package com.bitegarden.sonar.plugins.security.owasp;

import com.bitegarden.sonar.plugins.security.SecurityPlugin;
import com.bitegarden.sonar.plugins.security.SecurityPluginProperties;
import com.bitegarden.sonar.plugins.security.SecurityWebService;
import com.bitegarden.sonar.plugins.security.model.ReportParams;
import com.bitegarden.sonar.plugins.security.model.SecurityIssue;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspBreakdownByRuleRow;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspReport;
import com.bitegarden.sonar.plugins.security.util.OwaspUtils;
import com.bitegarden.sonar.plugins.security.util.ParamUtils;
import com.bitegarden.sonar.plugins.security.util.SecurityPluginUtils;
import com.bitegarden.sonar.plugins.security.util.TemplateUtils;
import es.sonarqube.api.SonarQubeProject;
import es.sonarqube.exceptions.SonarQubeException;
import es.sonarqube.managers.SonarQubeProjectManager;
import es.sonarqube.model.SonarQubeQualifier;
import es.sonarqube.security.utils.SecurityUtils;
import es.sonarqube.utils.MapField;
import java.io.StringWriter;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.pdfbox.pdmodel.documentinterchange.taggedpdf.PDLayoutAttributeObject;
import org.apache.velocity.VelocityContext;
import org.sonar.api.config.Configuration;
import org.sonar.api.platform.Server;
import org.sonar.api.server.ws.Request;
import org.sonar.api.server.ws.RequestHandler;
import org.sonar.api.server.ws.Response;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.WsClientFactories;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/owasp/OwaspPageActionHandler.class */
public class OwaspPageActionHandler implements RequestHandler {
    private static final Logger LOG = Loggers.get(OwaspPageActionHandler.class);
    private final Configuration configuration;
    private final Server server;

    public OwaspPageActionHandler(Configuration configuration, Server server) {
        this.configuration = configuration;
        this.server = server;
    }

    public void handle(Request request, Response response) throws Exception {
        String renderErrorTemplate;
        Instant now = Instant.now();
        String publicRootUrl = SecurityPluginUtils.getPublicRootUrl(this.configuration);
        Locale userLocaleFromRequest = SecurityWebService.getUserLocaleFromRequest(request);
        String param = request.param(ParamUtils.RESOURCE_PARAM_KEY);
        try {
            String requestParam = ParamUtils.getRequestParam(request, "branch", null);
            String requestParam2 = ParamUtils.getRequestParam(request, "pullRequest", null);
            String requestParam3 = ParamUtils.getRequestParam(request, ParamUtils.OWASP_YEAR_PARAM_KEY, "2021");
            LOG.debug("Requested security assessment owasp report for id: {} and branch: {}", param, requestParam);
            WsClient newClient = WsClientFactories.getLocal().newClient(request.localConnector());
            if (SecurityPlugin.getLicenseChecker().isValidLicense()) {
                StringWriter stringWriter = new StringWriter();
                TemplateUtils.getTemplate("/static/templates/owasp-report.vm").merge(new VelocityContext(getReportParams(param, publicRootUrl, requestParam, requestParam2, userLocaleFromRequest, newClient, requestParam3)), stringWriter);
                renderErrorTemplate = stringWriter.toString();
            } else {
                renderErrorTemplate = TemplateUtils.renderSimpleTemplate("/static/templates/invalid-license.vm", publicRootUrl, userLocaleFromRequest);
            }
        } catch (Exception e) {
            LOG.error("Error rendering owasp report page, reason: {}", e.getMessage());
            LOG.debug("Error rendering owasp report page", e);
            renderErrorTemplate = TemplateUtils.renderErrorTemplate("/static/templates/error-page.vm", e.getMessage(), userLocaleFromRequest);
        }
        LOG.debug("security assessment OWASP page generated for {} ( Elapsed time: {} s )", param, Long.valueOf(Duration.between(now, Instant.now()).toMillis() / 1000));
        response.stream().output().write(renderErrorTemplate.getBytes());
    }

