package com.bitegarden.sonar.plugins.security.util;

import com.bitegarden.sonar.plugins.security.cwe.CweSecurityMetrics;
import com.bitegarden.sonar.plugins.security.model.SecurityIssue;
import com.bitegarden.sonar.plugins.security.model.SecurityIssueType;
import com.bitegarden.sonar.plugins.security.model.common.MeasureResponse;
import com.bitegarden.sonar.plugins.security.model.common.MeasureResponseValue;
import es.sonarqube.api.SonarQubeProject;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.Common;
import org.sonarqube.ws.Measures;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.issue.IssuesWsParameters;
import org.sonarqube.ws.client.issues.SearchRequest;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/util/CweUtils.class */
public final class CweUtils {
    public static final CweUtils INSTANCE = new CweUtils();
    private static final Logger LOG = Loggers.get(CweUtils.class);
    protected static final Pattern CWE_PATTERN = Pattern.compile("(CWE-)\\w+");
    private static final List<String> METRICS_WITHOUT_VIOLATIONS = Arrays.asList("cwefactorrisk", "cweviolationsdensity", "cwerating", "cwetechnicaldebt", "cweweight");
    private static final String BLOCKERVIOLATION = "cweblockerviolations";
    private static final String CRITICALVIOLATION = "cwecriticalviolations";
    private static final String MAJORVIOLATION = "cwemajorviolations";
    private static final String MINORVIOLATION = "cweminorviolations";
    private static final String INFOVIOLATION = "cweinfoviolations";
    protected static final List<String> METRIC_LIST_VIOLATIONS = Arrays.asList(BLOCKERVIOLATION, CRITICALVIOLATION, MAJORVIOLATION, MINORVIOLATION, INFOVIOLATION);
    protected static final List<String> ALL_METRIC_LIST = Arrays.asList("cweviolations", BLOCKERVIOLATION, CRITICALVIOLATION, MAJORVIOLATION, MINORVIOLATION, INFOVIOLATION, "cwefactorrisk", "cweviolationsdensity", "cwerating", "cwetechnicaldebt", "cweweight");

    private CweUtils() {
    }

    public static Long computeTotalCweTop25Issues(WsClient wsClient, List<SonarQubeProject> list, String str) {
        AtomicLong atomicLong = new AtomicLong(0L);
        list.forEach(sonarQubeProject -> {
            SearchRequest searchRequest = new SearchRequest();
            searchRequest.setComponentKeys(Collections.singletonList(sonarQubeProject.getKey()));
            searchRequest.setTypes(Arrays.asList(Common.RuleType.BUG.name(), Common.RuleType.VULNERABILITY.name(), Common.RuleType.CODE_SMELL.name()));
            searchRequest.setCwe(ParamUtils.getCweTop25(str));
            searchRequest.setResolved("false");
            if (ParamUtils.hasValue(sonarQubeProject.getBranchName())) {
                searchRequest.setBranch(sonarQubeProject.getBranchName());
            }
            atomicLong.addAndGet(wsClient.issues().search(searchRequest).getTotal());
        });
        return Long.valueOf(atomicLong.get());
    }

    public static Long computeTotalCweTop25Issues(WsClient wsClient, String str, String str2, String str3) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setComponentKeys(Collections.singletonList(str));
        searchRequest.setTypes(Arrays.asList(Common.RuleType.BUG.name(), Common.RuleType.VULNERABILITY.name(), Common.RuleType.CODE_SMELL.name()));
        searchRequest.setCwe(ParamUtils.getCweTop25(str3));
        searchRequest.setResolved("false");
        if (ParamUtils.hasValue(str2)) {
            searchRequest.setBranch(str2);
        }
        return Long.valueOf(wsClient.issues().search(searchRequest).getTotal());
    }

