package com.checkmarx.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cx.restclient.CxShragaClient;
import com.cx.restclient.common.summary.SummaryUtils;
import com.cx.restclient.configuration.CxScanConfig;
import com.cx.restclient.dto.DependencyScanResults;
import com.cx.restclient.dto.DependencyScannerType;
import com.cx.restclient.dto.ProxyConfig;
import com.cx.restclient.dto.ScanResults;
import com.cx.restclient.dto.Team;
import com.cx.restclient.dto.scansummary.ScanSummary;
import com.cx.restclient.exception.CxClientException;
import com.cx.restclient.osa.dto.OSAResults;
import com.cx.restclient.sast.dto.CxNameObj;
import com.cx.restclient.sast.dto.Preset;
import com.cx.restclient.sast.dto.Project;
import com.cx.restclient.sast.dto.SASTResults;
import com.cx.restclient.sca.dto.RemoteRepositoryInfo;
import com.cx.restclient.sca.dto.SCAConfig;
import com.cx.restclient.sca.dto.SCAResults;
import com.cx.restclient.sca.dto.SourceLocationType;
import com.fasterxml.jackson.databind.ObjectMapper;
import freemarker.template.TemplateException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Cause;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.triggers.SCMTrigger;
import hudson.util.ComboBoxModel;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.nio.file.Paths;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringEscapeUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:com/checkmarx/jenkins/CxScanBuilder.class */
public class CxScanBuilder extends Builder implements SimpleBuildStep {
    public static final String SCAN_REPORT_XML = "ScanReport.xml";
    public static final String OSA_SUMMERY_JSON = "OSASummary.json";
    public static final String OSA_LIBRARIES_JSON = "OSALibraries.json";
    public static final String OSA_VULNERABILITIES_JSON = "OSAVulnerabilities.json";
    public static final String SCA_SUMMERY_JSON = "SCASummary.json";
    public static final String SCA_LIBRARIES_JSON = "SCALibraries.json";
    public static final String SCA_VULNERABILITIES_JSON = "SCAVulnerabilities.json";
    private static final String PDF_URL_TEMPLATE = "/%scheckmarx/pdfReport";
    private static final String PDF_URL = "checkmarx/pdfReport";
    private static final String REQUEST_ORIGIN = "Jenkins";
    private boolean useOwnServerCredentials;

    @Nullable
    private String serverUrl;

    @Nullable
    private String username;

    @Nullable
    private String password;
    private String credentialsId;

    @Nullable
    private String projectName;

    @Nullable
    private String groupId;

    @Nullable
    private long projectId;

    @Nullable
    private String teamPath;
    private Boolean sastEnabled;

    @Nullable
    private String preset;
    private boolean presetSpecified;
    private boolean globalExclusions;

    @Nullable
    private String excludeFolders;

    @Nullable
    private String filterPattern;
    private boolean incremental;
    private boolean fullScansScheduled;
    private int fullScanCycle;
    private boolean isThisBuildIncremental;

    @Nullable
    private String sourceEncoding;

    @Nullable
    private String comment;
    private boolean skipSCMTriggers;
    private boolean waitForResultsEnabled;
    private boolean vulnerabilityThresholdEnabled;

    @Nullable
    private Integer highThreshold;

    @Nullable
    private Integer mediumThreshold;

    @Nullable
    private Integer lowThreshold;
    private boolean failBuildOnNewResults;
    private String failBuildOnNewSeverity;
    private boolean generatePdfReport;
    private boolean enableProjectPolicyEnforcement;

    @Nullable
    private Integer osaHighThreshold;

    @Nullable
    private Integer osaMediumThreshold;

    @Nullable
    private Integer osaLowThreshold;
    private transient boolean osaEnabled;

    @Nullable
    private transient String includeOpenSourceFolders;

    @Nullable
    private transient String excludeOpenSourceFolders;

    @Nullable
    private transient String osaArchiveIncludePatterns;
    private transient boolean osaInstallBeforeScan;

    @Nullable
    private DependencyScanConfig dependencyScanConfig;
    private static final JenkinsServerLogger serverLog = new JenkinsServerLogger();
    CxLoggerAdapter log;
    private JobStatusOnError jobStatusOnError;
    private String exclusionsSetting;
    private String thresholdSettings;
    private Result vulnerabilityThresholdResult;
    private Result resolvedVulnerabilityThresholdResult;
    private boolean avoidDuplicateProjectScans;
    private Boolean generateXmlReport;
    public static final int MINIMUM_TIMEOUT_IN_MINUTES = 1;
    public static final String REPORTS_FOLDER = "Checkmarx/Reports";

    @Extension
    /* loaded from: input_file:com/checkmarx/jenkins/CxScanBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public static final String DEFAULT_FILTER_PATTERNS = CxConfig.defaultFilterPattern();
        public static final String DEFAULT_OSA_ARCHIVE_INCLUDE_PATTERNS = CxConfig.getDefaultOsaArchiveIncludePatterns();
        public static final String DEFAULT_SCA_SERVER_URL = CxConfig.getDefaultScaServerUrl();
        public static final String DEFAULT_SCA_ACCESS_CONTROL_URL = CxConfig.getDefaultScaAccessControlUrl();
        public static final String DEFAULT_SCA_WEB_APP_URL = CxConfig.getDefaultScaWebAppUrl();
        public static final int FULL_SCAN_CYCLE_MIN = 1;
        public static final int FULL_SCAN_CYCLE_MAX = 99;

        @Nullable
        private String serverUrl;

        @Nullable
        private String username;

        @Nullable
        private String password;
        private String credentialsId;
        private String mvnPath;
        private boolean prohibitProjectCreation;
        private boolean hideResults;
        private boolean enableCertificateValidation;

        @Nullable
        private String excludeFolders;

        @Nullable
        private String filterPattern;
        private boolean forcingVulnerabilityThresholdEnabled;

        @Nullable
        private Integer highThresholdEnforcement;

        @Nullable
        private Integer mediumThresholdEnforcement;

        @Nullable
        private Integer lowThresholdEnforcement;

        @Nullable
        private Integer osaHighThresholdEnforcement;

        @Nullable
        private Integer osaMediumThresholdEnforcement;

        @Nullable
        private Integer osaLowThresholdEnforcement;
        private JobGlobalStatusOnError jobGlobalStatusOnError;
        private boolean scanTimeOutEnabled;
        private Integer scanTimeoutDuration;
        private DependencyScanConfig dependencyScanConfig;
        private JobGlobalStatusOnError jobGlobalStatusOnThresholdViolation = JobGlobalStatusOnError.FAILURE;
        private boolean lockVulnerabilitySettings = true;
        private final transient Pattern msGuid = Pattern.compile("^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$");
        private final String DEPENDENCY_SCAN_CONFIG_PROP = "dependencyScanConfig";

        public DescriptorImpl() {
            load();
        }

        @Nullable
        public String getServerUrl() {
            return this.serverUrl;
        }

        public void setServerUrl(@Nullable String str) {
            this.serverUrl = str;
        }

        @Nullable
        public String getUsername() {
            return this.username;
        }

        public void setUsername(@Nullable String str) {
            this.username = str;
        }

        public String getMvnPath() {
            return this.mvnPath;
        }

        public void setMvnPath(String str) {
            this.mvnPath = str;
        }

        @Nullable
        public String getPassword() {
            return this.password;
        }

        @Nullable
        public String getPasswordPlainText() {
            return Secret.fromString(this.password).getPlainText();
        }

        public void setPassword(@Nullable String str) {
            this.password = Secret.fromString(str).getEncryptedValue();
        }

