package com.bitegarden.sonar.plugins.security.cwe;

import com.bitegarden.sonar.plugins.security.SecurityPlugin;
import com.bitegarden.sonar.plugins.security.SecurityPluginProperties;
import com.bitegarden.sonar.plugins.security.util.SecurityPluginUtils;
import es.sonarqube.utils.MapField;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.sonar.api.ce.measure.Component;
import org.sonar.api.ce.measure.Measure;
import org.sonar.api.ce.measure.MeasureComputer;
import org.sonar.api.issue.Issue;
import org.sonar.api.measures.CoreMetrics;
import org.sonar.api.rules.RuleType;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.client.issue.IssuesWsParameters;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/cwe/CweMeasureComputer.class */
public class CweMeasureComputer implements MeasureComputer {
    private Map<String, Integer> cweWeights;
    private static final Logger LOG = Loggers.get(CweMeasureComputer.class);
    private static final String[] SEVERITIES = {"INFO", "MINOR", "MAJOR", "CRITICAL", "BLOCKER"};

    public MeasureComputer.MeasureComputerDefinition define(MeasureComputer.MeasureComputerDefinitionContext measureComputerDefinitionContext) {
        return measureComputerDefinitionContext.newDefinitionBuilder().setInputMetrics(new String[]{MapField.NCLOC, MapField.BLOCKER_ISSUES, MapField.CRITICAL_ISSUES, MapField.MAJOR_ISSUES, MapField.MINOR_ISSUES, MapField.INFO_ISSUES}).setOutputMetrics(new String[]{CweSecurityMetrics.CWE_FACTOR_RISK.getKey(), CweSecurityMetrics.CWE_TECHNICAL_DEBT.getKey(), CweSecurityMetrics.CWE_VIOLATIONS.getKey(), CweSecurityMetrics.CWE_VIOLATIONS_DENSITY.getKey(), CweSecurityMetrics.CWE_WEIGHT.getKey(), CweSecurityMetrics.CWE_RATING.getKey(), CweSecurityMetrics.CWE_BLOCKER_VIOLATIONS.getKey(), CweSecurityMetrics.CWE_CRITICAL_VIOLATIONS.getKey(), CweSecurityMetrics.CWE_MAJOR_VIOLATIONS.getKey(), CweSecurityMetrics.CWE_MINOR_VIOLATIONS.getKey(), CweSecurityMetrics.CWE_INFO_VIOLATIONS.getKey()}).build();
    }

    public void compute(MeasureComputer.MeasureComputerContext measureComputerContext) {
        boolean parseBoolean = Boolean.parseBoolean(measureComputerContext.getSettings().getString(SecurityPluginProperties.ENABLED));
        LOG.debug("Running Security Assessment CWE...");
        if (!parseBoolean) {
            LOG.debug("Security Assessment plugin is disabled.");
        } else if (!SecurityPlugin.getLicenseChecker().isValidLicense()) {
            LOG.debug("Security Assessment plugin is enabled but license status is not valid");
        } else {
            LOG.debug("License is valid and plugin is enabled.");
            computeResource(measureComputerContext);
        }
    }

    public void computeResource(MeasureComputer.MeasureComputerContext measureComputerContext) {
        LOG.debug("Computing CWE measures for component {}", measureComputerContext.getComponent().getKey());
        this.cweWeights = SecurityPluginUtils.getSeverityWeights(measureComputerContext.getSettings(), SecurityPluginProperties.CWE_WEIGHT);
        Component.Type type = measureComputerContext.getComponent().getType();
        LOG.debug("component type = " + type.name());
        List<Issue> issues = measureComputerContext.getIssues();
        List<? extends org.sonar.api.ce.measure.Issue> arrayList = new ArrayList<>();
        for (Issue issue : issues) {
            String resolution = issue.resolution();
            Collection<String> tags = issue.tags();
            LOG.debug("issue found for rule {} and resolution is {}", issue.ruleKey(), resolution);
            LOG.debug("issue tags: {}", tags);
            LOG.debug("issue type: {}", issue.type().name());
            if (resolution == null) {
                for (String str : tags) {
                    if (str.contains(IssuesWsParameters.PARAM_CWE)) {
                        LOG.debug("issue with tag {} ... add to check CWE!", str);
                        if (!arrayList.contains(issue) && !issue.type().name().equals(RuleType.SECURITY_HOTSPOT.name())) {
                            arrayList.add(issue);
                        }
                    }
                }
            }
        }
        LOG.debug("issues in component:     " + issues.size());
        LOG.debug("CWE issues in component: " + arrayList.size());
        LOG.debug("everything is ok! Go for it!");
        LOG.debug("running CWE analysis for " + type.name());
        if (Component.Type.FILE.equals(type)) {
            computeFile(measureComputerContext, arrayList);
            return;
        }
        if (Component.Type.DIRECTORY.equals(type) || Component.Type.MODULE.equals(type) || Component.Type.PROJECT.equals(type) || Component.Type.VIEW.equals(type) || Component.Type.SUBVIEW.equals(type)) {
            computeTopLevel(measureComputerContext, arrayList);
        }
    }

