package org.owasp.dependencycheck.analyzer;

import java.util.Iterator;
import java.util.Objects;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/dependency-check-core-2.1.0.jar:org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.class */
public class VersionFilterAnalyzer extends AbstractAnalyzer {
    private static final String FILE = "file";
    private static final String POM = "pom";
    private static final String NEXUS = "nexus";
    private static final String CENTRAL = "central";
    private static final String MANIFEST = "Manifest";
    private static final String VERSION = "version";
    private static final String IMPLEMENTATION_VERSION = "Implementation-Version";
    private static final String ANALYZER_NAME = "Version Filter Analyzer";
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_INFORMATION_COLLECTION;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) VersionFilterAnalyzer.class);

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_VERSION_FILTER_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected synchronized void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        String str = null;
        String str2 = null;
        String str3 = null;
        Iterator<Evidence> it = dependency.getVersionEvidence().iterator();
        while (it.hasNext()) {
            Evidence next = it.next();
            if (FILE.equals(next.getSource()) && "version".equals(next.getName())) {
                str = next.getValue(Boolean.FALSE);
            } else if ((NEXUS.equals(next.getSource()) || CENTRAL.equals(next.getSource()) || POM.equals(next.getSource())) && "version".equals(next.getName())) {
                str2 = next.getValue(Boolean.FALSE);
            } else if (MANIFEST.equals(next.getSource()) && IMPLEMENTATION_VERSION.equals(next.getName())) {
                str3 = next.getValue(Boolean.FALSE);
            }
        }
        if ((str == null ? 0 : 1) + (str2 == null ? 0 : 1) + (str3 == null ? 0 : 1) > 1) {
            DependencyVersion dependencyVersion = new DependencyVersion(str);
            DependencyVersion dependencyVersion2 = new DependencyVersion(str2);
            DependencyVersion dependencyVersion3 = new DependencyVersion(str3);
            boolean z = Objects.equals(dependencyVersion, dependencyVersion2) || Objects.equals(dependencyVersion, dependencyVersion3);
            boolean z2 = Objects.equals(dependencyVersion3, dependencyVersion2) || Objects.equals(dependencyVersion3, dependencyVersion);
            boolean z3 = Objects.equals(dependencyVersion2, dependencyVersion) || Objects.equals(dependencyVersion2, dependencyVersion3);
            if (z || z2 || z3) {
                LOGGER.debug("filtering evidence from {}", dependency.getFileName());
                Iterator<Evidence> it2 = dependency.getVersionEvidence().iterator();
                while (it2.hasNext()) {
                    Evidence next2 = it2.next();
                    if (!z3 || !"version".equals(next2.getName()) || (!NEXUS.equals(next2.getSource()) && !CENTRAL.equals(next2.getSource()) && !POM.equals(next2.getSource()))) {
                        if (!z || !"version".equals(next2.getName()) || !FILE.equals(next2.getSource())) {
                            if (!z2 || !MANIFEST.equals(next2.getSource()) || !IMPLEMENTATION_VERSION.equals(next2.getName())) {
                                it2.remove();
                            }
                        }
                    }
                }
            }
        }
    }
}