        @Nullable
        public String getPasswordPlainText(String str) {
            return Secret.fromString(str).getPlainText();
        }

        public String getCredentialsId() {
            return this.credentialsId;
        }

        public void setCredentialsId(String str) {
            this.credentialsId = str;
        }

        public boolean isProhibitProjectCreation() {
            return this.prohibitProjectCreation;
        }

        public void setProhibitProjectCreation(boolean z) {
            this.prohibitProjectCreation = z;
        }

        public boolean isHideResults() {
            return this.hideResults;
        }

        public void setHideResults(boolean z) {
            this.hideResults = z;
        }

        public boolean isEnableCertificateValidation() {
            return this.enableCertificateValidation;
        }

        public void setEnableCertificateValidation(boolean z) {
            if (this.enableCertificateValidation || z) {
            }
            this.enableCertificateValidation = z;
        }

        @Nullable
        public String getExcludeFolders() {
            return this.excludeFolders;
        }

        public void setExcludeFolders(@Nullable String str) {
            this.excludeFolders = str;
        }

        @Nullable
        public String getFilterPattern() {
            return this.filterPattern;
        }

        public void setFilterPattern(@Nullable String str) {
            this.filterPattern = str;
        }

        public boolean isForcingVulnerabilityThresholdEnabled() {
            return this.forcingVulnerabilityThresholdEnabled;
        }

        public void setForcingVulnerabilityThresholdEnabled(boolean z) {
            this.forcingVulnerabilityThresholdEnabled = z;
        }

        public Integer getHighThresholdEnforcement() {
            return this.highThresholdEnforcement;
        }

        public void setHighThresholdEnforcement(Integer num) {
            this.highThresholdEnforcement = num;
        }

        public Integer getMediumThresholdEnforcement() {
            return this.mediumThresholdEnforcement;
        }

        public void setMediumThresholdEnforcement(Integer num) {
            this.mediumThresholdEnforcement = num;
        }

        public Integer getLowThresholdEnforcement() {
            return this.lowThresholdEnforcement;
        }

        public void setLowThresholdEnforcement(Integer num) {
            this.lowThresholdEnforcement = num;
        }

        @Nullable
        public Integer getOsaHighThresholdEnforcement() {
            return this.osaHighThresholdEnforcement;
        }

        public void setOsaHighThresholdEnforcement(@Nullable Integer num) {
            this.osaHighThresholdEnforcement = num;
        }

        @Nullable
        public Integer getOsaMediumThresholdEnforcement() {
            return this.osaMediumThresholdEnforcement;
        }

        public void setOsaMediumThresholdEnforcement(@Nullable Integer num) {
            this.osaMediumThresholdEnforcement = num;
        }

        @Nullable
        public Integer getOsaLowThresholdEnforcement() {
            return this.osaLowThresholdEnforcement;
        }

        public void setOsaLowThresholdEnforcement(@Nullable Integer num) {
            this.osaLowThresholdEnforcement = num;
        }

        public boolean getScanTimeOutEnabled() {
            return this.scanTimeOutEnabled;
        }

        public void setScanTimeOutEnabled(boolean z) {
            this.scanTimeOutEnabled = z;
        }

        @Nullable
        public Integer getScanTimeoutDuration() {
            return this.scanTimeoutDuration;
        }

        public void setScanTimeoutDuration(@Nullable Integer num) {
            this.scanTimeoutDuration = num;
        }

        public FormValidation doCheckScanTimeoutDuration(@QueryParameter Integer num) {
            return timeoutValid(num);
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getCredentialsDescription() {
            return (getServerUrl() == null || getServerUrl().isEmpty()) ? "not set" : "Server URL: " + getServerUrl();
        }

        @NotNull
        public String getCurrentTime() {
            return String.valueOf(System.currentTimeMillis());
        }

        public FormValidation doTestConnection(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @AncestorInPath Item item) {
            CxShragaClient cxShragaClient = null;
            try {
                try {
                    CxCredentials resolveCred = CxCredentials.resolveCred(true, str, str3, getPasswordPlainText(str2), str5, this, item);
                    CxCredentials.validateCxCredentials(resolveCred);
                    cxShragaClient = CommonClientFactory.getInstance(resolveCred, isEnableCertificateValidation(), CxScanBuilder.serverLog);
                    try {
                        cxShragaClient.login();
                        try {
                            cxShragaClient.getTeamList();
                            FormValidation ok = FormValidation.ok("Success");
                            if (cxShragaClient != null) {
                                cxShragaClient.close();
                            }
                            return ok;
                        } catch (Exception e) {
                            FormValidation error = FormValidation.error("Connection Failed.\nValidate the provided login credentials and server URL are correct.\nIn addition, make sure the installed plugin version is compatible with the CxSAST version according to CxSAST release notes.\nError: " + e.getMessage());
                            if (cxShragaClient != null) {
                                cxShragaClient.close();
                            }
                            return error;
                        }
                    } catch (Exception e2) {
                        FormValidation buildError = buildError(e2, "Failed to login to Checkmarx server");
                        if (cxShragaClient != null) {
                            cxShragaClient.close();
                        }
                        return buildError;
                    }
                } catch (Exception e3) {
                    FormValidation buildError2 = buildError(e3, "Failed to init cx client");
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                    return buildError2;
                }
            } catch (Throwable th) {
                if (cxShragaClient != null) {
                    cxShragaClient.close();
                }
                throw th;
            }
        }

        public FormValidation doValidateMvnPath(@QueryParameter String str) throws InterruptedException {
            boolean z = false;
            String str2 = "Was not able to access specified path";
            try {
                if (new FilePath(new File(str)).child("mvn").exists()) {
                    z = true;
                } else {
                    str2 = "Maven was not found on the specified path";
                }
            } catch (IOException e) {
                e.printStackTrace();
                str2 = e.getMessage();
            }
            return z ? FormValidation.ok("Maven is found") : FormValidation.error(str2);
        }

        public FormValidation doTestScaConnection(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @AncestorInPath Item item) {
            try {
                CxScanConfig cxScanConfig = new CxScanConfig();
                cxScanConfig.setCxOrigin(CxScanBuilder.REQUEST_ORIGIN);
                cxScanConfig.setDisableCertificateValidation(!isEnableCertificateValidation());
                SCAConfig sCAConfig = new SCAConfig();
                sCAConfig.setAccessControlUrl(str2);
                sCAConfig.setApiUrl(str);
                sCAConfig.setTenant(str4);
                UsernamePasswordCredentials credentialsById = CxCredentials.getCredentialsById(str3, item);
                sCAConfig.setUsername(credentialsById.getUsername());
                sCAConfig.setPassword(credentialsById.getPassword().getPlainText());
                sCAConfig.setSourceLocationType(SourceLocationType.LOCAL_DIRECTORY);
                sCAConfig.setRemoteRepositoryInfo((RemoteRepositoryInfo) null);
                cxScanConfig.setScaConfig(sCAConfig);
                cxScanConfig.setProxyConfig(ProxyHelper.getProxyConfig());
                CxShragaClient.testScaConnection(cxScanConfig, CxScanBuilder.serverLog);
                return FormValidation.ok("Success");
            } catch (Exception e) {
                return buildError(e, "Failed to verify CxSCA connection.");
            }
        }

        private FormValidation buildError(Exception exc, String str) {
            CxScanBuilder.serverLog.error(str, (Throwable) exc);
            return FormValidation.error(exc.getMessage());
        }

        private CxShragaClient prepareLoggedInClient(CxCredentials cxCredentials) throws IOException, CxClientException {
            CxShragaClient commonClientFactory = CommonClientFactory.getInstance(cxCredentials, isEnableCertificateValidation(), CxScanBuilder.serverLog);
            commonClientFactory.login();
            return commonClientFactory;
        }

