package com.sysdig.jenkins.plugins.sysdig;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.sysdig.jenkins.plugins.sysdig.Util;
import hudson.AbortException;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/AnchoreBuilder.class */
public class AnchoreBuilder extends Builder implements SimpleBuildStep {
    private static final Logger LOG = Logger.getLogger(AnchoreBuilder.class.getName());
    private String name;
    private String policyName = DescriptorImpl.DEFAULT_POLICY_NAME;
    private String globalWhiteList = DescriptorImpl.DEFAULT_GLOBAL_WHITELIST;
    private String anchoreioUser = "";
    private String anchoreioPass = "";
    private String userScripts = DescriptorImpl.DEFAULT_USER_SCRIPTS;
    private String engineRetries = DescriptorImpl.DEFAULT_ENGINE_RETRIES;
    private boolean bailOnFail = true;
    private boolean bailOnWarn = false;
    private boolean bailOnPluginFail = true;
    private boolean doCleanup = false;
    private boolean useCachedBundle = true;
    private String policyEvalMethod = DescriptorImpl.DEFAULT_POLICY_EVAL_METHOD;
    private String bundleFileOverride = DescriptorImpl.DEFAULT_BUNDLE_FILE_OVERRIDE;
    private List<AnchoreQuery> inputQueries = new ArrayList();
    private String policyBundleId = "";
    private List<Annotation> annotations = new ArrayList();
    private String engineurl = "";
    private String engineCredentialsId = "";
    private boolean engineverify = false;
    private boolean isEngineverifyOverrride = false;

    @Extension
    @Symbol({"sysdigSecure"})
    /* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/AnchoreBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public static final String DEFAULT_NAME = "sysdig_secure_images";
        public static final String DEFAULT_POLICY_NAME = "sysdig_secure_policy";
        public static final String DEFAULT_GLOBAL_WHITELIST = "sysdig_secure_global_whitelist";
        public static final String DEFAULT_ANCHORE_IO_USER = "";
        public static final String DEFAULT_ANCHORE_IO_PASSWORD = "";
        public static final String DEFAULT_USER_SCRIPTS = "sysdig_secure_user_scripts";
        public static final String DEFAULT_ENGINE_RETRIES = "300";
        public static final boolean DEFAULT_BAIL_ON_FAIL = true;
        public static final boolean DEFAULT_BAIL_ON_WARN = false;
        public static final boolean DEFAULT_BAIL_ON_PLUGIN_FAIL = true;
        public static final boolean DEFAULT_DO_CLEANUP = false;
        public static final boolean DEFAULT_USE_CACHED_BUNDLE = true;
        public static final String DEFAULT_POLICY_EVAL_METHOD = "plainfile";
        public static final String DEFAULT_BUNDLE_FILE_OVERRIDE = "sysdig_secure_policy_bundle.json";
        public static final String DEFAULT_PLUGIN_MODE = "anchoreengine";
        public static final List<AnchoreQuery> DEFAULT_INPUT_QUERIES = ImmutableList.of(new AnchoreQuery("cve-scan all"), new AnchoreQuery("list-packages all"), new AnchoreQuery("list-files all"), new AnchoreQuery("show-pkg-diffs base"));
        public static final String DEFAULT_POLICY_BUNDLE_ID = "";
        public static final String EMPTY_STRING = "";
        public static final String DEFAULT_ENGINE_URL = "https://secure.sysdig.com/api/scanning/v1/anchore";
        private boolean debug;
        private String enginemode;
        private String engineurl = DEFAULT_ENGINE_URL;
        private String engineuser = "";
        private Secret enginepass = Secret.fromString("");
        private boolean engineverify;
        private String containerImageId;
        private String containerId;
        private String localVol;
        private String modulesVol;
        private boolean useSudo;

