package org.openrewrite.java.dependencies;

import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.csv.CsvMapper;
import com.fasterxml.jackson.dataformat.csv.CsvSchema;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.fasterxml.jackson.module.paramnames.ParameterNamesModule;
import java.beans.ConstructorProperties;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.stream.Collectors;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Option;
import org.openrewrite.ScanningRecipe;
import org.openrewrite.SourceFile;
import org.openrewrite.Tree;
import org.openrewrite.TreeVisitor;
import org.openrewrite.Validated;
import org.openrewrite.gradle.marker.GradleDependencyConfiguration;
import org.openrewrite.gradle.marker.GradleProject;
import org.openrewrite.groovy.GroovyIsoVisitor;
import org.openrewrite.groovy.GroovyVisitor;
import org.openrewrite.groovy.tree.G;
import org.openrewrite.internal.StringUtils;
import org.openrewrite.internal.lang.NonNull;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.dependencies.internal.StaticVersionComparator;
import org.openrewrite.java.dependencies.internal.VersionParser;
import org.openrewrite.java.dependencies.table.VulnerabilityReport;
import org.openrewrite.marker.SearchResult;
import org.openrewrite.maven.MavenIsoVisitor;
import org.openrewrite.maven.MavenVisitor;
import org.openrewrite.maven.tree.GroupArtifact;
import org.openrewrite.maven.tree.MavenResolutionResult;
import org.openrewrite.maven.tree.ResolvedDependency;
import org.openrewrite.maven.tree.ResolvedGroupArtifactVersion;
import org.openrewrite.maven.tree.Scope;
import org.openrewrite.semver.LatestPatch;
import org.openrewrite.xml.tree.Xml;

/* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.class */
public final class DependencyVulnerabilityCheck extends ScanningRecipe<Accumulator> {
    private final transient VersionParser versionParser = new VersionParser();
    private final transient VulnerabilityReport report = new VulnerabilityReport(this);

    @Option(displayName = "Scope", description = "Match dependencies with the specified scope", valid = {"compile", "test", "runtime", "provided"}, example = "compile")
    private final String scope;

    @Option(displayName = "Override managed version", description = "This flag can be set to explicitly override a managed dependency's version. The default for this flag is `false`.", example = "false", required = false)
    @Nullable
    private final Boolean overrideManagedVersion;

    @Option(displayName = "Add markers", description = "Report each vulnerability in search results. If this is off, it is easier to see suggested changes.", required = false)
    @Nullable
    private final Boolean addMarkers;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck$7, reason: invalid class name */
    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$7.class */
    public static /* synthetic */ class AnonymousClass7 {
        static final /* synthetic */ int[] $SwitchMap$org$openrewrite$maven$tree$Scope = new int[Scope.values().length];

        static {
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Test.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Compile.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Runtime.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openrewrite$maven$tree$Scope[Scope.Provided.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$Accumulator.class */
    public static final class Accumulator {
        private final Map<GroupArtifact, List<Vulnerability>> db;
        private final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> vulnerabilities;
        private final Scope scope;
        private final Set<GroupArtifact> udvAcc;

        @ConstructorProperties({"db", "vulnerabilities", "scope", "udvAcc"})
        public Accumulator(Map<GroupArtifact, List<Vulnerability>> map, Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map2, Scope scope, Set<GroupArtifact> set) {
            this.db = map;
            this.vulnerabilities = map2;
            this.scope = scope;
            this.udvAcc = set;
        }

        public Map<GroupArtifact, List<Vulnerability>> getDb() {
            return this.db;
        }

        public Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> getVulnerabilities() {
            return this.vulnerabilities;
        }

        public Scope getScope() {
            return this.scope;
        }

        public Set<GroupArtifact> getUdvAcc() {
            return this.udvAcc;
        }

