package org.owasp.dependencycheck.analyzer;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURLBuilder;
import java.io.File;
import java.io.FileFilter;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.concurrent.ThreadSafe;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvd.ecosystem.Ecosystem;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.PurlIdentifier;
import org.owasp.dependencycheck.utils.Checksum;
import org.owasp.dependencycheck.utils.FileFilterBuilder;
import org.owasp.dependencycheck.xml.pom.PomHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Experimental
@ThreadSafe
/* loaded from: input_file:org/owasp/dependencycheck/analyzer/DartAnalyzer.class */
public class DartAnalyzer extends AbstractFileTypeAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger(DartAnalyzer.class);
    private static final String LOCK_FILE = "pubspec.lock";
    private static final String YAML_FILE = "pubspec.yaml";

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected FileFilter getFileFilter() {
        return FileFilterBuilder.newInstance().addFilenames(LOCK_FILE, YAML_FILE).build();
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer
    protected void prepareFileTypeAnalyzer(Engine engine) {
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public String getName() {
        return "Dart Package Analyzer";
    }

    @Override // org.owasp.dependencycheck.analyzer.Analyzer
    public AnalysisPhase getAnalysisPhase() {
        return AnalysisPhase.INFORMATION_COLLECTION;
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected String getAnalyzerEnabledSettingKey() {
        return "analyzer.dart.enabled";
    }

    @Override // org.owasp.dependencycheck.analyzer.AbstractAnalyzer
    protected void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
        String fileName = dependency.getFileName();
        LOGGER.debug("Checking file {}", fileName);
        boolean z = -1;
        switch (fileName.hashCode()) {
            case -2044920543:
                if (fileName.equals(LOCK_FILE)) {
                    z = false;
                    break;
                }
                break;
            case -2044546403:
                if (fileName.equals(YAML_FILE)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                analyzeLockFileDependencies(dependency, engine);
                return;
            case true:
                analyzeYamlFileDependencies(dependency, engine);
                return;
            default:
                return;
        }
    }

    private void analyzeYamlFileDependencies(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        File actualFile = dependency.getActualFile();
        try {
            JsonNode readTree = new ObjectMapper(new YAMLFactory()).readTree(actualFile);
            addYamlDependenciesToEngine(readTree.get("dependencies").fields(), actualFile, engine);
            addYamlDependenciesToEngine(readTree.get("dev_dependencies").fields(), actualFile, engine);
            addYamlDartDependencyToEngine(readTree, actualFile, engine);
        } catch (IOException e) {
            throw new AnalysisException("Problem occurred while reading dependency file.", e);
        }
    }

    private void analyzeLockFileDependencies(Dependency dependency, Engine engine) throws AnalysisException {
        engine.removeDependency(dependency);
        File actualFile = dependency.getActualFile();
        try {
            JsonNode readTree = new ObjectMapper(new YAMLFactory()).readTree(actualFile);
            addLockFileDependenciesToEngine(actualFile, engine, readTree);
            addLockFileDartVersionToEngine(actualFile, engine, readTree);
        } catch (IOException e) {
            throw new AnalysisException("Problem occurred while reading dependency lockFile.", e);
        }
    }

    private void addLockFileDartVersionToEngine(File file, Engine engine, JsonNode jsonNode) throws AnalysisException {
        engine.addDependency(createDependencyFromNameAndVersion(file, "dart_software_development_kit", extractMinimumVersion(jsonNode.get("sdks").get(Ecosystem.DART).textValue())));
    }

    private void addLockFileDependenciesToEngine(File file, Engine engine, JsonNode jsonNode) throws AnalysisException {
        JsonNode jsonNode2;
        JsonNode jsonNode3;
        Iterator it = jsonNode.get("packages").iterator();
        while (it.hasNext()) {
            JsonNode jsonNode4 = (JsonNode) it.next();
            JsonNode jsonNode5 = jsonNode4.get(PomHandler.DESCRIPTION);
            if (jsonNode5 != null && (jsonNode2 = jsonNode5.get(PomHandler.NAME)) != null && (jsonNode3 = jsonNode4.get("version")) != null) {
                String asText = jsonNode2.asText();
                String asText2 = jsonNode3.asText();
                LOGGER.debug("Found dependency in {} file, name: {}, version: {}", new Object[]{LOCK_FILE, asText, asText2});
                engine.addDependency(createDependencyFromNameAndVersion(file, asText, asText2));
            }
        }
    }

    private void addYamlDependenciesToEngine(Iterator<Map.Entry<String, JsonNode>> it, File file, Engine engine) throws AnalysisException {
        while (it.hasNext()) {
            Map.Entry<String, JsonNode> next = it.next();
            String key = next.getKey();
            String extractMinimumVersion = extractMinimumVersion(next.getValue().asText());
            LOGGER.debug("Found dependency in {} file, name: {}, version: {}", new Object[]{YAML_FILE, key, extractMinimumVersion});
            engine.addDependency(createDependencyFromNameAndVersion(file, key, extractMinimumVersion));
        }
    }

    private void addYamlDartDependencyToEngine(JsonNode jsonNode, File file, Engine engine) throws AnalysisException {
        engine.addDependency(createDependencyFromNameAndVersion(file, "dart_software_development_kit", extractMinimumVersion(jsonNode.get("environment").get("sdk").textValue())));
    }

    private Dependency createDependencyFromNameAndVersion(File file, String str, String str2) throws AnalysisException {
        Dependency dependency = new Dependency(file, true);
        dependency.setName(str);
        dependency.setVersion(str2);
        try {
            dependency.addSoftwareIdentifier(new PurlIdentifier(PackageURLBuilder.aPackageURL().withType("pub").withName(dependency.getName()).withVersion(str2.isEmpty() ? null : str2).build(), Confidence.HIGHEST));
            dependency.addEvidence(EvidenceType.PRODUCT, file.getName(), PomHandler.NAME, str, Confidence.HIGHEST);
            dependency.addEvidence(EvidenceType.VENDOR, file.getName(), PomHandler.NAME, str, Confidence.HIGHEST);
            dependency.addEvidence(EvidenceType.VENDOR, file.getName(), PomHandler.NAME, Ecosystem.DART, Confidence.HIGHEST);
            if (!str2.isEmpty()) {
                dependency.addEvidence(EvidenceType.VERSION, file.getName(), "version", str2, Confidence.MEDIUM);
            }
            String format = String.format("%s:%s", str, str2);
            dependency.setSha1sum(Checksum.getSHA1Checksum(format));
            dependency.setSha256sum(Checksum.getSHA256Checksum(format));
            dependency.setMd5sum(Checksum.getMD5Checksum(format));
            dependency.setPackagePath(format);
            dependency.setDisplayFileName(format);
            return dependency;
        } catch (MalformedPackageURLException e) {
            throw new AnalysisException("Problem occurred while reading dependency file.", e);
        }
    }

    private String extractMinimumVersion(String str) {
        String replace = str.contains("^") ? str.replace("^", "") : str.contains("<") ? str.split("<")[0].trim().replace(">=", "").trim() : str.contains("any") ? "" : str;
        LOGGER.debug("Extracted minimum version: {} from raw version: {}", replace, str);
        return replace;
    }
}
