package org.owasp.dependencycheck.reporting;

import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.naming.CpeIdentifier;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.Identifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.SeverityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.exceptions.CpeEncodingException;
import us.springett.parsers.cpe.util.Convert;

/* loaded from: input_file:org/owasp/dependencycheck/reporting/ReportTool.class */
public class ReportTool {
    private static final Logger LOGGER = LoggerFactory.getLogger(ReportTool.class);

    public String identifierToSuppressionId(Identifier identifier) {
        if (identifier instanceof PurlIdentifier) {
            return ((PurlIdentifier) identifier).toString();
        }
        if (!(identifier instanceof CpeIdentifier)) {
            if (identifier instanceof GenericIdentifier) {
                return identifier.getValue();
            }
            return null;
        }
        try {
            Cpe cpe = ((CpeIdentifier) identifier).getCpe();
            return String.format("cpe:/%s:%s:%s", Convert.wellFormedToCpeUri(cpe.getPart()), Convert.wellFormedToCpeUri(cpe.getWellFormedVendor()), Convert.wellFormedToCpeUri(cpe.getWellFormedProduct()));
        } catch (CpeEncodingException e) {
            LOGGER.debug("Unable to convert to cpe URI", e);
            return null;
        }
    }

    public float estimateSeverity(String str) {
        return SeverityUtil.estimateCvssV2(str);
    }

    public Collection<SarifRule> convertToSarifRules(List<Dependency> list) {
        HashMap hashMap = new HashMap();
        for (Dependency dependency : list) {
            for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                if (!hashMap.containsKey(vulnerability.getName())) {
                    hashMap.put(vulnerability.getName(), new SarifRule(vulnerability.getName(), buildShortDescription(dependency, vulnerability), vulnerability.getDescription(), vulnerability.getSource().name(), vulnerability.getCvssV2(), vulnerability.getCvssV3()));
                }
            }
        }
        return hashMap.values();
    }

    private String determineScore(Vulnerability vulnerability) {
        return vulnerability.getUnscoredSeverity() != null ? "0.0".equals(vulnerability.getUnscoredSeverity()) ? "Unknown" : normalizeSeverity(vulnerability.getUnscoredSeverity().toLowerCase()) : (vulnerability.getCvssV3() == null || vulnerability.getCvssV3().getBaseSeverity() == null) ? (vulnerability.getCvssV2() == null || vulnerability.getCvssV2().getSeverity() == null) ? "Unknown" : normalizeSeverity(vulnerability.getCvssV2().getSeverity()) : normalizeSeverity(vulnerability.getCvssV3().getBaseSeverity().toLowerCase());
    }

    private String normalizeSeverity(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1078030475:
                if (str.equals("medium")) {
                    z = 2;
                    break;
                }
                break;
            case -618857213:
                if (str.equals("moderate")) {
                    z = 3;
                    break;
                }
                break;
            case 107348:
                if (str.equals("low")) {
                    z = 4;
                    break;
                }
                break;
            case 3202466:
                if (str.equals("high")) {
                    z = true;
                    break;
                }
                break;
            case 3237038:
                if (str.equals("info")) {
                    z = 6;
                    break;
                }
                break;
            case 1952151455:
                if (str.equals("critical")) {
                    z = false;
                    break;
                }
                break;
            case 2039342679:
                if (str.equals("informational")) {
                    z = 5;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "Critical";
            case true:
                return "High";
            case true:
            case true:
                return "Medium";
            case true:
            case true:
            case true:
                return "Low";
            default:
                return "Unknown";
        }
    }

    private String buildShortDescription(Dependency dependency, Vulnerability vulnerability) {
        String next;
        StringBuilder sb = new StringBuilder();
        sb.append(determineScore(vulnerability)).append(" severity - ").append(vulnerability.getName());
        if (vulnerability.getCwes() != null && !vulnerability.getCwes().isEmpty() && (next = vulnerability.getCwes().getFullCwes().values().iterator().next()) != null && !"NVD-CWE-Other".equals(next) && !"NVD-CWE-noinfo".equals(next)) {
            sb.append(" ").append(next);
        }
        sb.append(" vulnerability in ");
        if (dependency.getSoftwareIdentifiers() == null || dependency.getSoftwareIdentifiers().isEmpty()) {
            sb.append(dependency.getDisplayFileName());
        } else {
            sb.append(dependency.getSoftwareIdentifiers().iterator().next());
        }
        return sb.toString();
    }
}
