package com.sysdig.jenkins.plugins.sysdig;

import com.sysdig.jenkins.plugins.sysdig.SysdigBuilder;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Vector;
import javax.servlet.ServletException;
import jenkins.tasks.SimpleBuildStep;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/SysdigIaCScanBuilder.class */
public class SysdigIaCScanBuilder extends Builder implements SimpleBuildStep {
    private boolean listUnsupported;
    private final String secureAPIToken;
    private String path;
    private boolean isRecursive = true;
    private String severityThreshold = "h";
    private String sysdigEnv = SysdigBuilder.DescriptorImpl.EMPTY_STRING;
    private String version = DescriptorImpl.DEFAULT_CLI_VERSION;

    /* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/SysdigIaCScanBuilder$BadParamCLIScan.class */
    public static class BadParamCLIScan extends Exception {
        public BadParamCLIScan(String str) {
            super(str);
        }
    }

    @Extension
    @Symbol({"greet"})
    /* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/SysdigIaCScanBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public static final boolean DEFAULT_IS_RECURSIVE = true;
        public static final String DEFAULT_CLI_VERSION = "latest";

        public FormValidation doCheckSysdigEnv(@QueryParameter String str, @QueryParameter boolean z) throws IOException, ServletException {
            return str.length() == 0 ? FormValidation.error("missing field") : str.length() < 4 ? FormValidation.warning("too") : FormValidation.ok();
        }

        public FormValidation doCheckSecureAPIToken(@QueryParameter String str, @QueryParameter boolean z) throws IOException, ServletException {
            return str.length() == 0 ? FormValidation.error("missing field") : str.length() < 4 ? FormValidation.warning("too") : FormValidation.ok();
        }

        public FormValidation doCheckPath(@QueryParameter String str, @QueryParameter boolean z) throws IOException, ServletException {
            return str.length() == 0 ? FormValidation.error("missing field") : FormValidation.ok();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "Sysdig Secure Code Scan";
        }
    }

    /* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/SysdigIaCScanBuilder$FailedCLIScan.class */
    public static class FailedCLIScan extends Exception {
        public FailedCLIScan(String str) {
            super(str);
        }
    }

    @DataBoundConstructor
    public SysdigIaCScanBuilder(String str) {
        this.secureAPIToken = str;
    }

    public boolean isListUnsupported() {
        return this.listUnsupported;
    }

    @DataBoundSetter
    public void setPath(String str) {
        this.path = str;
    }

    public String getPath() {
        return this.path;
    }

    public boolean getIsRecursive() {
        return this.isRecursive;
    }

    public String getVersion() {
        return this.version;
    }

    public String getSysdigEnv() {
        return this.sysdigEnv;
    }

    public String getSecureAPIToken() {
        return this.secureAPIToken;
    }

    @DataBoundSetter
    public void setSysdigEnv(String str) {
        this.sysdigEnv = str;
    }

    @DataBoundSetter
    public void setSeverityThreshold(String str) {
        this.severityThreshold = str;
    }

    @DataBoundSetter
    public void setVersion(String str) {
        this.version = str;
    }

    @DataBoundSetter
    public void setListUnsupported(boolean z) {
        this.listUnsupported = z;
    }

    @DataBoundSetter
    public void setIsRecursive(boolean z) {
        this.isRecursive = z;
    }

    private String getProcessOutput(Process process) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream(), StandardCharsets.UTF_8));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                String sb2 = sb.toString();
                bufferedReader.close();
                return sb2;
            }
            sb.append(readLine);
            sb.append(System.getProperty("line.separator"));
        }
    }

    private Vector<String> buildCommand(String str) {
        Vector<String> vector = new Vector<>();
        vector.add(str);
        vector.add("--iac");
        vector.add("-a");
        if (this.sysdigEnv.isEmpty()) {
            this.sysdigEnv = "https://secure-staging.sysdig.com";
        }
        vector.add(this.sysdigEnv);
        if (this.isRecursive) {
            vector.add("-r");
        }
        if (this.listUnsupported) {
            vector.add("--list-unsupported-resources");
        }
        severity(vector);
        vector.add(this.path);
        return vector;
    }

    private void severity(Vector<String> vector) {
        vector.add("-f");
        vector.add(this.severityThreshold);
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        super.perform(abstractBuild, launcher, buildListener);
        try {
            buildListener.getLogger().println("trying to download cli");
            CLIDownloadAction cLIDownloadAction = new CLIDownloadAction("IaC scanner", System.getProperty("user.home"), this.version);
            abstractBuild.addAction(cLIDownloadAction);
            buildListener.getLogger().println(cLIDownloadAction.cliExecPath());
            buildListener.getLogger().println("starting to scan");
            try {
                if (cLIDownloadAction.cliExecPath().isEmpty()) {
                    buildListener.error("failed empty path");
                    throw new Exception("empty path");
                }
                ProcessBuilder processBuilder = new ProcessBuilder(buildCommand(cLIDownloadAction.cliExecPath()));
                processBuilder.environment().put("SECURE_API_TOKEN", this.secureAPIToken);
                buildListener.getLogger().println(processBuilder.command());
                Process start = processBuilder.start();
                buildListener.getLogger().println("started...");
                start.waitFor();
                String processOutput = getProcessOutput(start);
                int exitValue = start.exitValue();
                buildListener.getLogger().printf("finished status %d%n", Integer.valueOf(exitValue));
                buildListener.getLogger().printf("%s", processOutput);
                switch (exitValue) {
                    case 1:
                        throw new FailedCLIScan(String.format("scan failed %n %s", processOutput));
                    case 2:
                        throw new BadParamCLIScan(String.format("scan failed %n %s", processOutput));
                    default:
                        buildListener.getLogger().println("done");
                        return true;
                }
            } catch (BadParamCLIScan e) {
                buildListener.error("iac scan %s", new Object[]{e.getMessage()});
                buildListener.getLogger().printf("iac scan failed due to missing params %s", e.getMessage());
                return false;
            } catch (FailedCLIScan e2) {
                buildListener.error("iac scan %s", new Object[]{e2.getMessage()});
                buildListener.getLogger().printf("iac scan failed(status 1) %s", e2.getMessage());
                return false;
            } catch (Exception e3) {
                buildListener.error("failed processing output:%s", new Object[]{e3.getMessage()});
                buildListener.getLogger().printf("iac scan failed %s", e3.getMessage());
                e3.printStackTrace();
                return false;
            }
        } catch (Exception e4) {
            buildListener.getLogger().printf("failed to download cli version: %s%n", this.version);
            e4.printStackTrace();
            buildListener.error("failed:%s", new Object[]{e4.getMessage()});
            return false;
        }
    }
}
