package org.owasp.dependencycheck.analyzer;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.annotation.concurrent.ThreadSafe;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.builder.CompareToBuilder;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.commons.lang3.mutable.MutableInt;
import org.apache.lucene.analysis.CharArraySet;
import org.apache.lucene.document.Document;
import org.apache.lucene.index.CorruptIndexException;
import org.apache.lucene.queryparser.classic.ParseException;
import org.apache.lucene.search.ScoreDoc;
import org.jetbrains.annotations.NotNull;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.cpe.CpeMemoryIndex;
import org.owasp.dependencycheck.data.cpe.Fields;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.data.cpe.IndexException;
import org.owasp.dependencycheck.data.cpe.MemoryIndex;
import org.owasp.dependencycheck.data.lucene.LuceneUtils;
import org.owasp.dependencycheck.data.lucene.SearchFieldAnalyzer;
import org.owasp.dependencycheck.data.nvd.ecosystem.Ecosystem;
import org.owasp.dependencycheck.data.nvdcve.CveDB;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.data.update.cpe.CpePlus;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.CpeIdentifier;
import org.owasp.dependencycheck.dependency.naming.Identifier;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Settings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.CpeBuilder;
import us.springett.parsers.cpe.exceptions.CpeValidationException;
import us.springett.parsers.cpe.values.Part;

@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/CPEAnalyzer.class */
public class CPEAnalyzer extends AbstractAnalyzer {
    private static final int WEIGHTING_BOOST = 1;
    private static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._:/-]";
    private static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*";
    public static final String NVD_SEARCH_URL = "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%%3A%%2F%%3A%1$s&cpe_product=cpe%%3A%%2F%%3A%1$s%%3A%2$s&cpe_version=cpe%%3A%%2F%%3A%1$s%%3A%2$s%%3A%3$s";
    public static final String NVD_SEARCH_BROAD_URL = "https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%%3A%%2F%%3A%1$s&cpe_product=cpe%%3A%%2F%%3A%1$s%%3A%2$s";
    private MemoryIndex cpe;
    private CveDB cve;
    private Engine engine;
    private List<String> skipEcosystems;
    private Ecosystem ecosystemTools;
    private CpeSuppressionAnalyzer suppression;
    private static final Logger LOGGER = LoggerFactory.getLogger(CPEAnalyzer.class);
    private static final String UTF8 = StandardCharsets.UTF_8.name();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/CPEAnalyzer$IdentifierConfidence.class */
    public enum IdentifierConfidence {
        EXACT_MATCH,
        BEST_GUESS,
        BROAD_MATCH
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/dependencycheck/analyzer/CPEAnalyzer$IdentifierMatch.class */
    public static class IdentifierMatch implements Comparable<IdentifierMatch> {
        private IdentifierConfidence identifierConfidence;
        private CpeIdentifier identifier;

        IdentifierMatch(Cpe cpe, String str, IdentifierConfidence identifierConfidence, Confidence confidence) {
            this.identifier = new CpeIdentifier(cpe, str, confidence);
            this.identifierConfidence = identifierConfidence;
        }

        public Confidence getEvidenceConfidence() {
            return this.identifier.getConfidence();
        }

        public void setEvidenceConfidence(Confidence confidence) {
            this.identifier.setConfidence(confidence);
        }

        public IdentifierConfidence getIdentifierConfidence() {
            return this.identifierConfidence;
        }

        public void setIdentifierConfidence(IdentifierConfidence identifierConfidence) {
            this.identifierConfidence = identifierConfidence;
        }

        public CpeIdentifier getIdentifier() {
            return this.identifier;
        }

        public void setIdentifier(CpeIdentifier cpeIdentifier) {
            this.identifier = cpeIdentifier;
        }

        public String toString() {
            return "IdentifierMatch{ IdentifierConfidence=" + this.identifierConfidence + ", identifier=" + this.identifier + '}';
        }

        public int hashCode() {
            return new HashCodeBuilder(115, 303).append(this.identifierConfidence).append(this.identifier).toHashCode();
        }

        public boolean equals(Object obj) {
            if (obj == null || !(obj instanceof IdentifierMatch)) {
                return false;
            }
            if (this == obj) {
                return true;
            }
            IdentifierMatch identifierMatch = (IdentifierMatch) obj;
            return new EqualsBuilder().append(this.identifierConfidence, identifierMatch.identifierConfidence).append(this.identifier, identifierMatch.identifier).build().booleanValue();
        }

