package io.jenkins.plugins.secone.security;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import io.jenkins.plugins.secone.security.object.initializer.ObjectInitializer;
import io.jenkins.plugins.secone.security.pojo.Threshold;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import jenkins.tasks.SimpleBuildStep;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.mime.MultipartEntityBuilder;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.json.JSONArray;
import org.json.JSONObject;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.util.CollectionUtils;
import org.springframework.web.client.HttpClientErrorException;

/* loaded from: input_file:WEB-INF/lib/secone-security.jar:io/jenkins/plugins/secone/security/SecOneScannerPlugin.class */
public class SecOneScannerPlugin extends Builder implements SimpleBuildStep {
    private static final Logger logger = LoggerFactory.getLogger(SecOneScannerPlugin.class);
    private static final String API_CONTEXT = "/rest/foss";
    private static final String SCAN_API = "/scan/file";
    private static final String INSTANCE_URL = "SEC1_INSTANCE_URL";
    private static final String SUPPORTED_MANIFEST = "/supported-manifest";
    private static final String API_KEY = "SEC1_API_KEY";
    private static final String API_KEY_HEADER = "sec1-api-key";
    private String apiCredentialsId;
    private boolean applyThreshold;
    private String scanFileLocation;
    private String actionOnThresholdBreached;
    private Threshold threshold;

    @Extension
    @Symbol({"sec1Security"})
    /* loaded from: input_file:WEB-INF/lib/secone-security.jar:io/jenkins/plugins/secone/security/SecOneScannerPlugin$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        @DataBoundConstructor
        public DescriptorImpl() {
            super(SecOneScannerPlugin.class);
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "Execute Sec1 Security Scan";
        }
    }

    @DataBoundConstructor
    public SecOneScannerPlugin(String str) {
        this.apiCredentialsId = str;
    }

    public String getApiCredentialsId() {
        return this.apiCredentialsId;
    }

    public void setApiCredentialsId(String str) {
        this.apiCredentialsId = str;
    }

    public boolean isApplyThreshold() {
        return this.applyThreshold;
    }

    @DataBoundSetter
    public void setApplyThreshold(boolean z) {
        this.applyThreshold = z;
    }

    public Threshold getThreshold() {
        return this.threshold;
    }

    @DataBoundSetter
    public void setThreshold(Threshold threshold) {
        this.threshold = threshold;
    }

    public String getActionOnThresholdBreached() {
        return this.actionOnThresholdBreached;
    }

    @DataBoundSetter
    public void setActionOnThresholdBreached(String str) {
        this.actionOnThresholdBreached = str;
    }

    public String getScanFileLocation() {
        return this.scanFileLocation;
    }

    @DataBoundSetter
    public void setScanFileLocation(String str) {
        this.scanFileLocation = str;
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws AbortException {
        printStartMessage(buildListener);
        if (this.threshold != null) {
            this.applyThreshold = true;
        }
        if (performScan(abstractBuild, buildListener, this.applyThreshold, getGitWorkingDirectory(abstractBuild, buildListener)) != 0) {
            abstractBuild.setResult(Result.UNSTABLE);
        }
        printEndMessage(buildListener);
        return true;
    }

    private void printStartMessage(TaskListener taskListener) {
        taskListener.getLogger().println("**************Sec1 Security scan start**************");
    }

    private void printEndMessage(TaskListener taskListener) {
        taskListener.getLogger().println("**************Sec1 Security scan end**************");
    }

    private String getInstanceUrl(EnvVars envVars, TaskListener taskListener) {
        String str = (String) envVars.get(INSTANCE_URL);
        if (StringUtils.isNotBlank(str)) {
            taskListener.getLogger().println("SEC1_INSTANCE_URL : " + str);
            return str;
        }
        taskListener.getLogger().println("No environment variable SEC1_INSTANCE_URL set. Using default : https://api.sec1.io");
        return "https://api.sec1.io";
    }

