package org.owasp.dependencycheck.analyzer;

import ch.qos.cal10n.IMessageConveyor;
import ch.qos.cal10n.MessageConveyor;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/AssemblyAnalyzer.class */
public class AssemblyAnalyzer extends AbstractFileTypeAnalyzer {
    private static final String ANALYZER_NAME = "Assembly Analyzer";
    private File grokAssemblyExe = null;
    private DocumentBuilder builder;
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    private static final String[] SUPPORTED_EXTENSIONS = {"dll", "exe"};
    private static final IMessageConveyor MESSAGE_CONVERYOR = new MessageConveyor(Locale.getDefault());
    private static final Logger LOGGER = LoggerFactory.getLogger(AssemblyAnalyzer.class);
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(SUPPORTED_EXTENSIONS).build();

    private List<String> buildArgumentList() {
        ArrayList arrayList = new ArrayList();
        if (!"\\".equals(System.getProperty("file.separator"))) {
            if (Settings.getString("analyzer.assembly.mono.path") != null) {
                arrayList.add(Settings.getString("analyzer.assembly.mono.path"));
            } else {
                arrayList.add("mono");
            }
        }
        arrayList.add(this.grokAssemblyExe.getPath());
        return arrayList;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        String readLine;
        if (this.grokAssemblyExe == null) {
            LOGGER.warn("GrokAssembly didn't get deployed");
            return;
        }
        List<String> buildArgumentList = buildArgumentList();
        buildArgumentList.add(dependency.getActualFilePath());
        ProcessBuilder processBuilder = new ProcessBuilder(buildArgumentList);
        BufferedReader bufferedReader = null;
        try {
            try {
                Process start = processBuilder.start();
                BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(start.getErrorStream(), "UTF-8"));
                while (bufferedReader2.ready() && (readLine = bufferedReader2.readLine()) != null) {
                    LOGGER.warn("Error from GrokAssembly: {}", readLine);
                }
                Document parse = this.builder.parse(start.getInputStream());
                try {
                    int waitFor = start.waitFor();
                    if (waitFor == 3) {
                        LOGGER.debug("{} is not a .NET assembly or executable and as such cannot be analyzed by dependency-check", dependency.getActualFilePath());
                        if (bufferedReader2 != null) {
                            try {
                                bufferedReader2.close();
                                return;
                            } catch (IOException e) {
                                LOGGER.debug("ignore", e);
                                return;
                            }
                        }
                        return;
                    }
                    if (waitFor != 0) {
                        LOGGER.warn("Return code {} from GrokAssembly", Integer.valueOf(waitFor));
                    }
                    XPath newXPath = XPathFactory.newInstance().newXPath();
                    String evaluate = newXPath.evaluate("/assembly/error", parse);
                    if (evaluate != null && !"".equals(evaluate)) {
                        throw new AnalysisException(evaluate);
                    }
                    String evaluate2 = newXPath.evaluate("/assembly/version", parse);
                    if (evaluate2 != null) {
                        dependency.getVersionEvidence().addEvidence(new Evidence("grokassembly", "version", evaluate2, Confidence.HIGHEST));
                    }
                    String evaluate3 = newXPath.evaluate("/assembly/company", parse);
                    if (evaluate3 != null) {
                        dependency.getVendorEvidence().addEvidence(new Evidence("grokassembly", Fields.VENDOR, evaluate3, Confidence.HIGH));
                    }
                    String evaluate4 = newXPath.evaluate("/assembly/product", parse);
                    if (evaluate4 != null) {
                        dependency.getProductEvidence().addEvidence(new Evidence("grokassembly", Fields.PRODUCT, evaluate4, Confidence.HIGH));
                    }
                    if (bufferedReader2 != null) {
                        try {
                            bufferedReader2.close();
                        } catch (IOException e2) {
                            LOGGER.debug("ignore", e2);
                        }
                    }
                } catch (InterruptedException e3) {
                    if (bufferedReader2 != null) {
                        try {
                            bufferedReader2.close();
                        } catch (IOException e4) {
                            LOGGER.debug("ignore", e4);
                        }
                    }
                }
            } catch (IOException e5) {
