package org.owasp.dependencycheck.data.nvdcve;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.0.7.jar:org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler.class */
public class NvdCve12Handler extends DefaultHandler {
    private static final String CURRENT_SCHEMA_VERSION = "1.2";
    private String vulnerability;
    private List<VulnerableSoftware> software;
    private String vendor;
    private String product;
    private boolean skip = false;
    private boolean hasPreviousVersion = false;
    private final Element current = new Element();
    private Map<String, List<VulnerableSoftware>> vulnerabilities;

    /* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.0.7.jar:org/owasp/dependencycheck/data/nvdcve/NvdCve12Handler$Element.class */
    protected static class Element {
        public static final String NVD = "nvd";
        public static final String ENTRY = "entry";
        public static final String VULN_SOFTWARE = "vuln_soft";
        public static final String PROD = "prod";
        public static final String VERS = "vers";
        private String node;

        protected Element() {
        }

        public String getNode() {
            return this.node;
        }

        public void setNode(String str) {
            this.node = str;
        }

        public boolean isNVDNode() {
            return "nvd".equals(this.node);
        }

        public boolean isEntryNode() {
            return "entry".equals(this.node);
        }

        public boolean isVulnSoftwareNode() {
            return VULN_SOFTWARE.equals(this.node);
        }

        public boolean isProdNode() {
            return PROD.equals(this.node);
        }

        public boolean isVersNode() {
            return VERS.equals(this.node);
        }
    }

    public Map<String, List<VulnerableSoftware>> getVulnerabilities() {
        return this.vulnerabilities;
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
        this.current.setNode(str3);
        if (this.current.isEntryNode()) {
            this.vendor = null;
            this.product = null;
            this.hasPreviousVersion = false;
            this.skip = "1".equals(attributes.getValue("reject"));
            if (this.skip) {
                this.vulnerability = null;
                this.software = null;
                return;
            } else {
                this.vulnerability = attributes.getValue("name");
                this.software = new ArrayList();
                return;
            }
        }
        if (!this.skip && this.current.isProdNode()) {
            this.vendor = attributes.getValue(Fields.VENDOR);
            this.product = attributes.getValue("name");
            return;
        }
        if (this.skip || !this.current.isVersNode()) {
            if (this.current.isNVDNode()) {
                String value = attributes.getValue("nvd_xml_version");
                if (!CURRENT_SCHEMA_VERSION.equals(value)) {
                    throw new SAXNotSupportedException("Schema version " + value + " is not supported");
                }
                this.vulnerabilities = new HashMap();
                return;
            }
            return;
        }
        String value2 = attributes.getValue("prev");
        if (value2 == null || !"1".equals(value2)) {
            return;
        }
        this.hasPreviousVersion = true;
        String value3 = attributes.getValue("edition");
        String value4 = attributes.getValue("num");
        String str4 = "cpe:/a:" + this.vendor + ":" + this.product;
        if (value4 != null) {
            str4 = str4 + ":" + value4;
        }
        if (value3 != null) {
            str4 = str4 + ":" + value3;
        }
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        vulnerableSoftware.setCpe(str4);
        vulnerableSoftware.setPreviousVersion(value2);
        this.software.add(vulnerableSoftware);
    }

    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) throws SAXException {
        this.current.setNode(str3);
        if (this.current.isEntryNode()) {
            if (!this.skip && this.hasPreviousVersion) {
                this.vulnerabilities.put(this.vulnerability, this.software);
            }
            this.vulnerability = null;
            this.software = null;
        }
    }
}