        public boolean equals(@Nullable Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Accumulator)) {
                return false;
            }
            Accumulator accumulator = (Accumulator) obj;
            Map<GroupArtifact, List<Vulnerability>> db = getDb();
            Map<GroupArtifact, List<Vulnerability>> db2 = accumulator.getDb();
            if (db == null) {
                if (db2 != null) {
                    return false;
                }
            } else if (!db.equals(db2)) {
                return false;
            }
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> vulnerabilities = getVulnerabilities();
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> vulnerabilities2 = accumulator.getVulnerabilities();
            if (vulnerabilities == null) {
                if (vulnerabilities2 != null) {
                    return false;
                }
            } else if (!vulnerabilities.equals(vulnerabilities2)) {
                return false;
            }
            Scope scope = getScope();
            Scope scope2 = accumulator.getScope();
            if (scope == null) {
                if (scope2 != null) {
                    return false;
                }
            } else if (!scope.equals(scope2)) {
                return false;
            }
            Set<GroupArtifact> udvAcc = getUdvAcc();
            Set<GroupArtifact> udvAcc2 = accumulator.getUdvAcc();
            return udvAcc == null ? udvAcc2 == null : udvAcc.equals(udvAcc2);
        }

        public int hashCode() {
            Map<GroupArtifact, List<Vulnerability>> db = getDb();
            int hashCode = (1 * 59) + (db == null ? 43 : db.hashCode());
            Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> vulnerabilities = getVulnerabilities();
            int hashCode2 = (hashCode * 59) + (vulnerabilities == null ? 43 : vulnerabilities.hashCode());
            Scope scope = getScope();
            int hashCode3 = (hashCode2 * 59) + (scope == null ? 43 : scope.hashCode());
            Set<GroupArtifact> udvAcc = getUdvAcc();
            return (hashCode3 * 59) + (udvAcc == null ? 43 : udvAcc.hashCode());
        }

        @NonNull
        public String toString() {
            return "DependencyVulnerabilityCheck.Accumulator(db=" + getDb() + ", vulnerabilities=" + getVulnerabilities() + ", scope=" + getScope() + ", udvAcc=" + getUdvAcc() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openrewrite/java/dependencies/DependencyVulnerabilityCheck$MinimumDepthVulnerability.class */
    public static final class MinimumDepthVulnerability {
        private int minDepth;
        private final Vulnerability vulnerability;

        @ConstructorProperties({"minDepth", "vulnerability"})
        public MinimumDepthVulnerability(int i, Vulnerability vulnerability) {
            this.minDepth = i;
            this.vulnerability = vulnerability;
        }

        public int getMinDepth() {
            return this.minDepth;
        }

        public Vulnerability getVulnerability() {
            return this.vulnerability;
        }

        public boolean equals(@Nullable Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof MinimumDepthVulnerability)) {
                return false;
            }
            MinimumDepthVulnerability minimumDepthVulnerability = (MinimumDepthVulnerability) obj;
            if (getMinDepth() != minimumDepthVulnerability.getMinDepth()) {
                return false;
            }
            Vulnerability vulnerability = getVulnerability();
            Vulnerability vulnerability2 = minimumDepthVulnerability.getVulnerability();
            return vulnerability == null ? vulnerability2 == null : vulnerability.equals(vulnerability2);
        }

        public int hashCode() {
            int minDepth = (1 * 59) + getMinDepth();
            Vulnerability vulnerability = getVulnerability();
            return (minDepth * 59) + (vulnerability == null ? 43 : vulnerability.hashCode());
        }

        @NonNull
        public String toString() {
            return "DependencyVulnerabilityCheck.MinimumDepthVulnerability(minDepth=" + getMinDepth() + ", vulnerability=" + getVulnerability() + ")";
        }
    }

    public String getDisplayName() {
        return "Find and fix vulnerable dependencies";
    }

    public String getDescription() {
        return "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe **only** upgrades to the latest **patch** version.  If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the [GitHub Security Advisory Database](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database), which aggregates vulnerability data from several public databases, including the [National Vulnerability Database](https://nvd.nist.gov/) maintained by the United States government. Dependencies following [Semantic Versioning](https://semver.org/) will see their _patch_ version updated where applicable.";
    }

    public Validated<Object> validate() {
        return super.validate().and(Validated.test("scope", "scope is a valid Maven scope", this.scope, str -> {
            try {
                Scope.fromName(str);
                return true;
            } catch (Throwable th) {
                return false;
            }
        }));
    }

