package com.sysdig.jenkins.plugins.sysdig;

import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.Util;
import com.sysdig.jenkins.plugins.sysdig.log.SysdigLogger;
import com.sysdig.jenkins.plugins.sysdig.scanner.ImageScanningResult;
import com.sysdig.jenkins.plugins.sysdig.scanner.Scanner;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.ArtifactArchiver;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Logger;
import net.sf.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/sysdig-secure.jar:com/sysdig/jenkins/plugins/sysdig/BuildWorker.class */
public class BuildWorker {
    private static final Logger LOG = Logger.getLogger(BuildWorker.class.getName());
    private static final String JENKINS_DIR_NAME_PREFIX = "SysdigSecureReport_";
    private static final String CVE_LISTING_FILENAME = "sysdig_secure_security.json";
    private static final String GATE_OUTPUT_FILENAME = "sysdig_secure_gates.json";
    Run<?, ?> run;
    FilePath workspace;
    Launcher launcher;
    TaskListener listener;
    protected SysdigLogger logger;
    private String jenkinsOutputDirName;
    private final ReportConverter reportConverter;
    private final Scanner scanner;

    public BuildWorker(Run<?, ?> run, FilePath filePath, TaskListener taskListener, SysdigLogger sysdigLogger, Scanner scanner, ReportConverter reportConverter) throws IOException, InterruptedException {
        try {
            if (taskListener == null) {
                LOG.warning("Sysdig Secure Container Image Scanner plugin cannot initialize Jenkins task listener");
                throw new AbortException("Cannot initialize Jenkins task listener. Aborting step");
            }
            this.run = run;
            this.workspace = filePath;
            this.listener = taskListener;
            this.logger = sysdigLogger;
            sysdigLogger.logDebug("Initializing build worker");
            this.launcher = filePath.createLauncher(taskListener);
            initializeJenkinsWorkspace();
            sysdigLogger.logDebug("Build worker initialized");
            this.scanner = scanner;
            this.reportConverter = reportConverter;
        } catch (Exception e) {
            if (sysdigLogger != null) {
                try {
                    sysdigLogger.logError("Failed to initialize worker for plugin execution", e);
                } catch (Exception e2) {
                    throw e;
                }
            }
            cleanJenkinsWorkspaceQuietly();
            throw e;
        }
    }

    public Util.GATE_ACTION scanAndBuildReports(BuildConfig buildConfig) throws AbortException {
        ArrayList<ImageScanningResult> scanImages = this.scanner.scanImages(readImagesAndDockerfilesFromPath(this.workspace, buildConfig.getName()));
        if (scanImages.isEmpty()) {
            this.logger.logError("Image(s) were not added to sysdig-secure-engine (or a prior attempt to add images may have failed). Re-submit image(s) to sysdig-secure-engine before attempting policy evaluation");
            throw new AbortException("Submit image(s) to sysdig-secure-engine for analysis before attempting policy evaluation");
        }
        Util.GATE_ACTION finalAction = this.reportConverter.getFinalAction(scanImages);
        this.logger.logInfo("Sysdig Secure Container Image Scanner Plugin step result - " + finalAction);
        try {
            FilePath filePath = new FilePath(this.workspace, this.jenkinsOutputDirName);
            JSONObject processPolicyEvaluation = this.reportConverter.processPolicyEvaluation(scanImages, new FilePath(filePath, GATE_OUTPUT_FILENAME));
            this.reportConverter.processVulnerabilities(scanImages, new FilePath(filePath, CVE_LISTING_FILENAME));
            setupBuildReports(finalAction, processPolicyEvaluation);
        } catch (Exception e) {
            this.logger.logError("Recording failure to build reports and moving on with plugin operation", e);
        }
        return finalAction;
    }

    private void setupBuildReports(Util.GATE_ACTION gate_action, JSONObject jSONObject) throws AbortException {
        try {
            this.logger.logDebug("Archiving results");
            new ArtifactArchiver(this.jenkinsOutputDirName + "/").perform(this.run, this.workspace, this.launcher, this.listener);
            this.logger.logDebug("Setting up build results");
            this.run.addAction(new SysdigAction(this.run, gate_action != null ? gate_action.toString() : "", this.jenkinsOutputDirName, GATE_OUTPUT_FILENAME, jSONObject.toString(), CVE_LISTING_FILENAME));
        } catch (Exception e) {
            this.logger.logError("Failed to setup build results due to an unexpected error", e);
            throw new AbortException("Failed to setup build results due to an unexpected error. Please refer to above logs for more information");
        }
    }

    public void cleanup() {
        try {
            this.logger.logDebug("Cleaning up build artifacts");
            if (!Strings.isNullOrEmpty(this.jenkinsOutputDirName)) {
                try {
                    this.logger.logDebug("Deleting Jenkins workspace " + this.jenkinsOutputDirName);
                    cleanJenkinsWorkspaceQuietly();
                } catch (IOException | InterruptedException e) {
                    this.logger.logDebug("Unable to delete Jenkins workspace " + this.jenkinsOutputDirName, e);
                }
            }
        } catch (RuntimeException e2) {
            this.logger.logDebug("Failed to clean up build artifacts due to an unexpected error", e2);
        }
    }

    private void initializeJenkinsWorkspace() throws IOException, InterruptedException {
        try {
            this.logger.logDebug("Initializing Jenkins workspace");
            this.jenkinsOutputDirName = JENKINS_DIR_NAME_PREFIX + this.run.getNumber();
            FilePath filePath = new FilePath(this.workspace, this.jenkinsOutputDirName);
            if (!filePath.exists()) {
                this.logger.logDebug(String.format("Creating workspace directory %s", this.jenkinsOutputDirName));
                filePath.mkdirs();
            }
        } catch (IOException | InterruptedException e) {
            this.logger.logWarn("Failed to initialize Jenkins workspace", e);
            throw e;
        }
    }

    private Map<String, String> readImagesAndDockerfilesFromPath(FilePath filePath, String str) throws AbortException {
        HashMap hashMap = new HashMap();
        this.logger.logDebug("Initializing Sysdig Secure workspace");
        FilePath filePath2 = new FilePath(filePath, str);
        this.logger.logDebug("Processing images file '" + filePath2.getRemote() + "'");
        try {
            if (!filePath2.exists()) {
                throw new AbortException("Image list file '" + str + "' not found at: " + filePath2.getRemote());
            }
            for (String str2 : filePath2.readToString().split("\\r?\\n")) {
                this.logger.logDebug("Processing line: " + str2);
                String[] split = str2.split("\\s+", 2);
                String str3 = split[0];
                String str4 = split.length > 1 ? split[1] : null;
                this.logger.logDebug("Adding tag '" + split[0] + "' with Dockerfile '" + str4 + "'");
                hashMap.put(str3, Strings.isNullOrEmpty(str4) ? null : new FilePath(filePath, str4).getRemote());
            }
            return hashMap;
        } catch (AbortException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.logError("Failed to initialize Sysdig Secure workspace due to an unexpected error", e2);
            throw new AbortException("Failed to initialize Sysdig Secure workspace due to an unexpected error. Please refer to above logs for more information");
        }
    }

    private void cleanJenkinsWorkspaceQuietly() throws IOException, InterruptedException {
        new FilePath(this.workspace, this.jenkinsOutputDirName).deleteRecursive();
    }
}