    protected VelocityContext getReportParams(String str, String str2, String str3, String str4, Locale locale, WsClient wsClient, String str5) throws SonarQubeException {
        SonarQubeProject sonarQubeProjectWithBasicInfo = new SonarQubeProjectManager(wsClient, locale).getSonarQubeProjectWithBasicInfo(str, str3);
        sonarQubeProjectWithBasicInfo.setBranchName(str3);
        boolean equals = SonarQubeQualifier.PORTFOLIO.equals(sonarQubeProjectWithBasicInfo.getSonarQubeQualifier());
        ReportParams reportParams = new ReportParams();
        reportParams.setBranch(str3);
        reportParams.setPullRequest(str4);
        reportParams.setResource(str);
        reportParams.setBaseUrl(str2);
        reportParams.setSonarQubeProject(sonarQubeProjectWithBasicInfo);
        reportParams.setUserLocale(locale);
        reportParams.setWsClient(wsClient);
        VelocityContext generateVelocityContext = TemplateUtils.generateVelocityContext(reportParams, new HashMap());
        generateVelocityContext.put(ParamUtils.IS_PORTFOLIO_PARAM, Boolean.valueOf(equals));
        generateVelocityContext.put(ParamUtils.OWASP_YEAR_PARAM_KEY, str5);
        List<SonarQubeProject> sonarQubeProjectList = SecurityPluginUtils.getSonarQubeProjectList(sonarQubeProjectWithBasicInfo);
        OwaspVulnerabilitiesManager createInstance = OwaspVulnerabilitiesFactory.createInstance(str5);
        String version = this.server.getVersion();
        generateVelocityContext.put("latest", Boolean.valueOf(!ParamUtils.useIssuesEndpointToObtainHotspots(version)));
        List<SecurityIssue> owaspHotspotsBreakdownList = createInstance.getOwaspHotspotsBreakdownList(wsClient, sonarQubeProjectList, version);
        OwaspReport report = createInstance.getReport(wsClient, str, str3, str4, owaspHotspotsBreakdownList);
        Map<String, String> securityMeasuresMap = OwaspUtils.getSecurityMeasuresMap(str, SecurityPluginUtils.getSeverityWeights(this.configuration, SecurityPluginProperties.OWASP_WEIGHT), locale, wsClient, report);
        report.getSummary().setRiskFactor(securityMeasuresMap.get(MapField.OWASP_FACTOR_RISK));
        report.getSummary().setTotalDensity(securityMeasuresMap.get("owaspviolationsdensity"));
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        report.getOwaspVulnerabilitiesBreakdownByRule().getOwaspBreakdownByRuleRows().forEach(owaspBreakdownByRuleRow -> {
            for (String str6 : owaspBreakdownByRuleRow.getCategories().split(StringUtils.SPACE)) {
                String str7 = str6 + SecurityUtils.HYPHEN_PARAM + owaspBreakdownByRuleRow.getSeverity();
                hashMap.put(str7, String.join(",", getRuleKeysListFromMap(hashMap, owaspBreakdownByRuleRow, str7)));
                hashMap2.put(owaspBreakdownByRuleRow.getSeverity(), String.join(",", getRuleKeysListFromMap(hashMap2, owaspBreakdownByRuleRow, owaspBreakdownByRuleRow.getSeverity())));
            }
        });
        ArrayList arrayList = new ArrayList();
        report.getOwaspHotspotsBreakdownByRule().getOwaspBreakdownByRuleRows().forEach(owaspBreakdownByRuleRow2 -> {
            if (ParamUtils.hasValue(owaspBreakdownByRuleRow2.getHotspotsIds())) {
                arrayList.addAll(Arrays.asList(owaspBreakdownByRuleRow2.getHotspotsIds().split(",")));
            }
        });
        generateVelocityContext.put("allHotspotsIds", arrayList.stream().distinct().collect(Collectors.joining(",")));
        generateVelocityContext.put("categoriesRuleMap", hashMap);
        generateVelocityContext.put("ruleKeysBySeverityMap", hashMap2);
        generateVelocityContext.put("riskFactorSeverity", SecurityPluginUtils.getRiskFactorSeverity(Double.parseDouble(securityMeasuresMap.get("owaspfactorrisk_value")), this.configuration, SecurityPluginProperties.OWASP_FACTOR_RISK));
        generateVelocityContext.put("owaspReport", report);
        generateVelocityContext.put("showBreakdownByCategory", Boolean.valueOf((report.getSummary().getTotalOwaspVulnerabilities().equals(PDLayoutAttributeObject.GLYPH_ORIENTATION_VERTICAL_ZERO_DEGREES) && owaspHotspotsBreakdownList.isEmpty()) ? false : true));
        return generateVelocityContext;
    }

    private static List<String> getRuleKeysListFromMap(Map<String, String> map, OwaspBreakdownByRuleRow owaspBreakdownByRuleRow, String str) {
        String orDefault = map.getOrDefault(str, "");
        ArrayList arrayList = orDefault.isEmpty() ? new ArrayList() : new ArrayList(Arrays.asList(orDefault.split(",")));
        if (!arrayList.contains(owaspBreakdownByRuleRow.getRuleKey())) {
            arrayList.add(owaspBreakdownByRuleRow.getRuleKey());
        }
        return arrayList;
    }
}
