerableSoftware.getRevision());
                        if (parseVersion2 == null || parseVersion.equals(parseVersion2)) {
                            arrayList.add(new IdentifierMatch("cpe", vulnerableSoftware.getName(), String.format("http://web.nvd.nist.gov/view/vuln/search?cpe=%s", URLEncoder.encode(vulnerableSoftware.getName(), "UTF-8")), IdentifierConfidence.EXACT_MATCH, confidence2));
                        } else if (parseVersion.getVersionParts().size() <= parseVersion2.getVersionParts().size() && parseVersion.matchesAtLeastThreeLevels(parseVersion2) && (confidence == null || confidence.compareTo(confidence2) > 0)) {
                            if (dependencyVersion.getVersionParts().size() < parseVersion2.getVersionParts().size()) {
                                dependencyVersion = parseVersion2;
                                confidence = confidence2;
                            }
                        }
                    }
                    if (confidence == null || confidence.compareTo(confidence2) > 0) {
                        if (dependencyVersion.getVersionParts().size() < parseVersion.getVersionParts().size()) {
                            dependencyVersion = parseVersion;
                            confidence = confidence2;
                        }
                    }
                }
            }
        }
        String format = String.format("cpe:/a:%s:%s:%s", str, str2, dependencyVersion.toString());
        if (confidence == null) {
            confidence = Evidence.Confidence.LOW;
        }
        arrayList.add(new IdentifierMatch("cpe", format, null, IdentifierConfidence.BEST_GUESS, confidence));
        Collections.sort(arrayList);
        IdentifierConfidence confidence3 = ((IdentifierMatch) arrayList.get(0)).getConfidence();
        Evidence.Confidence evidenceConfidence = ((IdentifierMatch) arrayList.get(0)).getEvidenceConfidence();
        for (IdentifierMatch identifierMatch : arrayList) {
            if (confidence3.equals(identifierMatch.getConfidence()) && evidenceConfidence.equals(identifierMatch.getEvidenceConfidence())) {
                dependency.addIdentifier(identifierMatch.getIdentifier());
            }
        }
    }
}