    public void computeFile(MeasureComputer.MeasureComputerContext measureComputerContext, List<? extends org.sonar.api.ce.measure.Issue> list) {
        Map<String, Integer> computeCweIssues = computeCweIssues(list);
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_BLOCKER_VIOLATIONS.getKey(), computeCweIssues.get("BLOCKER").intValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_CRITICAL_VIOLATIONS.getKey(), computeCweIssues.get("CRITICAL").intValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_MAJOR_VIOLATIONS.getKey(), computeCweIssues.get("MAJOR").intValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_MINOR_VIOLATIONS.getKey(), computeCweIssues.get("MINOR").intValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_INFO_VIOLATIONS.getKey(), computeCweIssues.get("INFO").intValue());
        Integer computeTotalValueFromMap = SecurityPluginUtils.computeTotalValueFromMap(computeCweIssues);
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_VIOLATIONS.getKey(), computeTotalValueFromMap.intValue());
        LOG.debug(CweSecurityMetrics.CWE_VIOLATIONS.getKey() + " = " + computeTotalValueFromMap);
        Double valueOf = Double.valueOf(computeCweWeight(computeCweIssues));
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_WEIGHT.getKey(), valueOf.doubleValue());
        LOG.debug(CweSecurityMetrics.CWE_WEIGHT.getKey() + " = " + valueOf);
        Measure measure = measureComputerContext.getMeasure(CoreMetrics.NCLOC.getKey());
        int i = 0;
        if (measure != null) {
            i = measure.getIntValue();
        }
        Double valueOf2 = Double.valueOf(SecurityPluginUtils.computeFactorRisk(i, valueOf));
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_FACTOR_RISK.getKey(), valueOf2.doubleValue());
        LOG.debug(CweSecurityMetrics.CWE_FACTOR_RISK.getKey() + " = " + valueOf2);
        Double computeViolationsDensity = SecurityPluginUtils.computeViolationsDensity(measureComputerContext, valueOf, SecurityPluginProperties.CWE_WEIGHT);
        if (computeViolationsDensity.doubleValue() >= 0.0d) {
            measureComputerContext.addMeasure(CweSecurityMetrics.CWE_VIOLATIONS_DENSITY.getKey(), computeViolationsDensity.doubleValue());
            LOG.debug(CweSecurityMetrics.CWE_VIOLATIONS_DENSITY.getKey() + " = " + computeViolationsDensity);
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_TECHNICAL_DEBT.getKey(), SecurityPluginUtils.computeTechnicalDebt(list).longValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_RATING.getKey(), SecurityPluginUtils.ratingToInteger(SecurityPluginUtils.computeRating(list)).intValue());
    }

