package com.sourceclear.methods;

import com.google.common.base.Stopwatch;
import com.sourceclear.methods.MethodScanner;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jgrapht.graph.EdgeReversedGraph;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sourceclear/methods/VulnerablePartsDetector.class */
public class VulnerablePartsDetector implements MethodScanner {
    private static final Logger LOGGER = LoggerFactory.getLogger(VulnerablePartsDetector.class);
    private final Collection<MethodInfo> vulnerableMethods;
    private final EntryPointResolver entryPointResolver;
    private final CallGraphBuilder callGraphBuilder;
    private final Cleaner cleaner;
    private final VulnMethodsInput input;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sourceclear/methods/VulnerablePartsDetector$VMCall.class */
    public static class VMCall {
        MethodInfo vulnMethod;
        MethodInfo entryPoint;
        CallSite spanning;
        CallChain chain;

        VMCall(MethodInfo methodInfo, MethodInfo methodInfo2, CallSite callSite, CallChain callChain) {
            this.vulnMethod = methodInfo;
            this.entryPoint = methodInfo2;
            this.spanning = callSite;
            this.chain = callChain;
        }
    }

    public VulnerablePartsDetector(Collection<MethodInfo> collection, EntryPointResolver entryPointResolver, CallGraphBuilder callGraphBuilder, VulnMethodsInput vulnMethodsInput, Cleaner cleaner) {
        this.vulnerableMethods = collection;
        this.entryPointResolver = entryPointResolver;
        this.callGraphBuilder = callGraphBuilder;
        this.cleaner = cleaner;
        this.input = vulnMethodsInput;
    }

    @Override // com.sourceclear.methods.MethodScanner
    public MethodScanner.VMReport scan() throws IOException {
        this.callGraphBuilder.build(this.input);
        return findVulnerableMethodsCallChainsTimed();
    }

    @Override // com.sourceclear.methods.MethodScanner
    public Set<MethodInfo> reachableMethods(Set<MethodInfo> set) throws IOException {
        this.callGraphBuilder.build(this.input);
        return new ReachabilityInspector(getCallGraph()).findPossibleCallers(new HashSet(this.vulnerableMethods), set);
    }

    @Override // com.sourceclear.methods.MethodScanner
    public boolean vulnerableMethodsAreDefined() throws IOException {
        Set<MethodInfo> methodsDefined = this.callGraphBuilder.getMethodsDefined();
        if (methodsDefined.isEmpty()) {
            this.callGraphBuilder.build(this.input);
        }
        return methodsDefined.containsAll(this.vulnerableMethods);
    }

    private MethodScanner.VMReport findVulnerableMethodsCallChainsTimed() {
        Stopwatch createStarted = Stopwatch.createStarted();
        MethodScanner.VMReport findVulnerableMethodsCallChains = findVulnerableMethodsCallChains();
        LOGGER.debug("call chain traversal finished in {}s", Long.valueOf(createStarted.elapsed(TimeUnit.SECONDS)));
        return findVulnerableMethodsCallChains;
    }

