package com.veracode.jenkins.plugin.utils;

import com.veracode.apiwrapper.dynamicanalysis.model.client.ScanOccurrenceInfo;
import com.veracode.jenkins.plugin.DynamicAnalysisResultsAction;
import com.veracode.jenkins.plugin.VeracodeAction;
import com.veracode.jenkins.plugin.data.DAScanHistory;
import com.veracode.jenkins.plugin.data.FindingCounts;
import com.veracode.jenkins.plugin.data.SCAComponent;
import com.veracode.jenkins.plugin.data.SCAScanHistory;
import com.veracode.jenkins.plugin.data.ScanHistory;
import com.veracode.jenkins.plugin.enums.SeverityLevel;
import hudson.model.Run;
import java.io.ByteArrayInputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:com/veracode/jenkins/plugin/utils/XmlUtil.class */
public class XmlUtil {
    private static final String SCA_XPATH = "/detailedreport/*[local-name()='software_composition_analysis']";
    private static final int SEVERITY_LEVEL_NUMBER = 6;
    private static final int MAX_BUILDS_TO_SEARCH = 60;
    private static final String STATIC_ANALYSIS_ELEMENT_NODE = "static-analysis";
    private static final String DYNAMIC_ANALYSIS_ELEMENT_NODE = "dynamic-analysis";
    private static final String STATIC_ANALYSIS_FLAWS_ELEMENT_NODE = "staticflaws";
    private static final String DYNAMIC_ANALYSIS_FLAWS_ELEMENT_NODE = "dynamicflaws";

    public static final ScanHistory newScanHistory(String str, String str2, Run<?, ?> run) throws Exception {
        Element documentElement = getXmlDocument(str).getDocumentElement();
        String attribute = documentElement.getAttribute("account_id");
        String attribute2 = documentElement.getAttribute("app_id");
        String parseBuildId = parseBuildId(str);
        Document xmlDocument = getXmlDocument(str2);
        Element documentElement2 = xmlDocument.getDocumentElement();
        String attribute3 = documentElement2.getAttribute("policy_name");
        String attribute4 = documentElement2.getAttribute("policy_compliance_status");
        String attribute5 = documentElement2.getAttribute("veracode_level");
        boolean parseBoolean = Boolean.parseBoolean(documentElement2.getAttribute("scan_overdue"));
        XPath newXPath = XPathFactory.newInstance().newXPath();
        int parseAnalysisScore = parseAnalysisScore(newXPath, xmlDocument, STATIC_ANALYSIS_ELEMENT_NODE);
        int[] netChangeCount = getNetChangeCount(newXPath, xmlDocument);
        Object[] realFlawCount = getRealFlawCount(newXPath, xmlDocument, STATIC_ANALYSIS_FLAWS_ELEMENT_NODE);
        int[] iArr = (int[]) realFlawCount[0];
        boolean[] zArr = (boolean[]) realFlawCount[1];
        boolean[] policyAffectedness = getPolicyAffectedness(newXPath, xmlDocument, STATIC_ANALYSIS_FLAWS_ELEMENT_NODE);
        int i = 0;
        for (int i2 : iArr) {
            i += i2;
        }
        long timeInMillis = run.getTimestamp().getTimeInMillis();
        Map<String, Long> createStats = createStats(timeInMillis, Long.valueOf(i));
        Run previousBuild = run.getPreviousBuild();
        SCAScanHistory sCAScanHistory = null;
        List<Map<String, Long>> list = null;
        for (int i3 = 0; null == list && i3 < 60 && null != previousBuild; i3++) {
            VeracodeAction action = previousBuild.getAction(VeracodeAction.class);
            if (null != action && action.isScanHistoryAvailable()) {
                list = action.getFlawsCountHistory();
                sCAScanHistory = action.getSCAScanHistory();
            }
            previousBuild = previousBuild.getPreviousBuild();
        }
        return new ScanHistory(attribute, attribute2, parseBuildId, attribute3, attribute4, parseAnalysisScore, attribute5, parseBoolean, i, iArr, zArr, netChangeCount, createCountHistory(createStats, list), newSCAHistory(str2, timeInMillis, sCAScanHistory), policyAffectedness);
    }