    /* renamed from: getInitialValue, reason: merged with bridge method [inline-methods] */
    public Accumulator m5getInitialValue(ExecutionContext executionContext) {
        Scope fromName = Scope.fromName(this.scope);
        CsvMapper csvMapper = new CsvMapper();
        HashMap hashMap = new HashMap();
        try {
            MappingIterator readValues = csvMapper.readerForMapOf(String.class).with(CsvSchema.builder().addColumn("cve").addColumn("published").addColumn("summary").addColumn("groupArtifact").addColumn("introducedVersion").addColumn("fixedVersion").addColumn("severity").addColumn("CWEs").build()).readValues(DependencyVulnerabilityCheck.class.getResourceAsStream("/advisories.csv"));
            ObjectMapper registerModule = new ObjectMapper().registerModule(new JavaTimeModule()).registerModule(new ParameterNamesModule());
            while (readValues.hasNextValue()) {
                Vulnerability vulnerability = (Vulnerability) registerModule.convertValue(readValues.nextValue(), Vulnerability.class);
                String[] split = vulnerability.getGroupArtifact().split(":");
                ((List) hashMap.computeIfAbsent(new GroupArtifact(split[0], split[1]), groupArtifact -> {
                    return new ArrayList();
                })).add(vulnerability);
            }
            return new Accumulator(hashMap, new HashMap(), fromName, new HashSet());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public TreeVisitor<?, ExecutionContext> getScanner(final Accumulator accumulator) {
        return new TreeVisitor<Tree, ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.1
            @Nullable
            public Tree visit(@Nullable Tree tree, ExecutionContext executionContext) {
                if (tree == null) {
                    return null;
                }
                DependencyVulnerabilityCheck.this.scanMaven(accumulator.getDb(), accumulator.getVulnerabilities(), accumulator.getScope()).visitNonNull(tree, executionContext);
                DependencyVulnerabilityCheck.this.scanGradleGroovy(accumulator.getDb(), accumulator.getVulnerabilities(), accumulator.getScope()).visitNonNull(tree, executionContext);
                new org.openrewrite.maven.UpgradeDependencyVersion("", "", "", (String) null, (Boolean) null, (List) null).getScanner(accumulator.getUdvAcc()).visit(tree, executionContext);
                return tree;
            }
        };
    }

    public Collection<SourceFile> generate(Accumulator accumulator, ExecutionContext executionContext) {
        for (Map.Entry<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> entry : accumulator.getVulnerabilities().entrySet()) {
            for (MinimumDepthVulnerability minimumDepthVulnerability : entry.getValue()) {
                Vulnerability vulnerability = minimumDepthVulnerability.getVulnerability();
                ResolvedGroupArtifactVersion key = entry.getKey();
                this.report.insertRow(executionContext, new VulnerabilityReport.Row(vulnerability.getCve(), key.getGroupId(), key.getArtifactId(), key.getVersion(), vulnerability.getFixedVersion(), (minimumDepthVulnerability.getMinDepth() == 0 || Boolean.TRUE.equals(this.overrideManagedVersion)) && new LatestPatch((String) null).isValid(key.getVersion(), vulnerability.getFixedVersion()), vulnerability.getSummary(), vulnerability.getSeverity().toString(), Integer.valueOf(minimumDepthVulnerability.getMinDepth()), vulnerability.getCWEs()));
            }
        }
        return Collections.emptyList();
    }