        @Override // java.lang.Comparable
        public int compareTo(@NotNull IdentifierMatch identifierMatch) {
            return new CompareToBuilder().append(this.identifierConfidence, identifierMatch.identifierConfidence).append(this.identifier, identifierMatch.identifier).toComparison();
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "CPE Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.IDENTIFIER_ANALYSIS;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void prepareAnalyzer(Engine engine) throws InitializationException {
        super.prepareAnalyzer(engine);
        this.engine = engine;
        try {
            open(engine.getDatabase());
            String[] array = engine.getSettings().getArray("ecosystem.skip.cpeanalyzer");
            if (array == null) {
                this.skipEcosystems = new ArrayList();
            } else {
                LOGGER.debug("Skipping CPE Analysis for {}", StringUtils.join(array, ","));
                this.skipEcosystems = Arrays.asList(array);
            }
            this.ecosystemTools = new Ecosystem(engine.getSettings());
            this.suppression = new CpeSuppressionAnalyzer();
            this.suppression.initialize(engine.getSettings());
            this.suppression.prepareAnalyzer(engine);
        } catch (IOException e) {
            LOGGER.debug("Exception initializing the Lucene Index", e);
            throw new InitializationException("An exception occurred initializing the Lucene Index", e);
        } catch (DatabaseException e2) {
            LOGGER.debug("Exception accessing the database", e2);
            throw new InitializationException("An exception occurred accessing the database", e2);
        }
    }

    public void open(CveDB cveDB) throws IOException, DatabaseException {
        this.cve = cveDB;
        this.cpe = CpeMemoryIndex.getInstance();
        try {
            long currentTimeMillis = System.currentTimeMillis();
            this.cpe.open(cveDB.getVendorProductList(), getSettings());
            LOGGER.info("Created CPE Index ({} seconds)", Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - currentTimeMillis)));
        } catch (IndexException e) {
            LOGGER.debug("IndexException", e);
            throw new DatabaseException(e);
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    public void closeAnalyzer() {
        if (this.cpe != null) {
            this.cpe.close();
            this.cpe = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void determineCPE(Dependency dependency) throws CorruptIndexException, IOException, ParseException, AnalysisException {
        List<IndexEntry> searchCPE;
        Set<String> set = (Set) dependency.getSoftwareIdentifiers().stream().filter(identifier -> {
            return identifier instanceof PurlIdentifier;
        }).map(identifier2 -> {
            DependencyVersion parseVersion = DependencyVersionUtil.parseVersion(((PurlIdentifier) identifier2).getVersion(), false);
            if (parseVersion != null) {
                return parseVersion.getVersionParts().get(0);
            }
            return null;
        }).collect(Collectors.toSet());
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        HashSet hashSet = new HashSet();
        Confidence[] values = Confidence.values();
        int length = values.length;
        for (int i = 0; i < length; i += WEIGHTING_BOOST) {
            Confidence confidence = values[i];
            collectTerms(hashMap, dependency.getIterator(EvidenceType.VENDOR, confidence));
            LOGGER.debug("vendor search: {}", hashMap);
            collectTerms(hashMap2, dependency.getIterator(EvidenceType.PRODUCT, confidence));
            addMajorVersionToTerms(set, hashMap2);
            LOGGER.debug("product search: {}", hashMap2);
            if (!hashMap.isEmpty() && !hashMap2.isEmpty() && (searchCPE = searchCPE(hashMap, hashMap2, dependency.getVendorWeightings(), dependency.getProductWeightings(), dependency.getEcosystem())) != null) {
                boolean z = false;
                for (IndexEntry indexEntry : searchCPE) {
                    if (!hashSet.contains(Integer.valueOf(indexEntry.getDocumentId()))) {
                        hashSet.add(Integer.valueOf(indexEntry.getDocumentId()));
                        if (verifyEntry(indexEntry, dependency, set)) {
                            String vendor = indexEntry.getVendor();
                            String product = indexEntry.getProduct();
                            LOGGER.debug("identified vendor/product: {}/{}", vendor, product);
                            z |= determineIdentifiers(dependency, vendor, product, confidence);
                        }
                    }
                }
                if (z) {
                    return;
                }
            }
        }
    }

