package io.snyk.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.Util;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Computer;
import hudson.model.Item;
import hudson.model.Node;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.ArtifactArchiver;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import io.snyk.jenkins.config.SnykConstants;
import io.snyk.jenkins.credentials.SnykApiToken;
import io.snyk.jenkins.model.ObjectMapperHelper;
import io.snyk.jenkins.model.SnykMonitorResult;
import io.snyk.jenkins.model.SnykTestResult;
import io.snyk.jenkins.tools.SnykInstallation;
import io.snyk.jenkins.transform.ReportConverter;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/snyk/jenkins/SnykStepBuilder.class */
public class SnykStepBuilder extends Builder {
    private static final Logger LOG = LoggerFactory.getLogger(SnykStepBuilder.class.getName());
    private boolean failOnIssues = true;
    private boolean monitorProjectOnBuild = true;
    private Severity severity = Severity.LOW;
    private String snykTokenId;
    private String targetFile;
    private String organisation;
    private String projectName;
    private String snykInstallation;
    private String additionalArguments;

    @Extension
    @Symbol({"snykSecurity"})
    /* loaded from: input_file:io/snyk/jenkins/SnykStepBuilder$SnykStepBuilderDescriptor.class */
    public static class SnykStepBuilderDescriptor extends BuildStepDescriptor<Builder> {
        private volatile SnykInstallation[] installations = new SnykInstallation[0];

        public SnykStepBuilderDescriptor() {
            load();
        }

        @Nonnull
        public String getDisplayName() {
            return "Invoke Snyk Security task";
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        @SuppressFBWarnings({"EI_EXPOSE_REP"})
        public SnykInstallation[] getInstallations() {
            return this.installations;
        }

        public void setInstallations(SnykInstallation... snykInstallationArr) {
            this.installations = snykInstallationArr;
            save();
        }

        public boolean hasInstallationsAvailable() {
            if (SnykStepBuilder.LOG.isTraceEnabled()) {
                SnykStepBuilder.LOG.trace("Available Snyk installations: {}", Arrays.stream(this.installations).map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.joining(",", "[", "]")));
            }
            return this.installations.length > 0;
        }

        public ListBoxModel doFillSeverityItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Stream map = Stream.of((Object[]) Severity.values()).map((v0) -> {
                return v0.getSeverity();
            });
            listBoxModel.getClass();
            map.forEach(listBoxModel::add);
            return listBoxModel;
        }

        public ListBoxModel doFillSnykTokenIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            if (item == null) {
                if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.includeCurrentValue(str);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.includeCurrentValue(str);
            }
            return standardListBoxModel.includeEmptyValue().includeAs(ACL.SYSTEM, item, SnykApiToken.class).includeCurrentValue(str);
        }

        public FormValidation doCheckSeverity(@QueryParameter String str, @QueryParameter String str2) {
            return (Util.fixEmptyAndTrim(str) == null || Util.fixEmptyAndTrim(str2) == null) ? FormValidation.ok() : str2.contains("--severity-threshold") ? FormValidation.warning("Option '--severity-threshold' is overridden in additional arguments text area below.") : FormValidation.ok();
        }

        public FormValidation doCheckSnykTokenId(@QueryParameter String str) {
            return Util.fixEmptyAndTrim(str) == null ? FormValidation.error("Snyk API token is required.") : null == CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SnykApiToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.allOf(new CredentialsMatcher[]{CredentialsMatchers.withId(str), CredentialsMatchers.instanceOf(SnykApiToken.class)})) ? FormValidation.error("Cannot find currently selected Snyk API token.") : FormValidation.ok();
        }

        public FormValidation doCheckTargetFile(@QueryParameter String str, @QueryParameter String str2) {
            return (Util.fixEmptyAndTrim(str) == null || Util.fixEmptyAndTrim(str2) == null) ? FormValidation.ok() : str2.contains("--file") ? FormValidation.warning("Option '--file' is overridden in additional arguments text area below.") : FormValidation.ok();
        }

        public FormValidation doCheckOrganisation(@QueryParameter String str, @QueryParameter String str2) {
            return (Util.fixEmptyAndTrim(str) == null || Util.fixEmptyAndTrim(str2) == null) ? FormValidation.ok() : str2.contains("--org") ? FormValidation.warning("Option '--org' is overridden in additional arguments text area below.") : FormValidation.ok();
        }

