package org.owasp.dependencycheck;

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CancellationException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
import org.owasp.dependencycheck.analyzer.Analyzer;
import org.owasp.dependencycheck.analyzer.AnalyzerService;
import org.owasp.dependencycheck.analyzer.FileTypeAnalyzer;
import org.owasp.dependencycheck.data.nvdcve.ConnectionFactory;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.CachedWebDataSource;
import org.owasp.dependencycheck.data.update.UpdateService;
import org.owasp.dependencycheck.data.update.exception.UpdateException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.exception.NoDataException;
import org.owasp.dependencycheck.exception.ReportException;
import org.owasp.dependencycheck.reporting.ReportGenerator;
import org.owasp.dependencycheck.utils.InvalidSettingException;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.0.0.jar:org/owasp/dependencycheck/Engine.class */
public class Engine implements FileFilter {
    private final List<Dependency> dependencies;
    private final Map<AnalysisPhase, List<Analyzer>> analyzers;
    private final Set<FileTypeAnalyzer> fileTypeAnalyzers;
    private ClassLoader serviceClassLoader;
    private CveDB database;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) Engine.class);

    public Engine() throws DatabaseException {
        this.dependencies = Collections.synchronizedList(new ArrayList());
        this.analyzers = new EnumMap(AnalysisPhase.class);
        this.fileTypeAnalyzers = new HashSet();
        this.serviceClassLoader = Thread.currentThread().getContextClassLoader();
        this.database = null;
        initializeEngine();
    }

    public Engine(ClassLoader classLoader) throws DatabaseException {
        this.dependencies = Collections.synchronizedList(new ArrayList());
        this.analyzers = new EnumMap(AnalysisPhase.class);
        this.fileTypeAnalyzers = new HashSet();
        this.serviceClassLoader = Thread.currentThread().getContextClassLoader();
        this.database = null;
        this.serviceClassLoader = classLoader;
        initializeEngine();
    }

    protected final void initializeEngine() throws DatabaseException {
        ConnectionFactory.initialize();
        loadAnalyzers();
    }

    public void cleanup() {
        if (this.database != null) {
            this.database.close();
            this.database = null;
        }
        ConnectionFactory.cleanup();
    }

    private void loadAnalyzers() {
        if (this.analyzers.isEmpty()) {
            for (AnalysisPhase analysisPhase : AnalysisPhase.values()) {
                this.analyzers.put(analysisPhase, new ArrayList());
            }
            for (Analyzer analyzer : new AnalyzerService(this.serviceClassLoader).getAnalyzers()) {
                this.analyzers.get(analyzer.getAnalysisPhase()).add(analyzer);
                if (analyzer instanceof FileTypeAnalyzer) {
                    this.fileTypeAnalyzers.add((FileTypeAnalyzer) analyzer);
                }
            }
        }
    }

    public List<Analyzer> getAnalyzers(AnalysisPhase analysisPhase) {
        return this.analyzers.get(analysisPhase);
    }

    public synchronized List<Dependency> getDependencies() {
        return this.dependencies;
    }

    public synchronized void setDependencies(List<Dependency> list) {
        this.dependencies.clear();
        this.dependencies.addAll(list);
    }

    public List<Dependency> scan(String[] strArr) {
        return scan(strArr, (String) null);
    }

    public List<Dependency> scan(String[] strArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : strArr) {
            List<Dependency> scan = scan(str2, str);
            if (scan != null) {
                arrayList.addAll(scan);
            }
        }
        return arrayList;
    }

    public List<Dependency> scan(String str) {
        return scan(str, (String) null);
    }

    public List<Dependency> scan(String str, String str2) {
        return scan(new File(str), str2);
    }

    public List<Dependency> scan(File[] fileArr) {
        return scan(fileArr, (String) null);
    }