    protected void collectTerms(Map<String, MutableInt> map, Iterable<Evidence> iterable) {
        Iterator<Evidence> it = iterable.iterator();
        while (it.hasNext()) {
            String cleanseText = cleanseText(it.next().getValue());
            if (!StringUtils.isBlank(cleanseText)) {
                if (cleanseText.length() > 1000) {
                    boolean z = false;
                    int lastIndexOf = cleanseText.lastIndexOf(" ", 1000);
                    if (lastIndexOf > 0) {
                        cleanseText = cleanseText.substring(0, lastIndexOf);
                        z = WEIGHTING_BOOST;
                    } else {
                        lastIndexOf = cleanseText.lastIndexOf(".", 1000);
                    }
                    if (!z) {
                        if (lastIndexOf > 0) {
                            cleanseText = cleanseText.substring(0, lastIndexOf);
                            z = WEIGHTING_BOOST;
                        } else {
                            lastIndexOf = cleanseText.lastIndexOf("-", 1000);
                        }
                    }
                    if (!z) {
                        if (lastIndexOf > 0) {
                            cleanseText = cleanseText.substring(0, lastIndexOf);
                            z = WEIGHTING_BOOST;
                        } else {
                            lastIndexOf = cleanseText.lastIndexOf("_", 1000);
                        }
                    }
                    if (!z) {
                        if (lastIndexOf > 0) {
                            cleanseText = cleanseText.substring(0, lastIndexOf);
                            z = WEIGHTING_BOOST;
                        } else {
                            lastIndexOf = cleanseText.lastIndexOf("/", 1000);
                        }
                    }
                    if (!z && lastIndexOf > 0) {
                        cleanseText = cleanseText.substring(0, lastIndexOf);
                        z = WEIGHTING_BOOST;
                    }
                    if (!z) {
                        cleanseText = cleanseText.substring(0, 1000);
                    }
                }
                addTerm(map, cleanseText);
            }
        }
    }

    private void addMajorVersionToTerms(Set<String> set, Map<String, MutableInt> map) {
        HashMap hashMap = new HashMap();
        map.entrySet().stream().filter(entry -> {
            return entry.getKey() != null;
        }).forEach(entry2 -> {
            set.stream().filter(str -> {
                return (str == null || ((String) entry2.getKey()).endsWith(str) || Character.isDigit(((String) entry2.getKey()).charAt(((String) entry2.getKey()).length() - WEIGHTING_BOOST)) || map.containsKey(new StringBuilder().append((String) entry2.getKey()).append(str).toString())) ? false : true;
            }).forEach(str2 -> {
                addTerm(hashMap, ((String) entry2.getKey()) + str2);
            });
        });
        map.entrySet().stream().filter(entry3 -> {
            return entry3.getKey() != null;
        }).forEach(entry4 -> {
            set.stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).map(str -> {
                return "v" + str;
            }).filter(str2 -> {
                return (((String) entry4.getKey()).endsWith(str2) || Character.isDigit(((String) entry4.getKey()).charAt(((String) entry4.getKey()).length() - WEIGHTING_BOOST)) || map.containsKey(new StringBuilder().append((String) entry4.getKey()).append(str2).toString())) ? false : true;
            }).forEach(str3 -> {
                addTerm(hashMap, ((String) entry4.getKey()) + str3);
            });
        });
        map.putAll(hashMap);
    }

    private void addTerm(Map<String, MutableInt> map, String str) {
        MutableInt mutableInt = map.get(str);
        if (mutableInt == null) {
            map.put(str, new MutableInt(WEIGHTING_BOOST));
        } else {
            mutableInt.add(WEIGHTING_BOOST);
        }
    }

    protected List<IndexEntry> searchCPE(Map<String, MutableInt> map, Map<String, MutableInt> map2, Set<String> set, Set<String> set2, String str) {
        int luceneMaxQueryLimitFor = this.ecosystemTools.getLuceneMaxQueryLimitFor(str);
        ArrayList arrayList = new ArrayList(luceneMaxQueryLimitFor);
        String buildSearch = buildSearch(map, map2, set, set2);
        if (buildSearch == null) {
            return arrayList;
        }
        try {
            ScoreDoc[] scoreDocArr = this.cpe.search(this.cpe.parseQuery(buildSearch), luceneMaxQueryLimitFor).scoreDocs;
            int length = scoreDocArr.length;
            for (int i = 0; i < length; i += WEIGHTING_BOOST) {
                ScoreDoc scoreDoc = scoreDocArr[i];
                Document document = this.cpe.getDocument(scoreDoc.doc);
                IndexEntry indexEntry = new IndexEntry();
                indexEntry.setDocumentId(scoreDoc.doc);
                indexEntry.setVendor(document.get(Fields.VENDOR));
                indexEntry.setProduct(document.get(Fields.PRODUCT));
                indexEntry.setSearchScore(scoreDoc.score);
                if (!arrayList.contains(indexEntry)) {
                    arrayList.add(indexEntry);
                }
            }
            return arrayList;
        } catch (IOException e) {
            LOGGER.warn("An error occurred reading CPE data. See the log for more details.");
            LOGGER.info("IO Error with search string: {}", buildSearch, e);
            return null;
        } catch (IndexException e2) {
            LOGGER.warn("An error occurred resetting the CPE index searcher. See the log for more details.");
            LOGGER.info("Unable to reset the search analyzer", e2);
            return null;
        } catch (ParseException e3) {
            LOGGER.warn("An error occurred querying the CPE data. See the log for more details.");
            LOGGER.info("Unable to parse: {}", buildSearch, e3);
            return null;
        }
    }