    public void perform(Run<?, ?> run, FilePath filePath, EnvVars envVars, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        printStartMessage(taskListener);
        if (StringUtils.isBlank(this.scanFileLocation)) {
            throw new AbortException("scanFileLocation not configured. Please check your configuration.");
        }
        if (StringUtils.isBlank(this.actionOnThresholdBreached)) {
            taskListener.getLogger().println("actionOnThresholdBreached is not set. Default action is fail.");
        } else if ((StringUtils.equalsIgnoreCase(this.actionOnThresholdBreached, "fail") || StringUtils.equalsIgnoreCase(this.actionOnThresholdBreached, "unstable") || StringUtils.equalsIgnoreCase(this.actionOnThresholdBreached, "continue")) && this.threshold != null) {
            getThreshold().setStatusAction(this.actionOnThresholdBreached);
        }
        if (performScan(run, taskListener, this.applyThreshold, this.scanFileLocation) != 0) {
            run.setResult(Result.UNSTABLE);
        }
        printEndMessage(taskListener);
    }

    public String getApiKey(Run<?, ?> run, TaskListener taskListener) {
        if (!StringUtils.isNotBlank(this.apiCredentialsId)) {
            taskListener.getLogger().println("No Credentials Id confgured, using default credendials id : SEC1_API_KEY");
            StringCredentials findCredentialById = CredentialsProvider.findCredentialById(API_KEY, StringCredentials.class, run, Collections.emptyList());
            if (findCredentialById != null) {
                return findCredentialById.getSecret().getPlainText();
            }
            return null;
        }
        taskListener.getLogger().println("Finding api key for credendials id : " + this.apiCredentialsId);
        StringCredentials findCredentialById2 = CredentialsProvider.findCredentialById(this.apiCredentialsId, StringCredentials.class, run, Collections.emptyList());
        if (findCredentialById2 == null) {
            taskListener.getLogger().println("Credentials id not found : " + this.apiCredentialsId);
            taskListener.getLogger().println("Finding api key for default credendials id : SEC1_API_KEY");
            findCredentialById2 = (StringCredentials) CredentialsProvider.findCredentialById(API_KEY, StringCredentials.class, run, Collections.emptyList());
        }
        if (findCredentialById2 != null) {
            return findCredentialById2.getSecret().getPlainText();
        }
        return null;
    }

