package com.sourceclear.engine.scan;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Multimap;
import com.google.common.collect.MultimapBuilder;
import com.google.common.collect.UnmodifiableIterator;
import com.sourceclear.analysis.latte.genids.Id;
import com.sourceclear.api.client.Client;
import com.sourceclear.api.client.SourceClearClient;
import com.sourceclear.api.data.PlanType;
import com.sourceclear.api.data.ScanType;
import com.sourceclear.api.data.analytics.AgentRuntimeData;
import com.sourceclear.api.data.evidence.CoordinateType;
import com.sourceclear.api.data.evidence.Coordinates;
import com.sourceclear.api.data.evidence.Evidence;
import com.sourceclear.api.data.evidence.EvidenceType;
import com.sourceclear.api.data.evidence.LanguageType;
import com.sourceclear.api.data.git.GitCommit;
import com.sourceclear.api.data.git.MetaGit;
import com.sourceclear.api.data.match.MatchResponse;
import com.sourceclear.api.data.match.ScanFinishUploadResponse;
import com.sourceclear.api.data.methods.CallChainModel;
import com.sourceclear.api.data.methods.InstanceVulnMethod;
import com.sourceclear.engine.common.ClassFileVisitor;
import com.sourceclear.engine.common.CollectionResult;
import com.sourceclear.engine.common.FileTypeVisitor;
import com.sourceclear.engine.common.PythonFileVisitor;
import com.sourceclear.engine.common.StoredFileVisitor;
import com.sourceclear.engine.common.linecount.LineCounter;
import com.sourceclear.engine.common.logging.NoopLogStream;
import com.sourceclear.engine.methods.VulnerableMethodsCollator;
import com.sourceclear.engine.methods.VulnerableMethodsCollatorImpl;
import com.sourceclear.methods.CallSite;
import com.sourceclear.util.config.FailureLevel;
import com.sourceclear.util.config.ScanConfig;
import com.sourceclear.util.config.Verbosity;
import com.sourceclear.util.io.EvidenceUtils;
import com.sourceclear.util.io.GitUtils;
import com.sourceclear.util.io.renderers.ScanReport;
import com.sourceclear.util.io.renderers.SummaryRenderer;
import com.srcclr.sdk.LibraryGraphContainer;
import com.veracode.security.logging.SecureLogger;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/sourceclear/engine/scan/LibraryGraphContainerScanner.class */
public class LibraryGraphContainerScanner {
    private static final SecureLogger LOGGER = SecureLogger.getLogger(LibraryGraphContainerScanner.class);
    private final ScanConfig config;
    private final Client client;
    private final boolean withPolicy;

    public LibraryGraphContainerScanner(@Nonnull ScanConfig scanConfig) {
        this.config = scanConfig;
        this.withPolicy = false;
        this.client = buildClient(this.config);
    }

    public LibraryGraphContainerScanner(@Nonnull ScanConfig scanConfig, @Nonnull Client client) {
        this(scanConfig, client, false);
    }

    public LibraryGraphContainerScanner(@Nonnull ScanConfig scanConfig, @Nonnull Client client, boolean z) {
        this.config = scanConfig;
        this.client = client;
        this.withPolicy = z;
    }