    public static final SCAScanHistory newSCAHistory(String str, long j, SCAScanHistory sCAScanHistory) throws Exception {
        SCAScanHistory sCAScanHistory2;
        if (StringUtil.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Cannot process empty detailed report.");
        }
        XPath newXPath = XPathFactory.newInstance().newXPath();
        Document xmlDocument = getXmlDocument(str);
        if (isSubscribedToSCA(newXPath, xmlDocument)) {
            Set<FindingCounts> parseFindingCounts = parseFindingCounts(newXPath, xmlDocument, sCAScanHistory);
            int i = 0;
            for (FindingCounts findingCounts : parseFindingCounts) {
                if (null != findingCounts) {
                    i += findingCounts.getCount();
                }
            }
            sCAScanHistory2 = new SCAScanHistory(parseMaxCVSSScore(newXPath, xmlDocument), parseBlacklistedCompsCount(newXPath, xmlDocument), parseFindingCounts, parseSCAComponentInfo(newXPath, xmlDocument), createCountHistory(createStats(j, Long.valueOf(i)), sCAScanHistory == null ? null : sCAScanHistory.getVulCountHistory()));
        } else {
            sCAScanHistory2 = new SCAScanHistory(createCountHistory(createStats(j, null), sCAScanHistory == null ? null : sCAScanHistory.getVulCountHistory()));
        }
        return sCAScanHistory2;
    }

    public static final DAScanHistory newDAScanHistory(String str, ScanOccurrenceInfo scanOccurrenceInfo, Run<?, ?> run) throws Exception {
        Element documentElement = getXmlDocument(str).getDocumentElement();
        Document xmlDocument = getXmlDocument(str);
        XPath newXPath = XPathFactory.newInstance().newXPath();
        String attribute = documentElement.getAttribute("account_id");
        String linkedPlatformAppId = scanOccurrenceInfo.getLinkedPlatformAppId();
        String buildId = scanOccurrenceInfo.getLinkedAppData().getBuildId();
        String attribute2 = documentElement.getAttribute("policy_name");
        String attribute3 = documentElement.getAttribute("policy_compliance_status");
        String attribute4 = documentElement.getAttribute("veracode_level");
        boolean parseBoolean = Boolean.parseBoolean(documentElement.getAttribute("scan_overdue"));
        int parseAnalysisScore = parseAnalysisScore(newXPath, xmlDocument, DYNAMIC_ANALYSIS_ELEMENT_NODE);
        Object[] realFlawCount = getRealFlawCount(newXPath, xmlDocument, DYNAMIC_ANALYSIS_FLAWS_ELEMENT_NODE);
        int[] iArr = (int[]) realFlawCount[0];
        boolean[] zArr = (boolean[]) realFlawCount[1];
        int i = 0;
        for (int i2 : iArr) {
            i += i2;
        }
        boolean[] policyAffectedness = getPolicyAffectedness(newXPath, xmlDocument, DYNAMIC_ANALYSIS_FLAWS_ELEMENT_NODE);
        int[] iArr2 = new int[SEVERITY_LEVEL_NUMBER];
        iArr2[0] = 0;
        iArr2[1] = 0;
        iArr2[2] = 0;
        iArr2[3] = 0;
        iArr2[4] = 0;
        iArr2[5] = 0;
        Map<String, Long> createStats = createStats(run.getTimestamp().getTimeInMillis(), Long.valueOf(i));
        Run previousBuild = run.getPreviousBuild();
        List<Map<String, Long>> list = null;
        for (int i3 = 0; null == list && i3 < 60 && null != previousBuild; i3++) {
            DynamicAnalysisResultsAction action = previousBuild.getAction(DynamicAnalysisResultsAction.class);
            if (null != action && action.isScanHistoryAvailable()) {
                list = action.getFlawsCountHistory();
                for (int i4 = 0; i4 < SEVERITY_LEVEL_NUMBER; i4++) {
                    int i5 = 0;
                    try {
                        i5 = iArr[i4] - action.getFlawsCountInt(i4);
                        iArr2[i4] = i5;
                    } catch (IllegalArgumentException e) {
                        iArr2[i4] = 0;
                    } catch (Throwable th) {
                        iArr2[i4] = i5;
                        throw th;
                    }
                }
            }
            previousBuild = previousBuild.getPreviousBuild();
        }
        return new DAScanHistory(attribute, linkedPlatformAppId, buildId, attribute2, attribute3, parseAnalysisScore, attribute4, parseBoolean, i, iArr, zArr, iArr2, createCountHistory(createStats, list), policyAffectedness);
    }

