package com.synopsys.protecode.sc.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.HostnameRequirement;
import com.synopsys.protecode.sc.jenkins.exceptions.ApiException;
import com.synopsys.protecode.sc.jenkins.exceptions.ScanException;
import com.synopsys.protecode.sc.jenkins.types.BuildVerdict;
import com.synopsys.protecode.sc.jenkins.types.FileResult;
import com.synopsys.protecode.sc.jenkins.utils.JenkinsConsoler;
import com.synopsys.protecode.sc.jenkins.utils.ReportBuilder;
import com.synopsys.protecode.sc.jenkins.utils.UtilitiesFile;
import com.synopsys.protecode.sc.jenkins.utils.UtilitiesGeneral;
import com.synopsys.protecode.sc.jenkins.utils.UtilitiesJenkins;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.ExtensionPoint;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.servlet.ServletException;
import jenkins.tasks.SimpleBuildStep;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/protecode-sc.jar:com/synopsys/protecode/sc/jenkins/ProtecodeScPlugin.class */
public class ProtecodeScPlugin extends Builder implements SimpleBuildStep {
    private String credentialsId;
    private String protecodeScGroup;
    private transient String filesToScanDirectory;
    private transient String artifactDir;
    private transient boolean leaveArtifacts;
    public static final String NO_ERROR = "";
    private JenkinsConsoler console;
    private static URL storedHost = null;
    private static boolean storedDontCheckCertificate = true;
    private static final Logger LOGGER = Logger.getLogger(ProtecodeScPlugin.class.getName());
    private ProtecodeScService service = null;
    private TaskListener buildListener = null;
    private boolean includeSubdirectories = false;
    private boolean scanOnlyArtifacts = false;
    private String directoryToScan = "";
    private String customHeader = "";
    private String pattern = "";
    private String protecodeScanName = "";
    private boolean convertToSummary = false;
    private boolean failIfVulns = true;
    private boolean endAfterSendingFiles = false;
    private int scanTimeout = 10;
    private boolean dontZipFiles = false;

    @Extension
    @Symbol({"protecodesc"})
    /* loaded from: input_file:WEB-INF/lib/protecode-sc.jar:com/synopsys/protecode/sc/jenkins/ProtecodeScPlugin$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> implements ExtensionPoint {
        public static final int defaultTimeout = 60;
        public static final boolean defaultFailIfVulns = true;
        public static final boolean defaultEndAfterSendingFiles = false;
        public static final boolean defaultDontZipFiles = false;
        protected String protecodeScHost;
        protected boolean dontCheckCert;

        public DescriptorImpl() {
            super.load();
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            try {
                new URL(jSONObject.getString("protecodeScHost"));
                this.protecodeScHost = jSONObject.getString("protecodeScHost");
            } catch (MalformedURLException e) {
            }
            this.dontCheckCert = jSONObject.getBoolean("dontCheckCert");
            save();
            return super.configure(staplerRequest, jSONObject);
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            standardListBoxModel.withEmptySelection();
            standardListBoxModel.withMatching(CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardCredentials.class)}), CredentialsProvider.lookupCredentials(StandardCredentials.class, item, ACL.SYSTEM, new DomainRequirement[]{new HostnameRequirement(this.protecodeScHost)}));
            return standardListBoxModel;
        }

        public FormValidation doCheckProtecodeScHost(@QueryParameter String str) throws IOException, ServletException {
            try {
                this.protecodeScHost = new URL(str).toExternalForm();
                return FormValidation.ok();
            } catch (MalformedURLException e) {
                return FormValidation.error("Please provide a valid URL");
            }
        }

        public FormValidation doCheckPattern(@QueryParameter String str) {
            try {
                Pattern.compile(str);
                return FormValidation.ok();
            } catch (Exception e) {
                return FormValidation.error("Please provide a valid Java style regexp pattern or leave empty to include all files. Please see: https://docs.oracle.com/javase/8/docs/api/java/util/regex/Pattern.html");
            }
        }

        public FormValidation doCheckProtecodeScGroup(@QueryParameter String str) {
            try {
                if (str.startsWith("$")) {
                    return FormValidation.ok();
                }
                Integer.parseInt(str);
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error("Please provide a valid group. The group should be a plain number or environment variable containing a number. Not a URL or a name.");
            }
        }

