package es.sonarqube.security.manager;

import es.sonarqube.managers.SonarQubeManagerFactory;
import es.sonarqube.security.SecurityConstants;
import es.sonarqube.security.model.owasp.OwaspBreakdown;
import es.sonarqube.security.model.owasp.OwaspReport;
import es.sonarqube.security.model.owasp.OwaspRule;
import es.sonarqube.security.model.owasp.OwaspSummary;
import es.sonarqube.security.model.owasp.OwaspTopBreakdown;
import es.sonarqube.security.utils.Duration;
import es.sonarqube.security.utils.OwaspUtils;
import es.sonarqube.security.utils.ParamUtils;
import es.sonarqube.security.utils.SecurityUtils;
import es.sonarqube.utils.FormatUtils;
import es.sonarqube.utils.MapField;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonarqube.ws.Rules;
import org.sonarqube.ws.client.HttpConnector;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.WsClientFactories;

/* loaded from: input_file:META-INF/lib/sonarqube-security-manager-1.6.jar:es/sonarqube/security/manager/OwaspManager.class */
public class OwaspManager {
    private final WsClient wsClient;
    private final Locale userLocale;
    private static final Logger LOGGER = LoggerFactory.getLogger(OwaspManager.class);

    public OwaspManager(WsClient wsClient, Locale locale) {
        this.wsClient = wsClient;
        this.userLocale = locale;
    }

    public OwaspManager(String str, String str2, Locale locale) {
        this.wsClient = WsClientFactories.getDefault().newClient(HttpConnector.newBuilder().url(str).token(str2).build());
        this.userLocale = locale;
    }

    protected static OwaspReport getOwaspTop10Report(String str, String str2, Locale locale, String str3, String str4, String str5) {
        return SecurityManagerFactory.createOwaspManager(str, str2, locale).getOwaspTop10Report(str3, str4, str5);
    }

    protected static OwaspReport getOwaspTop10Report(String str, String str2, Locale locale, List<String> list, String str3) {
        return SecurityManagerFactory.createOwaspManager(str, str2, locale).getOwaspTop10Report(list, (String) null, str3);
    }

    protected static OwaspReport getOwaspTop10Report(WsClient wsClient, Locale locale, String str, String str2, String str3) {
        return SecurityManagerFactory.createOwaspManager(wsClient, locale).getOwaspTop10Report(str, str2, str3);
    }

    protected static OwaspReport getOwaspTop10Report(WsClient wsClient, Locale locale, List<String> list, String str) {
        return SecurityManagerFactory.createOwaspManager(wsClient, locale).getOwaspTop10Report(list, (String) null, str);
    }

    public OwaspReport getOwaspTop10Report(String str, String str2, String str3) {
        if (ParamUtils.hasValue(str)) {
            return getOwaspTop10Report(Collections.singletonList(str), str2, str3);
        }
        LOGGER.warn("Cannot get owasp top 10 report because project key has not value");
        return new OwaspReport();
    }