        public FormValidation doCheckProjectName(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) {
            if (Util.fixEmptyAndTrim(str) == null || Util.fixEmptyAndTrim(str2) == null) {
                return FormValidation.ok();
            }
            ArrayList arrayList = new ArrayList(2);
            if ("false".equals(Util.fixEmptyAndTrim(str2))) {
                arrayList.add(FormValidation.warning("Project name will be ignored, because the project is not monitored on build."));
            }
            if (Util.fixNull(str3).contains("--project-name")) {
                arrayList.add(FormValidation.warning("Option '--project-name' is overridden in additional arguments text area below."));
            }
            return FormValidation.aggregate(arrayList);
        }
    }

    @DataBoundConstructor
    public SnykStepBuilder() {
    }

    public boolean isFailOnIssues() {
        return this.failOnIssues;
    }

    @DataBoundSetter
    public void setFailOnIssues(boolean z) {
        this.failOnIssues = z;
    }

    public boolean isMonitorProjectOnBuild() {
        return this.monitorProjectOnBuild;
    }

    @DataBoundSetter
    public void setMonitorProjectOnBuild(boolean z) {
        this.monitorProjectOnBuild = z;
    }

    public String getSeverity() {
        if (this.severity != null) {
            return this.severity.getSeverity();
        }
        return null;
    }

    @DataBoundSetter
    public void setSeverity(String str) {
        this.severity = Severity.getIfPresent(str);
    }

    public String getSnykTokenId() {
        return this.snykTokenId;
    }

    @DataBoundSetter
    public void setSnykTokenId(String str) {
        this.snykTokenId = str;
    }

    public String getTargetFile() {
        return this.targetFile;
    }

    @DataBoundSetter
    public void setTargetFile(@CheckForNull String str) {
        this.targetFile = Util.fixEmptyAndTrim(str);
    }

    public String getOrganisation() {
        return this.organisation;
    }

    @DataBoundSetter
    public void setOrganisation(@CheckForNull String str) {
        this.organisation = Util.fixEmptyAndTrim(str);
    }

    public String getProjectName() {
        return this.projectName;
    }

    @DataBoundSetter
    public void setProjectName(@CheckForNull String str) {
        this.projectName = Util.fixEmptyAndTrim(str);
    }

    public String getSnykInstallation() {
        return this.snykInstallation;
    }

    @DataBoundSetter
    public void setSnykInstallation(String str) {
        this.snykInstallation = str;
    }

    public String getAdditionalArguments() {
        return this.additionalArguments;
    }

    @DataBoundSetter
    public void setAdditionalArguments(@CheckForNull String str) {
        this.additionalArguments = Util.fixEmptyAndTrim(str);
    }