        @SuppressFBWarnings({"DLS_DEAD_LOCAL_STORE"})
        public FormValidation doCheckCustomHeader(@QueryParameter String str) {
            if (str != null) {
                try {
                    if (!"".equals(str)) {
                        return FormValidation.ok();
                    }
                } catch (IOException e) {
                    return FormValidation.error("Please provide a key-value list in JSON format.");
                }
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckDirectoryToScan(@QueryParameter String str) {
            return str.startsWith("$") ? FormValidation.ok() : FormValidation.ok();
        }

        public FormValidation doCheckTimeout(@QueryParameter String str) {
            try {
                Integer.parseInt(str);
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error("Please provide a valid timeout in minutes.");
            }
        }

        public String getDisplayName() {
            return Configuration.TOOL_NAME;
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getProtecodeScHost() {
            return this.protecodeScHost;
        }

        public void setProtecodeScHost(String str) {
            this.protecodeScHost = str;
        }

        public boolean isDontCheckCert() {
            return this.dontCheckCert;
        }

        public void setDontCheckCert(boolean z) {
            this.dontCheckCert = z;
        }
    }

    @DataBoundConstructor
    public ProtecodeScPlugin(String str, String str2) {
        this.credentialsId = str;
        this.protecodeScGroup = str2;
    }

    public Object readResolve() {
        LOGGER.finer("readResolve: Initializing plugin object.");
        if (this.pattern == null) {
            this.pattern = UtilitiesFile.ALL_FILES_REGEX_STRING;
        }
        if (this.filesToScanDirectory != null && this.directoryToScan == null) {
            this.directoryToScan = this.filesToScanDirectory;
        }
        if (this.customHeader == null) {
            this.customHeader = "";
        }
        if (this.protecodeScanName == null) {
            this.protecodeScanName = "defaultbuildname";
        }
        return this;
    }

    private ProtecodeScService service(Run<?, ?> run) {
        m344getDescriptor().load();
        try {
            if (this.service == null || !m344getDescriptor().getProtecodeScHost().equals(storedHost.toExternalForm()) || m344getDescriptor().isDontCheckCert() != storedDontCheckCertificate) {
                LOGGER.finer("Making new Black Duck Binary Analysis http connection service");
                storedHost = new URL(m344getDescriptor().getProtecodeScHost());
                storedDontCheckCertificate = m344getDescriptor().isDontCheckCert();
                this.service = new ProtecodeScService(this.credentialsId, storedHost, run, !m344getDescriptor().isDontCheckCert());
            }
        } catch (MalformedURLException e) {
            LOGGER.warning("No URL given for Black Duck Binary Analysis");
            this.buildListener.error("Cannot read Black Duck Binary Analysis URL, please make sure it has been set in the Jenkins configuration page.");
        }
        return this.service;
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        LOGGER.finer("Perform() with run object");
        this.buildListener = taskListener;
        doPerform(run, filePath);
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        LOGGER.finer("Perform() with build object");
        this.buildListener = buildListener;
        return doPerform(abstractBuild, abstractBuild.getWorkspace());
    }

    public boolean doPerform(Run<?, ?> run, FilePath filePath) throws IOException, InterruptedException {
        String cleanJobName;
        Optional<List<FileResult>> doPerform;
        if (filePath == null) {
            this.buildListener.error("No executor workspace, exiting. Has the build been able to create a workspace?");
            if (this.failIfVulns) {
                throw new ScanException("No executor workspace, exiting. Has the build been able to create a workspace?");
            }
            return false;
        }
        this.console = JenkinsConsoler.getInstance();
        this.console.setStream(this.buildListener.getLogger());
        if (this.protecodeScanName == null || "".equals(this.protecodeScanName)) {
            LOGGER.info("Didn't find job name, defaulting to build id");
            cleanJobName = UtilitiesJenkins.cleanJobName(run.getExternalizableId());
        } else {
            cleanJobName = this.protecodeScanName;
        }
        this.console.start(this.failIfVulns, this.includeSubdirectories);
        BuildVerdict buildVerdict = new BuildVerdict(this.failIfVulns);
        ProtecodeScService service = service(run);
        if (service == null) {
            this.buildListener.error("Cannot connect to Black Duck Binary Analysis");
            if (this.failIfVulns) {
                throw new ApiException("Cannot connect to Black Duck Binary Analysis");
            }
            return false;
        }
        boolean z = this.dontZipFiles && !UtilitiesGeneral.isPublicHost(m344getDescriptor().getProtecodeScHost());
        if (this.dontZipFiles) {
            this.console.log("'Dont zip' is chosen, but since this build is done against a Synopsys hosted Black Duck Binary Analysis instance, this option is ignored.");
        }
        Scanner scanner = new Scanner(buildVerdict, this.protecodeScGroup, service, run, this.scanTimeout, filePath, this.buildListener, getDirectoryToScan(), this.scanOnlyArtifacts, this.includeSubdirectories, this.endAfterSendingFiles, this.pattern, cleanJobName, this.customHeader, z, this.failIfVulns);
        List<FileResult> arrayList = new ArrayList();
        try {
            doPerform = scanner.doPerform();
        } catch (IOException e) {
            this.buildListener.error("Could not send files to Black Duck Binary Analysis: " + e);
            buildVerdict.setError("Could not send files to Black Duck Binary Analysis");
            if (this.failIfVulns) {
                throw new ApiException("Could not send files to Black Duck Binary Analysis");
            }
            if (arrayList.isEmpty()) {
                return false;
            }
        } catch (InterruptedException e2) {
            this.buildListener.error("Interrupted, stopping build");
            this.console.log("Interrupted, stopping build");
            if (this.failIfVulns) {
                throw new ScanException("Interrupted, stopping build");
            }
            return false;
        }
        if (buildVerdict.getFilesFound() == 0) {
            LOGGER.info("No files found, ending Black Duck Binary Analysis phase.");
            this.console.log("No files found, ending Black Duck Binary Analysis phase.");
            return true;
        }
        if (this.endAfterSendingFiles) {
            LOGGER.info("Files sent, ending Black Duck Binary Analysis phase due to configuration.");
            this.console.log("Files sent, ending phase.");
            return true;
        }
        arrayList = doPerform.get();
        ReportBuilder.report(arrayList, this.buildListener, UtilitiesFile.reportsDirectory(run), run);
        if (this.convertToSummary) {
            this.console.log("Writing summary for summary plugin to protecodesc.xml");
            ReportBuilder.makeSummary(run, this.buildListener);
        }
        ProtecodeEvaluator.evaluate(arrayList, buildVerdict);
        boolean verdict = buildVerdict.verdict();
        if (!this.failIfVulns) {
            if (buildVerdict.verdict()) {
                this.console.log("NO vulnerabilities found.");
            } else {
                this.console.printReportString(arrayList);
                this.console.log("Vulnerabilities/errors found! Not failing build due to configuration.");
            }
            verdict = true;
        } else {
            if (!buildVerdict.verdict()) {
                this.console.printReportString(arrayList);
                this.buildListener.fatalError(buildVerdict.verdictStr());
                throw new ScanException(buildVerdict.verdictStr());
            }
            this.console.log("NO vulnerabilities found.");
        }
        this.console.log("Black Duck Binary Analysis plugin end");
        return verdict;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m344getDescriptor() {
        return super.getDescriptor();
    }

