package io.snyk.jenkins.workflow;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.Util;
import hudson.model.Computer;
import hudson.model.Node;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.ArtifactArchiver;
import hudson.util.ArgumentListBuilder;
import io.snyk.jenkins.Severity;
import io.snyk.jenkins.SnykReportBuildAction;
import io.snyk.jenkins.SnykStepBuilder;
import io.snyk.jenkins.config.SnykConstants;
import io.snyk.jenkins.credentials.SnykApiToken;
import io.snyk.jenkins.tools.SnykInstallation;
import io.snyk.jenkins.transform.ReportConverter;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.CauseOfInterruption;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.workflow.steps.FlowInterruptedException;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/snyk/jenkins/workflow/SnykSecurityStep.class */
public class SnykSecurityStep extends Step {
    private static final Logger LOG = LoggerFactory.getLogger(SnykSecurityStep.class.getName());
    private boolean failOnIssues = true;
    private boolean monitorProjectOnBuild = true;
    private Severity severity = Severity.LOW;
    private String snykTokenId;
    private String targetFile;
    private String organisation;
    private String projectName;
    private String snykInstallation;
    private String additionalArguments;

    /* loaded from: input_file:io/snyk/jenkins/workflow/SnykSecurityStep$Execution.class */
    public static class Execution extends SynchronousNonBlockingStepExecution<Void> {
        private static final long serialVersionUID = 1;
        private final transient SnykSecurityStep snykSecurityStep;

