package org.jenkinsci.plugins.DependencyCheck.parser;

import hudson.plugins.analysis.core.AbstractAnnotationParser;
import hudson.plugins.analysis.util.model.FileAnnotation;
import hudson.plugins.analysis.util.model.Priority;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Collection;
import org.apache.commons.digester.Digester;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Identifier;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/dependency-check-jenkins-plugin.jar:org/jenkinsci/plugins/DependencyCheck/parser/ReportParser.class */
public class ReportParser extends AbstractAnnotationParser {
    private static final long serialVersionUID = -1906443657161473919L;

    public ReportParser() {
        super(StringUtils.EMPTY);
    }

    public ReportParser(String str) {
        super(str);
    }

    public Collection<FileAnnotation> parse(InputStream inputStream, String str) throws InvocationTargetException {
        try {
            Digester digester = new Digester();
            digester.setValidating(false);
            digester.setClassLoader(ReportParser.class.getClassLoader());
            digester.addObjectCreate("analysis", Analysis.class);
            digester.addObjectCreate("analysis/dependencies/dependency", Dependency.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/fileName");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/filePath");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/md5", "md5sum");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/sha1", "sha1sum");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/description");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/license");
            digester.addObjectCreate("analysis/dependencies/dependency/identifiers/identifier", Identifier.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/identifiers/identifier/name", "value");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/identifiers/identifier/url");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability", Vulnerability.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/name");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssScore");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssAccessVector");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssAccessComplexity");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssConfidentialImpact", "cvssConfidentialityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssIntegrityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssAvailabilityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cwe");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/description");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference", Reference.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/source");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/url");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/name");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability", Vulnerability.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/name");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssScore");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssAccessVector");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssAccessComplexity");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssConfidentialImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssIntegrityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cvssAvailabilityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/cwe");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/description");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/references/reference", Reference.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/references/reference/source");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/references/reference/url");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/references/reference/name");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability/references/reference", "addReference");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/suppressedVulnerability", "addSuppressedVulnerability");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference", "addReference");
            digester.addSetNext("analysis/dependencies/dependency/identifiers/identifier", "addIdentifier");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability", "addVulnerability");
            digester.addSetNext("analysis/dependencies/dependency", "addDependency");
            Analysis analysis = (Analysis) digester.parse(inputStream);
            if (analysis == null) {
                throw new SAXException("Input stream is not a Dependency-Check report file.");
            }
            return convert(analysis, str);
        } catch (IOException e) {
            throw new InvocationTargetException(e);
        } catch (SAXException e2) {
            throw new InvocationTargetException(e2);
        }
    }

    private Collection<FileAnnotation> convert(Analysis analysis, String str) {
        ArrayList arrayList = new ArrayList();
        for (Dependency dependency : analysis.getDependencies()) {
            for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                Warning warning = new Warning(((double) vulnerability.getCvssScore()) >= 7.0d ? Priority.HIGH : ((double) vulnerability.getCvssScore()) < 4.0d ? Priority.LOW : Priority.NORMAL, vulnerability);
                warning.setModuleName(str);
                warning.setFileName(dependency.getFilePath());
                arrayList.add(warning);
            }
        }
        return arrayList;
    }
}
