package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.util.List;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerTest.class */
public class RubyBundleAuditAnalyzerTest extends BaseDBTestCase {
    private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerTest.class);
    private RubyBundleAuditAnalyzer analyzer;

    @Before
    public void setUp() throws Exception {
        Settings.setBoolean("autoupdate", false);
        Settings.setBoolean("analyzer.nexus.enabled", false);
        Settings.setBoolean("analyzer.central.enabled", false);
        this.analyzer = new RubyBundleAuditAnalyzer();
        this.analyzer.setFilesMatched(true);
    }

    @After
    public void tearDown() throws Exception {
        if (this.analyzer != null) {
            this.analyzer.close();
            this.analyzer = null;
        }
    }

    @Test
    public void testGetName() {
        Assert.assertThat(this.analyzer.getName(), CoreMatchers.is("Ruby Bundle Audit Analyzer"));
    }

    @Test
    public void testSupportsFiles() {
        Assert.assertThat(Boolean.valueOf(this.analyzer.accept(new File("Gemfile.lock"))), CoreMatchers.is(true));
    }

    @Test
    public void testAnalysis() throws AnalysisException, DatabaseException {
        try {
            this.analyzer.initialize();
            Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock"));
            Engine engine = new Engine();
            this.analyzer.analyze(dependency, engine);
            Assert.assertTrue(engine.getDependencies().size() >= 1);
            Dependency dependency2 = (Dependency) engine.getDependencies().get(0);
            Assert.assertTrue(dependency2.getProductEvidence().toString().toLowerCase().contains("redcarpet"));
            Assert.assertTrue(dependency2.getVersionEvidence().toString().toLowerCase().contains("2.2.2"));
            Assert.assertTrue(dependency2.getFilePath().endsWith("ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock"));
            Assert.assertTrue(dependency2.getFileName().equals("Gemfile.lock"));
        } catch (InitializationException | DatabaseException | AnalysisException e) {
            LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
        }
    }

    @Test
    public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException {
        try {
            this.analyzer.initialize();
            this.analyzer.analyze(new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/sinatra/Gemfile.lock")), new Engine());
            Assert.assertEquals(((Vulnerability) ((Dependency) r0.getDependencies().get(0)).getVulnerabilities().first()).getCvssScore(), 5.0d, 0.0d);
        } catch (InitializationException | DatabaseException | AnalysisException e) {
            LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
        }
    }

    @Test
    public void testMissingBundleAudit() throws AnalysisException, DatabaseException {
        Settings.setString("analyzer.bundle.audit.path", "phantom-bundle-audit");
        try {
            this.analyzer.initialize();
        } catch (Exception e) {
            Assert.assertNotNull(e);
        } finally {
            Assert.assertThat(Boolean.valueOf(this.analyzer.isEnabled()), CoreMatchers.is(Boolean.valueOf(false)));
            LOGGER.info("phantom-bundle-audit is not available. Ruby Bundle Audit Analyzer is disabled as expected.");
        }
    }

    @Test
    public void testDependenciesPath() throws AnalysisException, DatabaseException {
        Engine engine = new Engine();
        engine.scan(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/"));
        try {
            engine.analyzeDependencies();
        } catch (ExceptionCollection e) {
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
            return;
        } catch (NullPointerException e2) {
            LOGGER.error("NPE", e2);
            Assert.fail(e2.getMessage());
        }
        List<Dependency> dependencies = engine.getDependencies();
        LOGGER.info("{} dependencies found.", Integer.valueOf(dependencies.size()));
        for (Dependency dependency : dependencies) {
            LOGGER.info("dept path: {}", dependency.getActualFilePath());
            for (Identifier identifier : dependency.getIdentifiers()) {
                LOGGER.info("  Identifier: {}, type={}, url={}, conf={}", new Object[]{identifier.getValue(), identifier.getType(), identifier.getUrl(), identifier.getConfidence()});
            }
            for (Evidence evidence : dependency.getProductEvidence().getEvidence()) {
                LOGGER.info("  prod: name={}, value={}, source={}, confidence={}", new Object[]{evidence.getName(), evidence.getValue(), evidence.getSource(), evidence.getConfidence()});
            }
            for (Evidence evidence2 : dependency.getVersionEvidence().getEvidence()) {
                LOGGER.info("  version: name={}, value={}, source={}, confidence={}", new Object[]{evidence2.getName(), evidence2.getValue(), evidence2.getSource(), evidence2.getConfidence()});
            }
            for (Evidence evidence3 : dependency.getVendorEvidence().getEvidence()) {
                LOGGER.info("  vendor: name={}, value={}, source={}, confidence={}", new Object[]{evidence3.getName(), evidence3.getValue(), evidence3.getSource(), evidence3.getConfidence()});
            }
        }
    }
}