    public OwaspReport getOwaspTop10Report(List<String> list, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        AtomicLong atomicLong = new AtomicLong();
        AtomicLong atomicLong2 = new AtomicLong();
        AtomicLong atomicLong3 = new AtomicLong();
        for (String str3 : list) {
            LOGGER.debug("Generating OWASP {} Top 10 Report for ({}) and branch ({})... ", new Object[]{str2, str3, str});
            try {
                LOGGER.debug("Processing project ({})", str3);
                OwaspReport owaspReport = new OwaspReport();
                LOGGER.debug("Getting project measures map...");
                Map<String, String> projectMeasuresMap = SecurityUtils.getProjectMeasuresMap(str3, str, this.wsClient, this.userLocale);
                LOGGER.debug("Project measures map obtained...");
                LOGGER.debug("Getting total issues by rule...");
                Map<String, Long> issuesByRule = SonarQubeManagerFactory.createSonarQubeIssueManager(this.wsClient, this.userLocale).getIssuesByRule(str3, str);
                LOGGER.debug("Total issues by rule obtained, total rules obtained ({})", Integer.valueOf(issuesByRule.size()));
                LOGGER.debug("Getting total issues by severity...");
                Map<String, Map<String, Long>> issuesBySeverityMap = SecurityUtils.getIssuesBySeverityMap(str3, str, this.wsClient, this.userLocale);
                LOGGER.debug("Total issues by severity obtained");
                LOGGER.debug("      Total blocker issues ({})", Integer.valueOf(issuesBySeverityMap.get("BLOCKER").size()));
                LOGGER.debug("      Total critical issues ({})", Integer.valueOf(issuesBySeverityMap.get("CRITICAL").size()));
                LOGGER.debug("      Total major issues ({})", Integer.valueOf(issuesBySeverityMap.get("MAJOR").size()));
                LOGGER.debug("      Total minor issues ({})", Integer.valueOf(issuesBySeverityMap.get("MINOR").size()));
                LOGGER.debug("      Total info issues ({})", Integer.valueOf(issuesBySeverityMap.get("INFO").size()));
                LOGGER.debug("Getting total hotspots by rule...");
                Map<String, List<String>> totalHotspotsByRule = SecurityUtils.getTotalHotspotsByRule(str3, str, this.wsClient);
                LOGGER.debug("Total hotspots by Rule obtained, total rules obtained ({})", Integer.valueOf(totalHotspotsByRule.size()));
                LOGGER.debug("Processing all rules keys (issues and hotspots)...");
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(issuesByRule.keySet());
                arrayList2.addAll(totalHotspotsByRule.keySet());
                LOGGER.debug("Total rules processed ({})", Integer.valueOf(arrayList2.size()));
                LOGGER.debug("Checking if has duplicates keys...");
                List list2 = (List) arrayList2.stream().distinct().collect(Collectors.toList());
                LOGGER.debug("Check duplicates rule keys finish, rules after check ({})", Integer.valueOf(list2.size()));
                LOGGER.debug("Getting rules map...");
                Map<String, Rules.Rule> rulesMap = SecurityUtils.getRulesMap(list2, this.wsClient);
                LOGGER.debug("Rules map obtained...");
                AtomicLong atomicLong4 = new AtomicLong();
                LOGGER.debug("Getting issues list...");
                List<OwaspRule> securityIssueListToOwaspRuleList = OwaspUtils.securityIssueListToOwaspRuleList(OwaspUtils.generateOwaspSecurityListForIssues(issuesByRule, str2, rulesMap));
                owaspReport.setOwaspIssuesBreakdown(securityIssueListToOwaspRuleList);
                LOGGER.debug("Issues list obtained, total ({})", Integer.valueOf(securityIssueListToOwaspRuleList.size()));
                LOGGER.debug("Getting hotspots list...");
                List<OwaspRule> securityIssueListToOwaspRuleList2 = OwaspUtils.securityIssueListToOwaspRuleList(OwaspUtils.generateOwaspSecurityListForHotspots(totalHotspotsByRule, str2, rulesMap));
                owaspReport.setOwaspHotspotBreakdown(securityIssueListToOwaspRuleList2);
                LOGGER.debug("Hotspots list obtained, total ({})", Integer.valueOf(securityIssueListToOwaspRuleList2.size()));
                ArrayList arrayList3 = new ArrayList();
                for (String str4 : SecurityConstants.OWASP_TOP_10) {
                    LOGGER.debug("Getting OWASP breakdown for category ({})", str4);
                    OwaspBreakdown owaspBreakdown = OwaspUtils.getOwaspBreakdown(str2, issuesByRule, issuesBySeverityMap, rulesMap, str4);
                    securityIssueListToOwaspRuleList2.forEach(owaspRule -> {
                        if (owaspRule.getCategoryList().contains(str4)) {
                            owaspBreakdown.setHotspots(owaspBreakdown.getHotspots() + owaspRule.getHotspots());
                            owaspBreakdown.setHotspotsIds(owaspRule.getHotspotsIds());
                        }
                    });
                    LOGGER.debug("OWASP breakdown for category ({}) obtained...", str4);
                    LOGGER.debug("Processing OWASP breakdown rating for category ({})...", str4);
                    owaspBreakdown.setRating(SecurityUtils.getRating(owaspBreakdown.getBlockerIssues(), owaspBreakdown.getCriticalIssues(), owaspBreakdown.getMajorIssues(), owaspBreakdown.getMinorIssues()));
                    LOGGER.debug("OWASP breakdown rating for category ({}) processed, rating is ({})", str4, owaspBreakdown.getRating());
                    arrayList3.add(owaspBreakdown);
                }
                LOGGER.debug("Processing OWASP top breakdown...");
                OwaspTopBreakdown createOwaspTopBreakdown = OwaspUtils.createOwaspTopBreakdown(arrayList3);
                owaspReport.setOwaspTopBreakdown(createOwaspTopBreakdown);
                LOGGER.debug("OWASP top breakdown processed...");
                LOGGER.debug("Processing OWASP Summary...");
                OwaspSummary createSummary = OwaspUtils.createSummary(atomicLong4, createOwaspTopBreakdown, this.userLocale);
                LOGGER.debug("Processing OWASP factor risk...");
                long longValueFromString = SecurityUtils.getLongValueFromString(this.userLocale, projectMeasuresMap.get(MapField.NCLOC));
                atomicLong.addAndGet(longValueFromString);