    private static final int parseAnalysisScore(XPath xPath, Document document, String str) throws Exception {
        Node node = (Node) xPath.evaluate("/detailedreport/*[local-name()='" + str + "']", document.getDocumentElement(), XPathConstants.NODE);
        String str2 = StringUtil.EMPTY;
        if (null != node) {
            str2 = node.getAttributes().getNamedItem("score").getNodeValue();
        }
        return Integer.parseInt(str2);
    }

    public static final String parseAppId(String str, String str2) throws Exception {
        NodeList nodeList = (NodeList) XPathFactory.newInstance().newXPath().evaluate("/*/*[local-name()='app'][@app_id][@app_name]", getXmlDocument(str2).getDocumentElement(), XPathConstants.NODESET);
        String str3 = null;
        int i = 0;
        while (true) {
            if (i >= nodeList.getLength()) {
                break;
            }
            Node item = nodeList.item(i);
            if (StringUtil.compare(item.getAttributes().getNamedItem("app_name").getNodeValue(), str, true) == 0) {
                str3 = item.getAttributes().getNamedItem("app_id").getNodeValue();
                break;
            }
            i++;
        }
        return str3;
    }

    public static final String parseSandboxId(String str, String str2) throws Exception {
        if (StringUtil.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Empty XML document.");
        }
        Node node = (Node) XPathFactory.newInstance().newXPath().evaluate("/sandboxlist/sandbox[@sandbox_name=\"" + str + "\"]", getXmlDocument(str2).getDocumentElement(), XPathConstants.NODE);
        String str3 = StringUtil.EMPTY;
        if (null != node) {
            str3 = node.getAttributes().getNamedItem("sandbox_id").getNodeValue();
        }
        return !StringUtil.isNullOrEmpty(str3) ? str3 : StringUtil.EMPTY;
    }

    public static final Document getXmlDocument(String str) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
        newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        newInstance.setXIncludeAware(false);
        newInstance.setExpandEntityReferences(false);
        return newInstance.newDocumentBuilder().parse(new InputSource(new InputStreamReader(new ByteArrayInputStream(str.getBytes("UTF-8")), "UTF-8")));
    }

    public static final String parseBuildId(String str) throws Exception {
        if (StringUtil.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Empty XML document.");
        }
        Node node = (Node) XPathFactory.newInstance().newXPath().evaluate("/*/*[local-name()='build'][@build_id]", getXmlDocument(str).getDocumentElement(), XPathConstants.NODE);
        String str2 = StringUtil.EMPTY;
        if (null != node) {
            str2 = node.getAttributes().getNamedItem("build_id").getNodeValue();
        }
        return !StringUtil.isNullOrEmpty(str2) ? str2 : StringUtil.EMPTY;
    }

    public static final String getErrorString(String str) {
        if (StringUtil.isNullOrEmpty(str)) {
            return StringUtil.EMPTY;
        }
        StringBuilder sb = new StringBuilder();
        Matcher matcher = Pattern.compile("<error>(.*?)</error>").matcher(str);
        while (matcher.find()) {
            sb.append(matcher.group(1) + StringUtil.NEWLINE);
        }
        String sb2 = sb.toString();
        if (sb2.contains(StringUtil.NEWLINE)) {
            sb2 = sb2.substring(0, sb.lastIndexOf(StringUtil.NEWLINE));
        }
        return sb2;
    }

    private static boolean[] getPolicyAffectedness(XPath xPath, Document document, String str) {
        boolean[] zArr = new boolean[SEVERITY_LEVEL_NUMBER];
        for (int i = 0; i < SEVERITY_LEVEL_NUMBER; i++) {
            try {
                NodeList nodeList = (NodeList) xPath.evaluate("/detailedreport/severity[@level = '" + i + "']/category/cwe/" + str + "/*[local-name()='flaw' and @affects_policy_compliance='true']", document.getDocumentElement(), XPathConstants.NODESET);
                if (nodeList != null && nodeList.getLength() > 0) {
                    zArr[i] = true;
                }
            } catch (XPathExpressionException e) {
                throw new RuntimeException(e);
            }
        }
        return zArr;
    }