    public TreeVisitor<?, ExecutionContext> getVisitor(final Accumulator accumulator) {
        return new TreeVisitor<Tree, ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.2
            public Tree visit(@Nullable Tree tree, ExecutionContext executionContext) {
                if (tree == null) {
                    return null;
                }
                Tree tree2 = tree;
                if (tree2.getMarkers().findFirst(MavenResolutionResult.class).isPresent()) {
                    HashMap hashMap = new HashMap();
                    tree2 = DependencyVulnerabilityCheck.this.fixMaven(accumulator.getVulnerabilities(), accumulator.getScope(), hashMap).visitNonNull(tree2, executionContext);
                    for (Map.Entry entry : hashMap.entrySet()) {
                        tree2 = new org.openrewrite.maven.UpgradeDependencyVersion(((GroupArtifact) entry.getKey()).getGroupId(), ((GroupArtifact) entry.getKey()).getArtifactId(), (String) entry.getValue(), (String) null, DependencyVulnerabilityCheck.this.overrideManagedVersion, (List) null).getVisitor(accumulator.getUdvAcc()).visitNonNull(tree2, executionContext);
                    }
                } else if (tree2.getMarkers().findFirst(GradleProject.class).isPresent()) {
                    HashMap hashMap2 = new HashMap();
                    tree2 = DependencyVulnerabilityCheck.this.fixGradleGroovy(accumulator.getVulnerabilities(), accumulator.getScope(), hashMap2).visitNonNull(tree2, executionContext);
                    for (Map.Entry entry2 : hashMap2.entrySet()) {
                        tree2 = new org.openrewrite.gradle.UpgradeDependencyVersion(((GroupArtifact) entry2.getKey()).getGroupId(), ((GroupArtifact) entry2.getKey()).getArtifactId(), (String) entry2.getValue(), (String) null).getVisitor().visitNonNull(tree2, executionContext);
                    }
                }
                return tree2;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MavenVisitor<ExecutionContext> scanMaven(final Map<GroupArtifact, List<Vulnerability>> map, final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map2, final Scope scope) {
        return new MavenIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.3
            /* renamed from: visitDocument, reason: merged with bridge method [inline-methods] */
            public Xml.Document m6visitDocument(Xml.Document document, ExecutionContext executionContext) {
                List list = (List) getResolutionResult().getDependencies().get(scope);
                if (list != null) {
                    Iterator it = list.iterator();
                    while (it.hasNext()) {
                        DependencyVulnerabilityCheck.this.analyzeDependency(map, map2, (ResolvedDependency) it.next());
                    }
                }
                return super.visitDocument(document, executionContext);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean scopeExcludesConfiguration(GradleDependencyConfiguration gradleDependencyConfiguration, Scope scope) {
        switch (AnonymousClass7.$SwitchMap$org$openrewrite$maven$tree$Scope[scope.ordinal()]) {
            case 1:
                return !gradleDependencyConfiguration.getName().contains("test");
            case 2:
            case 3:
                return gradleDependencyConfiguration.getName().contains("test");
            case 4:
                return (gradleDependencyConfiguration.getName().contains("provided") || gradleDependencyConfiguration.getName().contains("compileOnly")) ? false : true;
            default:
                return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroovyVisitor<ExecutionContext> scanGradleGroovy(final Map<GroupArtifact, List<Vulnerability>> map, final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map2, final Scope scope) {
        return new GroovyIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.4
            /* renamed from: visitCompilationUnit, reason: merged with bridge method [inline-methods] */
            public G.CompilationUnit m7visitCompilationUnit(G.CompilationUnit compilationUnit, ExecutionContext executionContext) {
                Optional findFirst = compilationUnit.getMarkers().findFirst(GradleProject.class);
                Scope scope2 = scope;
                Map map3 = map;
                Map map4 = map2;
                findFirst.ifPresent(gradleProject -> {
                    for (GradleDependencyConfiguration gradleDependencyConfiguration : gradleProject.getConfigurations()) {
                        if (!DependencyVulnerabilityCheck.scopeExcludesConfiguration(gradleDependencyConfiguration, scope2)) {
                            for (ResolvedDependency resolvedDependency : gradleDependencyConfiguration.getResolved()) {
                                if (!StringUtils.isBlank(resolvedDependency.getVersion())) {
                                    DependencyVulnerabilityCheck.this.analyzeDependency(map3, map4, resolvedDependency);