    public void computeTopLevel(MeasureComputer.MeasureComputerContext measureComputerContext, List<? extends org.sonar.api.ce.measure.Issue> list) {
        Map<String, Integer> computeCweIssues = computeCweIssues(list);
        Integer num = 0;
        Iterator it = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_BLOCKER_VIOLATIONS.getKey()).iterator();
        while (it.hasNext()) {
            num = Integer.valueOf(num.intValue() + ((Measure) it.next()).getIntValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_BLOCKER_VIOLATIONS.getKey(), num.intValue());
        Integer num2 = 0;
        Iterator it2 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_CRITICAL_VIOLATIONS.getKey()).iterator();
        while (it2.hasNext()) {
            num2 = Integer.valueOf(num2.intValue() + ((Measure) it2.next()).getIntValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_CRITICAL_VIOLATIONS.getKey(), num2.intValue());
        Integer num3 = 0;
        Iterator it3 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_MAJOR_VIOLATIONS.getKey()).iterator();
        while (it3.hasNext()) {
            num3 = Integer.valueOf(num3.intValue() + ((Measure) it3.next()).getIntValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_MAJOR_VIOLATIONS.getKey(), num3.intValue());
        Integer num4 = 0;
        Iterator it4 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_MINOR_VIOLATIONS.getKey()).iterator();
        while (it4.hasNext()) {
            num4 = Integer.valueOf(num4.intValue() + ((Measure) it4.next()).getIntValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_MINOR_VIOLATIONS.getKey(), num4.intValue());
        Integer num5 = 0;
        Iterator it5 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_INFO_VIOLATIONS.getKey()).iterator();
        while (it5.hasNext()) {
            num5 = Integer.valueOf(num5.intValue() + ((Measure) it5.next()).getIntValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_INFO_VIOLATIONS.getKey(), num5.intValue());
        Integer num6 = 0;
        Iterator it6 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_VIOLATIONS.getKey()).iterator();
        while (it6.hasNext()) {
            num6 = Integer.valueOf(num6.intValue() + ((Measure) it6.next()).getIntValue());
        }
        Integer valueOf = Integer.valueOf(num6.intValue() + SecurityPluginUtils.computeTotalValueFromMap(computeCweIssues).intValue());
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_VIOLATIONS.getKey(), valueOf.intValue());
        LOG.debug(CweSecurityMetrics.CWE_VIOLATIONS.getKey() + " = " + valueOf);
        Double valueOf2 = Double.valueOf(0.0d);
        Iterator it7 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_WEIGHT.getKey()).iterator();
        while (it7.hasNext()) {
            valueOf2 = Double.valueOf(valueOf2.doubleValue() + ((Measure) it7.next()).getDoubleValue());
        }
        Double valueOf3 = Double.valueOf(valueOf2.doubleValue() + computeCweWeight(computeCweIssues));
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_WEIGHT.getKey(), valueOf3.doubleValue());
        LOG.debug(CweSecurityMetrics.CWE_WEIGHT.getKey() + " = " + valueOf3);
        Measure measure = measureComputerContext.getMeasure(CoreMetrics.NCLOC.getKey());
        int i = 0;
        if (measure != null) {
            i = measure.getIntValue();
        }
        Double valueOf4 = Double.valueOf(SecurityPluginUtils.computeFactorRisk(i, valueOf3));
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_FACTOR_RISK.getKey(), valueOf4.doubleValue());
        LOG.debug(CweSecurityMetrics.CWE_FACTOR_RISK.getKey() + " = " + valueOf4);
        Double computeViolationsDensity = SecurityPluginUtils.computeViolationsDensity(measureComputerContext, valueOf3, SecurityPluginProperties.CWE_WEIGHT);
        if (computeViolationsDensity.doubleValue() >= 0.0d) {
            measureComputerContext.addMeasure(CweSecurityMetrics.CWE_VIOLATIONS_DENSITY.getKey(), computeViolationsDensity.doubleValue());
            LOG.debug(CweSecurityMetrics.CWE_VIOLATIONS_DENSITY.getKey() + " = " + computeViolationsDensity);
        }
        Long l = 0L;
        Iterator it8 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_TECHNICAL_DEBT.getKey()).iterator();
        while (it8.hasNext()) {
            l = Long.valueOf(l.longValue() + ((Measure) it8.next()).getLongValue());
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_TECHNICAL_DEBT.getKey(), Long.valueOf(l.longValue() + SecurityPluginUtils.computeTechnicalDebt(list).longValue()).longValue());
        String str = "A";
        Iterator it9 = measureComputerContext.getChildrenMeasures(CweSecurityMetrics.CWE_RATING.getKey()).iterator();
        while (it9.hasNext()) {
            str = SecurityPluginUtils.getWorstRating(SecurityPluginUtils.ratingToString(Integer.valueOf(((Measure) it9.next()).getIntValue())), str);
        }
        measureComputerContext.addMeasure(CweSecurityMetrics.CWE_RATING.getKey(), SecurityPluginUtils.ratingToInteger(SecurityPluginUtils.getWorstRating(str, SecurityPluginUtils.computeRating(list))).intValue());
    }

    public final Map<String, Integer> computeCweIssues(List<? extends org.sonar.api.ce.measure.Issue> list) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < SEVERITIES.length; i++) {
            hashMap.put(SEVERITIES[i], 0);
        }
        Iterator<? extends org.sonar.api.ce.measure.Issue> it = list.iterator();
        while (it.hasNext()) {
            Issue issue = (org.sonar.api.ce.measure.Issue) it.next();
            Iterator it2 = issue.tags().iterator();
            while (it2.hasNext()) {
                if (((String) it2.next()).contains(IssuesWsParameters.PARAM_CWE)) {
                    String severity = issue.severity();
                    hashMap.put(severity, Integer.valueOf(((Integer) hashMap.get(severity)).intValue() + 1));
                }
            }
        }
        return hashMap;
    }

    public final double computeCweWeight(Map<String, Integer> map) {
        double d = 0.0d;
        for (int i = 0; i < SEVERITIES.length; i++) {
            d += map.get(SEVERITIES[i]).doubleValue() * this.cweWeights.get(SecurityPluginUtils.parseSonarQubeSeverity2SecurityPluginSeverity(SEVERITIES[i])).doubleValue();
        }
        return d;
    }
}