        @Deprecated
        private boolean enabled;

        public void setDebug(boolean z) {
            this.debug = z;
        }

        @Deprecated
        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public void setEnginemode(String str) {
            this.enginemode = str;
        }

        public void setEngineurl(String str) {
            this.engineurl = str;
        }

        public void setEngineuser(String str) {
            this.engineuser = str;
        }

        public void setEnginepass(Secret secret) {
            this.enginepass = secret;
        }

        public void setEngineverify(boolean z) {
            this.engineverify = z;
        }

        public void setContainerImageId(String str) {
            this.containerImageId = str;
        }

        public void setContainerId(String str) {
            this.containerId = str;
        }

        public void setLocalVol(String str) {
            this.localVol = str;
        }

        public void setModulesVol(String str) {
            this.modulesVol = str;
        }

        public void setUseSudo(boolean z) {
            this.useSudo = z;
        }

        public boolean getDebug() {
            return this.debug;
        }

        @Deprecated
        public boolean getEnabled() {
            return this.enabled;
        }

        public String getEnginemode() {
            if (Strings.isNullOrEmpty(this.enginemode)) {
                this.enginemode = DEFAULT_PLUGIN_MODE;
            }
            return this.enginemode;
        }

        public boolean isMode(String str) {
            return !Strings.isNullOrEmpty(str) && getEnginemode().equals(str);
        }

        public String getEngineurl() {
            return this.engineurl;
        }

        public String getEngineuser() {
            return this.engineuser;
        }

        public Secret getEnginepass() {
            return this.enginepass;
        }

        public boolean getEngineverify() {
            return this.engineverify;
        }

        public boolean getUseSudo() {
            return this.useSudo;
        }

        public String getContainerImageId() {
            return this.containerImageId;
        }

        public String getContainerId() {
            return this.containerId;
        }

        public String getLocalVol() {
            return this.localVol;
        }

        public String getModulesVol() {
            return this.modulesVol;
        }

        public DescriptorImpl() {
            load();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "Sysdig Secure Container Image Scanner";
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            staplerRequest.bindJSON(this, jSONObject);
            save();
            return true;
        }

        public FormValidation doCheckName(@QueryParameter String str) {
            return !Strings.isNullOrEmpty(str) ? FormValidation.ok() : FormValidation.error("Please enter a valid file name");
        }

        public FormValidation doCheckContainerImageId(@QueryParameter String str) {
            return !Strings.isNullOrEmpty(str) ? FormValidation.ok() : FormValidation.error("Please provide a valid Sysdig Secure Container Image ID");
        }

        public FormValidation doCheckContainerId(@QueryParameter String str) {
            return !Strings.isNullOrEmpty(str) ? FormValidation.ok() : FormValidation.error("Please provide a valid Sysdig Secure Container ID");
        }

        public ListBoxModel doFillEngineCredentialsIdItems(@QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            return !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER) ? standardListBoxModel.includeCurrentValue(str) : standardListBoxModel.includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.getActiveInstance(), StandardUsernamePasswordCredentials.class, Collections.emptyList(), CredentialsMatchers.always());
        }
    }

    public String getName() {
        return this.name;
    }

    public String getPolicyName() {
        return this.policyName;
    }

    public String getGlobalWhiteList() {
        return this.globalWhiteList;
    }

    public String getAnchoreioUser() {
        return this.anchoreioUser;
    }

    public String getAnchoreioPass() {
        return this.anchoreioPass;
    }

    public String getUserScripts() {
        return this.userScripts;
    }

    public String getEngineRetries() {
        return this.engineRetries;
    }

    public boolean getBailOnFail() {
        return this.bailOnFail;
    }

    public boolean getBailOnWarn() {
        return this.bailOnWarn;
    }

    public boolean getBailOnPluginFail() {
        return this.bailOnPluginFail;
    }

    public boolean getDoCleanup() {
        return this.doCleanup;
    }

    public boolean getUseCachedBundle() {
        return this.useCachedBundle;
    }

    public String getPolicyEvalMethod() {
        return this.policyEvalMethod;
    }

    public String getBundleFileOverride() {
        return this.bundleFileOverride;
    }

    public List<AnchoreQuery> getInputQueries() {
        return this.inputQueries;
    }

    public String getPolicyBundleId() {
        return this.policyBundleId;
    }

    public List<Annotation> getAnnotations() {
        return this.annotations;
    }

    public String getEngineurl() {
        return this.engineurl;
    }

    public String getEngineCredentialsId() {
        return this.engineCredentialsId;
    }

    public boolean getEngineverify() {
        return this.engineverify;
    }

    @DataBoundSetter
    public void setPolicyName(String str) {
        this.policyName = str;
    }