    protected String buildSearch(Map<String, MutableInt> map, Map<String, MutableInt> map2, Set<String> set, Set<String> set2) {
        StringBuilder sb = new StringBuilder();
        if (!appendWeightedSearch(sb, Fields.PRODUCT, map2, set2)) {
            return null;
        }
        sb.append(" AND ");
        if (appendWeightedSearch(sb, Fields.VENDOR, map, set)) {
            return sb.toString();
        }
        return null;
    }

    private boolean appendWeightedSearch(StringBuilder sb, String str, Map<String, MutableInt> map, Set<String> set) {
        if (map.isEmpty()) {
            return false;
        }
        sb.append(str).append(":(");
        boolean z = false;
        boolean z2 = false;
        for (Map.Entry<String, MutableInt> entry : map.entrySet()) {
            StringBuilder sb2 = new StringBuilder();
            int intValue = entry.getValue().intValue();
            String[] split = entry.getKey().split(" ");
            int length = split.length;
            for (int i = 0; i < length; i += WEIGHTING_BOOST) {
                String str2 = split[i];
                if (!str2.isEmpty()) {
                    if (z) {
                        sb.append(" ");
                    } else {
                        z = WEIGHTING_BOOST;
                    }
                    z2 = WEIGHTING_BOOST;
                    if (LuceneUtils.isKeyword(str2)) {
                        sb.append("\"");
                        LuceneUtils.appendEscapedLuceneQuery(sb, str2);
                        sb.append("\"");
                    } else {
                        LuceneUtils.appendEscapedLuceneQuery(sb, str2);
                    }
                    String findBoostTerm = findBoostTerm(str2, set);
                    if (findBoostTerm != null) {
                        sb.append("^").append(intValue + WEIGHTING_BOOST);
                        if (!findBoostTerm.equals(str2)) {
                            sb2.append(" ");
                            LuceneUtils.appendEscapedLuceneQuery(sb2, findBoostTerm);
                            sb2.append("^").append(intValue + WEIGHTING_BOOST);
                        }
                    } else if (intValue > WEIGHTING_BOOST) {
                        sb.append("^").append(intValue);
                    }
                }
            }
            if (sb2.length() > 0) {
                sb.append((CharSequence) sb2);
            }
        }
        sb.append(")");
        return z2;
    }

    private String cleanseText(String str) {
        return str.replaceAll(CLEANSE_CHARACTER_RX, " ");
    }

    private String findBoostTerm(String str, Set<String> set) {
        for (String str2 : set) {
            if (equalsIgnoreCaseAndNonAlpha(str, str2)) {
                return str2;
            }
        }
        return null;
    }

    private boolean equalsIgnoreCaseAndNonAlpha(String str, String str2) {
        if (str == null || str2 == null) {
            return false;
        }
        return str.replaceAll(CLEANSE_NONALPHA_RX, "").equalsIgnoreCase(str2.replaceAll(CLEANSE_NONALPHA_RX, ""));
    }

    private boolean verifyEntry(IndexEntry indexEntry, Dependency dependency, Set<String> set) {
        boolean z = false;
        if ("nodejs".equals(dependency.getEcosystem())) {
            for (Identifier identifier : dependency.getSoftwareIdentifiers()) {
                if ((identifier instanceof PurlIdentifier) && cleanPackageName(((PurlIdentifier) identifier).getName()).equals(cleanPackageName(indexEntry.getProduct()))) {
                    z = WEIGHTING_BOOST;
                }
            }
        } else if (collectionContainsString(dependency.getEvidence(EvidenceType.VENDOR), indexEntry.getVendor())) {
            z = collectionContainsString(dependency.getEvidence(EvidenceType.PRODUCT), indexEntry.getProduct()) ? WEIGHTING_BOOST : set.stream().filter(str -> {
                return str != null && indexEntry.getProduct().endsWith(new StringBuilder().append("v").append(str).toString()) && indexEntry.getProduct().length() > str.length() + WEIGHTING_BOOST;
            }).anyMatch(str2 -> {
                return collectionContainsString(dependency.getEvidence(EvidenceType.PRODUCT), indexEntry.getProduct().substring(0, (indexEntry.getProduct().length() - str2.length()) - WEIGHTING_BOOST));
            }) | set.stream().filter(str3 -> {
                return str3 != null && indexEntry.getProduct().endsWith(str3) && indexEntry.getProduct().length() > str3.length();
            }).anyMatch(str4 -> {
                return collectionContainsString(dependency.getEvidence(EvidenceType.PRODUCT), indexEntry.getProduct().substring(0, indexEntry.getProduct().length() - str4.length()));
            });
        }
        return z;
    }

