package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.io.FileUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.pom.PomHandler;

@Experimental
@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-4.0.2.jar:org/owasp/dependencycheck/analyzer/CocoaPodsAnalyzer.class */
public class CocoaPodsAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEPENDENCY_ECOSYSTEM = "CocoaPod";
    private static final String ANALYZER_NAME = "CocoaPods Package Analyzer";
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
    public static final String PODSPEC = "podspec";
    public static final String PODFILE_LOCK = "Podfile.lock";
    private static final FileFilter PODS_FILTER = FileFilterBuilder.newInstance().addExtensions(PODSPEC).addFilenames(PODFILE_LOCK).build();
    private static final Pattern PODSPEC_BLOCK_PATTERN = Pattern.compile("Pod::Spec\\.new\\s+?do\\s+?\\|(.+?)\\|");
    private static final Pattern PODFILE_LOCK_DEPENDENCY_PATTERN = Pattern.compile("  - \"?(.*) \\((\\d+\\.\\d+\\.\\d+)\\)\"?");

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return PODS_FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) {
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_COCOAPODS_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (PODFILE_LOCK.equals(dependency.getFileName())) {
            analyzePodfileLockDependencies(dependency, engine);
        }
        if (dependency.getFileName().endsWith(PODSPEC)) {
            analyzePodspecDependency(dependency);
        }
    }

    private void analyzePodfileLockDependencies(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        try {
            Matcher matcher = PODFILE_LOCK_DEPENDENCY_PATTERN.matcher(FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset()));
            while (matcher.find()) {
                String group = matcher.group(1);
                String group2 = matcher.group(2);
                Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
                dependency2.setEcosystem(DEPENDENCY_ECOSYSTEM);
                dependency2.setName(group);
                dependency2.setVersion(group2);
                String format = String.format("%s:%s", group, group2);
                dependency2.setPackagePath(format);
                dependency2.setDisplayFileName(format);
                dependency2.setSha1sum(Checksum.getSHA1Checksum(format));
                dependency2.setSha256sum(Checksum.getSHA256Checksum(format));
                dependency2.setMd5sum(Checksum.getMD5Checksum(format));
                dependency2.addEvidence(EvidenceType.VENDOR, PODFILE_LOCK, PomHandler.NAME, group, Confidence.HIGHEST);
                dependency2.addEvidence(EvidenceType.PRODUCT, PODFILE_LOCK, PomHandler.NAME, group, Confidence.HIGHEST);
                dependency2.addEvidence(EvidenceType.VERSION, PODFILE_LOCK, "version", group2, Confidence.HIGHEST);
                engine.addDependency(dependency2);
            }
        } catch (IOException e) {
            throw new AnalysisException("Problem occurred while reading dependency file.", e);
        }
    }

    private void analyzePodspecDependency(Dependency dependency) throws AnalysisException {
        dependency.setEcosystem(DEPENDENCY_ECOSYSTEM);
        try {
            String readFileToString = FileUtils.readFileToString(dependency.getActualFile(), Charset.defaultCharset());
            Matcher matcher = PODSPEC_BLOCK_PATTERN.matcher(readFileToString);
            if (matcher.find()) {
                String substring = readFileToString.substring(matcher.end());
                String group = matcher.group(1);
                String determineEvidence = determineEvidence(substring, group, PomHandler.NAME);
                if (!determineEvidence.isEmpty()) {
                    dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "name_project", determineEvidence, Confidence.HIGHEST);
                    dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "name_project", determineEvidence, Confidence.HIGHEST);
                    dependency.setName(determineEvidence);
                }
                String determineEvidence2 = determineEvidence(substring, group, "summary");
                if (!determineEvidence2.isEmpty()) {
                    dependency.addEvidence(EvidenceType.PRODUCT, PODSPEC, "summary", determineEvidence2, Confidence.HIGHEST);
                }
                String determineEvidence3 = determineEvidence(substring, group, "authors?");
                if (!determineEvidence3.isEmpty()) {
                    dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "author", determineEvidence3, Confidence.HIGHEST);
                }
                String determineEvidence4 = determineEvidence(substring, group, "homepage");
                if (!determineEvidence4.isEmpty()) {
                    dependency.addEvidence(EvidenceType.VENDOR, PODSPEC, "homepage", determineEvidence4, Confidence.HIGHEST);
                }
                String determineEvidence5 = determineEvidence(substring, group, "licen[cs]es?");
                if (!determineEvidence5.isEmpty()) {
                    dependency.setLicense(determineEvidence5);
                }
                String determineEvidence6 = determineEvidence(substring, group, "version");
                if (!determineEvidence6.isEmpty()) {
                    dependency.addEvidence(EvidenceType.VERSION, PODSPEC, "version", determineEvidence6, Confidence.HIGHEST);
                    dependency.setVersion(determineEvidence6);
                }
            }
            if (dependency.getVersion() == null || dependency.getVersion().isEmpty()) {
                dependency.setDisplayFileName(dependency.getName());
            } else {
                dependency.setDisplayFileName(String.format("%s:%s", dependency.getName(), dependency.getVersion()));
            }
            setPackagePath(dependency);
        } catch (IOException e) {
            throw new AnalysisException("Problem occurred while reading dependency file.", e);
        }
    }

    private String determineEvidence(String str, String str2, String str3) {
        String str4 = "";
        Matcher matcher = Pattern.compile(String.format("\\s*?%s\\.%s\\s*?=\\s*?\\{\\s*?(.*?)\\s*?\\}", str2, str3), 2).matcher(str);
        if (matcher.find()) {
            str4 = matcher.group(1);
        } else {
            Matcher matcher2 = Pattern.compile(String.format("\\s*?%s\\.%s\\s*?=\\s*?(['\"])(.*?)\\1", str2, str3), 2).matcher(str);
            if (matcher2.find()) {
                str4 = matcher2.group(2);
            }
        }
        return str4;
    }

    private void setPackagePath(Dependency dependency) {
        String parent = new File(dependency.getFilePath()).getParent();
        if (parent != null) {
            dependency.setPackagePath(parent);
        }
    }
}
