package org.jenkinsci.plugins.DependencyCheck.model;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.digester3.Digester;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/dependency-check-jenkins-plugin.jar:org/jenkinsci/plugins/DependencyCheck/model/ReportParser.class */
public class ReportParser {
    private SeverityDistribution severityDistribution;

    public ReportParser(int i) {
        this.severityDistribution = new SeverityDistribution(i);
    }

    public List<Finding> parse(InputStream inputStream) throws InvocationTargetException, ReportParserException {
        try {
            Digester digester = new Digester();
            digester.setValidating(false);
            digester.setClassLoader(ReportParser.class.getClassLoader());
            digester.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            digester.setFeature("http://xml.org/sax/features/external-general-entities", false);
            digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            digester.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            digester.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
            digester.addObjectCreate("analysis", Analysis.class);
            digester.addObjectCreate("analysis/scanInfo", ScanInfo.class);
            digester.addBeanPropertySetter("analysis/scanInfo/engineVersion");
            digester.addObjectCreate("analysis/projectInfo", ProjectInfo.class);
            digester.addBeanPropertySetter("analysis/projectInfo/name");
            digester.addBeanPropertySetter("analysis/projectInfo/reportDate");
            digester.addBeanPropertySetter("analysis/projectInfo/credits");
            digester.addObjectCreate("analysis/dependencies/dependency", Dependency.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/fileName");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/filePath");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/md5");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/sha1");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/sha256");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/description");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/license");
            digester.addFactoryCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability", new VulnerabilityCreationFactory());
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/name");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/description");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/severity");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability/cwes", ArrayList.class);
            digester.addCallMethod("analysis/dependencies/dependency/vulnerabilities/vulnerability/cwes/cwe", "add", 1);
            digester.addCallParam("analysis/dependencies/dependency/vulnerabilities/vulnerability/cwes/cwe", 0);
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2", CvssV2.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/score");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/accessVector");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/accessComplexity");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/authenticationr");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/confidentialImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/integrityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/availabilityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2/severity");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3", CvssV3.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/baseScore");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/attackVector");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/attackComplexity");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/privilegesRequired");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/userInteraction");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/scope");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/confidentialityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/integrityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/availabilityImpact");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3/baseSeverity");
            digester.addObjectCreate("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference", Reference.class);
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/source");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/url");
            digester.addBeanPropertySetter("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference/name");
            digester.addSetNext("analysis/scanInfo", "setScanInfo");
            digester.addSetNext("analysis/projectInfo", "setProjectInfo");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV2", "setCvssV2");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability/cvssV3", "setCvssV3");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability/references/reference", "addReference");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability", "addVulnerability");
            digester.addSetNext("analysis/dependencies/dependency/vulnerabilities/vulnerability/cwes", "setCwes");
            digester.addSetNext("analysis/dependencies/dependency", "addDependency");
            Analysis analysis = (Analysis) digester.parse(inputStream);
            if (analysis == null) {
                throw new SAXException("Input stream is not a Dependency-Check report file.");
            }
            if (analysis.getScanInfo() == null || analysis.getScanInfo().getEngineVersion() == null || analysis.getScanInfo().getEngineVersion().startsWith("1") || analysis.getScanInfo().getEngineVersion().startsWith("2") || analysis.getScanInfo().getEngineVersion().startsWith("3") || analysis.getScanInfo().getEngineVersion().startsWith("4")) {
                throw new ReportParserException("Unsupported Dependency-Check schema version detected");
            }
            return convert(analysis);
        } catch (IOException | ParserConfigurationException | SAXException e) {
            throw new InvocationTargetException(e);
        }
    }

    private List<Finding> convert(Analysis analysis) {
        ArrayList arrayList = new ArrayList();
        for (Dependency dependency : analysis.getDependencies()) {
            for (Vulnerability vulnerability : dependency.getVulnerabilities()) {
                Finding finding = new Finding(dependency, vulnerability);
                this.severityDistribution.add(Severity.normalize(vulnerability.getSeverity()));
                arrayList.add(finding);
            }
        }
        return arrayList;
    }

    public SeverityDistribution getSeverityDistribution() {
        return this.severityDistribution;
    }
}