    public void consumeAndReport(LibraryGraphContainer libraryGraphContainer) throws SrcclrScanFailureException, SrcclrScanUnexpectedCondition {
        Integer num;
        String str;
        ImmutableSet<Evidence> copyOf = ImmutableSet.copyOf(EvidenceUtils.evidenceFromLibraryGraphs(libraryGraphContainer.getGraphs()));
        String file = this.config.getPathToTop().toString();
        boolean isMethodsSupported = isMethodsSupported(file, copyOf);
        if (!isMethodsSupported) {
            LOGGER.debug("No files found in {}. Skipping vulnerable methods check.", file);
        }
        long countLoc = countLoc();
        AgentRuntimeData fillInAgentRuntimeDataForPlugins = fillInAgentRuntimeDataForPlugins();
        CollectionResult build = new CollectionResult.Builder().withMethodsSupported(isMethodsSupported).withLineCount(countLoc).withGraphs(libraryGraphContainer).withAgentRuntimeData(this.withPolicy ? null : fillInAgentRuntimeDataForPlugins).build();
        try {
            MetaGit metaGit = getMetaGit();
            MatchResponse match = match(build, metaGit, GitUtils.isValidRemote(metaGit.getRemote()) && this.config.getUpload(), null, null);
            Map<CallChainModel, CallSite> map = null;
            List<InstanceVulnMethod> list = null;
            Optional<ScanFinishUploadResponse> empty = Optional.empty();
            if (this.withPolicy || (isMethodsSupported && match.isVulnMethods())) {
                VulnerableMethodsCollator.Result doVulnMethodsScan = doVulnMethodsScan(match, MultimapBuilder.hashKeys().hashSetValues().build(), build.getScanAttributes());
                list = doVulnMethodsScan.vulnerableMethods;
                map = doVulnMethodsScan.spanningEdges;
                if (this.config.getUpload()) {
                    empty = finishScan(match.getScanId(), list, fillInAgentRuntimeDataForPlugins);
                } else if (this.withPolicy) {
                    empty = Optional.of(new ScanFinishUploadResponse.Builder().withExitCode(0).withIssues("").withMessage("You specified upload=false. Issues were not created as a result.").build());
                }
            } else {
                LOGGER.debug("Skipping vulnerable methods scanning.");
            }
            ScanReport buildReport = buildReport(copyOf, list, map, match, Long.valueOf(countLoc), empty.orElse(null));
            renderReport(buildReport);
            if (this.withPolicy && !empty.isPresent()) {
                throw new SrcclrScanUnexpectedCondition("There was an error saving your scan data. Please try scanning again.");
            }
            if (empty.isPresent()) {
                ScanFinishUploadResponse scanFinishUploadResponse = empty.get();
                num = scanFinishUploadResponse.getExitCode();
                str = scanFinishUploadResponse.getMessage();
            } else {
                num = null;
                str = null;
            }
            if (num == null) {
                maybeFailOnVulns(this.config.getFailureThreshold().orElse(FailureLevel.METHOD), buildReport.getVulnerableMethods(), buildReport.getVulnerableComponents());
            } else {
                this.config.getFailureThreshold().ifPresent(failureLevel -> {
                    System.out.printf("NOTICE: You set the failure level to '%s'. This configuration is now deprecated.%nFailure values are determined by Custom Policies, available to Enterprise organizations.%nFor information about upgrading to Enterprise, call 1-888-ZER-0DAY (937-0329) or +44 (0)20 3761 5501 (UK).%nIf you need assistance, please contact support@veracode.com.%n", failureLevel);
                });
                maybeFailOnPolicy(num.intValue(), StringUtils.trimToEmpty(str));
            }
        } catch (Exception e) {
            throw new SrcclrScanUnexpectedCondition("An error occurred while getting the git data for this project.", e);
        }
    }

    public MatchResponse match(@Nonnull CollectionResult collectionResult, @Nonnull MetaGit metaGit, boolean z, @Nullable AgentRuntimeData agentRuntimeData, ImmutableSet<GitCommit> immutableSet) throws SrcclrScanUnexpectedCondition {
        return PlatformScan.match(this.client, this.config, collectionResult, metaGit, z, agentRuntimeData, immutableSet);
    }

    public void completeForFailedScans(@Nonnull MetaGit metaGit, boolean z, @Nonnull AgentRuntimeData agentRuntimeData) throws SrcclrScanUnexpectedCondition {
        PlatformScan.completeForFailedRepoScans(this.client, this.config, metaGit, z, agentRuntimeData);
    }

    public VulnerableMethodsCollator.Result doVulnMethodsScan(MatchResponse matchResponse, Multimap<LanguageType, CallSite> multimap, ImmutableMap<String, Object> immutableMap) {
        return new VulnerableMethodsCollatorImpl(matchResponse.getComponents(), immutableMap, multimap, new NoopLogStream()).scanPath(this.config.getPathToTop().toPath());
    }

    public Optional<ScanFinishUploadResponse> finishScan(String str, List<InstanceVulnMethod> list, @Nonnull AgentRuntimeData agentRuntimeData) {
        return PlatformScan.finishScan(this.client, this.withPolicy, str, list, agentRuntimeData);
    }

    private void maybeFailOnPolicy(int i, @Nonnull String str) throws SrcclrScanFailureException {
        System.out.println(str);
        if (i > 0) {
            throw new SrcclrScanFailureException(str);
        }
    }

    void maybeFailOnVulns(FailureLevel failureLevel, Integer num, int i) throws SrcclrScanFailureException {
        FailureLevel failureLevel2 = null;
        if (num != null && num.intValue() > 0) {
            failureLevel2 = FailureLevel.METHOD;
        } else if (i > 0) {
            failureLevel2 = FailureLevel.COMPONENT;
        }
        if (failureLevel2 != null && failureLevel2.compareTo(failureLevel) >= 0) {
            throw new SrcclrScanFailureException("The current scan found vulnerable " + failureLevel2.toString().toLowerCase() + "s, failing as failureThreshold is set to " + failureLevel + Id.nameDelimiter);
        }
    }

    private void renderReport(ScanReport scanReport) {
        if (this.config.getReportVerbosity() == Verbosity.SILENT) {
            return;
        }
        new SummaryRenderer(this.config.getClientVersion() != null ? this.config.getClientVersion() : "Unknown", "Unknown", System.out, this.withPolicy).accept(scanReport);
    }

