package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.lang3.StringUtils;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.DownloadFailedException;
import org.owasp.dependencycheck.utils.Downloader;
import org.owasp.dependencycheck.utils.FileUtils;
import org.owasp.dependencycheck.utils.Settings;
import org.owasp.dependencycheck.xml.suppression.SuppressionParseException;
import org.owasp.dependencycheck.xml.suppression.SuppressionParser;
import org.owasp.dependencycheck.xml.suppression.SuppressionRule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-3.0.1.jar:org/owasp/dependencycheck/analyzer/AbstractSuppressionAnalyzer.class */
public abstract class AbstractSuppressionAnalyzer extends AbstractAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AbstractSuppressionAnalyzer.class);
    private SuppressionRule[] rules = null;

    protected int getRuleCount() {
        return this.rules.length;
    }

    public Set<String> getSupportedExtensions() {
        return null;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public synchronized void prepareAnalyzer(Engine engine) throws InitializationException {
        if (this.rules == null) {
            try {
                loadSuppressionData();
            } catch (SuppressionParseException e) {
                throw new InitializationException("Error initializing the suppression analyzer: " + e.getLocalizedMessage(), e, true);
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.rules == null || this.rules.length <= 0) {
            return;
        }
        for (SuppressionRule suppressionRule : this.rules) {
            suppressionRule.process(dependency);
        }
    }

    private void loadSuppressionData() throws SuppressionParseException {
        SuppressionParser suppressionParser = new SuppressionParser();
        try {
            List<SuppressionRule> parseSuppressionRules = suppressionParser.parseSuppressionRules(FileUtils.getResourceAsStream("dependencycheck-base-suppression.xml"));
            String[] array = getSettings().getArray(Settings.KEYS.SUPPRESSION_FILE);
            ArrayList arrayList = new ArrayList();
            if (array != null && array.length > 0) {
                for (String str : array) {
                    try {
                        parseSuppressionRules.addAll(loadSuppressionFile(suppressionParser, str));
                    } catch (SuppressionParseException e) {
                        arrayList.add(String.format("Failed to load %s, caused by %s. ", str, e.getMessage()));
                    }
                }
            }
            this.rules = (SuppressionRule[]) parseSuppressionRules.toArray(new SuppressionRule[parseSuppressionRules.size()]);
            LOGGER.debug("{} suppression rules were loaded.", Integer.valueOf(parseSuppressionRules.size()));
            if (arrayList.isEmpty()) {
                return;
            }
            LOGGER.debug("{} suppression files failed to load.", Integer.valueOf(arrayList.size()));
            StringBuilder sb = new StringBuilder();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append((String) it.next());
            }
            throw new SuppressionParseException(sb.toString());
        } catch (SAXException e2) {
            throw new SuppressionParseException("Unable to parse the base suppression data file", e2);
        }
    }

    private List<SuppressionRule> loadSuppressionFile(SuppressionParser suppressionParser, String str) throws SuppressionParseException {
        File file;
        LOGGER.debug("Loading suppression rules from '{}'", str);
        ArrayList arrayList = new ArrayList();
        boolean z = false;
        try {
            try {
                try {
                    try {
                        if (Pattern.compile("^(https?|file)\\:.*", 2).matcher(str).matches()) {
                            z = true;
                            file = getSettings().getTempFile("suppression", "xml");
                            URL url = new URL(str);
                            Downloader downloader = new Downloader(getSettings());
                            try {
                                downloader.fetchFile(url, file, false);
                            } catch (DownloadFailedException e) {
                                LOGGER.trace("Failed download - first attempt", (Throwable) e);
                                downloader.fetchFile(url, file, true);
                            }
                        } else {
                            file = new File(str);
                            if (!file.exists()) {
                                InputStream resourceAsStream = FileUtils.getResourceAsStream(str);
                                Throwable th = null;
                                if (resourceAsStream != null) {
                                    try {
                                        try {
                                            z = true;
                                            file = getSettings().getTempFile("suppression", "xml");
                                            try {
                                                org.apache.commons.io.FileUtils.copyInputStreamToFile(resourceAsStream, file);
                                            } catch (IOException e2) {
                                                throwSuppressionParseException("Unable to locate suppressions file in classpath", e2);
                                            }
                                        } finally {
                                        }
                                    } catch (Throwable th2) {
                                        if (resourceAsStream != null) {
                                            if (th != null) {
                                                try {
                                                    resourceAsStream.close();
                                                } catch (Throwable th3) {
                                                    th.addSuppressed(th3);
                                                }
                                            } else {
                                                resourceAsStream.close();
                                            }
                                        }
                                        throw th2;
                                    }
                                }
                                if (resourceAsStream != null) {
                                    if (0 != 0) {
                                        try {
                                            resourceAsStream.close();
                                        } catch (Throwable th4) {
                                            th.addSuppressed(th4);
                                        }
                                    } else {
                                        resourceAsStream.close();
                                    }
                                }
                            }
                        }
                        if (file != null) {
                            if (!file.exists()) {
                                String format = String.format("Suppression file '%s' does not exist", file.getPath());
                                LOGGER.warn(format);
                                throw new SuppressionParseException(format);
                            }
                            try {
                                arrayList.addAll(suppressionParser.parseSuppressionRules(file));
                            } catch (SuppressionParseException e3) {
                                LOGGER.warn("Unable to parse suppression xml file '{}'", file.getPath());
                                LOGGER.warn(e3.getMessage());
                                throw e3;
                            }
                        }
                        if (z && file != null) {
                            FileUtils.delete(file);
                        }
                    } catch (MalformedURLException e4) {
                        throwSuppressionParseException("Configured suppression file has an invalid URL", e4);
                        if (0 != 0 && 0 != 0) {
                            FileUtils.delete(null);
                        }
                    }
                } catch (IOException e5) {
                    throwSuppressionParseException("Unable to create temp file for suppressions", e5);
                    if (0 != 0 && 0 != 0) {
                        FileUtils.delete(null);
                    }
                }
            } catch (DownloadFailedException e6) {
                throwSuppressionParseException("Unable to fetch the configured suppression file", e6);
                if (0 != 0 && 0 != 0) {
                    FileUtils.delete(null);
                }
            } catch (SuppressionParseException e7) {
                throw e7;
            }
            return arrayList;
        } catch (Throwable th5) {
            if (0 != 0 && 0 != 0) {
                FileUtils.delete(null);
            }
            throw th5;
        }
    }

    private void throwSuppressionParseException(String str, Exception exc) throws SuppressionParseException {
        LOGGER.warn(str);
        LOGGER.debug(StringUtils.EMPTY, (Throwable) exc);
        throw new SuppressionParseException(str, exc);
    }
}