    public String getTask() {
        return Configuration.TOOL_NAME;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    @DataBoundSetter
    public void setProtecodeScGroup(String str) {
        this.protecodeScGroup = str;
    }

    @DataBoundSetter
    public void setDirectoryToScan(String str) {
        this.directoryToScan = str;
    }

    @DataBoundSetter
    public void setIncludeSubdirectories(boolean z) {
        this.includeSubdirectories = z;
    }

    @DataBoundSetter
    public void setPattern(String str) {
        this.pattern = str;
    }

    @DataBoundSetter
    public void setConvertToSummary(boolean z) {
        this.convertToSummary = z;
    }

    @DataBoundSetter
    public void setFailIfVulns(boolean z) {
        this.failIfVulns = z;
    }

    @DataBoundSetter
    public void setScanTimeout(int i) {
        this.scanTimeout = i;
    }

    @DataBoundSetter
    public void setScanOnlyArtifacts(boolean z) {
        this.scanOnlyArtifacts = z;
    }

    @DataBoundSetter
    public void setCustomHeader(String str) {
        this.customHeader = str;
    }

    @DataBoundSetter
    public void setProtecodeScanName(String str) {
        this.protecodeScanName = str;
    }

    @DataBoundSetter
    public void setEndAfterSendingFiles(boolean z) {
        this.endAfterSendingFiles = z;
    }

    @DataBoundSetter
    public void setDontZipFiles(boolean z) {
        this.dontZipFiles = z;
    }

    @CheckForNull
    public boolean getConvertToSummary() {
        return this.convertToSummary;
    }

    @CheckForNull
    public String getCredentialsId() {
        return this.credentialsId;
    }

    @CheckForNull
    public String getDirectoryToScan() {
        return this.directoryToScan != null ? this.directoryToScan : ".";
    }

    @CheckForNull
    public boolean getIncludeSubdirectories() {
        return this.includeSubdirectories;
    }

    @CheckForNull
    public String getPattern() {
        return this.pattern;
    }

    @CheckForNull
    public String getProtecodeScGroup() {
        return this.protecodeScGroup;
    }

    @CheckForNull
    public boolean getFailIfVulns() {
        return this.failIfVulns;
    }

    @CheckForNull
    public int getScanTimeout() {
        return this.scanTimeout;
    }

    @CheckForNull
    public boolean getScanOnlyArtifacts() {
        return this.scanOnlyArtifacts;
    }

    @CheckForNull
    public String getCustomHeader() {
        return this.customHeader;
    }

    @CheckForNull
    public String getProtecodeScanName() {
        return this.protecodeScanName;
    }

    @CheckForNull
    public boolean getEndAfterSendingFiles() {
        return this.endAfterSendingFiles;
    }

    @CheckForNull
    public boolean getDontZipFiles() {
        return this.dontZipFiles;
    }
}