    private static Object[] getRealFlawCount(XPath xPath, Document document, String str) {
        String str2 = "/detailedreport/severity/category/cwe/" + str + "/*[local-name()='flaw']";
        int[] iArr = new int[SEVERITY_LEVEL_NUMBER];
        boolean[] zArr = new boolean[SEVERITY_LEVEL_NUMBER];
        for (int i = 0; i < SEVERITY_LEVEL_NUMBER; i++) {
            zArr[i] = false;
        }
        try {
            NodeList nodeList = (NodeList) xPath.evaluate(str2, document.getDocumentElement(), XPathConstants.NODESET);
            for (int i2 = 0; i2 < nodeList.getLength(); i2++) {
                Node item = nodeList.item(i2);
                String nodeValue = item.getAttributes().getNamedItem("severity").getNodeValue();
                String nodeValue2 = item.getAttributes().getNamedItem("mitigation_status").getNodeValue();
                String nodeValue3 = item.getAttributes().getNamedItem("remediation_status").getNodeValue();
                for (int i3 = 0; i3 < SEVERITY_LEVEL_NUMBER; i3++) {
                    if (nodeValue.equals(Integer.toString(i3)) && !nodeValue3.equals("Fixed")) {
                        if (nodeValue2.equals("accepted")) {
                            zArr[i3] = true;
                        } else {
                            int i4 = i3;
                            iArr[i4] = iArr[i4] + 1;
                        }
                    }
                }
            }
            return new Object[]{iArr, zArr};
        } catch (XPathExpressionException e) {
            throw new RuntimeException(e);
        }
    }

    private static int[] getNetChangeCount(XPath xPath, Document document) {
        String[] strArr = {"sev-0-change", "sev-1-change", "sev-2-change", "sev-3-change", "sev-4-change", "sev-5-change"};
        int[] iArr = new int[strArr.length];
        try {
            Node node = (Node) xPath.evaluate("/detailedreport/*[local-name()='flaw-status']", document.getDocumentElement(), XPathConstants.NODE);
            if (null != node) {
                for (int i = 0; i < strArr.length; i++) {
                    try {
                        Node namedItem = node.getAttributes().getNamedItem(strArr[i]);
                        String nodeValue = null != namedItem ? namedItem.getNodeValue() : null;
                        if (StringUtil.isNullOrEmpty(nodeValue)) {
                            iArr[i] = 0;
                        } else {
                            try {
                                iArr[i] = Integer.parseInt(nodeValue);
                            } catch (NumberFormatException e) {
                                iArr[i] = 0;
                            }
                        }
                    } catch (DOMException e2) {
                        iArr[i] = 0;
                    }
                }
            }
            return iArr;
        } catch (XPathExpressionException e3) {
            throw new RuntimeException(e3);
        }
    }

    private static final double parseMaxCVSSScore(XPath xPath, Document document) throws Exception {
        double d;
        double d2 = -1.0d;
        try {
            NodeList nodeList = (NodeList) xPath.evaluate("/detailedreport/software_composition_analysis/vulnerable_components/*[local-name()='component']", document.getDocumentElement(), XPathConstants.NODESET);
            for (int i = 0; i < nodeList.getLength(); i++) {
                String nodeValue = nodeList.item(i).getAttributes().getNamedItem("max_cvss_score").getNodeValue();
                if (!StringUtil.isNullOrEmpty(nodeValue)) {
                    try {
                        d = Double.parseDouble(nodeValue);
                    } catch (NumberFormatException e) {
                        d = -1.0d;
                    }
                    d2 = d > d2 ? d : d2;
                }
            }
            return d2;
        } catch (XPathExpressionException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static final boolean isSubscribedToSCA(XPath xPath, Document document) throws Exception {
        return null != xPath.evaluate(SCA_XPATH, document.getDocumentElement(), XPathConstants.NODE);
    }

    private static final int parseBlacklistedCompsCount(XPath xPath, Document document) throws Exception {
        int i = -1;
        Node node = (Node) xPath.evaluate(SCA_XPATH, document.getDocumentElement(), XPathConstants.NODE);
        if (null != node && null != node.getAttributes().getNamedItem("blacklisted_components")) {
            String nodeValue = node.getAttributes().getNamedItem("blacklisted_components").getNodeValue();
            if (!StringUtil.isNullOrEmpty(nodeValue)) {
                i = Integer.parseInt(nodeValue);
            }
        }
        return i;
    }