    public static List<SecurityIssue> getCweTop25VulnerabilitiesBySeverity(String str, String str2, WsClient wsClient, String str3, String str4, String str5) {
        ArrayList arrayList = new ArrayList();
        LOG.debug("Retrieving issues for CWE/SANS Top 25 ({}) and severity: {}", str5, str2);
        for (String str6 : ParamUtils.getCweTop25(str5)) {
            LOG.trace("Retrieving issues for CWE-{} and severity: {}", str6, str2);
            arrayList.addAll(getCweVulnerabilities(str, str2, wsClient, str6, str3, str4));
            LOG.trace("    Total CWE issues: {}", Integer.valueOf(arrayList.size()));
        }
        LOG.debug("Total CWE/SANS Top 25 issues for year({}): {}", str5, Integer.valueOf(arrayList.size()));
        return arrayList;
    }

    public static List<SecurityIssue> getCweVulnerabilities(String str, String str2, WsClient wsClient, String str3, String str4, String str5) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(SecurityPluginUtils.getSecurityIssueListByFacetsRule(wsClient, str3, wsClient.issues().search(SecurityPluginUtils.createSearchIssuesRequest(str, str2, str3, str4, str5, SecurityIssueType.CWE)).getFacets().getFacetsList(), SecurityIssueType.CWE));
        return SecurityPluginUtils.sortSecurityIssueBySeverityAndCount(arrayList);
    }

    public static List<SecurityIssue> getCweTop25Hotspots(List<SonarQubeProject> list, WsClient wsClient, String str) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = ParamUtils.getCweTop25(str).iterator();
        while (it.hasNext()) {
            arrayList.addAll(SecurityPluginUtils.getHotspotsSecurityIssueList(list, wsClient, it.next(), SecurityIssueType.CWE));
        }
        return arrayList;
    }

    public static List<SecurityIssue> getHotspots(List<SonarQubeProject> list, WsClient wsClient, SecurityIssueType securityIssueType) {
        return SecurityPluginUtils.getHotspotsSecurityIssueList(list, wsClient, "", securityIssueType);
    }

    public static List<String> getCweCategoriesByHtmlRule(List<String> list, String str, String str2, String str3) {
        return getCweCategoriesByHtmlRule(list, str, str2, str3, true);
    }

    public static List<String> getCweCategoriesByHtmlRule(List<String> list, String str, String str2, String str3, boolean z) {
        ArrayList arrayList = new ArrayList();
        if (str2.contains(IssuesWsParameters.PARAM_CWE)) {
            Matcher matcher = CWE_PATTERN.matcher(str);
            List<String> cweTop25 = ParamUtils.getCweTop25(str3);
            while (matcher.find()) {
                String substring = matcher.group().substring(4);
                if (!list.contains(substring) && z && cweTop25.contains(substring)) {
                    arrayList.add(substring);
                }
            }
        }
        return arrayList;
    }

    public static List<SecurityIssue> getCweTop25VulnerabilitiesBreakdown(WsClient wsClient, List<SonarQubeProject> list, String str) {
        ArrayList arrayList = new ArrayList();
        list.forEach(sonarQubeProject -> {
            arrayList.addAll(getCweTop25VulnerabilitiesBreakdown(sonarQubeProject.getKey(), wsClient, sonarQubeProject.getBranchName(), null, str));
        });
        return arrayList;
    }

    public static Long computeAll(String str, WsClient wsClient, String str2, String str3, String str4) {
        return getIssueCount(getCweTop25VulnerabilitiesBreakdown(str, wsClient, str2, str3, str4));
    }

    public static List<SecurityIssue> getCweTop25VulnerabilitiesBreakdown(String str, WsClient wsClient, String str2, String str3, String str4) {
        List<SecurityIssue> cweTop25VulnerabilitiesBySeverity = getCweTop25VulnerabilitiesBySeverity(str, "BLOCKER", wsClient, str2, str3, str4);
        List<SecurityIssue> cweTop25VulnerabilitiesBySeverity2 = getCweTop25VulnerabilitiesBySeverity(str, "CRITICAL", wsClient, str2, str3, str4);
        List<SecurityIssue> cweTop25VulnerabilitiesBySeverity3 = getCweTop25VulnerabilitiesBySeverity(str, "MAJOR", wsClient, str2, str3, str4);
        List<SecurityIssue> cweTop25VulnerabilitiesBySeverity4 = getCweTop25VulnerabilitiesBySeverity(str, "MINOR", wsClient, str2, str3, str4);
        List<SecurityIssue> cweTop25VulnerabilitiesBySeverity5 = getCweTop25VulnerabilitiesBySeverity(str, "INFO", wsClient, str2, str3, str4);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(cweTop25VulnerabilitiesBySeverity);
        arrayList.addAll(cweTop25VulnerabilitiesBySeverity2);
        arrayList.addAll(cweTop25VulnerabilitiesBySeverity3);
        arrayList.addAll(cweTop25VulnerabilitiesBySeverity4);
        arrayList.addAll(cweTop25VulnerabilitiesBySeverity5);
        return SecurityPluginUtils.sortSecurityIssueBySeverityAndCount(arrayList);
    }

