package io.snyk.jenkins.steps;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.Util;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Computer;
import hudson.model.Item;
import hudson.model.Node;
import hudson.model.Result;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.ArtifactArchiver;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import io.snyk.jenkins.SnykReportBuildAction;
import io.snyk.jenkins.credentials.SnykApiToken;
import io.snyk.jenkins.tools.SnykInstallation;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:io/snyk/jenkins/steps/SnykBuildStep.class */
public class SnykBuildStep extends Builder {
    private static final Logger LOG = Logger.getLogger(SnykBuildStep.class.getName());
    private boolean failOnIssues = true;
    private boolean monitorProjectOnBuild = true;
    private Severity severity = Severity.LOW;
    private String snykTokenId;
    private String targetFile;
    private String organisation;
    private String projectName;
    private String snykInstallation;

    @Extension
    /* loaded from: input_file:io/snyk/jenkins/steps/SnykBuildStep$SnykBuildStepDescriptor.class */
    public static class SnykBuildStepDescriptor extends BuildStepDescriptor<Builder> {
        private volatile SnykInstallation[] installations = new SnykInstallation[0];

        public SnykBuildStepDescriptor() {
            load();
        }

        @Nonnull
        public String getDisplayName() {
            return "Invoke Snyk Security task";
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        @SuppressFBWarnings({"EI_EXPOSE_REP"})
        public SnykInstallation[] getInstallations() {
            return this.installations;
        }

        public void setInstallations(SnykInstallation... snykInstallationArr) {
            this.installations = snykInstallationArr;
            save();
        }

        public boolean hasInstallationsAvailable() {
            if (SnykBuildStep.LOG.isLoggable(Level.FINE)) {
                SnykBuildStep.LOG.log(Level.FINE, "configured snyk installations: {0}", Integer.valueOf(this.installations.length));
                for (SnykInstallation snykInstallation : this.installations) {
                    SnykBuildStep.LOG.log(Level.FINE, "- details: {0}", snykInstallation);
                }
            }
            return this.installations.length > 0;
        }

        public ListBoxModel doFillSeverityItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Stream map = Stream.of((Object[]) Severity.values()).map((v0) -> {
                return v0.getSeverity();
            });
            listBoxModel.getClass();
            map.forEach(listBoxModel::add);
            return listBoxModel;
        }

        public ListBoxModel doFillSnykTokenIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            if (item == null) {
                Jenkins jenkins = Jenkins.getInstance();
                if (jenkins != null && !jenkins.hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.includeCurrentValue(str);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.includeCurrentValue(str);
            }
            return standardListBoxModel.includeEmptyValue().includeAs(ACL.SYSTEM, item, SnykApiToken.class).includeCurrentValue(str);
        }

        public FormValidation doCheckSnykTokenId(@QueryParameter String str) {
            return Util.fixEmptyAndTrim(str) == null ? FormValidation.error("Snyk API token is required.") : null == CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SnykApiToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.allOf(new CredentialsMatcher[]{CredentialsMatchers.withId(str), CredentialsMatchers.instanceOf(SnykApiToken.class)})) ? FormValidation.error("Cannot find currently selected Snyk API token.") : FormValidation.ok();
        }

        public FormValidation doCheckProjectName(@QueryParameter String str, @QueryParameter String str2) {
            return (Util.fixEmptyAndTrim(str) == null || !"false".equals(Util.fixEmptyAndTrim(str2))) ? FormValidation.ok() : FormValidation.warning("Project name will be ignored, because the project is not monitored on build.");
        }
    }

    @DataBoundConstructor
    public SnykBuildStep() {
    }

    public boolean isFailOnIssues() {
        return this.failOnIssues;
    }

    @DataBoundSetter
    public void setFailOnIssues(boolean z) {
        this.failOnIssues = z;
    }

    public boolean isMonitorProjectOnBuild() {
        return this.monitorProjectOnBuild;
    }

    @DataBoundSetter
    public void setMonitorProjectOnBuild(boolean z) {
        this.monitorProjectOnBuild = z;
    }

    public String getSeverity() {
        if (this.severity != null) {
            return this.severity.getSeverity();
        }
        return null;
    }

    @DataBoundSetter
    public void setSeverity(String str) {
        this.severity = Severity.getIfPresent(str);
    }

    public String getSnykTokenId() {
        return this.snykTokenId;
    }

    @DataBoundSetter
    public void setSnykTokenId(String str) {
        this.snykTokenId = str;
    }

    public String getTargetFile() {
        return this.targetFile;
    }

    @DataBoundSetter
    public void setTargetFile(String str) {
        this.targetFile = str;
    }

    public String getOrganisation() {
        return this.organisation;
    }

    @DataBoundSetter
    public void setOrganisation(String str) {
        this.organisation = str;
    }

    public String getProjectName() {
        return this.projectName;
    }

    @DataBoundSetter
    public void setProjectName(String str) {
        this.projectName = str;
    }

    public String getSnykInstallation() {
        return this.snykInstallation;
    }