    public List<Dependency> scan(File[] fileArr, String str) {
        ArrayList arrayList = new ArrayList();
        for (File file : fileArr) {
            List<Dependency> scan = scan(file, str);
            if (scan != null) {
                arrayList.addAll(scan);
            }
        }
        return arrayList;
    }

    public List<Dependency> scan(Collection<File> collection) {
        return scan(collection, (String) null);
    }

    public List<Dependency> scan(Collection<File> collection, String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<File> it = collection.iterator();
        while (it.hasNext()) {
            List<Dependency> scan = scan(it.next(), str);
            if (scan != null) {
                arrayList.addAll(scan);
            }
        }
        return arrayList;
    }

    public List<Dependency> scan(File file) {
        return scan(file, (String) null);
    }

    public List<Dependency> scan(File file, String str) {
        if (!file.exists()) {
            return null;
        }
        if (file.isDirectory()) {
            return scanDirectory(file, str);
        }
        Dependency scanFile = scanFile(file, str);
        if (scanFile == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(scanFile);
        return arrayList;
    }

    protected List<Dependency> scanDirectory(File file) {
        return scanDirectory(file, null);
    }

    protected List<Dependency> scanDirectory(File file, String str) {
        File[] listFiles = file.listFiles();
        ArrayList arrayList = new ArrayList();
        if (listFiles != null) {
            for (File file2 : listFiles) {
                if (file2.isDirectory()) {
                    List<Dependency> scanDirectory = scanDirectory(file2, str);
                    if (scanDirectory != null) {
                        arrayList.addAll(scanDirectory);
                    }
                } else {
                    arrayList.add(scanFile(file2, str));
                }
            }
        }
        return arrayList;
    }

    protected Dependency scanFile(File file) {
        return scanFile(file, null);
    }

    protected Dependency scanFile(File file, String str) {
        Dependency dependency = null;
        if (file.isFile()) {
            if (accept(file)) {
                dependency = new Dependency(file);
                if (str != null) {
                    dependency.addProjectReference(str);
                }
                String sha1sum = dependency.getSha1sum();
                boolean z = false;
                synchronized (this.dependencies) {
                    if (sha1sum != null) {
                        Iterator<Dependency> it = this.dependencies.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Dependency next = it.next();
                            if (sha1sum.equals(next.getSha1sum())) {
                                z = true;
                                if (str != null) {
                                    next.addProjectReference(str);
                                }
                                if (next.getActualFilePath() == null || dependency.getActualFilePath() == null || next.getActualFilePath().equals(dependency.getActualFilePath())) {
                                    dependency = next;
                                } else {
                                    next.addRelatedDependency(dependency);
                                }
                            }
                        }
                    }
                    if (!z) {
                        this.dependencies.add(dependency);
                    }
                }
            } else {
                LOGGER.debug("Path passed to scanFile(File) is not a file: {}. Skipping the file.", file);
            }
        }
        return dependency;
    }

    public void analyzeDependencies() throws ExceptionCollection {
        List<Throwable> synchronizedList = Collections.synchronizedList(new ArrayList());
        initializeAndUpdateDatabase(synchronizedList);
        try {
            ensureDataExists();
        } catch (NoDataException e) {
            throwFatalExceptionCollection("Unable to continue dependency-check analysis.", e, synchronizedList);
        }
        LOGGER.debug("\n----------------------------------------------------\nBEGIN ANALYSIS\n----------------------------------------------------");
        LOGGER.info("Analysis Started");
        long currentTimeMillis = System.currentTimeMillis();
        for (AnalysisPhase analysisPhase : AnalysisPhase.values()) {
            for (Analyzer analyzer : this.analyzers.get(analysisPhase)) {
                long currentTimeMillis2 = System.currentTimeMillis();
                try {
                    initializeAnalyzer(analyzer);
                    if (analyzer.isEnabled()) {
                        executeAnalysisTasks(analyzer, synchronizedList);
                        LOGGER.info("Finished {} ({} seconds)", analyzer.getName(), Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - currentTimeMillis2)));
                    } else {
                        LOGGER.debug("Skipping {} (not enabled)", analyzer.getName());
                    }
                } catch (InitializationException e2) {
                    synchronizedList.add(e2);
                }
            }
        }
        for (AnalysisPhase analysisPhase2 : AnalysisPhase.values()) {
            Iterator<Analyzer> it = this.analyzers.get(analysisPhase2).iterator();
            while (it.hasNext()) {
                closeAnalyzer(it.next());
            }
        }
        LOGGER.debug("\n----------------------------------------------------\nEND ANALYSIS\n----------------------------------------------------");
        LOGGER.info("Analysis Complete ({} seconds)", Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - currentTimeMillis)));
        if (synchronizedList.size() > 0) {
            throw new ExceptionCollection("One or more exceptions occurred during dependency-check analysis", synchronizedList);
        }
    }