    private String cleanPackageName(String str) {
        return str == null ? "" : str.replaceAll("[^a-zA-Z0-9]+", "");
    }

    private boolean collectionContainsString(Set<Evidence> set, String str) {
        if (str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        Iterator<Evidence> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().getValue().toLowerCase().equals(lowerCase)) {
                return true;
            }
        }
        String[] split = str.split("[\\s_-]+");
        ArrayList arrayList = new ArrayList();
        String str2 = null;
        CharArraySet stopWords = SearchFieldAnalyzer.getStopWords();
        int length = split.length;
        for (int i = 0; i < length; i += WEIGHTING_BOOST) {
            String str3 = split[i];
            if (str2 != null) {
                arrayList.add(str2 + str3);
                str2 = null;
            } else if (str3.length() <= 2) {
                str2 = str3;
            } else if (!stopWords.contains(str3)) {
                arrayList.add(str3);
            }
        }
        if (str2 != null) {
            if (arrayList.isEmpty()) {
                arrayList.add(str2);
            } else {
                arrayList.add(((String) arrayList.get(arrayList.size() - WEIGHTING_BOOST)) + str2);
            }
        }
        if (arrayList.isEmpty()) {
            return false;
        }
        boolean z = WEIGHTING_BOOST;
        ArrayList<String> arrayList2 = new ArrayList(set.size());
        set.forEach(evidence -> {
            arrayList2.add(evidence.getValue().toLowerCase().replaceAll("[\\s_-]+", ""));
        });
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            String lowerCase2 = ((String) it2.next()).toLowerCase();
            boolean z2 = false;
            for (String str4 : arrayList2) {
                if (str4.contains(lowerCase2) && (!"http".equals(lowerCase2) || !str4.contains("http:"))) {
                    z2 = WEIGHTING_BOOST;
                    break;
                }
            }
            z &= z2;
        }
        return z;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        if (this.skipEcosystems.contains(dependency.getEcosystem())) {
            return;
        }
        try {
            determineCPE(dependency);
        } catch (ParseException e) {
            throw new AnalysisException("Unable to parse the generated Lucene query for this dependency.", e);
        } catch (IOException e2) {
            throw new AnalysisException("Failure opening the CPE Index.", e2);
        } catch (CorruptIndexException e3) {
            throw new AnalysisException("CPE Index is corrupt.", e3);
        }
    }

