package org.owasp.dependencycheck.analyzer;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.compress.archivers.ArchiveStreamFactory;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipFile;
import org.apache.commons.compress.compressors.CompressorInputStream;
import org.apache.commons.compress.compressors.CompressorStreamFactory;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.apache.commons.compress.compressors.gzip.GzipUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-1.2.10.jar:org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.class */
public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer {
    private static final int BUFFER_SIZE = 4096;
    private File tempFileLocation = null;
    private int scanDepth = 0;
    private static final String ANALYZER_NAME = "Archive Analyzer";
    private static final Logger LOGGER = Logger.getLogger(ArchiveAnalyzer.class.getName());
    private static int dirCount = 0;
    private static final int MAX_SCAN_DEPTH = Settings.getInt("archive.scan.depth", 3);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INITIAL;
    private static final Set<String> ZIPPABLES = newHashSet(ArchiveStreamFactory.ZIP, "ear", "war", ArchiveStreamFactory.JAR, "sar", "apk", "nupkg");
    private static final Set<String> EXTENSIONS = newHashSet(ArchiveStreamFactory.TAR, CompressorStreamFactory.GZIP, "tgz");
    private static final Set<String> REMOVE_FROM_ANALYSIS = newHashSet(ArchiveStreamFactory.ZIP, ArchiveStreamFactory.TAR, CompressorStreamFactory.GZIP, "tgz");

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public Set<String> getSupportedExtensions() {
        return EXTENSIONS;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_ARCHIVE_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void initializeFileTypeAnalyzer() throws Exception {
        this.tempFileLocation = File.createTempFile("check", "tmp", Settings.getTempDirectory());
        if (!this.tempFileLocation.delete()) {
            throw new AnalysisException(String.format("Unable to delete temporary file '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
        if (!this.tempFileLocation.mkdirs()) {
            throw new AnalysisException(String.format("Unable to create directory '%s'.", this.tempFileLocation.getAbsolutePath()));
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer, org.owasp.dependencycheck.analyzer.Analyzer
    public void close() throws Exception {
        if (this.tempFileLocation == null || !this.tempFileLocation.exists()) {
            return;
        }
        LOGGER.log(Level.FINE, "Attempting to delete temporary files");
        if (FileUtils.delete(this.tempFileLocation) || this.tempFileLocation == null || !this.tempFileLocation.exists() || this.tempFileLocation.list().length <= 0) {
            return;
        }
        LOGGER.log(Level.WARNING, "Failed to delete some temporary files, see the log for more details");
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    public void analyzeFileType(Dependency dependency, Engine engine) throws AnalysisException {
        File file = new File(dependency.getActualFilePath());
        File nextTempDirectory = getNextTempDirectory();
        extractFiles(file, nextTempDirectory, engine);
        ArrayList arrayList = new ArrayList(engine.getDependencies());
        engine.scan(nextTempDirectory);
        List<Dependency> dependencies = engine.getDependencies();
        if (arrayList.size() != dependencies.size()) {
            HashSet<Dependency> hashSet = new HashSet();
            hashSet.addAll(dependencies);
            hashSet.removeAll(arrayList);
            for (Dependency dependency2 : hashSet) {
                String format = String.format("%s%s", dependency.getFilePath(), dependency2.getActualFilePath().substring(nextTempDirectory.getAbsolutePath().length()));
                String format2 = String.format("%s: %s", dependency.getFileName(), dependency2.getFileName());
                dependency2.setFilePath(format);
                dependency2.setFileName(format2);
                if (supportsExtension(dependency2.getFileExtension()) && this.scanDepth < MAX_SCAN_DEPTH) {
                    this.scanDepth++;
                    analyze(dependency2, engine);
                    this.scanDepth--;
                }
            }
        }
        if (REMOVE_FROM_ANALYSIS.contains(dependency.getFileExtension())) {
            if (ArchiveStreamFactory.ZIP.equals(dependency.getFileExtension()) && isZipFileActuallyJarFile(dependency)) {
                File nextTempDirectory2 = getNextTempDirectory();
                String fileName = dependency.getFileName();
                LOGGER.info(String.format("The zip file '%s' appears to be a JAR file, making a copy and analyzing it as a JAR.", fileName));
                File file2 = new File(nextTempDirectory2, fileName.substring(0, fileName.length() - 3) + ArchiveStreamFactory.JAR);
                try {
                    org.apache.commons.io.FileUtils.copyFile(nextTempDirectory2, file2);
                    ArrayList arrayList2 = new ArrayList(engine.getDependencies());
                    engine.scan(file2);
                    List<Dependency> dependencies2 = engine.getDependencies();
                    if (arrayList2.size() != dependencies2.size()) {
                        HashSet<Dependency> hashSet2 = new HashSet();
                        hashSet2.addAll(dependencies2);
                        hashSet2.removeAll(arrayList2);
                        if (hashSet2.size() != 1) {
                            LOGGER.info("Deep copy of ZIP to JAR file resulted in more then one dependency?");
                        }
                        for (Dependency dependency3 : hashSet2) {
                            dependency3.setFilePath(dependency.getFilePath());
                            dependency3.setDisplayFileName(dependency.getFileName());
                        }
                    }
                } catch (IOException e) {
                    LOGGER.log(Level.FINE, String.format("Unable to perform deep copy on '%s'", dependency.getActualFile().getPath()), (Throwable) e);
                }
            }
            engine.getDependencies().remove(dependency);
        }
        Collections.sort(engine.getDependencies());
    }