    @DataBoundSetter
    public void setSnykInstallation(String str) {
        this.snykInstallation = str;
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        FilePath workspace = abstractBuild.getWorkspace();
        if (workspace == null) {
            buildListener.getLogger().println("Build agent is not connected");
            return false;
        }
        EnvVars environment = abstractBuild.getEnvironment(buildListener);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        SnykInstallation findSnykInstallation = findSnykInstallation();
        if (findSnykInstallation != null) {
            Computer currentComputer = Computer.currentComputer();
            Node node = currentComputer != null ? currentComputer.getNode() : null;
            if (node == null) {
                buildListener.getLogger().println("Not in a build node");
                return false;
            }
            findSnykInstallation = findSnykInstallation.m4forNode(node, (TaskListener) buildListener).m3forEnvironment(environment);
            String snykExecutable = findSnykInstallation.getSnykExecutable(launcher);
            if (snykExecutable == null) {
                buildListener.getLogger().println("Can't retrieve the Snyk executable.");
                return false;
            }
            argumentListBuilder.add(snykExecutable);
        } else {
            argumentListBuilder.add("snyk");
        }
        SnykApiToken snykTokenCredential = getSnykTokenCredential();
        if (snykTokenCredential == null) {
            buildListener.getLogger().println("Snyk API token was not defined! Please configure the build properly");
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
        environment.put("SNYK_TOKEN", snykTokenCredential.getToken().getPlainText());
        environment.overrideAll(abstractBuild.getBuildVariables());
        argumentListBuilder.add(new String[]{"test", "--json"});
        if (Util.fixEmptyAndTrim(this.severity.getSeverity()) != null) {
            argumentListBuilder.add("--severity-threshold=" + this.severity.getSeverity());
        }
        if (Util.fixEmptyAndTrim(this.targetFile) != null) {
            argumentListBuilder.add("--file=" + this.targetFile);
        }
        if (Util.fixEmptyAndTrim(this.organisation) != null) {
            argumentListBuilder.add("--org=" + this.organisation);
        }
        if (Util.fixEmptyAndTrim(this.projectName) != null) {
            argumentListBuilder.add("--project-name=" + this.projectName);
        } else {
            argumentListBuilder.add("--project-name=" + workspace.getName());
        }
        OutputStream write = workspace.child("snyk_report.json").write();
        try {
            buildListener.getLogger().println("Testing for any known vulnerabilities");
            buildListener.getLogger().println("> " + argumentListBuilder);
            boolean z = !this.failOnIssues || launcher.launch().cmds(argumentListBuilder).envs(environment).stdout(write).quiet(true).pwd(workspace).join() == 0;
            abstractBuild.setResult(z ? Result.SUCCESS : Result.FAILURE);
            if (findSnykInstallation != null) {
                generateSnykHtmlReport(abstractBuild, launcher, buildListener, findSnykInstallation.getReportExecutable(launcher));
                if (abstractBuild.getActions(SnykReportBuildAction.class).size() <= 0) {
                    abstractBuild.addAction(new SnykReportBuildAction(abstractBuild));
                    new ArtifactArchiver(workspace.getName() + "_snyk_report.html").perform(abstractBuild, workspace, launcher, buildListener);
                }
            }
            return z;
        } catch (IOException e) {
            Util.displayIOException(e, buildListener);
            e.printStackTrace(buildListener.fatalError("Snyk command execution failed"));
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
    }

    private SnykInstallation findSnykInstallation() {
        return (SnykInstallation) Stream.of((Object[]) getDescriptor().getInstallations()).filter(snykInstallation -> {
            return snykInstallation.getName().equals(this.snykInstallation);
        }).findFirst().orElse(null);
    }

    private SnykApiToken getSnykTokenCredential() {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SnykApiToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.snykTokenId));
    }

    private void generateSnykHtmlReport(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener, String str) throws IOException, InterruptedException {
        EnvVars environment = abstractBuild.getEnvironment(buildListener);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        FilePath workspace = abstractBuild.getWorkspace();
        if (workspace == null) {
            buildListener.getLogger().println("Build agent is not connected");
            return;
        }
        if (!workspace.child("snyk_report.json").exists()) {
            buildListener.getLogger().println("Snyk report json doesn't exist");
            return;
        }
        workspace.child("snyk_report.html").write("", "UTF-8");
        argumentListBuilder.add(str);
        argumentListBuilder.add(new String[]{"-i", "snyk_report.json", "-o", workspace.getName() + "_snyk_report.html"});
        try {
            if (!(launcher.launch().cmds(argumentListBuilder).envs(environment).quiet(true).pwd(workspace).join() == 0)) {
                buildListener.getLogger().println("Generating Snyk html report was not successful");
            }
        } catch (IOException e) {
            Util.displayIOException(e, buildListener);
            e.printStackTrace(buildListener.fatalError("Snyk-to-Html command execution failed"));
        }
    }
}