                                }
                            }
                        }
                    }
                });
                return super.visitCompilationUnit(compilationUnit, executionContext);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void analyzeDependency(Map<GroupArtifact, List<Vulnerability>> map, Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map2, ResolvedDependency resolvedDependency) {
        List<Vulnerability> list = map.get(new GroupArtifact(resolvedDependency.getGroupId(), resolvedDependency.getArtifactId()));
        if (list != null) {
            Set<MinimumDepthVulnerability> set = null;
            StaticVersionComparator staticVersionComparator = new StaticVersionComparator();
            for (Vulnerability vulnerability : list) {
                boolean isBlank = StringUtils.isBlank(vulnerability.getFixedVersion());
                if (!isBlank) {
                    if (resolvedDependency.getVersion().endsWith(".RELEASE")) {
                        if (staticVersionComparator.compare(this.versionParser.transform(vulnerability.getFixedVersion()), this.versionParser.transform(resolvedDependency.getVersion().substring(0, resolvedDependency.getVersion().length() - ".RELEASE".length()))) > 0) {
                            isBlank = true;
                        }
                    } else if (staticVersionComparator.compare(this.versionParser.transform(vulnerability.getFixedVersion()), this.versionParser.transform(resolvedDependency.getVersion())) > 0) {
                        isBlank = true;
                    }
                }
                if (isBlank && staticVersionComparator.compare(this.versionParser.transform(vulnerability.getIntroducedVersion()), this.versionParser.transform(resolvedDependency.getVersion())) <= 0) {
                    if (set == null) {
                        set = map2.computeIfAbsent(resolvedDependency.getGav(), resolvedGroupArtifactVersion -> {
                            return new TreeSet(Comparator.comparing(minimumDepthVulnerability -> {
                                return minimumDepthVulnerability.getVulnerability().getSeverity();
                            }).reversed().thenComparing(minimumDepthVulnerability2 -> {
                                return minimumDepthVulnerability2.getVulnerability().getCve();
                            }));
                        });
                    }
                    Iterator<MinimumDepthVulnerability> it = set.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            set.add(new MinimumDepthVulnerability(resolvedDependency.getDepth(), vulnerability));
                            break;
                        }
                        MinimumDepthVulnerability next = it.next();
                        if (next.getVulnerability().equals(vulnerability)) {
                            next.minDepth = Math.min(next.minDepth, resolvedDependency.getDepth());
                            break;
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public MavenVisitor<ExecutionContext> fixMaven(final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map, final Scope scope, final Map<GroupArtifact, String> map2) {
        return new MavenIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.5
            /* renamed from: visitTag, reason: merged with bridge method [inline-methods] */
            public Xml.Tag m8visitTag(Xml.Tag tag, ExecutionContext executionContext) {
                ResolvedDependency findDependency;
                if (isDependencyTag() && (findDependency = findDependency(tag, scope)) != null) {
                    for (Map.Entry entry : map.entrySet()) {
                        ResolvedGroupArtifactVersion resolvedGroupArtifactVersion = (ResolvedGroupArtifactVersion) entry.getKey();
                        if (findDependency.findDependency((String) Objects.requireNonNull(resolvedGroupArtifactVersion.getGroupId()), resolvedGroupArtifactVersion.getArtifactId()) != null) {
                            boolean z = false;
                            Iterator it = ((Set) entry.getValue()).iterator();
                            while (it.hasNext()) {
                                Vulnerability vulnerability = ((MinimumDepthVulnerability) it.next()).getVulnerability();
                                z = true;
                                GroupArtifact groupArtifact = new GroupArtifact(resolvedGroupArtifactVersion.getGroupId(), resolvedGroupArtifactVersion.getArtifactId());
                                String str = (String) map2.get(groupArtifact);
                                if (!StringUtils.isBlank(vulnerability.getFixedVersion()) && new LatestPatch((String) null).isValid(resolvedGroupArtifactVersion.getVersion(), vulnerability.getFixedVersion()) && (str == null || new StaticVersionComparator().compare(DependencyVulnerabilityCheck.this.versionParser.transform(vulnerability.getFixedVersion()), DependencyVulnerabilityCheck.this.versionParser.transform(str)) > 0)) {