    private File getNextTempDirectory() throws AnalysisException {
        dirCount++;
        File file = new File(this.tempFileLocation, String.valueOf(dirCount));
        if (file.exists()) {
            return getNextTempDirectory();
        }
        if (file.mkdirs()) {
            return file;
        }
        throw new AnalysisException(String.format("Unable to create temp directory '%s'.", file.getAbsolutePath()));
    }

    private void extractFiles(File file, File file2, Engine engine) throws AnalysisException {
        if (file == null || file2 == null) {
            return;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            String lowerCase = FileUtils.getFileExtension(file.getName()).toLowerCase();
            try {
                try {
                    if (ZIPPABLES.contains(lowerCase)) {
                        extractArchive(new ZipArchiveInputStream(new BufferedInputStream(fileInputStream)), file2, engine);
                    } else if (ArchiveStreamFactory.TAR.equals(lowerCase)) {
                        extractArchive(new TarArchiveInputStream(new BufferedInputStream(fileInputStream)), file2, engine);
                    } else if (CompressorStreamFactory.GZIP.equals(lowerCase) || "tgz".equals(lowerCase)) {
                        String uncompressedFilename = GzipUtils.getUncompressedFilename(file.getName());
                        if (engine.supportsExtension(FileUtils.getFileExtension(uncompressedFilename).toLowerCase())) {
                            decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fileInputStream)), new File(file2, uncompressedFilename));
                        }
                    }
                } finally {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        LOGGER.log(Level.FINE, (String) null, (Throwable) e);
                    }
                }
            } catch (IOException e2) {
                LOGGER.log(Level.WARNING, String.format("Exception reading archive '%s'.", file.getName()));
                LOGGER.log(Level.FINE, (String) null, (Throwable) e2);
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    LOGGER.log(Level.FINE, (String) null, (Throwable) e3);
                }
            } catch (ArchiveExtractionException e4) {
                LOGGER.log(Level.WARNING, String.format("Exception extracting archive '%s'.", file.getName()));
                LOGGER.log(Level.FINE, (String) null, (Throwable) e4);
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                    LOGGER.log(Level.FINE, (String) null, (Throwable) e5);
                }
            }
        } catch (FileNotFoundException e6) {
            LOGGER.log(Level.FINE, (String) null, (Throwable) e6);
            throw new AnalysisException("Archive file was not found.", e6);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:17:0x00cd, code lost:
    
        throw new org.owasp.dependencycheck.analyzer.exception.AnalysisException(java.lang.String.format("Unable to build directory '%s'.", r0.getAbsolutePath()));
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void extractArchive(org.apache.commons.compress.archivers.ArchiveInputStream r7, java.io.File r8, org.owasp.dependencycheck.Engine r9) throws org.owasp.dependencycheck.analyzer.exception.ArchiveExtractionException {
        /*
            Method dump skipped, instructions count: 565
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(org.apache.commons.compress.archivers.ArchiveInputStream, java.io.File, org.owasp.dependencycheck.Engine):void");
    }

    private void decompressFile(CompressorInputStream compressorInputStream, File file) throws ArchiveExtractionException {
        LOGGER.fine(String.format("Decompressing '%s'", file.getPath()));
        FileOutputStream fileOutputStream = null;
        try {
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                    byte[] bArr = new byte[4096];
                    while (true) {
                        int read = compressorInputStream.read(bArr);
                        if (-1 == read) {
                            break;
                        } else {
                            fileOutputStream.write(bArr, 0, read);
                        }
                    }
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e) {
                            LOGGER.log(Level.FINEST, (String) null, (Throwable) e);
                        }
                    }
                } catch (IOException e2) {
                    LOGGER.log(Level.FINE, (String) null, (Throwable) e2);
                    throw new ArchiveExtractionException(e2);
                }
            } catch (FileNotFoundException e3) {
                LOGGER.log(Level.FINE, (String) null, (Throwable) e3);
                throw new ArchiveExtractionException(e3);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e4) {
                    LOGGER.log(Level.FINEST, (String) null, (Throwable) e4);
                }
            }
            throw th;
        }
    }

    private boolean isZipFileActuallyJarFile(Dependency dependency) {
        boolean z = false;
        ZipFile zipFile = null;
        try {
            try {
                zipFile = new ZipFile(dependency.getActualFilePath());
                if (zipFile.getEntry("META-INF/MANIFEST.MF") != null || zipFile.getEntry("META-INF/maven") != null) {
                    Enumeration<ZipArchiveEntry> entries = zipFile.getEntries();
                    while (true) {
                        if (!entries.hasMoreElements()) {
                            break;
                        }
                        ZipArchiveEntry nextElement = entries.nextElement();
                        if (!nextElement.isDirectory() && nextElement.getName().toLowerCase().endsWith(".class")) {
                            z = true;
                            break;
                        }
                    }
                }
                ZipFile.closeQuietly(zipFile);
            } catch (IOException e) {
                LOGGER.log(Level.FINE, String.format("Unable to unzip zip file '%s'", dependency.getFilePath()), (Throwable) e);
                ZipFile.closeQuietly(zipFile);
            }
            return z;
        } catch (Throwable th) {
            ZipFile.closeQuietly(zipFile);
            throw th;
        }
    }

    static {
        String string = Settings.getString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS);
        if (string != null) {
            ZIPPABLES.addAll(new HashSet(Arrays.asList(string)));
        }
        EXTENSIONS.addAll(ZIPPABLES);
    }
}
