package org.owasp.dependencycheck.analyzer;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/dependency-check-core-4.0.1.jar:org/owasp/dependencycheck/analyzer/VersionFilterAnalyzer.class */
public class VersionFilterAnalyzer extends AbstractAnalyzer {
    private static final String FILE = "file";
    private static final String POM = "pom";
    private static final String NEXUS = "nexus";
    private static final String CENTRAL = "central";
    private static final String MANIFEST = "Manifest";
    private static final String VERSION = "version";
    private static final String IMPLEMENTATION_VERSION = "Implementation-Version";
    private static final String ANALYZER_NAME = "Version Filter Analyzer";
    private static final Logger LOGGER = LoggerFactory.getLogger(VersionFilterAnalyzer.class);
    private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.POST_INFORMATION_COLLECTION;

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return ANALYZER_NAME;
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return ANALYSIS_PHASE;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return Settings.KEYS.ANALYZER_VERSION_FILTER_ENABLED;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        String str = null;
        String str2 = null;
        String str3 = null;
        for (Evidence evidence : dependency.getEvidence(EvidenceType.VERSION)) {
            if (FILE.equals(evidence.getSource()) && "version".equals(evidence.getName())) {
                str = evidence.getValue();
            } else if ((NEXUS.equals(evidence.getSource()) || CENTRAL.equals(evidence.getSource()) || POM.equals(evidence.getSource())) && "version".equals(evidence.getName())) {
                str2 = evidence.getValue();
            } else if (MANIFEST.equals(evidence.getSource()) && IMPLEMENTATION_VERSION.equals(evidence.getName())) {
                str3 = evidence.getValue();
            }
        }
        if ((str == null ? 0 : 1) + (str2 == null ? 0 : 1) + (str3 == null ? 0 : 1) > 1) {
            DependencyVersion dependencyVersion = new DependencyVersion(str);
            DependencyVersion dependencyVersion2 = new DependencyVersion(str2);
            DependencyVersion dependencyVersion3 = new DependencyVersion(str3);
            boolean z = Objects.equals(dependencyVersion, dependencyVersion2) || Objects.equals(dependencyVersion, dependencyVersion3);
            boolean z2 = Objects.equals(dependencyVersion3, dependencyVersion2) || Objects.equals(dependencyVersion3, dependencyVersion);
            boolean z3 = Objects.equals(dependencyVersion2, dependencyVersion) || Objects.equals(dependencyVersion2, dependencyVersion3);
            if (z || z2 || z3) {
                LOGGER.debug("filtering evidence from {}", dependency.getFileName());
                HashSet hashSet = new HashSet();
                for (Evidence evidence2 : dependency.getEvidence(EvidenceType.VERSION)) {
                    if (!z3 || !"version".equals(evidence2.getName()) || (!NEXUS.equals(evidence2.getSource()) && !CENTRAL.equals(evidence2.getSource()) && !POM.equals(evidence2.getSource()))) {
                        if (!z || !"version".equals(evidence2.getName()) || !FILE.equals(evidence2.getSource())) {
                            if (!z2 || !MANIFEST.equals(evidence2.getSource()) || !IMPLEMENTATION_VERSION.equals(evidence2.getName())) {
                                hashSet.add(evidence2);
                            }
                        }
                    }
                }
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    dependency.removeEvidence(EvidenceType.VERSION, (Evidence) it.next());
                }
            }
        }
    }
}