    protected boolean determineIdentifiers(Dependency dependency, String str, String str2, Confidence confidence) throws UnsupportedEncodingException, AnalysisException {
        CpeBuilder cpeBuilder = new CpeBuilder();
        Set<Cpe> filterEcosystem = filterEcosystem(dependency.getEcosystem(), this.cve.getCPEs(str, str2));
        if (filterEcosystem == null || filterEcosystem.isEmpty()) {
            return false;
        }
        DependencyVersion dependencyVersion = ("Golang".equals(dependency.getEcosystem()) && dependency.getVersion() == null) ? new DependencyVersion("*") : new DependencyVersion("-");
        String str3 = null;
        Confidence confidence2 = null;
        String str4 = null;
        HashSet hashSet = new HashSet();
        considerDependencyVersion(dependency, str, str2, confidence, hashSet, dependencyVersion);
        Confidence[] values = Confidence.values();
        int length = values.length;
        for (int i = 0; i < length; i += WEIGHTING_BOOST) {
            Confidence confidence3 = values[i];
            Iterator it = dependency.getIterator(EvidenceType.VERSION, confidence3).iterator();
            while (it.hasNext()) {
                DependencyVersion parseVersion = DependencyVersionUtil.parseVersion(((Evidence) it.next()).getValue(), true);
                if (parseVersion != null) {
                    DependencyVersion dependencyVersion2 = null;
                    String str5 = null;
                    int size = parseVersion.getVersionParts().size() - WEIGHTING_BOOST;
                    if (parseVersion.getVersionParts().get(size).matches("^(v|release|final|snapshot|beta|alpha|u|rc|m|20\\d\\d).*$")) {
                        String str6 = parseVersion.getVersionParts().get(size);
                        if (str6.matches("^(v|release|final|snapshot|beta|alpha|u|rc|m|20\\d\\d).*$")) {
                            str5 = str6;
                            dependencyVersion2 = new DependencyVersion();
                            dependencyVersion2.setVersionParts(parseVersion.getVersionParts().subList(0, size));
                        }
                    }
                    for (Cpe cpe : filterEcosystem) {
                        DependencyVersion parseVersion2 = DependencyVersionUtil.parseVersion(cpe.getVersion());
                        DependencyVersion dependencyVersion3 = parseVersion2;
                        if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty() && !cpe.getUpdate().startsWith("*") && !cpe.getUpdate().startsWith("-")) {
                            dependencyVersion3 = DependencyVersionUtil.parseVersion(cpe.getVersion() + '.' + cpe.getUpdate(), true);
                        }
                        if (parseVersion2 == null) {
                            hashSet.add(new IdentifierMatch(cpe, String.format(NVD_SEARCH_BROAD_URL, URLEncoder.encode(cpe.getVendor(), UTF8), URLEncoder.encode(cpe.getProduct(), UTF8)), IdentifierConfidence.BROAD_MATCH, confidence3));
                        } else if (parseVersion.equals(parseVersion2)) {
                            addExactMatch(cpe, str5, confidence3, hashSet);
                        } else if (dependencyVersion2 != null && dependencyVersion2.equals(parseVersion2) && (confidence2 == null || confidence2.compareTo(confidence3) > 0)) {
                            confidence2 = confidence3;
                            dependencyVersion = parseVersion2;
                            str3 = str5;
                            str4 = String.format(NVD_SEARCH_URL, URLEncoder.encode(cpe.getVendor(), UTF8), URLEncoder.encode(cpe.getProduct(), UTF8), URLEncoder.encode(cpe.getVersion(), UTF8));
                        } else if (dependencyVersion3 != null && parseVersion.getVersionParts().size() <= dependencyVersion3.getVersionParts().size() && parseVersion.matchesAtLeastThreeLevels(dependencyVersion3) && (confidence2 == null || confidence2.compareTo(confidence3) > 0)) {
                            if (dependencyVersion.getVersionParts().size() < parseVersion2.getVersionParts().size()) {
                                dependencyVersion = parseVersion2;
                                str3 = str5;
                                confidence2 = confidence3;
                            }
                        }
                    }
                    if (confidence2 == null || confidence2.compareTo(confidence3) > 0) {
                        if (dependencyVersion.getVersionParts().size() < parseVersion.getVersionParts().size()) {
                            dependencyVersion = parseVersion;
                            str3 = str5;
                            confidence2 = confidence3;
                        }
                    }
                }
            }
        }
        cpeBuilder.part(Part.APPLICATION).vendor(str).product(str2);
        int size2 = dependencyVersion.getVersionParts().size() - WEIGHTING_BOOST;
        if (dependencyVersion.getVersionParts().get(size2).matches("^(v|release|final|snapshot|beta|alpha|u|rc|m|20\\d\\d).*$")) {
            cpeBuilder.version(StringUtils.join(dependencyVersion.getVersionParts().subList(0, size2), "."));
            if (dependencyVersion.getVersionParts().get(size2).matches("^v\\d.*$")) {
                cpeBuilder.update(dependencyVersion.getVersionParts().get(size2).substring(WEIGHTING_BOOST));
            } else {
                cpeBuilder.update(dependencyVersion.getVersionParts().get(size2));
            }
        } else {
            cpeBuilder.version(dependencyVersion.toString());
            if (str3 != null) {
                cpeBuilder.update(str3);
            }
        }
        try {
            Cpe build = cpeBuilder.build();
            if (!"-".equals(build.getVersion())) {
                String str7 = str4 != null ? str4 : null;
                if (confidence2 == null) {
                    confidence2 = Confidence.LOW;
                }
                hashSet.add(new IdentifierMatch(build, str7, IdentifierConfidence.BEST_GUESS, confidence2));
            }
            boolean z = false;
            if (!hashSet.isEmpty()) {
                ArrayList<IdentifierMatch> arrayList = new ArrayList(hashSet);
                Collections.sort(arrayList);
                IdentifierConfidence identifierConfidence = ((IdentifierMatch) arrayList.get(0)).getIdentifierConfidence();
                Confidence evidenceConfidence = ((IdentifierMatch) arrayList.get(0)).getEvidenceConfidence();
                boolean z2 = false;
                Confidence confidence4 = (Confidence) dependency.getVulnerableSoftwareIdentifiers().stream().map((v0) -> {
                    return v0.getConfidence();
                }).min(Comparator.comparing((v0) -> {
                    return v0.ordinal();
                })).orElse(Confidence.LOW);
                for (IdentifierMatch identifierMatch : arrayList) {
                    if (identifierConfidence.equals(identifierMatch.getIdentifierConfidence()) && evidenceConfidence.equals(identifierMatch.getEvidenceConfidence())) {
                        CpeIdentifier identifier = identifierMatch.getIdentifier();
                        if (identifierConfidence != IdentifierConfidence.BEST_GUESS) {
                            identifier.setConfidence(evidenceConfidence);
                        } else if (!z2) {
                            identifier.setConfidence(Confidence.LOW);
                        }
                        if (confidence4.compareTo(identifier.getConfidence()) >= 0) {
                            dependency.addVulnerableSoftwareIdentifier(identifier);
                            this.suppression.analyze(dependency, this.engine);
                            if (dependency.getVulnerableSoftwareIdentifiers().contains(identifier)) {
                                z = WEIGHTING_BOOST;
                                if (!z2 && identifierConfidence != IdentifierConfidence.BEST_GUESS) {
                                    z2 = WEIGHTING_BOOST;
                                }
                            }
                        }
                    }
                }
            }
            return z;
        } catch (CpeValidationException e) {
            throw new AnalysisException(String.format("Unable to create a CPE for %s:%s:%s", str, str2, dependencyVersion));
        }
    }