    public boolean perform(@Nonnull AbstractBuild<?, ?> abstractBuild, @Nonnull Launcher launcher, @Nonnull BuildListener buildListener) throws InterruptedException, IOException {
        FilePath workspace = abstractBuild.getWorkspace();
        if (workspace == null) {
            buildListener.getLogger().println("Build agent is not connected");
            return false;
        }
        EnvVars environment = abstractBuild.getEnvironment(buildListener);
        SnykInstallation findSnykInstallation = findSnykInstallation();
        if (findSnykInstallation == null) {
            buildListener.getLogger().println("Snyk installation named '" + this.snykInstallation + "' was not found. Please configure the build properly and retry.");
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
        Computer computer = workspace.toComputer();
        Node node = computer != null ? computer.getNode() : null;
        if (node == null) {
            buildListener.getLogger().println("Not running on a build node.");
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
        SnykInstallation m6forEnvironment = findSnykInstallation.m7forNode(node, (TaskListener) buildListener).m6forEnvironment(environment);
        String snykExecutable = m6forEnvironment.getSnykExecutable(launcher);
        if (snykExecutable == null) {
            buildListener.getLogger().println("Can't retrieve the Snyk executable.");
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
        SnykApiToken snykTokenCredential = getSnykTokenCredential();
        if (snykTokenCredential == null) {
            buildListener.getLogger().println("Snyk API token with ID '" + this.snykTokenId + "' was not found. Please configure the build properly and retry.");
            abstractBuild.setResult(Result.FAILURE);
            return false;
        }
        environment.put("SNYK_TOKEN", snykTokenCredential.getToken().getPlainText());
        environment.overrideAll(abstractBuild.getBuildVariables());
        VirtualChannel channel = node.getChannel();
        if (channel != null) {
            String home = m6forEnvironment.getHome();
            if (Util.fixEmptyAndTrim(home) != null) {
                String str = (String) new FilePath(channel, home).act(new CustomBuildToolPathCallable());
                environment.put("PATH", str);
                LOG.info("Custom build tool path: '{}'", str);
            }
        }
        FilePath child = workspace.child(SnykConstants.SNYK_TEST_REPORT_JSON);
        ArgumentListBuilder buildArgumentList = buildArgumentList(snykExecutable, "test", environment);
        OutputStream outputStream = null;
        OutputStream outputStream2 = null;
        try {
            try {
                OutputStream write = child.write();
                buildListener.getLogger().println("Testing for known issues...");
                buildListener.getLogger().println("> " + buildArgumentList);
                int join = launcher.launch().cmds(buildArgumentList).envs(environment).stdout(write).quiet(true).pwd(workspace).join();
                boolean z = !this.failOnIssues || join == 0;
                abstractBuild.setResult(z ? Result.SUCCESS : Result.FAILURE);
                String readToString = child.readToString();
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Job: '{}'", abstractBuild);
                    LOG.trace("Command line arguments: {}", buildArgumentList);
                    LOG.trace("Exit code: {}", Integer.valueOf(join));
                    LOG.trace("Command output: {}", readToString);
                }
                SnykTestResult unmarshallTestResult = ObjectMapperHelper.unmarshallTestResult(readToString);
                if (unmarshallTestResult == null) {
                    buildListener.getLogger().println("Could not parse generated json report file.");
                    abstractBuild.setResult(Result.FAILURE);
                    if (write != null) {
                        write.close();
                    }
                    if (0 != 0) {
                        outputStream2.close();
                    }
                    return false;
                }
                if (Util.fixEmptyAndTrim(unmarshallTestResult.error) != null) {
                    buildListener.getLogger().println("Error result: " + unmarshallTestResult.error);
                    abstractBuild.setResult(Result.FAILURE);
                    if (write != null) {
                        write.close();
                    }
                    if (0 != 0) {
                        outputStream2.close();
                    }
                    return false;
                }
                if (!unmarshallTestResult.ok) {
                    buildListener.getLogger().println(String.format("Result: %s known vulnerabilities | %s dependencies", Integer.valueOf(unmarshallTestResult.uniqueCount), Integer.valueOf(unmarshallTestResult.dependencyCount)));
                }
                if (this.monitorProjectOnBuild) {
                    FilePath child2 = workspace.child(SnykConstants.SNYK_MONITOR_REPORT_JSON);
                    outputStream2 = child2.write();
                    ArgumentListBuilder buildArgumentList2 = buildArgumentList(snykExecutable, "monitor", environment);
                    buildListener.getLogger().println("Remember project for continuous monitoring...");
                    buildListener.getLogger().println("> " + buildArgumentList2);
                    int join2 = launcher.launch().cmds(buildArgumentList2).envs(environment).stdout(outputStream2).quiet(true).pwd(workspace).join();
                    String readToString2 = child2.readToString();
                    if (join2 != 0) {
                        buildListener.getLogger().println("Warning: 'snyk monitor' was not successful. Exit code: " + join2);
                        buildListener.getLogger().println(readToString2);
                    }
                    if (LOG.isTraceEnabled()) {
                        LOG.trace("Command line arguments: {}", buildArgumentList2);
                        LOG.trace("Exit code: {}", Integer.valueOf(join2));
                        LOG.trace("Command output: {}", readToString2);
                    }
                    SnykMonitorResult unmarshallMonitorResult = ObjectMapperHelper.unmarshallMonitorResult(readToString2);
                    if (unmarshallMonitorResult != null && Util.fixEmptyAndTrim(unmarshallMonitorResult.uri) != null) {
                        buildListener.getLogger().println("Explore the snapshot at " + unmarshallMonitorResult.uri);
                    }
                }
                generateSnykHtmlReport(abstractBuild, workspace, launcher, buildListener, m6forEnvironment.getReportExecutable(launcher), "");
                if (abstractBuild.getActions(SnykReportBuildAction.class).isEmpty()) {
                    abstractBuild.addAction(new SnykReportBuildAction(abstractBuild));
                }
                new ArtifactArchiver(workspace.getName() + "_" + SnykConstants.SNYK_REPORT_HTML).perform(abstractBuild, workspace, launcher, buildListener);
                if (write != null) {
                    write.close();
                }
                if (outputStream2 != null) {
                    outputStream2.close();
                }
                return z;
            } catch (IOException e) {
                Util.displayIOException(e, buildListener);
                e.printStackTrace(buildListener.fatalError("Snyk command execution failed"));
                abstractBuild.setResult(Result.FAILURE);
                if (0 != 0) {
                    outputStream.close();
                }
                if (0 != 0) {
                    outputStream2.close();
                }
                return false;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                outputStream.close();
            }
            if (0 != 0) {
                outputStream2.close();
            }
            throw th;
        }
    }

