package org.owasp.dependencycheck.analyzer;

import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURL;
import com.github.packageurl.PackageURLBuilder;
import com.moandjiezana.toml.Toml;
import java.io.FileFilter;
import java.util.List;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.GenericIdentifier;
import org.owasp.dependencycheck.dependency.naming.Identifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Experimental
@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-5.3.2.jar:org/owasp/dependencycheck/analyzer/GolangDepAnalyzer.class */
public class GolangDepAnalyzer extends AbstractFileTypeAnalyzer {
    public static final String DEPENDENCY_ECOSYSTEM = "Golang";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GolangDepAnalyzer.class);
    private static final String GOPKG_LOCK = "Gopkg.lock";
    private static final FileFilter GOPKG_LOCK_FILTER = FileFilterBuilder.newInstance().addFilenames(GOPKG_LOCK).build();

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "Golang Dep Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.INFORMATION_COLLECTION;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_GOLANG_DEP_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return GOPKG_LOCK_FILTER;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) throws InitializationException {
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        List<Toml> tables = new Toml().read(dependency.getActualFile()).getTables("projects");
        if (tables == null) {
            return;
        }
        tables.forEach(toml -> {
            String string = toml.getString(PomHandler.NAME);
            String string2 = toml.getString("version");
            String string3 = toml.getString("revision");
            engine.addDependency(createDependency(dependency, string, string2, string3, null));
            for (String str : toml.getList("packages")) {
                if (StringUtils.isNotBlank(str) && !".".equals(str)) {
                    engine.addDependency(createDependency(dependency, string, string2, string3, str));
                }
            }
        });
    }

    private Dependency createDependency(Dependency dependency, String str, String str2, String str3, String str4) {
        Identifier genericIdentifier;
        Dependency dependency2 = new Dependency(dependency.getActualFile(), true);
        dependency2.setEcosystem("Golang");
        if (StringUtils.isNotBlank(str4)) {
            dependency2.setDisplayFileName(str + "/" + str4);
            dependency2.setName(str + "/" + str4);
        } else {
            dependency2.setDisplayFileName(str);
            dependency2.setName(str);
        }
        PackageURLBuilder withType = PackageURLBuilder.aPackageURL().withType(PackageURL.StandardTypes.GOLANG);
        if (StringUtils.isNotBlank(str)) {
            int indexOf = str.indexOf("/");
            if (indexOf > 0) {
                String substring = str.substring(0, indexOf);
                int lastIndexOf = str.lastIndexOf("/");
                String substring2 = str.substring(lastIndexOf + 1);
                if (lastIndexOf != indexOf) {
                    String substring3 = str.substring(indexOf + 1, lastIndexOf);
                    dependency2.addEvidence(EvidenceType.PRODUCT, GOPKG_LOCK, "namespace", substring3, Confidence.HIGH);
                    dependency2.addEvidence(EvidenceType.VENDOR, GOPKG_LOCK, "namespace", substring3, Confidence.HIGH);
                    withType.withNamespace(substring + "/" + substring3);
                } else {
                    withType.withNamespace(substring);
                }
                withType.withName(substring2);
                if (!"golang.org".equals(substring)) {
                    dependency2.addEvidence(EvidenceType.PRODUCT, GOPKG_LOCK, "namespace", substring, Confidence.LOW);
                    dependency2.addEvidence(EvidenceType.VENDOR, GOPKG_LOCK, "namespace", substring, Confidence.LOW);
                }
                dependency2.addEvidence(EvidenceType.PRODUCT, GOPKG_LOCK, PomHandler.NAME, substring2, Confidence.HIGHEST);
                dependency2.addEvidence(EvidenceType.VENDOR, GOPKG_LOCK, PomHandler.NAME, substring2, Confidence.HIGHEST);
            } else {
                withType.withName(str);
                dependency2.addEvidence(EvidenceType.PRODUCT, GOPKG_LOCK, "namespace", str, Confidence.HIGHEST);
                dependency2.addEvidence(EvidenceType.VENDOR, GOPKG_LOCK, "namespace", str, Confidence.HIGHEST);
            }
        }
        if (StringUtils.isNotBlank(str2)) {
            withType.withVersion(str2);
            dependency2.setVersion(str2);
            dependency2.addEvidence(EvidenceType.VERSION, GOPKG_LOCK, "version", str2, Confidence.HIGHEST);
        }
        if (StringUtils.isNotBlank(str3) && str2 == null) {
            withType.withVersion(str3);
        }
        if (StringUtils.isNotBlank(str4)) {
            withType.withSubpath(str4);
            dependency2.addEvidence(EvidenceType.PRODUCT, GOPKG_LOCK, "package", str4, Confidence.HIGH);
            dependency2.addEvidence(EvidenceType.VENDOR, GOPKG_LOCK, "package", str4, Confidence.MEDIUM);
        }
        try {
            genericIdentifier = new PurlIdentifier(withType.build(), Confidence.HIGHEST);
        } catch (MalformedPackageURLException e) {
            LOGGER.warn("Unable to create package-url identifier for `{}` in `{}` - reason: {}", str, dependency.getFilePath(), e.getMessage());
            StringBuilder sb = new StringBuilder(str);
            if (StringUtils.isNotBlank(str4)) {
                sb.append("/").append(str4);
            }
            if (StringUtils.isNotBlank(str2)) {
                sb.append("@").append(str2);
            }
            genericIdentifier = new GenericIdentifier(sb.toString(), Confidence.HIGH);
        }
        dependency2.addSoftwareIdentifier(genericIdentifier);
        dependency2.setSha1sum(Checksum.getSHA1Checksum(genericIdentifier.toString()));
        dependency2.setMd5sum(Checksum.getMD5Checksum(genericIdentifier.toString()));
        dependency2.setSha256sum(Checksum.getSHA256Checksum(genericIdentifier.toString()));
        return dependency2;
    }
}
