package com.bitegarden.sonar.plugins.security.cwe;

import com.bitegarden.sonar.plugins.security.SecurityPlugin;
import com.bitegarden.sonar.plugins.security.SecurityPluginProperties;
import com.bitegarden.sonar.plugins.security.SecurityWebService;
import com.bitegarden.sonar.plugins.security.model.ReportParams;
import com.bitegarden.sonar.plugins.security.model.SecurityIssue;
import com.bitegarden.sonar.plugins.security.model.SecurityIssueType;
import com.bitegarden.sonar.plugins.security.util.CweUtils;
import com.bitegarden.sonar.plugins.security.util.FormatUtils;
import com.bitegarden.sonar.plugins.security.util.ParamUtils;
import com.bitegarden.sonar.plugins.security.util.SecurityPluginUtils;
import com.bitegarden.sonar.plugins.security.util.TemplateUtils;
import es.sonarqube.api.SonarQubeProject;
import es.sonarqube.exceptions.SonarQubeException;
import es.sonarqube.managers.SonarQubeProjectManager;
import es.sonarqube.model.SonarQubeQualifier;
import java.io.StringWriter;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.velocity.VelocityContext;
import org.sonar.api.config.Configuration;
import org.sonar.api.platform.Server;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.RequestHandler;
import org.sonar.api.server.ws.Response;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.WsClientFactories;
import org.sonarqube.ws.client.issue.IssuesWsParameters;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/cwe/CwePageActionHandler.class */
public class CwePageActionHandler implements RequestHandler {
    private static final Logger LOG = Loggers.get(CwePageActionHandler.class);
    private final Configuration configuration;
    private final Server server;

    public CwePageActionHandler(Configuration configuration, Server server) {
        this.configuration = configuration;
        this.server = server;
    }

    public void handle(Request request, Response response) throws Exception {
        String renderErrorTemplate;
        String param = request.param(ParamUtils.RESOURCE_PARAM_KEY);
        String requestParam = ParamUtils.getRequestParam(request, "branch", null);
        String requestParam2 = ParamUtils.getRequestParam(request, "pullRequest", null);
        String requestParam3 = ParamUtils.getRequestParam(request, ParamUtils.CWE_YEAR_PARAM_KEY, "2023");
        String publicRootUrl = SecurityPluginUtils.getPublicRootUrl(this.configuration);
        Locale userLocaleFromRequest = SecurityWebService.getUserLocaleFromRequest(request);
        Instant now = Instant.now();
        try {
            WsClient newClient = WsClientFactories.getLocal().newClient(request.localConnector());
            LOG.debug("Requested security assessment CWE page for id: {} and branch: {}", param, requestParam);
            if (SecurityPlugin.getLicenseChecker().isValidLicense()) {
                Map<String, String> securityMeasures = SecurityPluginUtils.getSecurityMeasures(param, userLocaleFromRequest, newClient, requestParam, requestParam2, CweSecurityMetrics.getMetricKeys());
                if (securityMeasures.get(CweSecurityMetrics.CWE_VIOLATIONS.getKey()) != null) {
                    StringWriter stringWriter = new StringWriter();
                    TemplateUtils.getTemplate("/static/templates/cwe-report.vm").merge(new VelocityContext(getReportParams(securityMeasures, param, publicRootUrl, userLocaleFromRequest, newClient, requestParam, requestParam2, requestParam3)), stringWriter);
                    renderErrorTemplate = stringWriter.toString();
                } else {
                    renderErrorTemplate = TemplateUtils.renderSimpleTemplate("/static/templates/cwe-measures-not-found.vm", publicRootUrl, userLocaleFromRequest);
                }
            } else {
                renderErrorTemplate = TemplateUtils.renderSimpleTemplate("/static/templates/invalid-license.vm", publicRootUrl, userLocaleFromRequest);
            }
        } catch (Exception e) {
            LOG.error("Error rendering cwe report page, reason: {}", e.getMessage());
            LOG.debug("Error rendering cwe report page", e);
            renderErrorTemplate = TemplateUtils.renderErrorTemplate("/static/templates/error-page.vm", e.getMessage(), userLocaleFromRequest);
        }
        response.stream().output().write(renderErrorTemplate.getBytes());
        LOG.debug("security assessment CWE page generated for {} ( Elapsed time: {} s )", param, Long.valueOf(Duration.between(now, Instant.now()).toMillis() / 1000));
    }

