package com.rapid7.container.analyzer.docker.packages;

import com.rapid7.container.analyzer.docker.fingerprinter.OwaspDependencyFingerprinter;
import com.rapid7.container.analyzer.docker.model.image.OperatingSystem;
import com.rapid7.container.analyzer.docker.model.image.Package;
import com.rapid7.container.analyzer.docker.model.image.PackageType;
import com.rapid7.container.analyzer.docker.packages.settings.OwaspDependencyParserSettingsBuilder;
import java.io.File;
import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/rapid7/container/analyzer/docker/packages/OwaspDependencyParser.class */
public class OwaspDependencyParser implements PackageParser<File> {
    private static final Logger LOGGER = LoggerFactory.getLogger(OwaspDependencyFingerprinter.class);
    private static final Pattern OWASP_DEPENDENCY_SUPPORTED_PATTERN = Pattern.compile(".*(?i)(\\.(jar|war|aar|gemspec|py|egg|zip|ear|sar|apk|nupkg|tar|gz|tgz|bz2|tbz2|whl|nuspec))|.*(?i)(Gopkg.lock|Gemfile.lock|packages.config)$");
    private final Settings settings;

    public OwaspDependencyParser(OwaspDependencyParserSettingsBuilder owaspDependencyParserSettingsBuilder) {
        this.settings = owaspDependencyParserSettingsBuilder.build();
    }

    public OwaspDependencyParser(Settings settings) {
        this.settings = settings;
    }

    @Override // com.rapid7.container.analyzer.docker.packages.PackageParser
    public boolean supports(String str, TarArchiveEntry tarArchiveEntry) {
        return !tarArchiveEntry.isSymbolicLink() && OWASP_DEPENDENCY_SUPPORTED_PATTERN.matcher(str).matches();
    }

    @Override // com.rapid7.container.analyzer.docker.packages.PackageParser
    public Set<Package> parse(File file, OperatingSystem operatingSystem) {
        Engine engine = new Engine(Engine.Mode.EVIDENCE_COLLECTION, this.settings);
        Throwable th = null;
        try {
            try {
                engine.scan(file);
                try {
                    engine.analyzeDependencies();
                } catch (ExceptionCollection e) {
                    e.getExceptions().forEach(th2 -> {
                        LOGGER.error("Failed analyzing dependencies", th2);
                    });
                }
                Set<Package> set = (Set) Arrays.stream(engine.getDependencies()).map(this::convertDependencyToPackage).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).collect(Collectors.toSet());
                if (engine != null) {
                    if (0 != 0) {
                        try {
                            engine.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        engine.close();
                    }
                }
                return set;
            } finally {
            }
        } catch (Throwable th4) {
            if (engine != null) {
                if (th != null) {
                    try {
                        engine.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    engine.close();
                }
            }
            throw th4;
        }
    }

    private Package convertDependencyToPackage(Dependency dependency) {
        if (dependency.getName() == null || dependency.getVersion() == null) {
            return null;
        }
        return new Package(dependency.getFileName(), PackageType.fromString(dependency.getEcosystem()), null, dependency.getName(), dependency.getVersion(), dependency.getDescription(), 0L, null, null, dependency.getLicense());
    }
}