    private void initializeAndUpdateDatabase(List<Throwable> list) throws ExceptionCollection {
        boolean z = true;
        try {
            z = Settings.getBoolean(Settings.KEYS.AUTO_UPDATE);
        } catch (InvalidSettingException e) {
            LOGGER.debug("Invalid setting for auto-update; using true.");
            list.add(e);
        }
        if (!z) {
            try {
                if (ConnectionFactory.isH2Connection() && !ConnectionFactory.h2DataFileExists()) {
                    throw new ExceptionCollection((Throwable) new NoDataException("Autoupdate is disabled and the database does not exist"), true);
                }
                this.database = CveDB.getInstance();
                return;
            } catch (IOException e2) {
                throw new ExceptionCollection((Throwable) new DatabaseException("Autoupdate is disabled and unable to connect to the database"), true);
            } catch (DatabaseException e3) {
                throwFatalExceptionCollection("Unable to connect to the dependency-check database.", e3, list);
                return;
            }
        }
        try {
            this.database = CveDB.getInstance();
            doUpdates();
        } catch (DatabaseException e4) {
            throw new ExceptionCollection("Unable to connect to the database", e4);
        } catch (UpdateException e5) {
            list.add(e5);
            LOGGER.warn("Unable to update Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.");
            LOGGER.debug("Update Error", (Throwable) e5);
        }
    }

    protected void executeAnalysisTasks(Analyzer analyzer, List<Throwable> list) throws ExceptionCollection {
        LOGGER.debug("Starting {}", analyzer.getName());
        List<AnalysisTask> analysisTasks = getAnalysisTasks(analyzer, list);
        ExecutorService executorService = getExecutorService(analyzer);
        try {
            try {
                Iterator it = executorService.invokeAll(analysisTasks, 10L, TimeUnit.MINUTES).iterator();
                while (it.hasNext()) {
                    try {
                        ((Future) it.next()).get();
                    } catch (CancellationException e) {
                        throwFatalExceptionCollection("Analysis task timed out.", e, list);
                    } catch (ExecutionException e2) {
                        throwFatalExceptionCollection("Analysis task failed with a fatal exception.", e2, list);
                    }
                }
            } catch (InterruptedException e3) {
                Thread.currentThread().interrupt();
                throwFatalExceptionCollection("Analysis has been interrupted.", e3, list);
                executorService.shutdown();
            }
        } finally {
            executorService.shutdown();
        }
    }

    protected List<AnalysisTask> getAnalysisTasks(Analyzer analyzer, List<Throwable> list) {
        ArrayList arrayList = new ArrayList();
        synchronized (this.dependencies) {
            Iterator<Dependency> it = this.dependencies.iterator();
            while (it.hasNext()) {
                arrayList.add(new AnalysisTask(analyzer, it.next(), this, list, Settings.getInstance()));
            }
        }
        return arrayList;
    }

