package com.bitegarden.sonar.plugins.security.owasp;

import com.bitegarden.sonar.plugins.security.model.ReportParams;
import com.bitegarden.sonar.plugins.security.model.SecurityIssue;
import com.bitegarden.sonar.plugins.security.model.SecurityIssueType;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspBreakdownByCategoryRow;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspBreakdownByRuleRow;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspHotspotsBreakdownByRule;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspReport;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspVulnerabilitiesBreakdownByCategory;
import com.bitegarden.sonar.plugins.security.util.CweUtils;
import com.bitegarden.sonar.plugins.security.util.OwaspUtils;
import com.bitegarden.sonar.plugins.security.util.ParamUtils;
import com.bitegarden.sonar.plugins.security.util.SecurityPluginUtils;
import es.sonarqube.api.SonarQubeProject;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.Issues;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.issues.SearchRequest;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/owasp/Owasp2021.class */
public class Owasp2021 implements OwaspVulnerabilitiesManager {
    private static final Logger LOGGER = Loggers.get(Owasp2021.class);

    @Override // com.bitegarden.sonar.plugins.security.owasp.OwaspVulnerabilitiesManager
    public List<SecurityIssue> getOwaspHotspotsBreakdownList(WsClient wsClient, List<SonarQubeProject> list, String str) {
        LOGGER.debug("Getting Owasp hotspots breakdown...");
        List<SecurityIssue> hotspots = ParamUtils.useIssuesEndpointToObtainHotspots(str) ? CweUtils.getHotspots(list, wsClient, SecurityIssueType.OWASP) : SecurityPluginUtils.getHotspotsForLatestVersion(list, wsClient, SecurityIssueType.OWASP, "2021");
        LOGGER.debug("Getting Owasp hotspots breakdown finish with ({}) hotspots...", Integer.valueOf(hotspots.size()));
        return hotspots;
    }

    @Override // com.bitegarden.sonar.plugins.security.owasp.OwaspVulnerabilitiesManager
    public OwaspReport getReport(WsClient wsClient, String str, String str2, String str3, List<SecurityIssue> list) {
        AtomicLong atomicLong = new AtomicLong();
        OwaspReport owaspReport = new OwaspReport();
        HashMap hashMap = new HashMap();
        List<OwaspBreakdownByRuleRow> owaspBreakdownByRuleRows = OwaspUtils.getOwaspBreakdownByRuleRows(list);
        ReportParams reportParams = new ReportParams();
        reportParams.setBranch(str2);
        reportParams.setPullRequest(str3);
        reportParams.setWsClient(wsClient);
        ArrayList arrayList = new ArrayList();
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A1", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A2", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A3", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A4", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A5", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A6", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A7", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A8", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A9", atomicLong));
        arrayList.add(getIssuesByCwe(reportParams, str, hashMap, owaspBreakdownByRuleRows, "A10", atomicLong));
        OwaspHotspotsBreakdownByRule owaspHotspotsBreakdownByRule = new OwaspHotspotsBreakdownByRule();
        owaspHotspotsBreakdownByRule.setOwaspBreakdownByRuleRows(owaspBreakdownByRuleRows);
        OwaspVulnerabilitiesBreakdownByCategory owaspVulnerabilitiesBreakdownByCategory = OwaspUtils.getOwaspVulnerabilitiesBreakdownByCategory(arrayList);
        owaspReport.setSummary(OwaspUtils.getSummary(atomicLong, owaspVulnerabilitiesBreakdownByCategory));
        owaspReport.setOwaspVulnerabilitiesBreakdownByCategory(owaspVulnerabilitiesBreakdownByCategory);
        owaspReport.setOwaspVulnerabilitiesBreakdownByRule(OwaspUtils.getOwaspVulnerabilitiesBreakdownByRule(wsClient, hashMap));
        owaspReport.setOwaspHotspotsBreakdownByRule(owaspHotspotsBreakdownByRule);
        return owaspReport;
    }