        public ComboBoxModel doFillProjectNameItems(@QueryParameter boolean z, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @AncestorInPath Item item) {
            ComboBoxModel comboBoxModel = new ComboBoxModel();
            CxShragaClient cxShragaClient = null;
            try {
                try {
                    cxShragaClient = prepareLoggedInClient(CxCredentials.resolveCred(!z, str, str2, getPasswordPlainText(str3), str5, this, item));
                    Iterator it = cxShragaClient.getAllProjects().iterator();
                    while (it.hasNext()) {
                        comboBoxModel.add(((Project) it.next()).getName());
                    }
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                    return comboBoxModel;
                } catch (Exception e) {
                    CxScanBuilder.serverLog.error("Failed to populate project list: " + e.toString(), (Throwable) e);
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                    return comboBoxModel;
                }
            } catch (Throwable th) {
                if (cxShragaClient != null) {
                    cxShragaClient.close();
                }
                throw th;
            }
        }

        public ListBoxModel doFillPresetItems(@QueryParameter boolean z, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @AncestorInPath Item item) {
            ListBoxModel listBoxModel = new ListBoxModel();
            try {
                for (Preset preset : prepareLoggedInClient(CxCredentials.resolveCred(!z, str, str2, StringEscapeUtils.escapeHtml4(getPasswordPlainText(str3)), str5, this, item)).getPresetList()) {
                    listBoxModel.add(new ListBoxModel.Option(preset.getName(), Integer.toString(preset.getId())));
                }
                return listBoxModel;
            } catch (Exception e) {
                CxScanBuilder.serverLog.error("Failed to populate preset list: " + e.toString());
                listBoxModel.add(new ListBoxModel.Option("Provide Checkmarx server credentials to see presets list", "Provide Checkmarx server credentials to see presets list"));
                return listBoxModel;
            }
        }

        public FormValidation doCheckFullScanCycle(@QueryParameter int i) {
            return (i < 1 || i > 99) ? FormValidation.error("Number must be in the range 1-99") : FormValidation.ok();
        }

        public ListBoxModel doFillSourceEncodingItems(@QueryParameter boolean z, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @AncestorInPath Item item) {
            ListBoxModel listBoxModel = new ListBoxModel();
            CxShragaClient cxShragaClient = null;
            try {
                try {
                    cxShragaClient = prepareLoggedInClient(CxCredentials.resolveCred(!z, str, str2, StringEscapeUtils.escapeHtml4(getPasswordPlainText(str3)), str5, this, item));
                    for (CxNameObj cxNameObj : cxShragaClient.getConfigurationSetList()) {
                        listBoxModel.add(new ListBoxModel.Option(cxNameObj.getName(), Long.toString(cxNameObj.getId())));
                    }
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                } catch (Exception e) {
                    CxScanBuilder.serverLog.error("Failed to populate source encodings list: " + e.getMessage());
                    listBoxModel.add(new ListBoxModel.Option("Provide Checkmarx server credentials to see source encodings list", "Provide Checkmarx server credentials to see source encodings list"));
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                }
                return listBoxModel;
            } catch (Throwable th) {
                if (cxShragaClient != null) {
                    cxShragaClient.close();
                }
                throw th;
            }
        }

        public ListBoxModel doFillGroupIdItems(@QueryParameter boolean z, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @AncestorInPath Item item) {
            ListBoxModel listBoxModel = new ListBoxModel();
            CxShragaClient cxShragaClient = null;
            try {
                try {
                    cxShragaClient = prepareLoggedInClient(CxCredentials.resolveCred(!z, str, str2, StringEscapeUtils.escapeHtml4(getPasswordPlainText(str3)), str5, this, item));
                    for (Team team : cxShragaClient.getTeamList()) {
                        listBoxModel.add(new ListBoxModel.Option(team.getFullName(), team.getId()));
                    }
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                    return listBoxModel;
                } catch (Exception e) {
                    CxScanBuilder.serverLog.error("Failed to populate team list: " + e.toString());
                    listBoxModel.add(new ListBoxModel.Option("Provide Checkmarx server credentials to see teams list", "Provide Checkmarx server credentials to see teams list"));
                    if (cxShragaClient != null) {
                        cxShragaClient.close();
                    }
                    return listBoxModel;
                }
            } catch (Throwable th) {
                if (cxShragaClient != null) {
                    cxShragaClient.close();
                }
                throw th;
            }
        }

        public ListBoxModel doFillFailBuildOnNewSeverityItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add(new ListBoxModel.Option("High", "HIGH"));
            listBoxModel.add(new ListBoxModel.Option("Medium", "MEDIUM"));
            listBoxModel.add(new ListBoxModel.Option("Low", "LOW"));
            return listBoxModel;
        }

        public ListBoxModel doFillVulnerabilityThresholdResultItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (JobStatusOnError jobStatusOnError : JobStatusOnError.values()) {
                if (jobStatusOnError != JobStatusOnError.GLOBAL) {
                    listBoxModel.add(new ListBoxModel.Option(jobStatusOnError.getDisplayName(), jobStatusOnError.name()));
                }
            }
            return listBoxModel;
        }

        public FormValidation doCheckHighThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckMediumThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckLowThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckHighThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckMediumThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckLowThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaHighThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaMediumThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaLowThreshold(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaHighThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaMediumThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        public FormValidation doCheckOsaLowThresholdEnforcement(@QueryParameter Integer num) {
            return checkNonNegativeValue(num);
        }

        private FormValidation checkNonNegativeValue(Integer num) {
            return (num == null || num.intValue() >= 0) ? FormValidation.ok() : FormValidation.error("Number must be non-negative");
        }

        private FormValidation timeoutValid(Integer num) {
            return (num == null || num.intValue() >= 1) ? FormValidation.ok() : FormValidation.error("Number must be greater than or equal to 1");
        }

        public String getDefaultProjectName() {
            String str;
            String currentDescriptorByNameUrl = getCurrentDescriptorByNameUrl();
            try {
                str = URLDecoder.decode(currentDescriptorByNameUrl, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                str = currentDescriptorByNameUrl;
            }
            Matcher matcher = Pattern.compile("job/(.*?)(/|$)").matcher(str);
            return matcher.find() ? matcher.group(1) : "";
        }

        public String getDisplayName() {
            return "Execute Checkmarx Scan";
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            JSONObject jSONObject2 = jSONObject.getJSONObject("checkmarx");
            if (!jSONObject2.has("dependencyScanConfig")) {
                jSONObject2.put("dependencyScanConfig", (Object) null);
            }
            staplerRequest.bindJSON(this, jSONObject2);
            save();
            return super.configure(staplerRequest, jSONObject);
        }

        public JobGlobalStatusOnError getJobGlobalStatusOnError() {
            return this.jobGlobalStatusOnError;
        }

        public void setJobGlobalStatusOnError(JobGlobalStatusOnError jobGlobalStatusOnError) {
            this.jobGlobalStatusOnError = null == jobGlobalStatusOnError ? JobGlobalStatusOnError.FAILURE : jobGlobalStatusOnError;
        }

        public JobGlobalStatusOnError getJobGlobalStatusOnThresholdViolation() {
            return this.jobGlobalStatusOnThresholdViolation;
        }

        public void setJobGlobalStatusOnThresholdViolation(JobGlobalStatusOnError jobGlobalStatusOnError) {
            this.jobGlobalStatusOnThresholdViolation = jobGlobalStatusOnError;
        }

        public boolean isLockVulnerabilitySettings() {
            return this.lockVulnerabilitySettings;
        }

        public void setLockVulnerabilitySettings(boolean z) {
            this.lockVulnerabilitySettings = z;
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return getCredentialList(item, str);
        }

        public ListBoxModel doFillScaCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return getCredentialList(item, str);
        }

        private ListBoxModel getCredentialList(Item item, String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            if (item == null) {
                if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.add(str);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.add(str);
            }
            return standardListBoxModel.withEmptySelection().withAll(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, item, (Authentication) null, Collections.emptyList())).withMatching(CredentialsMatchers.withId(str), new StandardCredentials[0]);
        }

        public boolean isOldCredentials() {
            return StringUtils.isEmpty(this.credentialsId) && !(this.username == null && this.password == null);
        }

        public DependencyScanConfig getDependencyScanConfig() {
            return this.dependencyScanConfig;
        }