    private MethodScanner.VMReport findVulnerableMethodsCallChains() {
        JGCallGraph cast = CallChainsInspector.cast(this.callGraphBuilder.getCallGraph());
        double count = cast.vertices().count();
        double count2 = cast.edges().count();
        Set set = (Set) this.input.staticCallChains().stream().flatMap(list -> {
            return list.stream().flatMap(callSite -> {
                return Stream.of((Object[]) new MethodInfo[]{callSite.getCaller(), callSite.getCallee()});
            });
        }).collect(Collectors.toSet());
        Set set2 = (Set) cast.edges().filter(callSite -> {
            return this.callGraphBuilder.getAppVertices().contains(callSite.getCaller()) && !this.callGraphBuilder.getAppEdges().contains(callSite);
        }).flatMap(callSite2 -> {
            return cast.getGraph().incomingEdgesOf(callSite2.getCaller()).stream();
        }).filter(callSite3 -> {
            return !set.contains(callSite3.getCaller()) && set.contains(callSite3.getCallee());
        }).collect(Collectors.toCollection(HashSet::new));
        LOGGER.debug("indirect vulnerable method calls: {} {}", Integer.valueOf(set2.size()), String.format("%.02f", Double.valueOf(set2.size() / count2)));
        Stream<CallSite> filter = cast.edges().filter(callSite4 -> {
            return (cast.getGraph().incomingEdgesOf(callSite4.getCaller()).isEmpty() && this.callGraphBuilder.isTestMethod(callSite4.getCaller())) || (!set.contains(callSite4.getCaller()) && this.vulnerableMethods.contains(callSite4.getCallee()));
        });
        Objects.requireNonNull(set2);
        filter.forEach((v1) -> {
            r1.add(v1);
        });
        LOGGER.debug("total spanning call sites: {} {}", Integer.valueOf(set2.size()), String.format("%.02f", Double.valueOf(set2.size() / count2)));
        SomePairsShortestPaths somePairsShortestPaths = new SomePairsShortestPaths(cast.getGraph(), (Set) set2.stream().map((v0) -> {
            return v0.getCallee();
        }).collect(Collectors.toSet()));
        SomePairsShortestPaths somePairsShortestPaths2 = new SomePairsShortestPaths(new EdgeReversedGraph(cast.getGraph()), (Set) set2.stream().map((v0) -> {
            return v0.getCaller();
        }).collect(Collectors.toSet()));
        Set set3 = (Set) this.input.frameworkMethods().stream().map((v0) -> {
            return v0.getFunctions();
        }).flatMap((v0) -> {
            return v0.stream();
        }).map((v0) -> {
            return v0.getName();
        }).map((v0) -> {
            return v0.getId();
        }).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toSet());
        List list2 = (List) cast.vertices().filter(methodInfo -> {
            return this.entryPointResolver.isEntryPoint(methodInfo) && (cast.getGraph().incomingEdgesOf(methodInfo).isEmpty() || set3.contains(methodInfo.getMethodName()));
        }).collect(Collectors.toList());
        LOGGER.debug("application entry points: {} {}", Integer.valueOf(list2.size()), String.format("%.02f", Double.valueOf(list2.size() / count)));
        LOGGER.debug("vulnerable methods: {} {}", Integer.valueOf(this.vulnerableMethods.size()), String.format("%.02f", Double.valueOf(this.vulnerableMethods.size() / count)));
        HashMap hashMap = new HashMap();
        return new MethodScanner.VMReport((Map) set2.stream().flatMap(callSite5 -> {
            return ((Stream) list2.stream().filter(methodInfo2 -> {
                return somePairsShortestPaths2.hasDirectedPath(callSite5.getCaller(), methodInfo2);
            }).min(Comparator.comparing((v0) -> {
                return v0.toString();
            })).map((v0) -> {
                return Stream.of(v0);
            }).orElseGet(Stream::empty)).flatMap(methodInfo3 -> {
                Stream<MethodInfo> stream = this.vulnerableMethods.stream();
                Objects.requireNonNull(cast);
                return ((Stream) stream.filter(cast::containsVertex).filter(methodInfo3 -> {
                    return somePairsShortestPaths.hasDirectedPath(callSite5.getCallee(), methodInfo3);
                }).max(Comparator.comparingDouble(methodInfo4 -> {
                    return somePairsShortestPaths.getPathWeight(callSite5.getCallee(), methodInfo4);
                })).map((v0) -> {
                    return Stream.of(v0);
                }).orElseGet(Stream::empty)).flatMap(methodInfo5 -> {
                    ArrayList arrayList = new ArrayList(somePairsShortestPaths2.getPath(callSite5.getCaller(), methodInfo3).getEdgeList());
                    Collections.reverse(arrayList);
                    arrayList.add(callSite5);
                    arrayList.addAll(somePairsShortestPaths.getPath(callSite5.getCallee(), methodInfo5).getEdgeList());
                    CallChain callChain = new CallChain(arrayList);
                    hashMap.put(callChain, callSite5);
                    return Stream.of(new VMCall(methodInfo5, methodInfo3, callSite5, callChain));
                });
            });
        }).collect(Collectors.groupingBy(vMCall -> {
            return vMCall.vulnMethod;
        }, Collectors.mapping(vMCall2 -> {
            return vMCall2.chain;
        }, Collectors.toCollection(HashSet::new)))), hashMap);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.cleaner.clean();
    }

    @Override // com.sourceclear.methods.MethodScanner
    public CallGraph getCallGraph() {
        return this.callGraphBuilder.getCallGraph();
    }
}