    @DataBoundSetter
    public void setGlobalWhiteList(String str) {
        this.globalWhiteList = str;
    }

    @DataBoundSetter
    public void setAnchoreioUser(String str) {
        this.anchoreioUser = str;
    }

    @DataBoundSetter
    public void setAnchoreioPass(String str) {
        this.anchoreioPass = str;
    }

    @DataBoundSetter
    public void setUserScripts(String str) {
        this.userScripts = str;
    }

    @DataBoundSetter
    public void setEngineRetries(String str) {
        this.engineRetries = str;
    }

    @DataBoundSetter
    public void setBailOnFail(boolean z) {
        this.bailOnFail = z;
    }

    @DataBoundSetter
    public void setBailOnWarn(boolean z) {
        this.bailOnWarn = z;
    }

    @DataBoundSetter
    public void setBailOnPluginFail(boolean z) {
        this.bailOnPluginFail = z;
    }

    @DataBoundSetter
    public void setDoCleanup(boolean z) {
        this.doCleanup = z;
    }

    @DataBoundSetter
    public void setUseCachedBundle(boolean z) {
        this.useCachedBundle = z;
    }

    @DataBoundSetter
    public void setPolicyEvalMethod(String str) {
        this.policyEvalMethod = str;
    }

    @DataBoundSetter
    public void setBundleFileOverride(String str) {
        this.bundleFileOverride = str;
    }

    @DataBoundSetter
    public void setInputQueries(List<AnchoreQuery> list) {
        this.inputQueries = list;
    }

    @DataBoundSetter
    public void setPolicyBundleId(String str) {
        this.policyBundleId = str;
    }

    @DataBoundSetter
    public void setAnnotations(List<Annotation> list) {
        this.annotations = list;
    }

    @DataBoundSetter
    public void setEngineurl(String str) {
        this.engineurl = str;
    }

    @DataBoundSetter
    public void setEngineCredentialsId(String str) {
        this.engineCredentialsId = str;
    }

    @DataBoundSetter
    public void setEngineverify(boolean z) {
        this.engineverify = z;
        this.isEngineverifyOverrride = true;
    }

    @DataBoundConstructor
    public AnchoreBuilder(String str) {
        this.name = str;
    }