    protected VelocityContext getReportParams(Map<String, String> map, String str, String str2, Locale locale, WsClient wsClient, String str3, String str4, String str5) throws SonarQubeException {
        List<SecurityIssue> cweTop25Hotspots;
        SonarQubeProject sonarQubeProjectWithBasicInfo = new SonarQubeProjectManager(wsClient, locale).getSonarQubeProjectWithBasicInfo(str, str3, str4);
        sonarQubeProjectWithBasicInfo.setBranchName(str3);
        boolean equals = SonarQubeQualifier.PORTFOLIO.equals(sonarQubeProjectWithBasicInfo.getSonarQubeQualifier());
        ReportParams reportParams = new ReportParams();
        reportParams.setBranch(str3);
        reportParams.setPullRequest(str4);
        reportParams.setSonarQubeProject(sonarQubeProjectWithBasicInfo);
        reportParams.setResource(str);
        reportParams.setBaseUrl(str2);
        reportParams.setUserLocale(locale);
        reportParams.setWsClient(wsClient);
        VelocityContext generateVelocityContext = TemplateUtils.generateVelocityContext(reportParams, map);
        generateVelocityContext.put(ParamUtils.IS_PORTFOLIO_PARAM, Boolean.valueOf(equals));
        List<SonarQubeProject> sonarQubeProjectList = SecurityPluginUtils.getSonarQubeProjectList(sonarQubeProjectWithBasicInfo);
        LOG.debug("Total CWE issues found: {}", map.get(CweSecurityMetrics.CWE_VIOLATIONS.getKey()));
        generateVelocityContext.put("cweRating", SecurityPluginUtils.computeTopRating(wsClient, sonarQubeProjectList, SecurityIssueType.CWE, str5));
        List<SecurityIssue> cweTop25VulnerabilitiesBreakdown = CweUtils.getCweTop25VulnerabilitiesBreakdown(wsClient, sonarQubeProjectList, str5);
        LOG.debug("Total CWE/SANS Top 25 rules found: {}", Integer.valueOf(cweTop25VulnerabilitiesBreakdown.size()));
        Long l = 0L;
        Iterator<SecurityIssue> it = cweTop25VulnerabilitiesBreakdown.iterator();
        while (it.hasNext()) {
            l = Long.valueOf(l.longValue() + it.next().getCount().longValue());
        }
        generateVelocityContext.put("cweTop25Total", FormatUtils.getNumber(locale).format(l));
        LOG.debug("Total CWE/SANS Top 25 issues found: {}", l);
        generateVelocityContext.put("vulnerabilitiesBreakdown", cweTop25VulnerabilitiesBreakdown);
        String version = this.server.getVersion();
        if (version.startsWith("7.") || version.startsWith("8.0") || version.startsWith("8.1")) {
            cweTop25Hotspots = CweUtils.getCweTop25Hotspots(sonarQubeProjectList, wsClient, str5);
            generateVelocityContext.put("latest", false);
        } else {
            cweTop25Hotspots = SecurityPluginUtils.getHotspotsForLatestVersion(sonarQubeProjectList, wsClient, SecurityIssueType.CWE, str5);
            generateVelocityContext.put("latest", true);
        }
        generateVelocityContext.put("hotspotsBreakdown", cweTop25Hotspots);
        ArrayList arrayList = new ArrayList();
        String[] strArr = new String[25];
        String[] strArr2 = new String[25];
        List<String> cweTop25 = ParamUtils.getCweTop25(str5);
        for (int i = 0; i <= 24; i++) {
            Map<String, Long> issuesForCategory = SecurityPluginUtils.getIssuesForCategory(cweTop25.get(i), cweTop25VulnerabilitiesBreakdown, cweTop25Hotspots);
            strArr[i] = SecurityPluginUtils.getRatingByIssuesSeverity(issuesForCategory);
            arrayList.add(issuesForCategory);
            strArr2[i] = SecurityPluginUtils.getHotspotsIdsPerCategory(cweTop25.get(i), cweTop25Hotspots);
        }
        generateVelocityContext.put(ParamUtils.CWE_YEAR_PARAM_KEY, str5);
        generateVelocityContext.put(IssuesWsParameters.PARAM_CWE_TOP_25, cweTop25);
        generateVelocityContext.put("cweCategoryRatings", strArr);
        generateVelocityContext.put("issuesPerCategory", arrayList);
        generateVelocityContext.put("hotspotsIdsPerCweCategory", strArr2);
        String str6 = (String) Arrays.stream(strArr2).filter(str7 -> {
            return (str7 == null || str7.isEmpty()) ? false : true;
        }).collect(Collectors.joining(","));
        generateVelocityContext.put("allHotspotsIds", str6);
        generateVelocityContext.put("cweTop25TotalHotspots", Integer.valueOf(str6.isEmpty() ? 0 : str6.split(",").length));
        generateVelocityContext.put("riskFactorSeverity", SecurityPluginUtils.getRiskFactorSeverity(Double.parseDouble(map.get(CweSecurityMetrics.CWE_FACTOR_RISK.getKey() + "_value")), this.configuration, SecurityPluginProperties.CWE_FACTOR_RISK));
        return generateVelocityContext;
    }
}