                                    map2.put(groupArtifact, vulnerability.getFixedVersion());
                                }
                            }
                            if (z && Boolean.TRUE.equals(DependencyVulnerabilityCheck.this.addMarkers)) {
                                return SearchResult.found(tag, "This dependency includes " + resolvedGroupArtifactVersion + " which has the following vulnerabilities:\n" + ((String) ((Set) entry.getValue()).stream().map(minimumDepthVulnerability -> {
                                    Vulnerability vulnerability2 = minimumDepthVulnerability.getVulnerability();
                                    return vulnerability2.getCve() + " (" + vulnerability2.getSeverity() + " severity" + (StringUtils.isBlank(vulnerability2.getFixedVersion()) ? "" : ", fixed in " + vulnerability2.getFixedVersion()) + ") - " + vulnerability2.getSummary();
                                }).collect(Collectors.joining("\n"))));
                            }
                        }
                    }
                }
                return super.visitTag(tag, executionContext);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GroovyVisitor<ExecutionContext> fixGradleGroovy(final Map<ResolvedGroupArtifactVersion, Set<MinimumDepthVulnerability>> map, final Scope scope, final Map<GroupArtifact, String> map2) {
        return new GroovyIsoVisitor<ExecutionContext>() { // from class: org.openrewrite.java.dependencies.DependencyVulnerabilityCheck.6
            /* renamed from: visitCompilationUnit, reason: merged with bridge method [inline-methods] */
            public G.CompilationUnit m9visitCompilationUnit(G.CompilationUnit compilationUnit, ExecutionContext executionContext) {
                G.CompilationUnit compilationUnit2 = compilationUnit;
                GradleProject gradleProject = (GradleProject) compilationUnit2.getMarkers().findFirst(GradleProject.class).get();
                for (Map.Entry entry : map.entrySet()) {
                    ResolvedGroupArtifactVersion resolvedGroupArtifactVersion = (ResolvedGroupArtifactVersion) entry.getKey();
                    if (Boolean.TRUE.equals(DependencyVulnerabilityCheck.this.addMarkers)) {
                        compilationUnit2 = (G.CompilationUnit) SearchResult.found(compilationUnit2, "This project has the following vulnerabilities:\n" + ((String) ((Set) entry.getValue()).stream().map(minimumDepthVulnerability -> {
                            Vulnerability vulnerability = minimumDepthVulnerability.getVulnerability();
                            return "Dependency " + resolvedGroupArtifactVersion + " has " + vulnerability.getCve() + " (" + vulnerability.getSeverity() + " severity" + (StringUtils.isBlank(vulnerability.getFixedVersion()) ? "" : ", fixed in " + vulnerability.getFixedVersion()) + ") - " + vulnerability.getSummary();
                        }).collect(Collectors.joining("\n"))));
                    }
                    for (GradleDependencyConfiguration gradleDependencyConfiguration : gradleProject.getConfigurations()) {
                        if (!DependencyVulnerabilityCheck.scopeExcludesConfiguration(gradleDependencyConfiguration, scope) && gradleDependencyConfiguration.isCanBeResolved()) {
                            for (ResolvedDependency resolvedDependency : gradleDependencyConfiguration.getResolved()) {
                                if (Objects.equals(resolvedDependency.getGroupId(), resolvedGroupArtifactVersion.getGroupId()) && Objects.equals(resolvedDependency.getArtifactId(), resolvedGroupArtifactVersion.getArtifactId())) {
                                    Iterator it = ((Set) entry.getValue()).iterator();
                                    while (it.hasNext()) {
                                        Vulnerability vulnerability = ((MinimumDepthVulnerability) it.next()).getVulnerability();
                                        GroupArtifact groupArtifact = new GroupArtifact(resolvedGroupArtifactVersion.getGroupId(), resolvedGroupArtifactVersion.getArtifactId());
                                        String str = (String) map2.get(groupArtifact);
                                        if (!StringUtils.isBlank(vulnerability.getFixedVersion()) && new LatestPatch((String) null).isValid(resolvedGroupArtifactVersion.getVersion(), vulnerability.getFixedVersion()) && (str == null || new StaticVersionComparator().compare(DependencyVulnerabilityCheck.this.versionParser.transform(vulnerability.getFixedVersion()), DependencyVulnerabilityCheck.this.versionParser.transform(str)) > 0)) {
                                            map2.put(groupArtifact, vulnerability.getFixedVersion());
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
                return compilationUnit2;
            }
        };
    }