    private ScanReport buildReport(ImmutableSet<Evidence> immutableSet, List<InstanceVulnMethod> list, Map<CallChainModel, CallSite> map, MatchResponse matchResponse, @Nullable Long l, @Nullable ScanFinishUploadResponse scanFinishUploadResponse) {
        ScanReport.Builder withLineCount = new ScanReport.Builder().withScanType(ScanType.REPO).withScanConfig(this.config).withAppBase(URI.create("https://srcclr.com")).withScanPath(this.config.getPathToTop().toString()).withDuration((System.currentTimeMillis() - this.config.getScanStart()) / 1000).withEvidence(immutableSet).withMatchResponse(matchResponse).withMethodScanResult(list, map).withUpload(this.config.getUpload()).withLineCount(l);
        if (scanFinishUploadResponse != null) {
            withLineCount.withScanFinishUploadResponse(scanFinishUploadResponse);
        }
        return withLineCount.build();
    }

    private static Client buildClient(ScanConfig scanConfig) {
        return new SourceClearClient.Builder().withApiToken(scanConfig.getApiToken()).withBaseURI(scanConfig.getApiURL()).withClientType(SourceClearClient.Type.CLI).withClientVersion(scanConfig.getClientVersion()).withExpBackOffInitial(5).build();
    }

    private long countLoc() {
        try {
            return LineCounter.countLOC(this.config.getPathToTop(), this.client);
        } catch (Throwable th) {
            LOGGER.error("Skipping counting lines-of-code because an exception occurred:", th);
            return 0L;
        }
    }

    private Map<String, String> getEnv() {
        HashMap hashMap = new HashMap(System.getenv());
        if (isLicensedForGenericSCM()) {
            hashMap.put(GitUtils.GITLESS_ENV_KEY, "1");
        }
        return hashMap;
    }

    MetaGit getMetaGit() throws Exception {
        return GitUtils.getGitMetaData(this.config.getPathToTop(), getEnv());
    }

    private boolean isLicensedForGenericSCM() {
        return ((PlanType) Optional.ofNullable(this.config.getLicenseData().getPlanType()).orElse(PlanType.OPEN)).compareTo(PlanType.TRIAL) >= 0;
    }

    private boolean isMethodsSupported(String str, ImmutableSet<Evidence> immutableSet) {
        CoordinateType coordinateType;
        LanguageType primaryLanguage;
        if (immutableSet == null || immutableSet.size() == 0) {
            return false;
        }
        UnmodifiableIterator it = immutableSet.iterator();
        while (it.hasNext()) {
            Evidence evidence = (Evidence) it.next();
            if (evidence.getEvidenceType() == EvidenceType.JAR) {
                Optional<FileTypeVisitor> vulnMethodVisitorForLanguageType = getVulnMethodVisitorForLanguageType(LanguageType.JAVA);
                return vulnMethodVisitorForLanguageType.isPresent() && internalIsMethodsSupported(str, vulnMethodVisitorForLanguageType.get());
            }
            Coordinates coordinates = evidence.getCoordinates();
            if (coordinates != null && (coordinateType = coordinates.getCoordinateType()) != null && (primaryLanguage = coordinateType.getPrimaryLanguage()) != null) {
                Optional<FileTypeVisitor> vulnMethodVisitorForLanguageType2 = getVulnMethodVisitorForLanguageType(primaryLanguage);
                return vulnMethodVisitorForLanguageType2.isPresent() && internalIsMethodsSupported(str, vulnMethodVisitorForLanguageType2.get());
            }
        }
        return false;
    }

    private boolean internalIsMethodsSupported(@Nonnull String str, @Nonnull StoredFileVisitor storedFileVisitor) {
        try {
            Files.walkFileTree(Paths.get(str, new String[0]), storedFileVisitor);
            return !storedFileVisitor.getFiles().isEmpty();
        } catch (Exception e) {
            LOGGER.error("Unable to determine vulnerable methods support due to exception:", (Throwable) e);
            return false;
        }
    }

    private Optional<FileTypeVisitor> getVulnMethodVisitorForLanguageType(@Nonnull LanguageType languageType) {
        switch (languageType) {
            case JAVA:
                return Optional.of(ClassFileVisitor.getVisitor());
            case PYTHON:
                return Optional.of(PythonFileVisitor.getVisitor());
            case RUBY:
            case JS:
            default:
                return Optional.empty();
        }
    }

    private AgentRuntimeData fillInAgentRuntimeDataForPlugins() {
        return new AgentRuntimeData.Builder().setAgentType(this.config.getClientType() != null ? this.config.getClientType().name() : "").setAgentVersion(StringUtils.trimToEmpty(this.config.getClientVersion())).setJVMVersion(System.getProperty("java.runtime.version", System.getProperty("java.version", "UNKNOWN"))).setOS(System.getProperty("os.name", "UNKNOWN")).setOSVersion(System.getProperty("os.version", "UNKNOWN")).build();
    }
}
