package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.processing.BundlerAuditProcessor;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.processing.ProcessReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.class */
public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEPENDENCY_ECOSYSTEM = "ruby";
    private static final String ANALYZER_NAME = "Ruby Bundle Audit Analyzer";
    public static final String NAME = "Name: ";
    public static final String VERSION = "Version: ";
    public static final String ADVISORY = "Advisory: ";
    public static final String CVE = "CVE: ";
    public static final String CRITICALITY = "Criticality: ";
    private CveDB cvedb = null;
    private boolean needToDisableGemspecAnalyzer = true;
    private static final Logger LOGGER = LoggerFactory.getLogger(RubyBundleAuditAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.PRE_INFORMATION_COLLECTION;
    private static final FileFilter FILTER = FileFilterBuilder.newInstance().addFilenames("Gemfile.lock").build();

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.bundle.audit.enabled";
    }

    private Process launchBundleAudit(File file, List<String> list) throws AnalysisException {
        if (!file.isDirectory()) {
            throw new AnalysisException(String.format("%s should have been a directory.", file.getAbsolutePath()));
        }
        ArrayList arrayList = new ArrayList();
        String string = getSettings().getString("analyzer.bundle.audit.path");
        File file2 = null;
        if (string != null) {
            file2 = new File(string);
            if (!file2.isFile()) {
                LOGGER.warn("Supplied `bundleAudit` path is incorrect: {}", string);
                file2 = null;
            }
        }
        arrayList.add(file2 != null ? file2.getAbsolutePath() : "bundle-audit");
        arrayList.addAll(list);
        ProcessBuilder processBuilder = new ProcessBuilder(arrayList);
        String string2 = getSettings().getString("analyzer.bundle.audit.working.directory");
        File file3 = null;
        if (string2 != null) {
            file3 = new File(string2);
            if (!file3.isDirectory()) {
                LOGGER.warn("Supplied `bundleAuditWorkingDirectory` path is incorrect: {}", string2);
                file3 = null;
            }
        }
        File file4 = file3 != null ? file3 : file;
        processBuilder.directory(file4);
        try {
            LOGGER.info("Launching: {} from {}", arrayList, file4);
            return processBuilder.start();
        } catch (IOException e) {
            throw new AnalysisException("bundle-audit initialization failure; this error can be ignored if you are not analyzing Ruby. Otherwise ensure that bundle-audit is installed and the path to bundle audit is correctly specified", e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
        if (engine != null) {
            this.cvedb = engine.getDatabase();
        }
        try {
            Process launchBundleAudit = launchBundleAudit(getSettings().getTempDirectory(), Collections.singletonList("version"));
            ProcessReader processReader = new ProcessReader(launchBundleAudit);
            Throwable th = null;
            try {
                try {
                    processReader.readAll();
                    String error = processReader.getError();
                    if (error != null) {
                        LOGGER.warn("Warnings from bundle-audit {}", error);
                    }
                    String output = processReader.getOutput();
                    int exitValue = launchBundleAudit.exitValue();
                    if (exitValue != 0) {
                        setEnabled(false);
                        throw new InitializationException(String.format("bundle-audit execution failed - exit code: %d; error: %s ", Integer.valueOf(exitValue), error));
                    }
                    if (processReader != null) {
                        if (0 != 0) {
                            try {
                                processReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            processReader.close();
                        }
                    }
                    LOGGER.info("{} is enabled and is using bundle-audit with version details: {}. Note: It is necessary to manually run \"bundle-audit update\" occasionally to keep its database up to date.", ANALYZER_NAME, output);
                } finally {
                }
            } catch (Throwable th3) {
                if (processReader != null) {
                    if (th != null) {
                        try {
                            processReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        processReader.close();
                    }
                }
                throw th3;
            }
        } catch (UnsupportedEncodingException e) {
            setEnabled(false);
            throw new InitializationException("Unexpected bundle-audit encoding when reading input stream.", e);
        } catch (IOException e2) {
            setEnabled(false);
            throw new InitializationException("Unable to read bundle-audit output.", e2);
        } catch (InterruptedException e3) {
            setEnabled(false);
            String format = String.format("Bundle-audit process was interrupted. Disabling %s", ANALYZER_NAME);
            Thread.currentThread().interrupt();
            throw new InitializationException(format);
        } catch (AnalysisException e4) {
            setEnabled(false);
            throw new InitializationException(String.format("Exception from bundle-audit process: %s. Disabling %s", e4.getCause(), ANALYZER_NAME), e4);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x01a0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:82:0x01a0 */
    /* JADX WARN: Type inference failed for: r0v69, types: [org.owasp.dependencycheck.processing.BundlerAuditProcessor, org.owasp.dependencycheck.analyzer.FileTypeAnalyzer] */
    /* JADX WARN: Type inference failed for: r13v0, types: [java.lang.Throwable] */
    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.needToDisableGemspecAnalyzer) {
            String name = RubyGemspecAnalyzer.class.getName();
            Iterator<FileTypeAnalyzer> it = engine.getFileTypeAnalyzers().iterator();
            while (it.hasNext()) {
                FileTypeAnalyzer next = it.next();
                if (next instanceof RubyBundlerAnalyzer) {
                    ((RubyBundlerAnalyzer) next).setEnabled(false);
                    LOGGER.info("Disabled {} to avoid noisy duplicate results.", RubyBundlerAnalyzer.class.getName());
                } else if (next instanceof RubyGemspecAnalyzer) {
                    ((RubyGemspecAnalyzer) next).setEnabled(false);
                    LOGGER.info("Disabled {} to avoid noisy duplicate results.", name);
                }
            }
            this.needToDisableGemspecAnalyzer = false;
        }
        Process launchBundleAudit = launchBundleAudit(dependency.getActualFile().getParentFile(), Arrays.asList("check", "--verbose"));
        try {
            try {
                BundlerAuditProcessor bundlerAuditProcessor = new BundlerAuditProcessor(dependency, engine);
                Throwable th = null;
                ProcessReader processReader = new ProcessReader(launchBundleAudit, bundlerAuditProcessor);
                Throwable th2 = null;
                try {
                    processReader.readAll();
                    String error = processReader.getError();
                    if (StringUtils.isNoneBlank(new CharSequence[]{error})) {
                        LOGGER.warn("Warnings from bundle-audit {}", error);
                    }
                    int exitValue = launchBundleAudit.exitValue();
                    if (exitValue < 0 || exitValue > 1) {
                        throw new AnalysisException(String.format("Unexpected exit code from bundle-audit process; exit code: %s", Integer.valueOf(exitValue)));
                    }
                    if (processReader != null) {
                        if (0 != 0) {
                            try {
                                processReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            processReader.close();
                        }
                    }
                    if (bundlerAuditProcessor != null) {
                        if (0 != 0) {
                            try {
                                bundlerAuditProcessor.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            bundlerAuditProcessor.close();
                        }
                    }
                } catch (Throwable th5) {
                    if (processReader != null) {
                        if (0 != 0) {
                            try {
                                processReader.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            processReader.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (IOException | CpeValidationException e) {
            LOGGER.warn("bundle-audit failure", e);
            throw new AnalysisException("bunder-audit error: " + e.getMessage(), e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            throw new AnalysisException("bundle-audit process interrupted", e2);
        }
    }
}