    public static Double getMeasures(WsClient wsClient, String str, String str2) {
        org.sonarqube.ws.client.measures.SearchRequest searchRequest = new org.sonarqube.ws.client.measures.SearchRequest();
        searchRequest.setProjectKeys(Collections.singletonList(str));
        searchRequest.setMetricKeys(Collections.singletonList(str2));
        Measures.SearchWsResponse search = wsClient.measures().search(searchRequest);
        Measures.Measure measure = !search.getMeasuresList().isEmpty() ? search.getMeasuresList().get(0) : null;
        return measure != null ? Double.valueOf(Double.parseDouble(measure.getValue())) : Double.valueOf(0.0d);
    }

    public static List<String> filterParameterListToMetricKeys(Map<String, String[]> map) {
        List<String> asList = Arrays.asList(map.getOrDefault(ParamUtils.METRIC_KEYS_PARAM_KEY, new String[]{""})[0].split(","));
        if (SecurityPluginUtils.checkMetricKeyListValue(CweSecurityMetrics.getMetricKeys(), asList)) {
            asList = new ArrayList();
        }
        return asList;
    }

    public static List<String> getMetricList() {
        return ALL_METRIC_LIST;
    }

    public static Long getIssueCount(List<SecurityIssue> list) {
        Long l = 0L;
        if (list != null) {
            Iterator<SecurityIssue> it = list.iterator();
            while (it.hasNext()) {
                l = Long.valueOf(l.longValue() + it.next().getCount().longValue());
            }
        }
        return l;
    }

    public static Map<String, String> getTupleMetricAndSeverity() {
        HashMap hashMap = new HashMap();
        for (String str : METRIC_LIST_VIOLATIONS) {
            if (BLOCKERVIOLATION.equals(str)) {
                hashMap.put(str, "BLOCKER");
            }
            if (CRITICALVIOLATION.equals(str)) {
                hashMap.put(str, "CRITICAL");
            }
            if (MAJORVIOLATION.equals(str)) {
                hashMap.put(str, "MAJOR");
            }
            if (MINORVIOLATION.equals(str)) {
                hashMap.put(str, "MINOR");
            }
            if (INFOVIOLATION.equals(str)) {
                hashMap.put(str, "INFO");
            }
        }
        return hashMap;
    }

    public static Double countViolations(String str, String str2, WsClient wsClient, String str3, String str4, String str5) {
        return "cweviolations".equals(str) ? Double.valueOf(computeAll(str2, wsClient, str3, str4, str5).doubleValue()) : Double.valueOf(getIssueCount(getCweTop25VulnerabilitiesBySeverity(str2, getTupleMetricAndSeverity().get(str), wsClient, str3, str4, str5)).doubleValue());
    }

    public static MeasureResponse generateMeasureResponses(List<String> list, Locale locale, WsClient wsClient, String str, String str2, String str3, String str4) {
        MeasureResponse measureResponse = new MeasureResponse();
        ArrayList arrayList = new ArrayList();
        for (String str5 : list) {
            MeasureResponseValue measureResponseValue = new MeasureResponseValue();
            Double measures = METRICS_WITHOUT_VIOLATIONS.contains(str5) ? getMeasures(wsClient, str, str5) : countViolations(str5, str, wsClient, str2, str3, str4);
            measureResponseValue.setKey(str5);
            measureResponseValue.setValue(FormatUtils.getNumber(locale).format(measures));
            arrayList.add(measureResponseValue);
        }
        measureResponse.setMeasures(arrayList);
        return measureResponse;
    }

    public CweUtils getInstance() {
        return INSTANCE;
    }
}