    public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath filePath, @Nonnull Launcher launcher, @Nonnull TaskListener taskListener) throws InterruptedException, IOException {
        LOG.warning("Starting Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
        BuildConfig buildConfig = null;
        BuildWorker buildWorker = null;
        DescriptorImpl m1getDescriptor = m1getDescriptor();
        ConsoleLog consoleLog = new ConsoleLog("SysdigSecurePlugin", taskListener.getLogger(), m1getDescriptor.getDebug());
        try {
            try {
                String str = null;
                String str2 = null;
                if (!Strings.isNullOrEmpty(this.engineCredentialsId)) {
                    consoleLog.logDebug("Found build override for sysdig-secure-engine credentials. Processing Jenkins credential ID ");
                    try {
                        StandardUsernamePasswordCredentials findCredentialById = CredentialsProvider.findCredentialById(this.engineCredentialsId, StandardUsernamePasswordCredentials.class, run, Collections.emptyList());
                        if (null == findCredentialById) {
                            throw new AbortException("Cannot find Jenkins credentials by ID: '" + this.engineCredentialsId + "'. Ensure credentials are defined in Jenkins before using them");
                        }
                        str = findCredentialById.getUsername();
                        str2 = findCredentialById.getPassword().getPlainText();
                    } catch (AbortException e) {
                        throw e;
                    } catch (Exception e2) {
                        consoleLog.logError("Error looking up Jenkins credentials by ID: '" + this.engineCredentialsId + "'", e2);
                        throw new AbortException("Error looking up Jenkins credentials by ID: '" + this.engineCredentialsId);
                    }
                }
                BuildConfig buildConfig2 = new BuildConfig(this.name, this.policyName, this.globalWhiteList, this.anchoreioUser, this.anchoreioPass, this.userScripts, this.engineRetries, this.bailOnFail, this.bailOnWarn, this.bailOnPluginFail, this.doCleanup, this.useCachedBundle, this.policyEvalMethod, this.bundleFileOverride, this.inputQueries, this.policyBundleId, this.annotations, m1getDescriptor.getDebug(), m1getDescriptor.getEnginemode(), !Strings.isNullOrEmpty(this.engineurl) ? this.engineurl : m1getDescriptor.getEngineurl(), str != null ? str : m1getDescriptor.getEngineuser(), str2 != null ? str2 : m1getDescriptor.getEnginepass().getPlainText(), this.isEngineverifyOverrride ? this.engineverify : m1getDescriptor.getEngineverify(), m1getDescriptor.getContainerImageId(), m1getDescriptor.getContainerId(), m1getDescriptor.getLocalVol(), m1getDescriptor.getModulesVol(), m1getDescriptor.getUseSudo());
                BuildWorker buildWorker2 = new BuildWorker(run, filePath, launcher, taskListener, buildConfig2);
                if (!Strings.isNullOrEmpty(this.engineurl)) {
                    consoleLog.logInfo("Build override set for Sysdig Secure Engine URL");
                }
                if (str != null && str2 != null) {
                    consoleLog.logInfo("Build override set for Sysdig Secure Engine credentials");
                }
                if (this.isEngineverifyOverrride) {
                    consoleLog.logInfo("Build override set for Sysdig Secure Engine verify SSL");
                }
                buildWorker2.runAnalyzer();
                Util.GATE_ACTION runGates = buildWorker2.runGates();
                try {
                    buildWorker2.runQueries();
                } catch (Exception e3) {
                    consoleLog.logWarn("Recording failure to execute Sysdig Secure queries and moving on with plugin operation", e3);
                }
                buildWorker2.setupBuildReports();
                if (null == runGates) {
                    consoleLog.logInfo("Marking Sysdig Secure Container Image Scanner step as successful, no final result");
                } else {
                    if ((buildConfig2.getBailOnFail() && (Util.GATE_ACTION.STOP.equals(runGates) || Util.GATE_ACTION.FAIL.equals(runGates))) || (buildConfig2.getBailOnWarn() && Util.GATE_ACTION.WARN.equals(runGates))) {
                        consoleLog.logWarn("Failing Sysdig Secure Container Image Scanner Plugin step due to final result " + runGates);
                        throw new AbortException("Failing Sysdig Secure Container Image Scanner Plugin step due to final result " + runGates);
                    }
                    consoleLog.logInfo("Marking Sysdig Secure Container Image Scanner step as successful, final result " + runGates);
                }
                if (null != buildWorker2) {
                    try {
                        buildWorker2.cleanup();
                    } catch (Exception e4) {
                        consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e4);
                    }
                }
                consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
                LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        buildWorker.cleanup();
                    } catch (Exception e5) {
                        consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e5);
                    }
                }
                consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
                LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
                throw th;
            }
        } catch (Exception e6) {
            if (0 != 0) {
                throw e6;
            }
            if ((0 != 0 && buildConfig.getBailOnPluginFail()) || this.bailOnPluginFail) {
                consoleLog.logError("Failing Sysdig Secure Container Image Scanner Plugin step due to errors in plugin execution", e6);
                if (!(e6 instanceof AbortException)) {
                    throw new AbortException("Failing Sysdig Secure Container Image Scanner Plugin step due to errors in plugin execution");
                }
                throw e6;
            }
            consoleLog.logWarn("Marking Sysdig Secure Container Image Scanner step as successful despite errors in plugin execution");
            if (0 != 0) {
                try {
                    buildWorker.cleanup();
                } catch (Exception e7) {
                    consoleLog.logDebug("Failed to cleanup after the plugin, ignoring the errors", e7);
                }
            }
            consoleLog.logInfo("Completed Sysdig Secure Container Image Scanner step");
            LOG.warning("Completed Sysdig Secure Container Image Scanner step, project: " + run.getParent().getDisplayName() + ", job: " + run.getNumber());
        }
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m1getDescriptor() {
        return super.getDescriptor();
    }
}
