package org.owasp.dependencycheck.analyzer;

import java.io.IOException;
import java.sql.SQLException;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.suppression.SuppressionHandler;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.2.4.jar:org/owasp/dependencycheck/analyzer/NvdCveAnalyzer.class */
public class NvdCveAnalyzer implements Analyzer {
    static final int MAX_QUERY_RESULTS = 100;
    private CveDB cveDB;

    public void open() throws SQLException, IOException, DatabaseException, ClassNotFoundException {
        this.cveDB = new CveDB();
        this.cveDB.open();
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void close() {
        this.cveDB.close();
        this.cveDB = null;
    }

    public boolean isOpen() {
        return this.cveDB != null;
    }

    protected void finalize() throws Throwable {
        super.finalize();
        if (isOpen()) {
            close();
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void analyze(Dependency dependency, Engine engine) throws AnalysisException {
        for (Identifier identifier : dependency.getIdentifiers()) {
            if (SuppressionHandler.CPE.equals(identifier.getType())) {
                try {
                    dependency.getVulnerabilities().addAll(this.cveDB.getVulnerabilities(identifier.getValue()));
                } catch (DatabaseException e) {
                    throw new AnalysisException(e);
                }
            }
        }
        for (Identifier identifier2 : dependency.getSuppressedIdentifiers()) {
            if (SuppressionHandler.CPE.equals(identifier2.getType())) {
                try {
                    dependency.getSuppressedVulnerabilities().addAll(this.cveDB.getVulnerabilities(identifier2.getValue()));
                } catch (DatabaseException e2) {
                    throw new AnalysisException(e2);
                }
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "NVD CVE Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.FINDING_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public void initialize() throws Exception {
        open();
    }
}
