package org.owasp.dependencycheck.analyzer;

import edu.emory.mathcs.backport.java.util.Arrays;
import java.io.File;
import java.util.ArrayList;
import org.hamcrest.CoreMatchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzerIT.class */
public class RubyBundleAuditAnalyzerIT extends BaseDBTestCase {
    private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzerIT.class);
    private RubyBundleAuditAnalyzer analyzer;

    @Override // org.owasp.dependencycheck.BaseDBTestCase, org.owasp.dependencycheck.BaseTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        getSettings().setBoolean("analyzer.nexus.enabled", false);
        getSettings().setBoolean("analyzer.central.enabled", false);
        this.analyzer = new RubyBundleAuditAnalyzer();
        this.analyzer.initialize(getSettings());
        this.analyzer.setFilesMatched(true);
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @After
    public void tearDown() throws Exception {
        if (this.analyzer != null) {
            this.analyzer.close();
            this.analyzer = null;
        }
        super.tearDown();
    }

    @Test
    public void testGetName() {
        Assert.assertThat(this.analyzer.getName(), CoreMatchers.is("Ruby Bundle Audit Analyzer"));
    }

    @Test
    public void testSupportsFiles() {
        Assert.assertThat(Boolean.valueOf(this.analyzer.accept(new File("Gemfile.lock"))), CoreMatchers.is(true));
    }

    @Test
    public void testAnalysis() throws AnalysisException, DatabaseException {
        try {
            Engine engine = new Engine(getSettings());
            Throwable th = null;
            try {
                engine.openDatabase();
                this.analyzer.prepare(engine);
                this.analyzer.analyze(new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock")), engine);
                Dependency[] dependencies = engine.getDependencies();
                Assert.assertTrue(dependencies.length >= 1);
                boolean z = false;
                for (Dependency dependency : dependencies) {
                    z = dependency.getEvidence(EvidenceType.PRODUCT).toString().toLowerCase().contains("redcarpet") & dependency.getEvidence(EvidenceType.VERSION).toString().toLowerCase().contains("2.2.2") & dependency.getFilePath().endsWith("ruby/vulnerable/gems/rails-4.1.15/Gemfile.lock") & dependency.getFileName().equals("Gemfile.lock");
                    if (z) {
                        break;
                    }
                }
                Assert.assertTrue("redcarpet was not identified", z);
                if (engine != null) {
                    if (0 != 0) {
                        try {
                            engine.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        engine.close();
                    }
                }
            } finally {
            }
        } catch (InitializationException | DatabaseException | AnalysisException e) {
            LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
        }
    }

    @Test
    public void testAddCriticalityToVulnerability() throws AnalysisException, DatabaseException {
        try {
            Engine engine = new Engine(getSettings());
            Throwable th = null;
            try {
                engine.doUpdates(true);
                this.analyzer.prepare(engine);
                this.analyzer.analyze(new Dependency(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/sinatra/Gemfile.lock")), engine);
                Assert.assertEquals(((Vulnerability) engine.getDependencies()[0].getVulnerabilities().first()).getCvssScore(), 5.0d, 0.0d);
                if (engine != null) {
                    if (0 != 0) {
                        try {
                            engine.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        engine.close();
                    }
                }
            } finally {
            }
        } catch (InitializationException | DatabaseException | AnalysisException | UpdateException e) {
            LOGGER.warn("Exception setting up RubyBundleAuditAnalyzer. Make sure Ruby gem bundle-audit is installed. You may also need to set property \"analyzer.bundle.audit.path\".");
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e);
        }
    }

    @Test
    public void testMissingBundleAudit() throws AnalysisException, DatabaseException {
    }

    @Test
    public void testDependenciesPath() throws AnalysisException, DatabaseException {
        Engine engine = new Engine(getSettings());
        Throwable th = null;
        try {
            try {
                engine.scan(BaseTest.getResourceAsFile(this, "ruby/vulnerable/gems/rails-4.1.15/"));
                engine.analyzeDependencies();
            } catch (Throwable th2) {
                if (engine != null) {
                    if (0 != 0) {
                        try {
                            engine.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        engine.close();
                    }
                }
                throw th2;
            }
        } catch (NullPointerException e) {
            LOGGER.error("NPE", e);
            Assert.fail(e.getMessage());
        } catch (ExceptionCollection e2) {
            Assume.assumeNoException("Exception setting up RubyBundleAuditAnalyzer; bundle audit may not be installed, or property \"analyzer.bundle.audit.path\" may not be set.", e2);
            if (engine != null) {
                if (0 == 0) {
                    engine.close();
                    return;
                }
                try {
                    engine.close();
                    return;
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                    return;
                }
            }
            return;
        }
        LOGGER.info("{} dependencies found.", Integer.valueOf(new ArrayList(Arrays.asList(engine.getDependencies())).size()));
        if (engine != null) {
            if (0 == 0) {
                engine.close();
                return;
            }
            try {
                engine.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }
}