    public boolean requiresWorkspace() {
        return true;
    }

    private int performScan(Run<?, ?> run, TaskListener taskListener, boolean z, String str) throws AbortException {
        String apiKey = getApiKey(run, taskListener);
        if (StringUtils.isBlank(apiKey)) {
            throw new AbortException("API Key not configured. Please check your configuration.");
        }
        StringBuilder sb = new StringBuilder();
        StringBuilder sb2 = new StringBuilder();
        try {
            sb.append(getInstanceUrl(run.getEnvironment(taskListener), taskListener));
            try {
                String gitUrl = getGitUrl(str);
                if (StringUtils.isBlank(gitUrl)) {
                    throw new AbortException("No valid manifest found in working directory. Please check your configuration.");
                }
                sb2.append(gitUrl);
                String str2 = sb + "/rest/foss/scan/file";
                StringBuilder sb3 = new StringBuilder();
                try {
                    sb3.append(getSubUrl(sb2.toString()));
                } catch (Exception e) {
                    logger.error("Error - extracting app name from url", e);
                    logger.info("Issue extracting app name from url, setting it to default");
                    sb3 = new StringBuilder(sb2);
                }
                List<String> supportedManifest = getSupportedManifest(sb + "/rest/foss/supported-manifest", apiKey, taskListener);
                int i = 0;
                if (CollectionUtils.isEmpty(supportedManifest)) {
                    throw new AbortException("No supported manifest list found. Check you connectivity with Sec1 Api : " + sb);
                }
                List<File> findFilesInDirectory = findFilesInDirectory(str, supportedManifest);
                if (CollectionUtils.isEmpty(findFilesInDirectory)) {
                    throw new AbortException("No supported manifest found. Supported manifest list : " + supportedManifest);
                }
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("location", sb2);
                jSONObject.put("appName", sb3);
                jSONObject.put("source", "jenkins");
                jSONObject.put("dirScan", true);
                taskListener.getLogger().println("==================== SEC1 SCAN CONFIG ====================");
                taskListener.getLogger().println("SCM Url                " + sb2);
                taskListener.getLogger().println("Threshold Enabled      " + z);
                if (this.threshold != null && z) {
                    taskListener.getLogger().println("Threshold Values       Critical " + (StringUtils.isNotBlank(this.threshold.getCriticalThreshold()) ? this.threshold.getCriticalThreshold() : "NA") + ", High " + (StringUtils.isNotBlank(this.threshold.getHighThreshold()) ? this.threshold.getHighThreshold() : "NA") + ", Medium " + (StringUtils.isNotBlank(this.threshold.getMediumThreshold()) ? this.threshold.getMediumThreshold() : "NA") + ", Low " + (StringUtils.isNotBlank(this.threshold.getLowThreshold()) ? this.threshold.getLowThreshold() : "NA"));
                }
                HttpResponse scanFiles = scanFiles(str2, findFilesInDirectory, jSONObject.toString(), apiKey);
                if (scanFiles == null || scanFiles.getStatusLine().getStatusCode() != 200) {
                    logger.error("Issue while getting response from system.");
                    throw new AbortException("Error while processing scan result. Failing the build.");
                }
                try {
                    if (scanFiles.getEntity() != null) {
                        HttpEntity entity = scanFiles.getEntity();
                        if (entity.getContent() == null) {
                            logger.info("Invalid content recevied");
                            throw new AbortException("Error while processing scan result. Failing the build.");
                        }
                        JSONObject jSONObject2 = new JSONObject(new String(IOUtils.toByteArray(entity.getContent()), Charset.defaultCharset().name()));
                        if (jSONObject2.has("cveCountDetails")) {
                            int optInt = jSONObject2.optJSONObject("cveCountDetails") != null ? jSONObject2.getJSONObject("cveCountDetails").optInt("CRITICAL") : 0;
                            int optInt2 = jSONObject2.optJSONObject("cveCountDetails") != null ? jSONObject2.getJSONObject("cveCountDetails").optInt("HIGH") : 0;
                            int optInt3 = jSONObject2.optJSONObject("cveCountDetails") != null ? jSONObject2.getJSONObject("cveCountDetails").optInt("MEDIUM") : 0;
                            int optInt4 = jSONObject2.optJSONObject("cveCountDetails") != null ? jSONObject2.getJSONObject("cveCountDetails").optInt("LOW") : 0;
                            taskListener.getLogger().println("==================== SEC1 SCAN RESULT ====================");
                            if (StringUtils.isBlank(jSONObject2.optString("errorMessage"))) {
                                taskListener.getLogger().println("Vulnerabilities Found  Critical " + optInt + ", High " + optInt2 + ", Medium " + optInt3 + ", Low " + optInt4);
                                taskListener.getLogger().println("RAG Status             " + jSONObject2.optString("overallRagStatus"));
                                taskListener.getLogger().println("Report Url             " + jSONObject2.optString("reportUrl"));
                                if (z) {
                                    if (optInt != 0 && this.threshold.getCriticalThreshold() != null && NumberUtils.isDigits(this.threshold.getCriticalThreshold()) && optInt >= Integer.parseInt(this.threshold.getCriticalThreshold())) {
                                        i = failBuildOnThresholdBreach("Critical Vulnerability Threshold breached.", taskListener, this.threshold);
                                    }
                                    if (optInt2 != 0 && this.threshold.getHighThreshold() != null && NumberUtils.isDigits(this.threshold.getHighThreshold()) && optInt2 >= Integer.parseInt(this.threshold.getHighThreshold())) {
                                        i = failBuildOnThresholdBreach("High Vulnerability Threshold breached.", taskListener, this.threshold);
                                    }
                                    if (optInt3 != 0 && this.threshold.getMediumThreshold() != null && NumberUtils.isDigits(this.threshold.getMediumThreshold()) && optInt3 >= Integer.parseInt(this.threshold.getMediumThreshold())) {
                                        i = failBuildOnThresholdBreach("Medium Vulnerability Threshold breached.", taskListener, this.threshold);
                                    }
                                    if (optInt4 != 0 && this.threshold.getLowThreshold() != null && NumberUtils.isDigits(this.threshold.getLowThreshold()) && optInt4 >= Integer.parseInt(this.threshold.getLowThreshold())) {
                                        i = failBuildOnThresholdBreach("Low Vulnerability Threshold breached.", taskListener, this.threshold);
                                    }
                                }
                            } else {
                                taskListener.error("Error Details : " + jSONObject2.optString("errorMessage"));
                                i = 2;
                            }
                        }
                    }
                    return i;
                } catch (IOException e2) {
                    logger.info("", e2);
                    throw new AbortException("Error while processing scan result. Failing the build.");
                }
            } catch (IOException e3) {
                throw new AbortException("Exception while getting getting scm url from .git folder of workspace.");
            }
        } catch (IOException | InterruptedException e4) {
            throw new AbortException("Exception while getting environment variables.");
        }
    }