    private void addExactMatch(Cpe cpe, String str, Confidence confidence, Set<IdentifierMatch> set) throws UnsupportedEncodingException {
        Cpe cpe2;
        CpeBuilder cpeBuilder = new CpeBuilder();
        String format = String.format(NVD_SEARCH_URL, URLEncoder.encode(cpe.getVendor(), UTF8), URLEncoder.encode(cpe.getProduct(), UTF8), URLEncoder.encode(cpe.getVersion(), UTF8));
        if (str == null || !"*".equals(cpe.getUpdate())) {
            cpe2 = cpe;
        } else {
            try {
                cpe2 = cpeBuilder.part(cpe.getPart()).wfVendor(cpe.getWellFormedVendor()).wfProduct(cpe.getWellFormedProduct()).wfVersion(cpe.getWellFormedVersion()).wfEdition(cpe.getWellFormedEdition()).wfLanguage(cpe.getWellFormedLanguage()).wfOther(cpe.getWellFormedOther()).wfSwEdition(cpe.getWellFormedSwEdition()).update(str).build();
            } catch (CpeValidationException e) {
                LOGGER.debug("Error building cpe with update:" + str, e);
                cpe2 = cpe;
            }
        }
        set.add(new IdentifierMatch(cpe2, format, IdentifierConfidence.EXACT_MATCH, confidence));
    }

    private void considerDependencyVersion(Dependency dependency, String str, String str2, Confidence confidence, Set<IdentifierMatch> set, DependencyVersion dependencyVersion) throws AnalysisException, UnsupportedEncodingException {
        if (dependency.getVersion() == null || dependency.getVersion().isEmpty()) {
            return;
        }
        CpeBuilder cpeBuilder = new CpeBuilder();
        boolean z = WEIGHTING_BOOST;
        CharArraySet stopWords = SearchFieldAnalyzer.getStopWords();
        if (dependency.getName() != null && !dependency.getName().isEmpty()) {
            String name = dependency.getName();
            String[] split = str2.split("[^a-zA-Z0-9]");
            int length = split.length;
            for (int i = 0; i < length; i += WEIGHTING_BOOST) {
                String str3 = split[i];
                z &= name.contains(str3) || stopWords.contains(str3);
            }
        }
        if (z) {
            DependencyVersion dependencyVersion2 = new DependencyVersion(dependency.getVersion());
            if (dependencyVersion2.getVersionParts().size() > 0) {
                cpeBuilder.part(Part.APPLICATION).vendor(str).product(str2);
                addVersionAndUpdate(dependencyVersion2, cpeBuilder);
                try {
                    Cpe build = cpeBuilder.build();
                    set.add(new IdentifierMatch(build, String.format(NVD_SEARCH_URL, URLEncoder.encode(str, UTF8), URLEncoder.encode(str2, UTF8), URLEncoder.encode(build.getVersion(), UTF8)), IdentifierConfidence.EXACT_MATCH, confidence));
                } catch (CpeValidationException e) {
                    throw new AnalysisException(String.format("Unable to create a CPE for %s:%s:%s", str, str2, dependencyVersion.toString()));
                }
            }
        }
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.cpe.enabled";
    }

