package com.amazon.inspector.jenkins.amazoninspectorbuildstep.csvconversion;

import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Components.Affect;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Components.Component;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Components.Property;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Components.Rating;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Components.Vulnerability;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.SbomData;
import com.google.common.annotations.VisibleForTesting;
import com.opencsv.CSVWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/amazon-inspector-image-scanner.jar:com/amazon/inspector/jenkins/amazoninspectorbuildstep/csvconversion/CsvConverter.class */
public class CsvConverter {
    private SbomData sbomData;
    private Map<String, Component> componentMap;

    public CsvConverter(SbomData sbomData) {
        this.sbomData = sbomData;
        this.componentMap = populateComponentMap(sbomData);
    }

    public void convert(String str) {
        List<String[]> buildCsvDataLines = buildCsvDataLines();
        try {
            CSVWriter cSVWriter = new CSVWriter(new FileWriter(new File(str)));
            cSVWriter.writeAll(buildCsvDataLines);
            cSVWriter.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private Map<String, Component> populateComponentMap(SbomData sbomData) {
        HashMap hashMap = new HashMap();
        if (sbomData.getSbom().getComponents() == null) {
            return hashMap;
        }
        for (Component component : sbomData.getSbom().getComponents()) {
            hashMap.put(component.getBomRef(), component);
        }
        return hashMap;
    }

    protected List<String[]> buildCsvDataLines() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new String[]{"Vulnerability ID", "Severity", "Published", "Modified", "Description", "Package Installed Version", "Package Fixed Version", "Package Path", "EPSS Score", "Exploit Available", "Exploit Last Seen", "CWEs"});
        List<Vulnerability> vulnerabilities = this.sbomData.getSbom().getVulnerabilities();
        if (vulnerabilities == null) {
            return arrayList;
        }
        for (Vulnerability vulnerability : vulnerabilities) {
            Iterator<Affect> it = vulnerability.getAffects().iterator();
            while (it.hasNext()) {
                CsvData buildCsvData = buildCsvData(vulnerability, this.componentMap.get(it.next().getRef()));
                arrayList.add(new String[]{buildCsvData.getVulnerabilityId(), StringUtils.capitalize(buildCsvData.getSeverity()), buildCsvData.getPublished(), buildCsvData.getModified(), buildCsvData.getDescription(), buildCsvData.getPackageInstalledVersion(), buildCsvData.getPackageFixedVersion(), buildCsvData.getPackagePath(), buildCsvData.getEpssScore(), buildCsvData.getExploitAvailable(), buildCsvData.getExploitLastSeen(), buildCsvData.getCwes()});
            }
        }
        return arrayList;
    }

    public CsvData buildCsvData(Vulnerability vulnerability, Component component) {
        String propertyValueFromKey = getPropertyValueFromKey(vulnerability, String.format("amazon:inspector:sbom_scanner:fixed_version:%s", component.getBomRef()));
        return CsvData.builder().vulnerabilityId(vulnerability.getId()).severity(getSeverity(vulnerability)).published(vulnerability.getCreated()).modified(getUpdated(vulnerability)).epssScore(getEpssScore(vulnerability)).description(vulnerability.getDescription()).packageInstalledVersion(component.getPurl()).packageFixedVersion(propertyValueFromKey).packagePath(getPropertyValueFromKey(component, "amazon:inspector:sbom_scanner:path")).cwes(getCwesAsString(vulnerability)).exploitAvailable(getPropertyValueFromKey(vulnerability, "amazon:inspector:sbom_scanner:exploit_available")).exploitLastSeen(getPropertyValueFromKey(vulnerability, "amazon:inspector:sbom_scanner:exploit_last_seen_in_public")).build();
    }

    @VisibleForTesting
    protected String getUpdated(Vulnerability vulnerability) {
        return (vulnerability == null || vulnerability.getUpdated() == null) ? "N/A" : vulnerability.getUpdated();
    }

    @VisibleForTesting
    protected String getCwesAsString(Vulnerability vulnerability) {
        ArrayList arrayList = new ArrayList();
        if (vulnerability == null || vulnerability.getCwes() == null) {
            return "";
        }
        Iterator<Integer> it = vulnerability.getCwes().iterator();
        while (it.hasNext()) {
            arrayList.add(String.format("CWE-%s", it.next().toString()));
        }
        return String.join(", ", arrayList);
    }

    @VisibleForTesting
    protected String getEpssScore(Vulnerability vulnerability) {
        if (vulnerability == null || vulnerability.getRatings() == null) {
            return "N/A";
        }
        for (Rating rating : vulnerability.getRatings()) {
            if (rating.getSource().getName().equals("EPSS")) {
                return Double.toString(rating.getScore());
            }
        }
        return "N/A";
    }

    @VisibleForTesting
    protected String getPropertyValueFromKey(Vulnerability vulnerability, String str) {
        if (vulnerability == null) {
            return "N/A";
        }
        for (Property property : vulnerability.getProperties()) {
            if (property.getName().equals(str)) {
                return property.getValue();
            }
        }
        return "N/A";
    }

    protected String getPropertyValueFromKey(Component component, String str) {
        if (component == null || component.getProperties() == null) {
            return "N/A";
        }
        for (Property property : component.getProperties()) {
            if (property.getName().equals(str)) {
                return property.getValue();
            }
        }
        return "N/A";
    }

    protected String getSeverity(Vulnerability vulnerability) {
        if (vulnerability == null || vulnerability.getRatings() == null) {
            return "";
        }
        List<Rating> ratings = vulnerability.getRatings();
        for (Rating rating : ratings) {
            String name = rating.getSource().getName();
            String method = rating.getMethod();
            if (name.equals("NVD") && method.startsWith("CVSSv3")) {
                return rating.getSeverity();
            }
        }
        return ratings.get(0).getSeverity();
    }
}