                createSummary.setRiskFactor(FormatUtils.getPercentage(this.userLocale).format(OwaspUtils.getAggregatedOwaspRiskFactor(createOwaspTopBreakdown, longValueFromString) / 100.0d));
                LOGGER.debug("OWASP factor risk processed with value ({})", createSummary.getRiskFactor());
                long totalBlocker = createOwaspTopBreakdown.getTotalBlocker() + createOwaspTopBreakdown.getTotalCritical() + createOwaspTopBreakdown.getTotalMajor() + createOwaspTopBreakdown.getTotalMinor() + createOwaspTopBreakdown.getTotalInfo();
                atomicLong2.addAndGet(totalBlocker);
                LOGGER.debug("Total OWASP issues ({})", Long.valueOf(totalBlocker));
                long longValueFromString2 = SecurityUtils.getLongValueFromString(this.userLocale, projectMeasuresMap.get(MapField.ISSUES));
                atomicLong3.addAndGet(longValueFromString2);
                LOGGER.debug("Total project issues ({})", Long.valueOf(longValueFromString2));
                LOGGER.debug("Getting OWASP density...");
                Double owaspDensity = OwaspUtils.getOwaspDensity(totalBlocker, longValueFromString2);
                createSummary.setTotalDensity(FormatUtils.getPercentage(this.userLocale).format(owaspDensity));
                LOGGER.debug("OWASP density obtained with value ({})", owaspDensity);
                ArrayList arrayList4 = new ArrayList();
                Iterator<OwaspRule> it = owaspReport.getOwaspIssuesBreakdown().iterator();
                while (it.hasNext()) {
                    arrayList4.add(it.next().getRuleKey());
                }
                LOGGER.debug("Getting technical debt for OWASP Top 10 rules... {}", arrayList4);
                createSummary.setTechDebt(SecurityUtils.getTotalDebtForRules(this.wsClient, str3, str, arrayList4));
                LOGGER.debug("Technical debt obtained with value ({})", createSummary.getTechDebt());
                owaspReport.setSummary(createSummary);
                LOGGER.debug("OWASP Summary processed...");
                LOGGER.debug("OWASP {} Report for {} and branch {} generated.", new Object[]{str2, str3, str});
                arrayList.add(owaspReport);
            } catch (Exception e) {
                LOGGER.error("Error processing owasp report for {}, reason -> {}", str3, e.getMessage());
                LOGGER.debug("Error processing owasp report for {}", str3, e);
            }
        }
        if (arrayList.size() == 1) {
            return (OwaspReport) arrayList.get(0);
        }
        OwaspReport owaspReport2 = new OwaspReport();
        OwaspSummary owaspSummary = new OwaspSummary();
        ArrayList arrayList5 = new ArrayList();
        ArrayList arrayList6 = new ArrayList();
        OwaspTopBreakdown owaspTopBreakdown = new OwaspTopBreakdown();
        AtomicLong atomicLong5 = new AtomicLong();
        arrayList.forEach(owaspReport3 -> {
            OwaspSummary summary = owaspReport3.getSummary();
            LOGGER.debug("Process aggregated total summary issues. Acumulate value ({}), increment value ({})", owaspSummary.getTotalIssues(), summary.getTotalIssues());
            owaspSummary.setTotalIssues(Long.toString(Long.parseLong(owaspSummary.getTotalIssues()) + Long.parseLong(summary.getTotalIssues())));
            LOGGER.debug("Process aggregated total summary hotspots. Acumulate value ({}), increment value ({})", owaspSummary.getTotalHotspots(), summary.getTotalHotspots());
            owaspSummary.setTotalHotspots(Long.toString(Long.parseLong(owaspSummary.getTotalHotspots()) + Long.parseLong(summary.getTotalHotspots())));
            atomicLong5.addAndGet(Duration.decode(summary.getTechDebt(), 8).toMinutes());
            OwaspTopBreakdown owaspTopBreakdown2 = owaspReport3.getOwaspTopBreakdown();
            List<OwaspBreakdown> aggregatedOwaspBreakdownList = OwaspUtils.getAggregatedOwaspBreakdownList(owaspTopBreakdown, owaspTopBreakdown2);
            if (aggregatedOwaspBreakdownList.isEmpty()) {
                aggregatedOwaspBreakdownList.addAll(owaspTopBreakdown2.getOwaspBreakdownList());
            }
            owaspSummary.setRating(SecurityUtils.getWorstRating(owaspSummary.getRating(), summary.getRating()));
            aggregatedOwaspBreakdownList.forEach(owaspBreakdown2 -> {
                owaspTopBreakdown.setTotalBlocker(owaspTopBreakdown.getTotalBlocker() + owaspBreakdown2.getBlockerIssues());
                owaspTopBreakdown.setTotalCritical(owaspTopBreakdown.getTotalCritical() + owaspBreakdown2.getCriticalIssues());
                owaspTopBreakdown.setTotalMajor(owaspTopBreakdown.getTotalMajor() + owaspBreakdown2.getMajorIssues());
                owaspTopBreakdown.setTotalMinor(owaspTopBreakdown.getTotalMinor() + owaspBreakdown2.getMinorIssues());
                owaspTopBreakdown.setTotalInfo(owaspTopBreakdown.getTotalInfo() + owaspBreakdown2.getInfoIssues());
                owaspTopBreakdown.setTotalHotspots(owaspTopBreakdown.getTotalHotspots() + owaspBreakdown2.getHotspots());
            });
            owaspTopBreakdown.setOwaspBreakdownList(aggregatedOwaspBreakdownList);
            arrayList5.addAll(owaspReport3.getOwaspIssuesBreakdown());
            arrayList6.addAll(owaspReport3.getOwaspHotspotsBreakdown());
        });
        owaspReport2.setOwaspTopBreakdown(owaspTopBreakdown);
        double aggregatedOwaspRiskFactor = OwaspUtils.getAggregatedOwaspRiskFactor(owaspTopBreakdown, atomicLong.longValue());
        owaspSummary.setRiskFactor(FormatUtils.getPercentage(this.userLocale).format(aggregatedOwaspRiskFactor / 100.0d));
        owaspSummary.setRiskFactorSeverity(SecurityUtils.getRiskFactorSeverity(aggregatedOwaspRiskFactor));
        owaspSummary.setTechDebt(Duration.create(atomicLong5.longValue()).encode(8));
        owaspSummary.setTotalDensity(FormatUtils.getPercentage(this.userLocale).format(OwaspUtils.getOwaspDensity(atomicLong2.longValue(), atomicLong3.longValue())));
        owaspReport2.setSummary(owaspSummary);
        List<OwaspRule> aggregatedOwaspRuleList = OwaspUtils.getAggregatedOwaspRuleList(arrayList5);
        List<OwaspRule> aggregatedOwaspRuleList2 = OwaspUtils.getAggregatedOwaspRuleList(arrayList6);
        owaspReport2.setOwaspIssuesBreakdown(aggregatedOwaspRuleList);
        owaspReport2.setOwaspHotspotBreakdown(aggregatedOwaspRuleList2);
        return owaspReport2;
    }