        @DataBoundSetter
        public void setDependencyScanConfig(DependencyScanConfig dependencyScanConfig) {
            this.dependencyScanConfig = dependencyScanConfig;
        }
    }

    @DataBoundConstructor
    public CxScanBuilder(boolean z, @Nullable String str, @Nullable String str2, @Nullable String str3, String str4, String str5, long j, String str6, @Nullable String str7, @Nullable String str8, Boolean bool, @Nullable String str9, JobStatusOnError jobStatusOnError, boolean z2, String str10, @Nullable String str11, @Nullable String str12, boolean z3, boolean z4, int i, @Nullable String str13, @Nullable String str14, boolean z5, boolean z6, boolean z7, @Nullable Integer num, @Nullable Integer num2, @Nullable Integer num3, boolean z8, String str15, @Nullable Integer num4, @Nullable Integer num5, @Nullable Integer num6, boolean z9, boolean z10, String str16, String str17, boolean z11, Boolean bool2) {
        this.sastEnabled = true;
        this.globalExclusions = true;
        this.generateXmlReport = true;
        this.useOwnServerCredentials = z;
        this.serverUrl = str;
        this.username = str2;
        this.password = Secret.fromString(str3).getEncryptedValue();
        this.credentialsId = str4;
        this.projectName = str5 == null ? str6 : str5;
        this.projectId = j;
        this.groupId = (str7 == null || str7.startsWith("Provide Checkmarx")) ? null : str7;
        this.teamPath = str8;
        this.sastEnabled = bool;
        this.preset = (str9 == null || str9.startsWith("Provide Checkmarx")) ? null : str9;
        this.jobStatusOnError = jobStatusOnError;
        this.presetSpecified = z2;
        this.exclusionsSetting = str10;
        this.globalExclusions = "global".equals(str10);
        this.excludeFolders = str11;
        this.filterPattern = str12;
        this.incremental = z3;
        this.fullScansScheduled = z4;
        this.fullScanCycle = i;
        this.sourceEncoding = str13;
        this.comment = str14;
        this.skipSCMTriggers = z5;
        this.waitForResultsEnabled = z6;
        this.vulnerabilityThresholdEnabled = z7;
        this.highThreshold = num;
        this.mediumThreshold = num2;
        this.lowThreshold = num3;
        this.failBuildOnNewResults = z8;
        this.failBuildOnNewSeverity = str15;
        this.osaHighThreshold = num4;
        this.osaMediumThreshold = num5;
        this.osaLowThreshold = num6;
        this.generatePdfReport = z9;
        this.enableProjectPolicyEnforcement = z10;
        this.thresholdSettings = str16;
        if (str17 != null) {
            this.vulnerabilityThresholdResult = Result.fromString(str17);
        }
        this.avoidDuplicateProjectScans = z11;
        this.generateXmlReport = Boolean.valueOf(bool2 == null ? true : bool2.booleanValue());
    }

    public boolean isUseOwnServerCredentials() {
        return this.useOwnServerCredentials;
    }

    @Nullable
    public String getServerUrl() {
        return this.serverUrl;
    }

    @Nullable
    public String getUsername() {
        return this.username;
    }

    @Nullable
    public String getPassword() {
        return this.password;
    }

    @Nullable
    public String getPasswordPlainText() {
        return Secret.fromString(this.password).getPlainText();
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    @Nullable
    public String getProjectName() {
        return this.projectName;
    }

    @Nullable
    public String getBuildStep() {
        return null;
    }

    @Nullable
    public String getGroupId() {
        return this.groupId;
    }

    @Nullable
    public String getTeamPath() {
        return this.teamPath;
    }

    public Boolean getSastEnabled() {
        return this.sastEnabled;
    }

    public void setSastEnabled(Boolean bool) {
        this.sastEnabled = bool;
    }

    @Nullable
    public String getPreset() {
        return this.preset;
    }

    public boolean isPresetSpecified() {
        return this.presetSpecified;
    }

    public boolean isGlobalExclusions() {
        return this.globalExclusions;
    }

    public void setGlobalExclusions(boolean z) {
        this.globalExclusions = z;
    }

    public String getExclusionsSetting() {
        return this.exclusionsSetting;
    }

    public void setExclusionsSetting(String str) {
        this.exclusionsSetting = str;
    }

    @Nullable
    public String getExcludeFolders() {
        return this.excludeFolders;
    }

    @Nullable
    public String getFilterPattern() {
        return this.filterPattern;
    }

    public boolean isIncremental() {
        return this.incremental;
    }

    public boolean isFullScansScheduled() {
        return this.fullScansScheduled;
    }

    public int getFullScanCycle() {
        return this.fullScanCycle;
    }

    @Nullable
    public String getSourceEncoding() {
        return this.sourceEncoding;
    }

    @Nullable
    public String getComment() {
        return this.comment;
    }

    public JobStatusOnError getJobStatusOnError() {
        return null == this.jobStatusOnError ? JobStatusOnError.GLOBAL : this.jobStatusOnError;
    }

    public boolean isSkipSCMTriggers() {
        return this.skipSCMTriggers;
    }

    public boolean isWaitForResultsEnabled() {
        return this.waitForResultsEnabled;
    }

    public boolean isVulnerabilityThresholdEnabled() {
        return this.vulnerabilityThresholdEnabled;
    }

    public Integer getHighThreshold() {
        return this.highThreshold;
    }

    public Integer getMediumThreshold() {
        return this.mediumThreshold;
    }

    public Integer getLowThreshold() {
        return this.lowThreshold;
    }

    public String getFailBuildOnNewSeverity() {
        return this.failBuildOnNewSeverity;
    }

    public void setFailBuildOnNewSeverity(String str) {
        this.failBuildOnNewSeverity = str;
    }

    public boolean isFailBuildOnNewResults() {
        return this.failBuildOnNewResults;
    }

    public void setFailBuildOnNewResults(boolean z) {
        this.failBuildOnNewResults = z;
    }

    public boolean isOsaEnabled() {
        return this.osaEnabled;
    }

    @Nullable
    public Integer getOsaHighThreshold() {
        return this.osaHighThreshold;
    }

    @DataBoundSetter
    public void setOsaHighThreshold(Integer num) {
        this.osaHighThreshold = num;
    }

    @Nullable
    public Integer getOsaMediumThreshold() {
        return this.osaMediumThreshold;
    }

    @DataBoundSetter
    public void setOsaMediumThreshold(Integer num) {
        this.osaMediumThreshold = num;
    }

    @Nullable
    public Integer getOsaLowThreshold() {
        return this.osaLowThreshold;
    }

    @DataBoundSetter
    public void setOsaLowThreshold(Integer num) {
        this.osaLowThreshold = num;
    }