    private static final Set<FindingCounts> parseFindingCounts(XPath xPath, Document document, SCAScanHistory sCAScanHistory) {
        int i;
        int i2;
        int length = SeverityLevel.values().length;
        int[] iArr = new int[length];
        boolean[] zArr = new boolean[length];
        try {
            NodeList nodeList = (NodeList) xPath.evaluate("/detailedreport/software_composition_analysis/vulnerable_components/component/vulnerabilities/*[local-name()='vulnerability']", document.getDocumentElement(), XPathConstants.NODESET);
            for (int i3 = 0; i3 < nodeList.getLength(); i3++) {
                Node item = nodeList.item(i3);
                try {
                    int parseInt = Integer.parseInt(item.getAttributes().getNamedItem("severity").getNodeValue());
                    if (parseInt < length) {
                        boolean parseBoolean = Boolean.parseBoolean(item.getAttributes().getNamedItem("mitigation").getNodeValue());
                        if (!parseBoolean) {
                            iArr[parseInt] = iArr[parseInt] + 1;
                        }
                        if (false == zArr[parseInt] && parseBoolean) {
                            zArr[parseInt] = true;
                        }
                    }
                } catch (NumberFormatException e) {
                } catch (DOMException e2) {
                }
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            for (int i4 = 0; i4 < length; i4++) {
                if (null == sCAScanHistory || !sCAScanHistory.isSubscribed()) {
                    i = iArr[i4];
                    i2 = iArr[i4];
                } else {
                    try {
                        i = iArr[i4] - sCAScanHistory.getCountBySeverity(SeverityLevel.findSevLevel(i4)).getCount();
                        i2 = Math.max(i, 0);
                    } catch (IllegalArgumentException e3) {
                        i = 0;
                        i2 = 0;
                    }
                }
                linkedHashSet.add(new FindingCounts(SeverityLevel.findSevLevel(i4), iArr[i4], i2, i, zArr[i4]));
            }
            return linkedHashSet;
        } catch (XPathExpressionException e4) {
            throw new RuntimeException(e4);
        }
    }

    private static final Set<SCAComponent> parseSCAComponentInfo(XPath xPath, Document document) throws Exception {
        HashSet hashSet = new HashSet();
        try {
            NodeList nodeList = (NodeList) xPath.evaluate("/detailedreport/software_composition_analysis/vulnerable_components/*[local-name()='component']", document.getDocumentElement(), XPathConstants.NODESET);
            String str = StringUtil.EMPTY;
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            for (int i = 0; i < nodeList.getLength(); i++) {
                Node item = nodeList.item(i);
                try {
                    if (item.getAttributes().getNamedItem("file_name") != null) {
                        str = item.getAttributes().getNamedItem("file_name").getNodeValue();
                    }
                    if (item.getAttributes().getNamedItem("blacklisted") != null) {
                        z = Boolean.parseBoolean(item.getAttributes().getNamedItem("blacklisted").getNodeValue());
                    }
                    if (item.getAttributes().getNamedItem("new") != null) {
                        z2 = Boolean.parseBoolean(item.getAttributes().getNamedItem("new").getNodeValue());
                    }
                    if (item.getAttributes().getNamedItem("component_affects_policy_compliance") != null) {
                        z3 = Boolean.parseBoolean(item.getAttributes().getNamedItem("component_affects_policy_compliance").getNodeValue());
                    }
                    hashSet.add(new SCAComponent(str, z, z2, z3));
                } catch (DOMException e) {
                }
            }
            return hashSet;
        } catch (XPathExpressionException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static final Map<String, Long> createStats(long j, Long l) {
        HashMap hashMap = new HashMap();
        hashMap.put(ScanHistory.BUILD_DATE, Long.valueOf(j));
        hashMap.put(ScanHistory.FLAWS_COUNT, l);
        return hashMap;
    }

    private static final List<Map<String, Long>> createCountHistory(Map<String, Long> map, List<Map<String, Long>> list) {
        ArrayList arrayList;
        if (null == list || list.size() == 0) {
            arrayList = new ArrayList();
            arrayList.add(map);
        } else {
            arrayList = new ArrayList(list);
            while (arrayList.size() >= 8) {
                arrayList.remove(0);
            }
            arrayList.add(map);
        }
        return arrayList;
    }
}