    @ConstructorProperties({"scope", "overrideManagedVersion", "addMarkers"})
    public DependencyVulnerabilityCheck(String str, @Nullable Boolean bool, @Nullable Boolean bool2) {
        this.scope = str;
        this.overrideManagedVersion = bool;
        this.addMarkers = bool2;
    }

    public VersionParser getVersionParser() {
        return this.versionParser;
    }

    public VulnerabilityReport getReport() {
        return this.report;
    }

    public String getScope() {
        return this.scope;
    }

    @Nullable
    public Boolean getOverrideManagedVersion() {
        return this.overrideManagedVersion;
    }

    @Nullable
    public Boolean getAddMarkers() {
        return this.addMarkers;
    }

    @NonNull
    public String toString() {
        return "DependencyVulnerabilityCheck(versionParser=" + getVersionParser() + ", report=" + getReport() + ", scope=" + getScope() + ", overrideManagedVersion=" + getOverrideManagedVersion() + ", addMarkers=" + getAddMarkers() + ")";
    }

    public boolean equals(@Nullable Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof DependencyVulnerabilityCheck)) {
            return false;
        }
        DependencyVulnerabilityCheck dependencyVulnerabilityCheck = (DependencyVulnerabilityCheck) obj;
        if (!dependencyVulnerabilityCheck.canEqual(this)) {
            return false;
        }
        Boolean overrideManagedVersion = getOverrideManagedVersion();
        Boolean overrideManagedVersion2 = dependencyVulnerabilityCheck.getOverrideManagedVersion();
        if (overrideManagedVersion == null) {
            if (overrideManagedVersion2 != null) {
                return false;
            }
        } else if (!overrideManagedVersion.equals(overrideManagedVersion2)) {
            return false;
        }
        Boolean addMarkers = getAddMarkers();
        Boolean addMarkers2 = dependencyVulnerabilityCheck.getAddMarkers();
        if (addMarkers == null) {
            if (addMarkers2 != null) {
                return false;
            }
        } else if (!addMarkers.equals(addMarkers2)) {
            return false;
        }
        String scope = getScope();
        String scope2 = dependencyVulnerabilityCheck.getScope();
        return scope == null ? scope2 == null : scope.equals(scope2);
    }

    protected boolean canEqual(@Nullable Object obj) {
        return obj instanceof DependencyVulnerabilityCheck;
    }

    public int hashCode() {
        Boolean overrideManagedVersion = getOverrideManagedVersion();
        int hashCode = (1 * 59) + (overrideManagedVersion == null ? 43 : overrideManagedVersion.hashCode());
        Boolean addMarkers = getAddMarkers();
        int hashCode2 = (hashCode * 59) + (addMarkers == null ? 43 : addMarkers.hashCode());
        String scope = getScope();
        return (hashCode2 * 59) + (scope == null ? 43 : scope.hashCode());
    }
}