    @Nullable
    public String getExcludeOpenSourceFolders() {
        return this.excludeOpenSourceFolders;
    }

    @Nullable
    public String getIncludeOpenSourceFolders() {
        return this.includeOpenSourceFolders;
    }

    @Nullable
    public String getOsaArchiveIncludePatterns() {
        return this.osaArchiveIncludePatterns;
    }

    @Nullable
    public boolean isOsaInstallBeforeScan() {
        return this.osaInstallBeforeScan;
    }

    public boolean isGeneratePdfReport() {
        return this.generatePdfReport;
    }

    public boolean isEnableProjectPolicyEnforcement() {
        return this.enableProjectPolicyEnforcement;
    }

    public boolean isAvoidDuplicateProjectScans() {
        return this.avoidDuplicateProjectScans;
    }

    public Boolean getGenerateXmlReport() {
        return this.generateXmlReport;
    }

    @DataBoundSetter
    public void setThresholdSettings(String str) {
        this.thresholdSettings = str;
    }

    public String getThresholdSettings() {
        return this.thresholdSettings;
    }

    @DataBoundSetter
    public void setVulnerabilityThresholdResult(String str) {
        if (str != null) {
            this.vulnerabilityThresholdResult = Result.fromString(str);
        }
    }

    public String getVulnerabilityThresholdResult() {
        if (this.vulnerabilityThresholdResult != null) {
            return this.vulnerabilityThresholdResult.toString();
        }
        return null;
    }

    @DataBoundSetter
    public void setUseOwnServerCredentials(boolean z) {
        this.useOwnServerCredentials = z;
    }

    @DataBoundSetter
    public void setServerUrl(@Nullable String str) {
        this.serverUrl = str;
    }

    @DataBoundSetter
    public void setUsername(@Nullable String str) {
        this.username = str;
    }

    @DataBoundSetter
    public void setPassword(@Nullable String str) {
        this.password = str;
    }

    @DataBoundSetter
    public void setProjectName(@Nullable String str) {
        this.projectName = str;
    }

    @DataBoundSetter
    public void setPreset(@Nullable String str) {
        this.preset = str;
    }

    @DataBoundSetter
    public void setPresetSpecified(boolean z) {
        this.presetSpecified = z;
    }

    @DataBoundSetter
    public void setExcludeFolders(@Nullable String str) {
        this.excludeFolders = str;
    }

    @DataBoundSetter
    public void setFilterPattern(@Nullable String str) {
        this.filterPattern = str;
    }

    @DataBoundSetter
    public void setIncremental(boolean z) {
        this.incremental = z;
    }

    @DataBoundSetter
    public void setFullScansScheduled(boolean z) {
        this.fullScansScheduled = z;
    }

    @DataBoundSetter
    public void setFullScanCycle(int i) {
        this.fullScanCycle = i;
    }

    @DataBoundSetter
    public void setThisBuildIncremental(boolean z) {
        this.isThisBuildIncremental = z;
    }

    @DataBoundSetter
    public void setSourceEncoding(@Nullable String str) {
        this.sourceEncoding = str;
    }

    @DataBoundSetter
    public void setComment(@Nullable String str) {
        this.comment = str;
    }

    @DataBoundSetter
    public void setSkipSCMTriggers(boolean z) {
        this.skipSCMTriggers = z;
    }

    @DataBoundSetter
    public void setWaitForResultsEnabled(boolean z) {
        this.waitForResultsEnabled = z;
    }

    @DataBoundSetter
    public void setVulnerabilityThresholdEnabled(boolean z) {
        this.vulnerabilityThresholdEnabled = z;
    }

    @DataBoundSetter
    public void setHighThreshold(@Nullable Integer num) {
        this.highThreshold = num;
    }

    @DataBoundSetter
    public void setMediumThreshold(@Nullable Integer num) {
        this.mediumThreshold = num;
    }

    @DataBoundSetter
    public void setLowThreshold(@Nullable Integer num) {
        this.lowThreshold = num;
    }

    @DataBoundSetter
    public void setGeneratePdfReport(boolean z) {
        this.generatePdfReport = z;
    }

    @DataBoundSetter
    public void setEnableProjectPolicyEnforcement(boolean z) {
        this.enableProjectPolicyEnforcement = z;
    }

    @DataBoundSetter
    public void setJobStatusOnError(JobStatusOnError jobStatusOnError) {
        this.jobStatusOnError = jobStatusOnError;
    }

    @DataBoundSetter
    public void setAvoidDuplicateProjectScans(boolean z) {
        this.avoidDuplicateProjectScans = z;
    }

    @DataBoundSetter
    public void setGenerateXmlReport(Boolean bool) {
        this.generateXmlReport = bool;
    }

    @DataBoundSetter
    public void setProjectId(long j) {
        this.projectId = j;
    }

    public long getProjectId() {
        return this.projectId;
    }

    public boolean isThisBuildIncremental() {
        return this.isThisBuildIncremental;
    }

    @DataBoundSetter
    public void setGroupId(@Nullable String str) {
        this.groupId = str;
    }

    public DependencyScanConfig getDependencyScanConfig() {
        return this.dependencyScanConfig;
    }

    @DataBoundSetter
    public void setDependencyScanConfig(DependencyScanConfig dependencyScanConfig) {
        this.dependencyScanConfig = dependencyScanConfig;
    }

    public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath filePath, @Nonnull Launcher launcher, @Nonnull TaskListener taskListener) throws InterruptedException, IOException {
        this.log = new CxLoggerAdapter(taskListener.getLogger());
        if ((this.sastEnabled == null || this.sastEnabled.booleanValue()) && isSkipScan(run)) {
            this.log.info("Checkmarx scan skipped since the build was triggered by SCM. Visit plugin configuration page to disable this skip.");
            return;
        }
        CxScanConfig resolveConfiguration = resolveConfiguration(run, m5getDescriptor(), run.getEnvironment(taskListener), this.log);
        printConfiguration(resolveConfiguration, this.log);
        if (!resolveConfiguration.getSastEnabled().booleanValue() && resolveConfiguration.getDependencyScannerType() == DependencyScannerType.NONE) {
            this.log.error("Both SAST and dependency scan are disabled. Exiting.");
            run.setResult(Result.FAILURE);
            return;
        }
        RemoteScanInfo remoteScanInfo = (RemoteScanInfo) filePath.act(new CxScanCallable(resolveConfiguration, taskListener));
        ScanResults scanResults = remoteScanInfo.getScanResults();
        resolveConfiguration.setCxARMUrl(remoteScanInfo.getCxARMUrl());
        CxScanResult cxScanResult = new CxScanResult(run, resolveConfiguration);
        File file = new File(run.getRootDir(), "checkmarx");
        file.mkdir();
        if (resolveConfiguration.getGeneratePDFReport().booleanValue()) {
            String rootUrl = Jenkins.getInstance().getRootUrl();
            String path = StringUtils.isNotEmpty(rootUrl) ? new URL(rootUrl).getPath() : "";
            if (path.equals("/")) {
                scanResults.getSastResults().setSastPDFLink(String.format(PDF_URL_TEMPLATE, run.getUrl()));
            } else {
                scanResults.getSastResults().setSastPDFLink(Paths.get(path, run.getUrl(), PDF_URL).toString());
            }
        }
        failTheBuild(run, resolveConfiguration, scanResults);
        if (!resolveConfiguration.getSynchronous().booleanValue()) {
            cxScanResult.setHtmlReportName(generateHTMLReport(filePath, file, resolveConfiguration, scanResults));
            run.addAction(cxScanResult);
            return;
        }
        cxScanResult.setHtmlReportName(generateHTMLReport(filePath, file, resolveConfiguration, scanResults));
        run.addAction(cxScanResult);
        SASTResults sastResults = scanResults.getSastResults();
        if (sastResults.isSastResultsReady()) {
            if (resolveConfiguration.getGenerateXmlReport() == null || resolveConfiguration.getGenerateXmlReport().booleanValue()) {
                createSastReports(sastResults, file, filePath);
            }
            addEnvVarAction(run, sastResults);
            cxScanResult.setSastResults(sastResults);
        }
        DependencyScanResults dependencyScanResults = scanResults.getDependencyScanResults();
        if (dependencyScanResults != null && dependencyScanResults.getOsaResults() != null && dependencyScanResults.getOsaResults().isOsaResultsReady()) {
            createOsaReports(dependencyScanResults.getOsaResults(), file);
        } else {
            if (dependencyScanResults == null || dependencyScanResults.getScaResults() == null || !dependencyScanResults.getScaResults().isScaResultReady()) {
                return;
            }
            createScaReports(dependencyScanResults.getScaResults(), file);
        }
    }