    public static String computeOWASPTOP10TopRating(List<String> list, String str, String str2, WsClient wsClient, Locale locale) {
        ArrayList arrayList = new ArrayList();
        for (String str3 : list) {
            LOGGER.debug("Generating OWASP {} Top 10 Rating for ({}) and branch ({})... ", new Object[]{str2, str3, str});
            LOGGER.debug("Processing project ({})", str3);
            LOGGER.debug("Getting total issues by rule...");
            Map<String, Long> issuesByRule = SonarQubeManagerFactory.createSonarQubeIssueManager(wsClient, locale).getIssuesByRule(str3, str);
            LOGGER.debug("Total issues by rule obtained, total rules obtained ({})", Integer.valueOf(issuesByRule.size()));
            Map<String, Map<String, Long>> issuesBySeverityMap = SecurityUtils.getIssuesBySeverityMap(str3, str, wsClient, locale);
            LOGGER.debug("Total issues by severity obtained");
            List list2 = (List) new ArrayList(issuesByRule.keySet()).stream().distinct().collect(Collectors.toList());
            LOGGER.debug("Getting rules map...");
            Map<String, Rules.Rule> rulesMap = SecurityUtils.getRulesMap(list2, wsClient);
            LOGGER.debug("Rules map obtained...");
            LOGGER.debug("Getting issues list...");
            for (String str4 : SecurityConstants.OWASP_TOP_10) {
                OwaspBreakdown owaspBreakdown = OwaspUtils.getOwaspBreakdown(str2, issuesByRule, issuesBySeverityMap, rulesMap, str4);
                LOGGER.debug("Processing OWASP breakdown rating for category ({})...", str4);
                owaspBreakdown.setRating(SecurityUtils.getRating(owaspBreakdown.getBlockerIssues(), owaspBreakdown.getCriticalIssues(), owaspBreakdown.getMajorIssues(), owaspBreakdown.getMinorIssues()));
                LOGGER.debug("OWASP breakdown rating for category ({}) processed, rating is ({})", str4, owaspBreakdown.getRating());
                arrayList.add(owaspBreakdown);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.add(((OwaspBreakdown) it.next()).getRating());
        }
        return SecurityUtils.getWorstRatingFromRatingList(arrayList2);
    }
}