    private static OwaspBreakdownByCategoryRow getIssuesByCwe(ReportParams reportParams, String str, Map<String, Map<String, String>> map, List<OwaspBreakdownByRuleRow> list, String str2, AtomicLong atomicLong) {
        WsClient wsClient = reportParams.getWsClient();
        String branch = reportParams.getBranch();
        String pullRequest = reportParams.getPullRequest();
        OwaspBreakdownByCategoryRow owaspBreakdownByCategoryRow = new OwaspBreakdownByCategoryRow();
        HashMap hashMap = new HashMap();
        owaspBreakdownByCategoryRow.setCategory(str2.toUpperCase());
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setResolved("false");
        if (ParamUtils.hasValue(branch)) {
            searchRequest.setBranch(branch);
        } else {
            searchRequest.setPullRequest(pullRequest);
        }
        searchRequest.setCwe(ParamUtils.getOwaspCweCodesByCategory(str2));
        searchRequest.setComponentKeys(Collections.singletonList(str));
        searchRequest.setFacets(Arrays.asList("rules", "severities"));
        Issues.SearchWsResponse search = wsClient.issues().search(searchRequest);
        search.getFacets().getFacetsList().forEach(facet -> {
            atomicLong.addAndGet(search.getEffortTotal());
            facet.getValuesList().forEach(facetValue -> {
                if ("rules".equals(facet.getProperty())) {
                    Map map2 = (Map) map.getOrDefault(str2, new HashMap());
                    map2.put(facetValue.getVal(), facetValue.getCount() + "");
                    map.put(str2, map2);
                }
                if ("severities".equals(facet.getProperty())) {
                    String val = facetValue.getVal();
                    boolean z = -1;
                    switch (val.hashCode()) {
                        case -1560189025:
                            if (val.equals("CRITICAL")) {
                                z = true;
                                break;
                            }
                            break;
                        case 2251950:
                            if (val.equals("INFO")) {
                                z = 4;
                                break;
                            }
                            break;
                        case 73121177:
                            if (val.equals("MAJOR")) {
                                z = 2;
                                break;
                            }
                            break;
                        case 73363349:
                            if (val.equals("MINOR")) {
                                z = 3;
                                break;
                            }
                            break;
                        case 696544730:
                            if (val.equals("BLOCKER")) {
                                z = false;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                            owaspBreakdownByCategoryRow.setBlockerVulnerabilities(facetValue.getCount());
                            break;
                        case true:
                            owaspBreakdownByCategoryRow.setCriticalVulnerabilities(facetValue.getCount());
                            break;
                        case true:
                            owaspBreakdownByCategoryRow.setMajorVulnerabilities(facetValue.getCount());
                            break;
                        case true:
                            owaspBreakdownByCategoryRow.setMinorVulnerabilities(facetValue.getCount());
                            break;
                        case true:
                            owaspBreakdownByCategoryRow.setInfoVulnerabilities(facetValue.getCount());
                            break;
                    }
                    hashMap.put(facetValue.getVal(), Long.valueOf(facetValue.getCount()));
                }
                LOGGER.debug("Facet ({}) with value ({}) for category ({})", new Object[]{facetValue.getVal(), Long.valueOf(facetValue.getCount()), str2});
            });
        });
        list.forEach(owaspBreakdownByRuleRow -> {
            if (owaspBreakdownByRuleRow.getCategoryList().contains(str2.toUpperCase())) {
                owaspBreakdownByCategoryRow.setHotspots(owaspBreakdownByCategoryRow.getHotspots() + owaspBreakdownByRuleRow.getHotspots());
                owaspBreakdownByCategoryRow.setHotspotsIds(owaspBreakdownByRuleRow.getHotspotsIds());
            }
        });
        owaspBreakdownByCategoryRow.setRating(SecurityPluginUtils.getRatingByIssuesSeverity(hashMap));
        return owaspBreakdownByCategoryRow;
    }
}