    private void createScaReports(SCAResults sCAResults, File file) {
        writeJsonObjectToFile(sCAResults.getSummary(), new File(file, SCA_SUMMERY_JSON), "OSA summary json report");
        writeJsonObjectToFile(sCAResults.getPackages(), new File(file, SCA_LIBRARIES_JSON), "OSA libraries json report");
        writeJsonObjectToFile(sCAResults.getFindings(), new File(file, SCA_VULNERABILITIES_JSON), "OSA vulnerabilities json report");
    }

    private CxScanConfig resolveConfiguration(Run<?, ?> run, DescriptorImpl descriptorImpl, EnvVars envVars, CxLoggerAdapter cxLoggerAdapter) {
        CxScanConfig cxScanConfig = new CxScanConfig();
        cxScanConfig.setCxOrigin(REQUEST_ORIGIN);
        cxScanConfig.setDisableCertificateValidation(!descriptorImpl.isEnableCertificateValidation());
        cxScanConfig.setProxyConfig(ProxyHelper.getProxyConfig());
        cxScanConfig.setMvnPath(descriptorImpl.getMvnPath());
        CxCredentials resolveCred = CxCredentials.resolveCred(this, descriptorImpl, run);
        cxScanConfig.setUrl(resolveCred.getServerUrl().trim());
        cxScanConfig.setUsername(resolveCred.getUsername());
        cxScanConfig.setPassword(Aes.decrypt(resolveCred.getPassword(), resolveCred.getUsername()));
        cxScanConfig.setProjectName(envVars.expand(this.projectName.trim()));
        cxScanConfig.setTeamPath(this.teamPath);
        cxScanConfig.setTeamId(this.groupId);
        cxScanConfig.setSynchronous(Boolean.valueOf(!(!isWaitForResultsEnabled() && (!descriptorImpl.isForcingVulnerabilityThresholdEnabled() || !descriptorImpl.isLockVulnerabilitySettings()))));
        cxScanConfig.setDenyProject(Boolean.valueOf(descriptorImpl.isProhibitProjectCreation()));
        cxScanConfig.setSastEnabled(Boolean.valueOf(this.sastEnabled == null || this.sastEnabled.booleanValue()));
        if (cxScanConfig.getSastEnabled() != null && cxScanConfig.getSastEnabled().booleanValue()) {
            cxScanConfig.setPresetId(Integer.valueOf(parseInt(this.preset, cxLoggerAdapter, "Invalid presetId: [%s]. Using default preset.", 0)));
            String excludeFolders = isGlobalExclusions() ? descriptorImpl.getExcludeFolders() : getExcludeFolders();
            String filterPattern = isGlobalExclusions() ? descriptorImpl.getFilterPattern() : getFilterPattern();
            cxScanConfig.setSastFolderExclusions(envVars.expand(excludeFolders));
            cxScanConfig.setSastFilterPattern(envVars.expand(filterPattern));
            if (descriptorImpl.getScanTimeOutEnabled() && descriptorImpl.getScanTimeoutDuration() != null && descriptorImpl.getScanTimeoutDuration().intValue() > 0) {
                cxScanConfig.setSastScanTimeoutInMinutes(descriptorImpl.getScanTimeoutDuration());
            }
            cxScanConfig.setScanComment(envVars.expand(this.comment));
            cxScanConfig.setIncremental(Boolean.valueOf(isThisBuildIncremental(run.getNumber())));
            cxScanConfig.setGeneratePDFReport(Boolean.valueOf(this.generatePdfReport));
            cxScanConfig.setEngineConfigurationId(Integer.valueOf(parseInt(this.sourceEncoding, cxLoggerAdapter, "Invalid source encoding (configuration) value: [%s]. Using default configuration.", 1)));
            cxScanConfig.setAvoidDuplicateProjectScans(Boolean.valueOf(this.avoidDuplicateProjectScans));
            cxScanConfig.setGenerateXmlReport(this.generateXmlReport);
            boolean shouldUseGlobalThreshold = shouldUseGlobalThreshold();
            boolean shouldUseJobThreshold = shouldUseJobThreshold();
            cxScanConfig.setSastThresholdsEnabled(Boolean.valueOf(shouldUseGlobalThreshold || shouldUseJobThreshold));
            if (shouldUseGlobalThreshold) {
                cxScanConfig.setSastHighThreshold(descriptorImpl.getHighThresholdEnforcement());
                cxScanConfig.setSastMediumThreshold(descriptorImpl.getMediumThresholdEnforcement());
                cxScanConfig.setSastLowThreshold(descriptorImpl.getLowThresholdEnforcement());
                this.resolvedVulnerabilityThresholdResult = Result.fromString(descriptorImpl.getJobGlobalStatusOnThresholdViolation().name());
            } else if (shouldUseJobThreshold) {
                cxScanConfig.setSastHighThreshold(getHighThreshold());
                cxScanConfig.setSastMediumThreshold(getMediumThreshold());
                cxScanConfig.setSastLowThreshold(getLowThreshold());
                cxScanConfig.setSastNewResultsThresholdEnabled(Boolean.valueOf(this.failBuildOnNewResults));
                cxScanConfig.setSastNewResultsThresholdSeverity(this.failBuildOnNewSeverity);
                this.resolvedVulnerabilityThresholdResult = this.vulnerabilityThresholdResult;
            }
        }
        configureDependencyScan(run, descriptorImpl, envVars, cxScanConfig);
        if (!cxScanConfig.getSynchronous().booleanValue()) {
            this.enableProjectPolicyEnforcement = false;
        }
        cxScanConfig.setEnablePolicyViolations(this.enableProjectPolicyEnforcement);
        return cxScanConfig;
    }