    private List<String> getSupportedManifest(String str, String str2, TaskListener taskListener) throws AbortException {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set(API_KEY_HEADER, str2);
        try {
            return parseJsonToDataList(new JSONObject((String) ObjectInitializer.getRestTemplate().exchange(str, HttpMethod.GET, new org.springframework.http.HttpEntity(httpHeaders), String.class, new Object[0]).getBody()));
        } catch (HttpClientErrorException e) {
            taskListener.error(e.getResponseBodyAsString());
            throw new AbortException("Check your API Key. Failing the build.");
        } catch (Exception e2) {
            taskListener.error(e2);
            throw new AbortException("Error while scanning the application. Failing the build.");
        }
    }

    private List<String> parseJsonToDataList(JSONObject jSONObject) {
        ArrayList arrayList = new ArrayList();
        if (jSONObject.has("data")) {
            JSONArray jSONArray = jSONObject.getJSONArray("data");
            for (int i = 0; i < jSONArray.length(); i++) {
                arrayList.add(jSONArray.getString(i));
            }
        }
        return arrayList;
    }

    private int failBuildOnThresholdBreach(String str, TaskListener taskListener, Threshold threshold) throws AbortException {
        if (!StringUtils.isNotBlank(threshold.getStatusAction())) {
            throw new AbortException(str + " Failing the build.");
        }
        if (StringUtils.equalsIgnoreCase(threshold.getStatusAction(), "fail")) {
            throw new AbortException(str + " Failing the build.");
        }
        if (StringUtils.equalsIgnoreCase(threshold.getStatusAction(), "unstable")) {
            taskListener.getLogger().println(str);
            return 2;
        }
        taskListener.getLogger().println(str);
        return 0;
    }

    private String getSubUrl(String str) throws MalformedURLException {
        URL url = new URL(str);
        int indexOf = StringUtils.indexOf(str, url.getHost()) + url.getHost().length() + 1;
        if (url.getPort() != -1) {
            indexOf = StringUtils.indexOf(str, url.getHost()) + url.getHost().length() + String.valueOf(url.getPort()).length() + 1;
        }
        return StringUtils.substring(str, indexOf);
    }

    private String getGitWorkingDirectory(AbstractBuild<?, ?> abstractBuild, TaskListener taskListener) throws AbortException {
        try {
            return (String) abstractBuild.getEnvironment(taskListener).get("WORKSPACE");
        } catch (IOException | InterruptedException e) {
            throw new AbortException("Issue while accessing workspace. Failing the build.");
        }
    }

    private HttpResponse scanFiles(String str, List<File> list, String str2, String str3) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.MULTIPART_FORM_DATA);
        httpHeaders.set(API_KEY_HEADER, str3);
        MultipartEntityBuilder multipartBodyBuilder = ObjectInitializer.getMultipartBodyBuilder();
        multipartBodyBuilder.addTextBody("request", str2);
        Iterator<File> it = list.iterator();
        while (it.hasNext()) {
            multipartBodyBuilder.addBinaryBody("file", it.next());
        }
        HttpEntity build = multipartBodyBuilder.build();
        HttpPost httpPost = ObjectInitializer.getHttpPost();
        httpPost.addHeader(API_KEY_HEADER, str3);
        httpPost.setEntity(build);
        httpPost.setURI(URI.create(str));
        try {
            return ObjectInitializer.getClient().execute(httpPost);
        } catch (IOException e) {
            logger.error("Issue while connecting to api.", e);
            return null;
        }
    }

    private List<File> findFilesInDirectory(String str, List<String> list) {
        ArrayList arrayList = new ArrayList();
        File[] listFiles = new File(str).listFiles();
        if (listFiles != null) {
            for (File file : listFiles) {
                if (file.isFile() && list.contains(file.getName())) {
                    arrayList.add(file);
                }
            }
        }
        return arrayList;
    }