    private Set<Cpe> filterEcosystem(String str, Set<CpePlus> set) {
        if (set == null || set.isEmpty()) {
            return null;
        }
        return str != null ? (Set) set.stream().filter(cpePlus -> {
            return cpePlus.getEcosystem() == null || cpePlus.getEcosystem().equals(str) || ("ios".equals(str) && "native".equals(cpePlus.getEcosystem()));
        }).map((v0) -> {
            return v0.getCpe();
        }).collect(Collectors.toSet()) : (Set) set.stream().map((v0) -> {
            return v0.getCpe();
        }).collect(Collectors.toSet());
    }

    private void addVersionAndUpdate(DependencyVersion dependencyVersion, CpeBuilder cpeBuilder) {
        int size = dependencyVersion.getVersionParts().size() - WEIGHTING_BOOST;
        if (size <= 0 || !dependencyVersion.getVersionParts().get(size).matches("^(v|final|release|snapshot|r|b|beta|a|alpha|u|rc|sp|dev|revision|service|build|pre|p|patch|update|m|20\\d\\d).*$")) {
            cpeBuilder.version(dependencyVersion.toString());
            return;
        }
        cpeBuilder.version(StringUtils.join(dependencyVersion.getVersionParts().subList(0, size), "."));
        if (dependencyVersion.getVersionParts().get(size).matches("^v\\d.*$")) {
            cpeBuilder.update(dependencyVersion.getVersionParts().get(size).substring(WEIGHTING_BOOST));
        } else {
            cpeBuilder.update(dependencyVersion.getVersionParts().get(size));
        }
    }

    public static void main(String[] strArr) {
        Settings settings = new Settings();
        try {
            Engine engine = new Engine(Engine.Mode.EVIDENCE_PROCESSING, settings);
            try {
                engine.openDatabase(false, false);
                CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
                cPEAnalyzer.initialize(settings);
                cPEAnalyzer.prepareAnalyzer(engine);
                LOGGER.error("test");
                System.out.println("Memory index query for ODC");
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in, StandardCharsets.UTF_8));
                Throwable th = null;
                while (true) {
                    try {
                        try {
                            HashMap hashMap = new HashMap();
                            HashMap hashMap2 = new HashMap();
                            System.out.print("Vendor: ");
                            String[] split = bufferedReader.readLine().split(" ");
                            int length = split.length;
                            for (int i = 0; i < length; i += WEIGHTING_BOOST) {
                                String str = split[i];
                                MutableInt mutableInt = hashMap.get(str);
                                if (mutableInt == null) {
                                    hashMap.put(str, new MutableInt(0));
                                } else {
                                    mutableInt.add(WEIGHTING_BOOST);
                                }
                            }
                            System.out.print("Product: ");
                            String[] split2 = bufferedReader.readLine().split(" ");
                            int length2 = split2.length;
                            for (int i2 = 0; i2 < length2; i2 += WEIGHTING_BOOST) {
                                String str2 = split2[i2];
                                MutableInt mutableInt2 = hashMap2.get(str2);
                                if (mutableInt2 == null) {
                                    hashMap2.put(str2, new MutableInt(0));
                                } else {
                                    mutableInt2.add(WEIGHTING_BOOST);
                                }
                            }
                            List<IndexEntry> searchCPE = cPEAnalyzer.searchCPE(hashMap, hashMap2, new HashSet(), new HashSet(), "default");
                            if (searchCPE == null || searchCPE.isEmpty()) {
                                System.out.println("No results found");
                            } else {
                                searchCPE.forEach(indexEntry -> {
                                    System.out.printf("%s:%s (%f)%n", indexEntry.getVendor(), indexEntry.getProduct(), Float.valueOf(indexEntry.getSearchScore()));
                                });
                            }
                            System.out.println();
                            System.out.println();
                        } finally {
                        }
                    } finally {
                    }
                }
            } finally {
            }
        } catch (IOException | InitializationException e) {
            System.err.println("Lucene ODC search tool failed:");
            System.err.println(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setCveDB(CveDB cveDB) {
        this.cve = cveDB;
    }

    protected CveDB getCveDB() {
        return this.cve;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setMemoryIndex(MemoryIndex memoryIndex) {
        this.cpe = memoryIndex;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MemoryIndex getMemoryIndex() {
        return this.cpe;
    }

    protected void setCpeSuppressionAnalyzer(CpeSuppressionAnalyzer cpeSuppressionAnalyzer) {
        this.suppression = cpeSuppressionAnalyzer;
    }
}