    private SnykInstallation findSnykInstallation() {
        return (SnykInstallation) Stream.of((Object[]) getDescriptor().getInstallations()).filter(snykInstallation -> {
            return snykInstallation.getName().equals(this.snykInstallation);
        }).findFirst().orElse(null);
    }

    private SnykApiToken getSnykTokenCredential() {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SnykApiToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.snykTokenId));
    }

    ArgumentListBuilder buildArgumentList(String str, String str2, @Nonnull EnvVars envVars) {
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder(new String[]{str, str2, "--json"});
        if (Util.fixEmptyAndTrim(this.severity.getSeverity()) != null) {
            argumentListBuilder.add("--severity-threshold=" + this.severity.getSeverity());
        }
        if (Util.fixEmptyAndTrim(this.targetFile) != null) {
            argumentListBuilder.add("--file=" + Util.replaceMacro(this.targetFile, envVars));
        }
        if (Util.fixEmptyAndTrim(this.organisation) != null) {
            argumentListBuilder.add("--org=" + Util.replaceMacro(this.organisation, envVars));
        }
        if (Util.fixEmptyAndTrim(this.projectName) != null) {
            argumentListBuilder.add("--project-name=" + Util.replaceMacro(this.projectName, envVars));
        }
        if (Util.fixEmptyAndTrim(this.additionalArguments) != null) {
            for (String str3 : Util.tokenize(this.additionalArguments)) {
                if (Util.fixEmptyAndTrim(str3) != null) {
                    argumentListBuilder.add(Util.replaceMacro(str3, envVars));
                }
            }
        }
        return argumentListBuilder;
    }

    private void generateSnykHtmlReport(Run<?, ?> run, @Nonnull FilePath filePath, Launcher launcher, TaskListener taskListener, String str, String str2) throws IOException, InterruptedException {
        EnvVars environment = run.getEnvironment(taskListener);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        if (!filePath.child(SnykConstants.SNYK_TEST_REPORT_JSON).exists()) {
            taskListener.getLogger().println("Snyk report json doesn't exist");
            return;
        }
        filePath.child(SnykConstants.SNYK_REPORT_HTML).write("", StandardCharsets.UTF_8.name());
        argumentListBuilder.add(str);
        argumentListBuilder.add(new String[]{"-i", SnykConstants.SNYK_TEST_REPORT_JSON, "-o", SnykConstants.SNYK_REPORT_HTML});
        try {
            if (!(launcher.launch().cmds(argumentListBuilder).envs(environment).quiet(true).pwd(filePath).join() == 0)) {
                taskListener.getLogger().println("Generating Snyk html report was not successful");
            }
            filePath.child(filePath.getName() + "_" + SnykConstants.SNYK_REPORT_HTML).write(ReportConverter.getInstance().injectMonitorLink(ReportConverter.getInstance().modifyHeadSection(filePath.child(SnykConstants.SNYK_REPORT_HTML).readToString()), str2), StandardCharsets.UTF_8.name());
        } catch (IOException e) {
            Util.displayIOException(e, taskListener);
            e.printStackTrace(taskListener.fatalError("Snyk-to-Html command execution failed"));
        }
    }
}