    private void configureDependencyScan(Run<?, ?> run, DescriptorImpl descriptorImpl, EnvVars envVars, CxScanConfig cxScanConfig) {
        DependencyScanConfig dependencyScanConfig;
        if (!(this.dependencyScanConfig != null)) {
            cxScanConfig.setDependencyScannerType(DependencyScannerType.NONE);
            return;
        }
        if (this.dependencyScanConfig.overrideGlobalConfig) {
            this.log.info("Using job-specific dependency scan configuration.");
            dependencyScanConfig = this.dependencyScanConfig;
        } else {
            this.log.info("Using globally defined dependency scan configuration.");
            dependencyScanConfig = descriptorImpl.getDependencyScanConfig();
        }
        if (dependencyScanConfig == null) {
            cxScanConfig.setDependencyScannerType(DependencyScannerType.NONE);
            return;
        }
        cxScanConfig.setDependencyScannerType(dependencyScanConfig.dependencyScannerType);
        cxScanConfig.setOsaFilterPattern(envVars.expand(dependencyScanConfig.dependencyScanPatterns));
        cxScanConfig.setOsaFolderExclusions(envVars.expand(dependencyScanConfig.dependencyScanExcludeFolders));
        boolean shouldUseGlobalThreshold = shouldUseGlobalThreshold();
        boolean shouldUseJobThreshold = shouldUseJobThreshold();
        cxScanConfig.setOsaThresholdsEnabled(Boolean.valueOf(shouldUseGlobalThreshold || shouldUseJobThreshold));
        if (shouldUseGlobalThreshold) {
            cxScanConfig.setOsaHighThreshold(descriptorImpl.getOsaHighThresholdEnforcement());
            cxScanConfig.setOsaMediumThreshold(descriptorImpl.getOsaMediumThresholdEnforcement());
            cxScanConfig.setOsaLowThreshold(descriptorImpl.getOsaLowThresholdEnforcement());
        } else if (shouldUseJobThreshold) {
            cxScanConfig.setOsaHighThreshold(getOsaHighThreshold());
            cxScanConfig.setOsaMediumThreshold(getOsaMediumThreshold());
            cxScanConfig.setOsaLowThreshold(getOsaLowThreshold());
        }
        if (cxScanConfig.getDependencyScannerType() == DependencyScannerType.OSA) {
            cxScanConfig.setOsaArchiveIncludePatterns(dependencyScanConfig.osaArchiveIncludePatterns.trim());
            cxScanConfig.setOsaRunInstall(Boolean.valueOf(dependencyScanConfig.osaInstallBeforeScan));
        } else if (cxScanConfig.getDependencyScannerType() == DependencyScannerType.SCA) {
            cxScanConfig.setScaConfig(getScaConfig(run, dependencyScanConfig));
        }
    }

    private SCAConfig getScaConfig(Run<?, ?> run, DependencyScanConfig dependencyScanConfig) {
        SCAConfig sCAConfig = new SCAConfig();
        sCAConfig.setApiUrl(dependencyScanConfig.scaServerUrl);
        sCAConfig.setAccessControlUrl(dependencyScanConfig.scaAccessControlUrl);
        sCAConfig.setWebAppUrl(dependencyScanConfig.scaWebAppUrl);
        sCAConfig.setTenant(dependencyScanConfig.scaTenant);
        UsernamePasswordCredentials credentialsById = CxCredentials.getCredentialsById(dependencyScanConfig.scaCredentialsId, run);
        if (credentialsById != null) {
            sCAConfig.setUsername(credentialsById.getUsername());
            sCAConfig.setPassword(credentialsById.getPassword().getPlainText());
        } else {
            this.log.warn("CxSCA credentials are not specified.");
        }
        return sCAConfig;
    }

    private void printConfiguration(CxScanConfig cxScanConfig, CxLoggerAdapter cxLoggerAdapter) {
        cxLoggerAdapter.info("---------------------------------------Configurations:------------------------------------");
        cxLoggerAdapter.info("plugin version: {0} ", CxConfig.version());
        cxLoggerAdapter.info("server url: " + cxScanConfig.getUrl());
        cxLoggerAdapter.info("username: " + cxScanConfig.getUsername());
        cxLoggerAdapter.info("project name: " + cxScanConfig.getProjectName());
        cxLoggerAdapter.info("team id: " + cxScanConfig.getTeamId());
        cxLoggerAdapter.info("is synchronous mode: " + cxScanConfig.getSynchronous());
        cxLoggerAdapter.info("deny new project creation: " + cxScanConfig.getDenyProject());
        cxLoggerAdapter.info("SAST scan enabled: " + cxScanConfig.getSastEnabled());
        cxLoggerAdapter.info("avoid duplicated projects scans: " + cxScanConfig.isAvoidDuplicateProjectScans());
        cxLoggerAdapter.info("enable Project Policy Enforcement: " + cxScanConfig.getEnablePolicyViolations());
        cxLoggerAdapter.info("Dependency scanner type: " + cxScanConfig.getDependencyScannerType());
        if (cxScanConfig.getSastEnabled().booleanValue()) {
            cxLoggerAdapter.info("preset id: " + cxScanConfig.getPresetId());
            cxLoggerAdapter.info("SAST folder exclusions: " + cxScanConfig.getSastFolderExclusions());
            cxLoggerAdapter.info("SAST filter pattern: " + cxScanConfig.getSastFilterPattern());
            cxLoggerAdapter.info("SAST timeout: " + cxScanConfig.getSastScanTimeoutInMinutes());
            cxLoggerAdapter.info("SAST scan comment: " + cxScanConfig.getScanComment());
            cxLoggerAdapter.info("is incremental scan: " + cxScanConfig.getIncremental());
            cxLoggerAdapter.info("is generate full XML report: " + cxScanConfig.getGenerateXmlReport());
            cxLoggerAdapter.info("is generate pfd report: " + cxScanConfig.getGeneratePDFReport());
            cxLoggerAdapter.info("source code encoding id: " + cxScanConfig.getEngineConfigurationId());
            cxLoggerAdapter.info("SAST thresholds enabled: " + cxScanConfig.getSastThresholdsEnabled());
            if (cxScanConfig.getSastThresholdsEnabled().booleanValue()) {
                cxLoggerAdapter.info("SAST high threshold: " + cxScanConfig.getSastHighThreshold());
                cxLoggerAdapter.info("SAST medium threshold: " + cxScanConfig.getSastMediumThreshold());
                cxLoggerAdapter.info("SAST low threshold: " + cxScanConfig.getSastLowThreshold());
            }
        }
        if (cxScanConfig.getDependencyScannerType() != DependencyScannerType.NONE) {
            cxLoggerAdapter.info("Dependency scan configuration:");
            cxLoggerAdapter.info("  folder exclusions: " + cxScanConfig.getOsaFolderExclusions());
            cxLoggerAdapter.info("  filter patterns: " + cxScanConfig.getOsaFilterPattern());
            cxLoggerAdapter.info("  thresholds enabled: " + cxScanConfig.getOsaThresholdsEnabled());
            if (cxScanConfig.getOsaThresholdsEnabled().booleanValue()) {
                cxLoggerAdapter.info("  high threshold: " + cxScanConfig.getOsaHighThreshold());
                cxLoggerAdapter.info("  medium threshold: " + cxScanConfig.getOsaMediumThreshold());
                cxLoggerAdapter.info("  low threshold: " + cxScanConfig.getOsaLowThreshold());
            }
            if (cxScanConfig.getDependencyScannerType() == DependencyScannerType.OSA) {
                cxLoggerAdapter.info("  OSA archive includes: " + cxScanConfig.getOsaArchiveIncludePatterns());
                cxLoggerAdapter.info("  OSA run Execute dependency managers install packages command before Scan: " + cxScanConfig.getOsaRunInstall());
            }
        }
        ProxyConfig proxyConfig = cxScanConfig.getProxyConfig();
        if (proxyConfig != null) {
            cxLoggerAdapter.info("Proxy configuration:");
            cxLoggerAdapter.info("  host: " + proxyConfig.getHost());
            cxLoggerAdapter.info("  port: " + proxyConfig.getPort());
            cxLoggerAdapter.info("  user: " + proxyConfig.getUsername());
            cxLoggerAdapter.info("  password: *************");
        } else {
            cxLoggerAdapter.info("Proxy: not set");
        }
        cxLoggerAdapter.info("------------------------------------------------------------------------------------------");
    }