        public Execution(@Nonnull SnykSecurityStep snykSecurityStep, @Nonnull StepContext stepContext) {
            super(stepContext);
            this.snykSecurityStep = snykSecurityStep;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: run, reason: merged with bridge method [inline-methods] */
        public Void m15run() throws Exception {
            EnvVars envVars = (EnvVars) getContext().get(EnvVars.class);
            if (envVars == null) {
                SnykSecurityStep.LOG.error("Required context parameter 'EnvVars' is missing.");
                return null;
            }
            FilePath filePath = (FilePath) getContext().get(FilePath.class);
            if (filePath == null) {
                SnykSecurityStep.LOG.error("Required context parameter 'FilePath' (workspace) is missing.");
                return null;
            }
            Launcher launcher = (Launcher) getContext().get(Launcher.class);
            if (launcher == null) {
                SnykSecurityStep.LOG.error("Required context parameter 'Launcher' is missing.");
                return null;
            }
            Run<?, ?> run = (Run) getContext().get(Run.class);
            if (run == null) {
                SnykSecurityStep.LOG.error("Required context parameter 'Run' is missing.");
                return null;
            }
            TaskListener taskListener = (TaskListener) getContext().get(TaskListener.class);
            if (taskListener == null) {
                SnykSecurityStep.LOG.error("Required context parameter 'TaskListener' is missing.");
                return null;
            }
            if (SnykSecurityStep.LOG.isTraceEnabled()) {
                SnykSecurityStep.LOG.trace("Configured EnvVars for build '{}'", run.getId());
                SnykSecurityStep.LOG.trace((String) envVars.entrySet().stream().map(entry -> {
                    return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
                }).collect(Collectors.joining(", ", "{", "}")));
            }
            SnykInstallation findSnykInstallation = findSnykInstallation();
            if (findSnykInstallation == null) {
                taskListener.getLogger().println("Snyk installation named '" + this.snykSecurityStep.snykInstallation + "' was not found. Please configure the build properly and retry.");
                run.setResult(Result.FAILURE);
                return null;
            }
            Computer computer = filePath.toComputer();
            Node node = computer != null ? computer.getNode() : null;
            if (node == null) {
                taskListener.getLogger().println("Not running on a build node.");
                run.setResult(Result.FAILURE);
                return null;
            }
            SnykInstallation m5forEnvironment = findSnykInstallation.m6forNode(node, taskListener).m5forEnvironment(envVars);
            String snykExecutable = m5forEnvironment.getSnykExecutable(launcher);
            if (snykExecutable == null) {
                taskListener.getLogger().println("Can't retrieve the Snyk executable.");
                run.setResult(Result.FAILURE);
                return null;
            }
            SnykApiToken snykTokenCredential = getSnykTokenCredential();
            if (snykTokenCredential == null) {
                taskListener.getLogger().println("Snyk API token with ID '" + this.snykSecurityStep.snykTokenId + "' was not found. Please configure the build properly and retry.");
                run.setResult(Result.FAILURE);
                return null;
            }
            envVars.put("SNYK_TOKEN", snykTokenCredential.getToken().getPlainText());
            FilePath child = filePath.child(SnykConstants.SNYK_TEST_REPORT_JSON);
            OutputStream write = child.write();
            ArgumentListBuilder buildArgumentList = buildArgumentList(snykExecutable, "test", envVars);
            try {
                taskListener.getLogger().println("Testing for known issues...");
                taskListener.getLogger().println("> " + buildArgumentList);
                int join = launcher.launch().cmds(buildArgumentList).envs(envVars).stdout(write).quiet(true).pwd(filePath).join();
                run.setResult(!this.snykSecurityStep.failOnIssues || join == 0 ? Result.SUCCESS : Result.FAILURE);
                if (SnykSecurityStep.LOG.isTraceEnabled()) {
                    SnykSecurityStep.LOG.trace("Command line arguments: {}", buildArgumentList);
                    SnykSecurityStep.LOG.trace("Exit code: {}", Integer.valueOf(join));
                    SnykSecurityStep.LOG.trace("Command output: {}", child.readToString());
                }
                JSONObject fromObject = JSONObject.fromObject(child.readToString());
                if (fromObject.has("error")) {
                    taskListener.getLogger().println("Error result: " + fromObject.getString("error"));
                    run.setResult(Result.FAILURE);
                    return null;
                }
                if (fromObject.has("summary") && fromObject.has("uniqueCount")) {
                    taskListener.getLogger().println(String.format("Result: %s known issues | %s", fromObject.getString("uniqueCount"), fromObject.getString("summary")));
                }
                String str = "";
                if (this.snykSecurityStep.monitorProjectOnBuild) {
                    FilePath child2 = filePath.child(SnykConstants.SNYK_MONITOR_REPORT_JSON);
                    OutputStream write2 = child2.write();
                    ArgumentListBuilder buildArgumentList2 = buildArgumentList(snykExecutable, "monitor", envVars);
                    taskListener.getLogger().println("Remember project for continuous monitoring...");
                    taskListener.getLogger().println("> " + buildArgumentList2);
                    int join2 = launcher.launch().cmds(buildArgumentList2).envs(envVars).stdout(write2).quiet(true).pwd(filePath).join();
                    if (join2 != 0) {
                        taskListener.getLogger().println("Warning: 'snyk monitor' was not successful. Exit code: " + join2);
                        taskListener.getLogger().println(child2.readToString());
                    }
                    if (SnykSecurityStep.LOG.isTraceEnabled()) {
                        SnykSecurityStep.LOG.trace("Command line arguments: {}", buildArgumentList2);
                        SnykSecurityStep.LOG.trace("Exit code: {}", Integer.valueOf(join2));
                        SnykSecurityStep.LOG.trace("Command output: {}", child2.readToString());
                    }
                    JSONObject fromObject2 = JSONObject.fromObject(child2.readToString());
                    if (fromObject2.has("uri")) {
                        str = fromObject2.getString("uri");
                    }
                }
                generateSnykHtmlReport(run, filePath, launcher, taskListener, m5forEnvironment.getReportExecutable(launcher), str);
                if (run.getActions(SnykReportBuildAction.class).isEmpty()) {
                    run.addAction(new SnykReportBuildAction(run));
                    new ArtifactArchiver(filePath.getName() + "_" + SnykConstants.SNYK_REPORT_HTML).perform(run, filePath, launcher, taskListener);
                }
                if (this.snykSecurityStep.failOnIssues && Result.FAILURE.equals(run.getResult())) {
                    throw new FlowInterruptedException(Result.FAILURE, new CauseOfInterruption[]{new FoundIssuesCause()});
                }
                return null;
            } catch (IOException e) {
                Util.displayIOException(e, taskListener);
                e.printStackTrace(taskListener.fatalError("Snyk command execution failed"));
                run.setResult(Result.FAILURE);
                return null;
            }
        }

        private SnykInstallation findSnykInstallation() {
            return (SnykInstallation) Stream.of((Object[]) Jenkins.getInstance().getDescriptorByType(SnykStepBuilder.SnykStepBuilderDescriptor.class).getInstallations()).filter(snykInstallation -> {
                return snykInstallation.getName().equals(this.snykSecurityStep.snykInstallation);
            }).findFirst().orElse(null);
        }

        private SnykApiToken getSnykTokenCredential() {
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SnykApiToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.snykSecurityStep.snykTokenId));
        }

        ArgumentListBuilder buildArgumentList(String str, String str2, @Nonnull EnvVars envVars) {
            ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder(new String[]{str, str2, "--json"});
            if (Util.fixEmptyAndTrim(this.snykSecurityStep.severity.getSeverity()) != null) {
                argumentListBuilder.add("--severity-threshold=" + this.snykSecurityStep.severity.getSeverity());
            }
            if (Util.fixEmptyAndTrim(this.snykSecurityStep.targetFile) != null) {
                argumentListBuilder.add("--file=" + Util.replaceMacro(this.snykSecurityStep.targetFile, envVars));
            }
            if (Util.fixEmptyAndTrim(this.snykSecurityStep.organisation) != null) {
                argumentListBuilder.add("--org=" + Util.replaceMacro(this.snykSecurityStep.organisation, envVars));
            }
            if (Util.fixEmptyAndTrim(this.snykSecurityStep.projectName) != null) {
                argumentListBuilder.add("--project-name=" + Util.replaceMacro(this.snykSecurityStep.projectName, envVars));
            }
            if (Util.fixEmptyAndTrim(this.snykSecurityStep.additionalArguments) != null) {
                for (String str3 : Util.tokenize(this.snykSecurityStep.additionalArguments)) {
                    if (Util.fixEmptyAndTrim(str3) != null) {
                        argumentListBuilder.add(Util.replaceMacro(str3, envVars));
                    }
                }
            }
            return argumentListBuilder;
        }

