package org.owasp.dependencycheck.data.nodeaudit;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.owasp.dependencycheck.utils.CvssUtil;
import org.owasp.dependencycheck.xml.suppression.SuppressionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/data/nodeaudit/NpmAuditParser.class */
public class NpmAuditParser {
    private static final Logger LOGGER = LoggerFactory.getLogger(NpmAuditParser.class);

    public List<Advisory> parse(JSONObject jSONObject) throws JSONException {
        LOGGER.debug("Parsing JSON node");
        ArrayList arrayList = new ArrayList();
        JSONObject jSONObject2 = jSONObject.getJSONObject("advisories");
        Iterator<String> keys = jSONObject2.keys();
        while (keys.hasNext()) {
            arrayList.add(parseAdvisory(jSONObject2.getJSONObject(keys.next())));
        }
        return arrayList;
    }

    private Advisory parseAdvisory(JSONObject jSONObject) throws JSONException {
        String optString;
        Advisory advisory = new Advisory();
        advisory.setGhsaId(jSONObject.getString("github_advisory_id"));
        advisory.setOverview(jSONObject.optString("overview", null));
        advisory.setReferences(jSONObject.optString("references", null));
        advisory.setCreated(jSONObject.optString("created", null));
        advisory.setUpdated(jSONObject.optString("updated", null));
        advisory.setRecommendation(jSONObject.optString("recommendation", null));
        advisory.setTitle(jSONObject.optString("title", null));
        advisory.setModuleName(jSONObject.optString("module_name", null));
        advisory.setVulnerableVersions(jSONObject.optString("vulnerable_versions", null));
        advisory.setPatchedVersions(jSONObject.optString("patched_versions", null));
        advisory.setAccess(jSONObject.optString("access", null));
        advisory.setSeverity(jSONObject.optString("severity", null));
        JSONArray optJSONArray = jSONObject.optJSONArray(SuppressionHandler.CWE);
        ArrayList arrayList = new ArrayList();
        if (optJSONArray != null) {
            for (int i = 0; i < optJSONArray.length(); i++) {
                arrayList.add(optJSONArray.getString(i));
            }
        }
        advisory.setCwes(arrayList);
        JSONArray optJSONArray2 = jSONObject.optJSONArray("findings");
        for (int i2 = 0; i2 < optJSONArray2.length(); i2++) {
            JSONObject jSONObject2 = optJSONArray2.getJSONObject(i2);
            String optString2 = jSONObject2.optString("version", null);
            JSONArray optJSONArray3 = jSONObject2.optJSONArray("paths");
            for (int i3 = 0; i3 < optJSONArray3.length(); i3++) {
                String string = optJSONArray3.getString(i3);
                if (string != null && string.equals(advisory.getModuleName())) {
                    advisory.setVersion(optString2);
                }
            }
        }
        JSONArray optJSONArray4 = jSONObject.optJSONArray("cves");
        ArrayList arrayList2 = new ArrayList();
        if (optJSONArray4 != null) {
            for (int i4 = 0; i4 < optJSONArray4.length(); i4++) {
                arrayList2.add(optJSONArray4.getString(i4));
            }
            advisory.setCves(arrayList2);
        }
        JSONObject optJSONObject = jSONObject.optJSONObject("cvss");
        if (optJSONObject != null) {
            double d = -1.0d;
            String optString3 = optJSONObject.optString("score");
            if (optString3 != null) {
                try {
                    d = Float.parseFloat(optString3);
                } catch (NumberFormatException e) {
                    LOGGER.trace("Swallowed NumberFormatException", e);
                    d = -1.0d;
                }
            }
            if (d >= 0.0d && (optString = optJSONObject.optString("vectorString")) != null) {
                if (!optString.startsWith("CVSS:3") || d < 0.0d) {
                    LOGGER.warn("Unsupported CVSS vector format in NPM Audit results, please file a feature request at https://github.com/jeremylong/DependencyCheck/issues/new/choose to support vector format '{}' ", optString);
                } else {
                    try {
                        advisory.setCvssV3(CvssUtil.vectorToCvssV3(optString, Double.valueOf(d)));
                    } catch (IllegalArgumentException e2) {
                        LOGGER.warn("Invalid CVSS vector format encountered in NPM Audit results '{}' ", optString, e2);
                    }
                }
            }
        }
        return advisory;
    }
}