                throw new AnalysisException(e5);
            } catch (XPathExpressionException e6) {
                throw new AnalysisException(e6);
            } catch (SAXException e7) {
                throw new AnalysisException("Couldn't parse GrokAssembly result", e7);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e8) {
                    LOGGER.debug("ignore", e8);
                }
            }
            throw th;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        File createTempFile = File.createTempFile("GKA", ".exe", Settings.getTempDirectory());
        FileOutputStream fileOutputStream = null;
        InputStream inputStream = null;
        try {
            try {
                fileOutputStream = new FileOutputStream(createTempFile);
                inputStream = AssemblyAnalyzer.class.getClassLoader().getResourceAsStream("GrokAssembly.exe");
                byte[] bArr = new byte[4096];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read < 0) {
                        break;
                    } else {
                        fileOutputStream.write(bArr, 0, read);
                    }
                }
                this.grokAssemblyExe = createTempFile;
                this.grokAssemblyExe.deleteOnExit();
                LOGGER.debug("Extracted GrokAssembly.exe to {}", this.grokAssemblyExe.getPath());
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th) {
                        LOGGER.debug("Error closing output stream");
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        LOGGER.debug("Error closing input stream");
                    }
                }
                BufferedReader bufferedReader = null;
                try {
                    try {
                        Process start = new ProcessBuilder(buildArgumentList()).start();
                        bufferedReader = new BufferedReader(new InputStreamReader(start.getErrorStream(), "UTF-8"));
                        while (bufferedReader.ready() && bufferedReader.readLine() != null) {
                        }
                        String evaluate = XPathFactory.newInstance().newXPath().evaluate("/assembly/error", DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(start.getInputStream()));
                        if (start.waitFor() != 1 || evaluate == null || "".equals(evaluate)) {
                            LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer, please see the log for more details.");
                            LOGGER.debug("GrokAssembly.exe is not working properly");
                            this.grokAssemblyExe = null;
                            setEnabled(false);
                            throw new AnalysisException("Could not execute .NET AssemblyAnalyzer");
                        }
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e) {
                                LOGGER.trace("ignore", e);
                            }
                        }
                        this.builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
                    } catch (Throwable th3) {
                        if (th3 instanceof AnalysisException) {
                            throw ((AnalysisException) th3);
                        }
                        LOGGER.warn("An error occurred with the .NET AssemblyAnalyzer;\nthis can be ignored unless you are scanning .NET DLLs. Please see the log for more details.");
                        LOGGER.debug("Could not execute GrokAssembly {}", th3.getMessage());
                        setEnabled(false);
                        throw new AnalysisException("An error occured with the .NET AssemblyAnalyzer", th3);
                    }
                } catch (Throwable th4) {
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e2) {
                            LOGGER.trace("ignore", e2);
                        }
                    }
                    throw th4;
                }
            } catch (IOException e3) {
                setEnabled(false);
                LOGGER.warn("Could not extract GrokAssembly.exe: {}", e3.getMessage());
                throw new AnalysisException("Could not extract GrokAssembly.exe", e3);
            }
        } catch (Throwable th5) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th6) {
                    LOGGER.debug("Error closing output stream");
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th7) {
                    LOGGER.debug("Error closing input stream");
                }
            }
            throw th5;
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void close() throws Exception {
        super.close();
        try {
            if (this.grokAssemblyExe != null && !this.grokAssemblyExe.delete()) {
                this.grokAssemblyExe.deleteOnExit();
            }
        } catch (SecurityException e) {
            LOGGER.debug("Can't delete temporary GrokAssembly.exe");
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.assembly.enabled";
    }
}