    /* JADX WARN: Code restructure failed: missing block: B:34:0x009a, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x00bb, code lost:
    
        return null;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getGitUrl(java.lang.String r8) throws java.io.IOException {
        /*
            r7 = this;
            r0 = r8
            java.lang.String r1 = java.io.File.separator
            java.lang.String r2 = io.jenkins.plugins.secone.security.object.initializer.ObjectInitializer.getConfigPath()
            java.lang.String r0 = r0 + r1 + r2
            r9 = r0
            java.io.BufferedReader r0 = new java.io.BufferedReader     // Catch: java.io.IOException -> Lb8
            r1 = r0
            java.io.FileReader r2 = new java.io.FileReader     // Catch: java.io.IOException -> Lb8
            r3 = r2
            r4 = r9
            java.nio.charset.Charset r5 = java.nio.charset.StandardCharsets.UTF_8     // Catch: java.io.IOException -> Lb8
            r3.<init>(r4, r5)     // Catch: java.io.IOException -> Lb8
            r1.<init>(r2)     // Catch: java.io.IOException -> Lb8
            r10 = r0
            r0 = 0
            r12 = r0
        L23:
            r0 = r10
            java.lang.String r0 = r0.readLine()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            r1 = r0
            r11 = r1
            if (r0 == 0) goto L99
            r0 = r11
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            java.lang.String r1 = "[remote \"origin\"]"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            if (r0 == 0) goto L3d
            r0 = 1
            r12 = r0
        L3d:
            r0 = r12
            if (r0 == 0) goto L77
            r0 = r11
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            java.lang.String r1 = "url"
            boolean r0 = r0.startsWith(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            if (r0 == 0) goto L77
            r0 = r11
            java.lang.String r1 = "="
            java.lang.String[] r0 = r0.split(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            r13 = r0
            r0 = r13
            int r0 = r0.length     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            r1 = 2
            if (r0 != r1) goto L77
            r0 = r13
            r1 = 1
            r0 = r0[r1]     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            r14 = r0
            r0 = r7
            r1 = r14
            java.lang.String r0 = r0.removeCredentialsFromGitUrl(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            r15 = r0
            r0 = r10
            r0.close()     // Catch: java.io.IOException -> Lb8
            r0 = r15
            return r0
        L77:
            r0 = r12
            if (r0 == 0) goto L23
            r0 = r11
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            java.lang.String r1 = "["
            boolean r0 = r0.startsWith(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            if (r0 == 0) goto L23
            r0 = r11
            java.lang.String r0 = r0.trim()     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            java.lang.String r1 = "[remote \"origin\"]"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> La0 java.io.IOException -> Lb8
            if (r0 != 0) goto L23
            goto L99
        L99:
            r0 = r10
            r0.close()     // Catch: java.io.IOException -> Lb8
            goto Lb5
        La0:
            r11 = move-exception
            r0 = r10
            r0.close()     // Catch: java.lang.Throwable -> La9 java.io.IOException -> Lb8
            goto Lb2
        La9:
            r12 = move-exception
            r0 = r11
            r1 = r12
            r0.addSuppressed(r1)     // Catch: java.io.IOException -> Lb8
        Lb2:
            r0 = r11
            throw r0     // Catch: java.io.IOException -> Lb8
        Lb5:
            goto Lbb
        Lb8:
            r10 = move-exception
            r0 = r10
            throw r0
        Lbb:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.jenkins.plugins.secone.security.SecOneScannerPlugin.getGitUrl(java.lang.String):java.lang.String");
    }

    public String getGitFolderConfigPath() {
        return ".git" + File.separator + "config";
    }

    private String removeCredentialsFromGitUrl(String str) {
        try {
            String userInfo = new URI(str).getUserInfo();
            if (userInfo != null) {
                return str.replace(userInfo + "@", "");
            }
        } catch (URISyntaxException e) {
            e.printStackTrace();
        }
        return str;
    }
}