    private void createSastReports(SASTResults sASTResults, File file, @Nonnull FilePath filePath) {
        File file2 = new File(file, SCAN_REPORT_XML);
        try {
            FileUtils.writeByteArrayToFile(file2, sASTResults.getRawXMLReport());
            writeFileToWorkspaceReports(filePath, file2);
        } catch (IOException e) {
            this.log.warn("Failed to write SAST XML report to workspace: " + e.getMessage());
        }
        if (sASTResults.getPDFReport() != null) {
            try {
                FileUtils.writeByteArrayToFile(new File(file, CxScanResult.PDF_REPORT_NAME), sASTResults.getPDFReport());
            } catch (IOException e2) {
                this.log.warn("Failed to write SAST PDF report to workspace: " + e2.getMessage());
            }
        }
    }

    private void createOsaReports(OSAResults oSAResults, File file) {
        writeJsonObjectToFile(oSAResults.getResults(), new File(file, OSA_SUMMERY_JSON), "OSA summery json report");
        writeJsonObjectToFile(oSAResults.getOsaLibraries(), new File(file, OSA_LIBRARIES_JSON), "OSA libraries json report");
        writeJsonObjectToFile(oSAResults.getOsaVulnerabilities(), new File(file, OSA_VULNERABILITIES_JSON), "OSA vulnerabilities json report");
    }

    private String generateHTMLReport(@Nonnull FilePath filePath, File file, CxScanConfig cxScanConfig, ScanResults scanResults) {
        String str = null;
        try {
            String generateSummary = SummaryUtils.generateSummary(scanResults.getSastResults(), scanResults.getDependencyScanResults(), cxScanConfig);
            str = CxScanResult.resolveHTMLReportName(cxScanConfig.getSastEnabled().booleanValue(), cxScanConfig.getDependencyScannerType());
            File file2 = new File(file, str);
            FileUtils.writeStringToFile(file2, generateSummary, Charset.defaultCharset());
            writeFileToWorkspaceReports(filePath, file2);
        } catch (IOException | TemplateException e) {
            this.log.error("Failed to generate HTML report.", (Throwable) e);
        }
        return str;
    }

    private void writeJsonObjectToFile(Object obj, File file, String str) {
        try {
            FileUtils.writeStringToFile(file, new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(obj));
            this.log.info("Copying file [" + file.getName() + "] to workspace [" + file.getAbsolutePath() + "]");
        } catch (Exception e) {
            this.log.error("Failed to write " + str + " to [" + file.getAbsolutePath() + "]");
        }
    }

    private void failTheBuild(Run<?, ?> run, CxScanConfig cxScanConfig, ScanResults scanResults) {
        ScanSummary scanSummary = new ScanSummary(cxScanConfig, scanResults);
        if (!scanSummary.hasErrors() && scanResults.getSastCreateException() == null && scanResults.getSastWaitException() == null && scanResults.getOsaCreateException() == null && scanResults.getOsaWaitException() == null && scanResults.getGeneralException() == null) {
            return;
        }
        printBuildFailure(scanSummary.toString(), scanResults, this.log);
        if (this.resolvedVulnerabilityThresholdResult != null) {
            run.setResult(this.resolvedVulnerabilityThresholdResult);
        }
        if (useUnstableOnError(m5getDescriptor())) {
            run.setResult(Result.UNSTABLE);
        } else {
            run.setResult(Result.FAILURE);
        }
    }

    private void printBuildFailure(String str, ScanResults scanResults, CxLoggerAdapter cxLoggerAdapter) {
        cxLoggerAdapter.error("********************************************");
        cxLoggerAdapter.error(" The Build Failed for the Following Reasons: ");
        cxLoggerAdapter.error("********************************************");
        logError(scanResults.getGeneralException());
        logError(scanResults.getSastCreateException());
        logError(scanResults.getSastWaitException());
        logError(scanResults.getOsaCreateException());
        logError(scanResults.getOsaWaitException());
        if (str != null) {
            for (String str2 : str.split("\\n")) {
                cxLoggerAdapter.error(str2);
            }
        }
        cxLoggerAdapter.error("-----------------------------------------------------------------------------------------\n");
        cxLoggerAdapter.error("");
    }

    private void logError(Exception exc) {
        if (exc != null) {
            this.log.error(exc.getMessage());
        }
    }

    private void addEnvVarAction(Run<?, ?> run, SASTResults sASTResults) {
        EnvVarAction envVarAction = new EnvVarAction();
        envVarAction.setCxSastResults(sASTResults.getHigh(), sASTResults.getMedium(), sASTResults.getLow(), sASTResults.getInformation());
        run.addAction(envVarAction);
    }

    private int parseInt(String str, CxLoggerAdapter cxLoggerAdapter, String str2, int i) {
        int i2 = i;
        try {
            i2 = Integer.parseInt(str);
        } catch (Exception e) {
            cxLoggerAdapter.warn(String.format(str2, str));
        }
        return i2;
    }

    private void writeFileToWorkspaceReports(FilePath filePath, File file) {
        FileInputStream fileInputStream = null;
        try {
            try {
                String str = (filePath.getRemote() + "/" + REPORTS_FOLDER) + "/" + file.getName();
                this.log.info("Copying file [%s] to workspace [%s]", file.getName(), str);
                FilePath filePath2 = new FilePath(filePath.getChannel(), str);
                fileInputStream = new FileInputStream(file);
                filePath2.copyFrom(fileInputStream);
                IOUtils.closeQuietly(fileInputStream);
            } catch (Exception e) {
                this.log.warn("Failed to write file [" + file.getName() + "] to workspace: " + e.getMessage());
                IOUtils.closeQuietly(fileInputStream);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileInputStream);
            throw th;
        }
    }

    private boolean shouldUseGlobalThreshold() {
        DescriptorImpl m5getDescriptor = m5getDescriptor();
        return (m5getDescriptor.isForcingVulnerabilityThresholdEnabled() && m5getDescriptor.isLockVulnerabilitySettings()) || (isVulnerabilityThresholdEnabled() && "global".equals(getThresholdSettings()) && m5getDescriptor.isForcingVulnerabilityThresholdEnabled());
    }

    private boolean shouldUseJobThreshold() {
        DescriptorImpl m5getDescriptor = m5getDescriptor();
        return !(m5getDescriptor.isForcingVulnerabilityThresholdEnabled() && m5getDescriptor.isLockVulnerabilitySettings()) && isVulnerabilityThresholdEnabled();
    }

    private boolean useUnstableOnError(DescriptorImpl descriptorImpl) {
        return JobStatusOnError.UNSTABLE.equals(getJobStatusOnError()) || (JobStatusOnError.GLOBAL.equals(getJobStatusOnError()) && JobGlobalStatusOnError.UNSTABLE.equals(descriptorImpl.getJobGlobalStatusOnError()));
    }

    private boolean isThisBuildIncremental(int i) {
        if (!isIncremental()) {
            return false;
        }
        if (isFullScansScheduled() && this.fullScanCycle >= 1 && this.fullScanCycle <= 99) {
            return !(i % (this.fullScanCycle + 1) == 1);
        }
        return true;
    }

    private boolean isSkipScan(Run<?, ?> run) {
        if (!isSkipSCMTriggers()) {
            return false;
        }
        List<Cause> causes = run.getCauses();
        LinkedList linkedList = new LinkedList();
        for (Cause cause : causes) {
            if (!(cause instanceof SCMTrigger.SCMTriggerCause)) {
                linkedList.add(cause);
            }
        }
        return linkedList.isEmpty();
    }

    protected Object readResolve() {
        new PluginDataMigration(serverLog).migrate(this);
        return this;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m5getDescriptor() {
        return super.getDescriptor();
    }
}
