package org.owasp.dependencycheck.analyzer;

import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/ElixirMixAuditAnalyzerIT.class */
class ElixirMixAuditAnalyzerIT extends BaseDBTestCase {
    private static final Logger LOGGER = LoggerFactory.getLogger(ElixirMixAuditAnalyzerIT.class);
    private ElixirMixAuditAnalyzer analyzer;

    ElixirMixAuditAnalyzerIT() {
    }

    @Override // org.owasp.dependencycheck.BaseDBTestCase, org.owasp.dependencycheck.BaseTest
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        getSettings().setBoolean("odc.autoupdate", false);
        getSettings().setBoolean("analyzer.nexus.enabled", false);
        getSettings().setBoolean("analyzer.central.enabled", false);
        this.analyzer = new ElixirMixAuditAnalyzer();
        this.analyzer.initialize(getSettings());
        this.analyzer.setFilesMatched(true);
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @AfterEach
    public void tearDown() throws Exception {
        if (this.analyzer != null) {
            this.analyzer.close();
            this.analyzer = null;
        }
        super.tearDown();
    }

    @Test
    void testAnalysis() throws DatabaseException {
        try {
            Engine engine = new Engine(getSettings());
            try {
                engine.openDatabase();
                this.analyzer.prepare(engine);
                this.analyzer.analyze(new Dependency(BaseTest.getResourceAsFile(this, "elixir/vulnerable/mix.lock")), engine);
                Dependency[] dependencies = engine.getDependencies();
                Assertions.assertEquals(1, dependencies.length, "should be one result exactly");
                Dependency dependency = dependencies[0];
                Assertions.assertTrue(dependency.isVirtual());
                Assertions.assertEquals("plug:1.3.4", dependency.getPackagePath());
                Assertions.assertEquals("1.3.4", dependency.getVersion());
                Assertions.assertEquals("plug", dependency.getName());
                Evidence evidence = (Evidence) dependency.getEvidence(EvidenceType.PRODUCT).iterator().next();
                Assertions.assertEquals("Package", evidence.getName());
                Assertions.assertEquals("plug", evidence.getValue());
                Evidence evidence2 = (Evidence) dependency.getEvidence(EvidenceType.VERSION).iterator().next();
                Assertions.assertEquals("Version", evidence2.getName());
                Assertions.assertEquals("1.3.4", evidence2.getValue());
                Assertions.assertTrue(dependency.getFilePath().endsWith("elixir/vulnerable/mix.lock"));
                Assertions.assertEquals("mix.lock", dependency.getFileName());
                Vulnerability vulnerability = (Vulnerability) dependency.getVulnerabilities().iterator().next();
                Assertions.assertEquals("2018-1000883", vulnerability.getName());
                Assertions.assertEquals("Cookie headers were not validated\n", vulnerability.getDescription());
                Assertions.assertEquals(-1.0d, vulnerability.getCvssV2().getCvssData().getBaseScore().doubleValue(), 0.0d);
                Assertions.assertEquals("cpe:2.3:a:plug_project:plug:1.3.4:*:*:*:*:*:*:*", ((VulnerableSoftware) vulnerability.getVulnerableSoftware().iterator().next()).toString());
                engine.close();
            } finally {
            }
        } catch (InitializationException | DatabaseException | AnalysisException e) {
            LOGGER.warn("Exception setting up ElixirAuditAnalyzer. Make sure Elixir and the mix_audit escript is installed. You may also need to set property \"analyzer.mix.audit.path\".");
            Assumptions.assumeTrue(false, "Exception setting up ElixirMixAuditAnalyzer; mix_audit may not be installed, or property \"analyzer.mix.audit.path\" may not be set: " + String.valueOf(e));
        }
    }

    @Test
    void testInvalidMixAuditExecutable() throws DatabaseException {
        getSettings().setString("analyzer.mix.audit.path", BaseTest.getResourceAsFile(this, "elixir/invalid_executable").getAbsolutePath());
        this.analyzer.initialize(getSettings());
        try {
            this.analyzer.prepare((Engine) null);
        } catch (InitializationException e) {
            Assertions.assertNotNull(e);
        } finally {
            Assertions.assertFalse(this.analyzer.isEnabled());
        }
    }

    @Test
    void testDependenciesPath() throws DatabaseException {
        Engine engine = new Engine(getSettings());
        try {
            try {
                try {
                    engine.scan(BaseTest.getResourceAsFile(this, "elixir/mix.lock"));
                    engine.analyzeDependencies();
                } catch (NullPointerException e) {
                    LOGGER.error("NPE", e);
                    Assertions.fail(e.getMessage());
                }
                Dependency[] dependencies = engine.getDependencies();
                LOGGER.info("{} dependencies found.", Integer.valueOf(dependencies.length));
                Assertions.assertEquals(0, dependencies.length, "should find 0 (vulnerable) dependencies");
                engine.close();
            } catch (ExceptionCollection e2) {
                Assumptions.assumeTrue(false, "Exception setting up ElixirMixAuditAnalyzer; mix_audit may not be installed, or property \"analyzer.mix.audit.path\" may not be set: " + String.valueOf(e2));
                engine.close();
            }
        } catch (Throwable th) {
            try {
                engine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