    protected ExecutorService getExecutorService(Analyzer analyzer) {
        if (!analyzer.supportsParallelProcessing()) {
            LOGGER.debug("Parallel processing is not supported: {}.", analyzer.getName());
            return Executors.newSingleThreadExecutor();
        }
        int availableProcessors = Runtime.getRuntime().availableProcessors();
        LOGGER.debug("Parallel processing with up to {} threads: {}.", Integer.valueOf(availableProcessors), analyzer.getName());
        return Executors.newFixedThreadPool(availableProcessors);
    }

    protected void initializeAnalyzer(Analyzer analyzer) throws InitializationException {
        try {
            LOGGER.debug("Initializing {}", analyzer.getName());
            analyzer.initialize();
        } catch (InitializationException e) {
            LOGGER.error("Exception occurred initializing {}.", analyzer.getName());
            LOGGER.debug(StringUtils.EMPTY, (Throwable) e);
            try {
                analyzer.close();
            } catch (Throwable th) {
                LOGGER.trace(StringUtils.EMPTY, th);
            }
            throw e;
        } catch (Throwable th2) {
            LOGGER.error("Unexpected exception occurred initializing {}.", analyzer.getName());
            LOGGER.debug(StringUtils.EMPTY, th2);
            try {
                analyzer.close();
            } catch (Throwable th3) {
                LOGGER.trace(StringUtils.EMPTY, th3);
            }
            throw new InitializationException("Unexpected Exception", th2);
        }
    }

    protected void closeAnalyzer(Analyzer analyzer) {
        LOGGER.debug("Closing Analyzer '{}'", analyzer.getName());
        try {
            analyzer.close();
        } catch (Throwable th) {
            LOGGER.trace(StringUtils.EMPTY, th);
        }
    }

    public void doUpdates() throws UpdateException {
        LOGGER.info("Checking for updates");
        long currentTimeMillis = System.currentTimeMillis();
        Iterator<CachedWebDataSource> dataSources = new UpdateService(this.serviceClassLoader).getDataSources();
        while (dataSources.hasNext()) {
            dataSources.next().update();
        }
        LOGGER.info("Check for updates complete ({} ms)", Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
    }

    public List<Analyzer> getAnalyzers() {
        ArrayList arrayList = new ArrayList();
        for (AnalysisPhase analysisPhase : AnalysisPhase.values()) {
            arrayList.addAll(this.analyzers.get(analysisPhase));
        }
        return arrayList;
    }

    @Override // java.io.FileFilter
    public boolean accept(File file) {
        if (file == null) {
            return false;
        }
        boolean z = false;
        Iterator<FileTypeAnalyzer> it = this.fileTypeAnalyzers.iterator();
        while (it.hasNext()) {
            z |= it.next().accept(file);
        }
        return z;
    }

    public Set<FileTypeAnalyzer> getFileTypeAnalyzers() {
        return this.fileTypeAnalyzers;
    }

    protected void addFileTypeAnalyzer(FileTypeAnalyzer fileTypeAnalyzer) {
        this.fileTypeAnalyzers.add(fileTypeAnalyzer);
    }

    private void ensureDataExists() throws NoDataException {
        if (this.database == null || !this.database.dataExists()) {
            throw new NoDataException("No documents exist");
        }
    }

    private void throwFatalExceptionCollection(String str, Throwable th, List<Throwable> list) throws ExceptionCollection {
        LOGGER.error("{}\n\n{}", th.getMessage(), str);
        LOGGER.debug(StringUtils.EMPTY, th);
        list.add(th);
        throw new ExceptionCollection(str, list, true);
    }

    public synchronized void writeReports(String str, String str2, String str3, String str4, File file, String str5) throws ReportException {
        try {
            new ReportGenerator(str, str2, str3, str4, this.dependencies, getAnalyzers(), this.database.getDatabaseProperties()).write(file.getAbsolutePath(), str5);
        } catch (ReportException e) {
            throw new ReportException(String.format("Error generating the report for %s", str), e);
        }
    }

    public void writeReports(String str, File file, String str2) throws ReportException {
        writeReports(str, null, null, null, file, str2);
    }
}