        private void generateSnykHtmlReport(Run<?, ?> run, @Nonnull FilePath filePath, Launcher launcher, TaskListener taskListener, String str, String str2) throws IOException, InterruptedException {
            EnvVars environment = run.getEnvironment(taskListener);
            ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
            if (!filePath.child(SnykConstants.SNYK_TEST_REPORT_JSON).exists()) {
                taskListener.getLogger().println("Snyk report json doesn't exist");
                return;
            }
            filePath.child(SnykConstants.SNYK_REPORT_HTML).write("", StandardCharsets.UTF_8.name());
            argumentListBuilder.add(str);
            argumentListBuilder.add(new String[]{"-i", SnykConstants.SNYK_TEST_REPORT_JSON, "-o", SnykConstants.SNYK_REPORT_HTML});
            try {
                if (!(launcher.launch().cmds(argumentListBuilder).envs(environment).quiet(true).pwd(filePath).join() == 0)) {
                    taskListener.getLogger().println("Generating Snyk html report was not successful");
                }
                filePath.child(filePath.getName() + "_" + SnykConstants.SNYK_REPORT_HTML).write(ReportConverter.getInstance().injectMonitorLink(ReportConverter.getInstance().modifyHeadSection(filePath.child(SnykConstants.SNYK_REPORT_HTML).readToString()), str2), StandardCharsets.UTF_8.name());
            } catch (IOException e) {
                Util.displayIOException(e, taskListener);
                e.printStackTrace(taskListener.fatalError("Snyk-to-Html command execution failed"));
            }
        }
    }

    @Extension
    @Symbol({"snykSecurity"})
    /* loaded from: input_file:io/snyk/jenkins/workflow/SnykSecurityStep$SnykSecurityStepDescriptor.class */
    public static class SnykSecurityStepDescriptor extends StepDescriptor {
        public Set<? extends Class<?>> getRequiredContext() {
            return new HashSet(Arrays.asList(EnvVars.class, FilePath.class, Launcher.class, Run.class, TaskListener.class));
        }

        public String getFunctionName() {
            return "snykSecurity";
        }

        @Nonnull
        public String getDisplayName() {
            return "Invoke Snyk Security task";
        }
    }

    @DataBoundConstructor
    public SnykSecurityStep() {
    }

    public boolean isFailOnIssues() {
        return this.failOnIssues;
    }

    @DataBoundSetter
    public void setFailOnIssues(boolean z) {
        this.failOnIssues = z;
    }

    public boolean isMonitorProjectOnBuild() {
        return this.monitorProjectOnBuild;
    }

    @DataBoundSetter
    public void setMonitorProjectOnBuild(boolean z) {
        this.monitorProjectOnBuild = z;
    }

    public String getSeverity() {
        if (this.severity != null) {
            return this.severity.getSeverity();
        }
        return null;
    }

    @DataBoundSetter
    public void setSeverity(String str) {
        this.severity = Severity.getIfPresent(str);
    }

    public String getSnykTokenId() {
        return this.snykTokenId;
    }

    @DataBoundSetter
    public void setSnykTokenId(String str) {
        this.snykTokenId = str;
    }

    public String getTargetFile() {
        return this.targetFile;
    }

    @DataBoundSetter
    public void setTargetFile(@CheckForNull String str) {
        this.targetFile = Util.fixEmptyAndTrim(str);
    }

    public String getOrganisation() {
        return this.organisation;
    }

    @DataBoundSetter
    public void setOrganisation(@CheckForNull String str) {
        this.organisation = Util.fixEmptyAndTrim(str);
    }

    public String getProjectName() {
        return this.projectName;
    }

    @DataBoundSetter
    public void setProjectName(@CheckForNull String str) {
        this.projectName = Util.fixEmptyAndTrim(str);
    }

    public String getSnykInstallation() {
        return this.snykInstallation;
    }

    @DataBoundSetter
    public void setSnykInstallation(String str) {
        this.snykInstallation = str;
    }

    public String getAdditionalArguments() {
        return this.additionalArguments;
    }

    @DataBoundSetter
    public void setAdditionalArguments(@CheckForNull String str) {
        this.additionalArguments = Util.fixEmptyAndTrim(str);
    }

    public StepExecution start(StepContext stepContext) {
        return new Execution(this, stepContext);
    }
}
