package es.sonarqube.security.utils;

import es.sonarqube.security.SecurityConstants;
import es.sonarqube.security.model.SecurityIssue;
import es.sonarqube.security.model.owasp.OwaspBreakdown;
import es.sonarqube.security.model.owasp.OwaspRule;
import es.sonarqube.security.model.owasp.OwaspSummary;
import es.sonarqube.security.model.owasp.OwaspTopBreakdown;
import es.sonarqube.utils.FormatUtils;
import es.sonarqube.utils.WorkDuration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonarqube.ws.Rules;

/* loaded from: input_file:META-INF/lib/sonarqube-security-manager-1.6.3.jar:es/sonarqube/security/utils/OwaspUtils.class */
public class OwaspUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(OwaspUtils.class);
    public static final Pattern OWASP_2021_CATEGORY_PATTERN = Pattern.compile("(Top 10 2021 Category A)\\w+");
    public static final Pattern OWASP_2017_CATEGORY_PATTERN = Pattern.compile("(Top 10 2017 Category A)\\w+");

    private OwaspUtils() {
    }

    public static List<String> getOwaspCategoriesFromRuleDescription(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        Matcher matcher = "2021".equals(str2) ? OWASP_2021_CATEGORY_PATTERN.matcher(str) : OWASP_2017_CATEGORY_PATTERN.matcher(str);
        LOGGER.debug("Looking for owasp categories in description:");
        while (matcher.find()) {
            String group = matcher.group();
            LOGGER.debug("Found: {}", group);
            String str3 = "A" + group.substring(22);
            if (!arrayList.contains(str3)) {
                LOGGER.debug("Category {} added!", str3);
                arrayList.add(str3);
            }
        }
        return arrayList;
    }

    public static OwaspTopBreakdown createOwaspTopBreakdown(List<OwaspBreakdown> list) {
        AtomicLong atomicLong = new AtomicLong();
        AtomicLong atomicLong2 = new AtomicLong();
        AtomicLong atomicLong3 = new AtomicLong();
        AtomicLong atomicLong4 = new AtomicLong();
        AtomicLong atomicLong5 = new AtomicLong();
        AtomicLong atomicLong6 = new AtomicLong();
        list.forEach(owaspBreakdown -> {
            atomicLong.addAndGet(owaspBreakdown.getBlockerIssues());
            atomicLong2.addAndGet(owaspBreakdown.getCriticalIssues());
            atomicLong3.addAndGet(owaspBreakdown.getMajorIssues());
            atomicLong4.addAndGet(owaspBreakdown.getMinorIssues());
            atomicLong5.addAndGet(owaspBreakdown.getInfoIssues());
            atomicLong6.addAndGet(owaspBreakdown.getHotspots());
        });
        OwaspTopBreakdown owaspTopBreakdown = new OwaspTopBreakdown();
        owaspTopBreakdown.setTotalBlocker(atomicLong.longValue());
        owaspTopBreakdown.setTotalCritical(atomicLong2.longValue());
        owaspTopBreakdown.setTotalMajor(atomicLong3.longValue());
        owaspTopBreakdown.setTotalMinor(atomicLong4.longValue());
        owaspTopBreakdown.setTotalInfo(atomicLong5.longValue());
        owaspTopBreakdown.setTotalHotspots(atomicLong6.longValue());
        owaspTopBreakdown.setOwaspBreakdownList(list);
        return owaspTopBreakdown;
    }

    public static OwaspSummary createSummary(AtomicLong atomicLong, OwaspTopBreakdown owaspTopBreakdown, Locale locale) {
        OwaspSummary owaspSummary = new OwaspSummary();
        owaspSummary.setRating(getSummaryRatingByTopBreakdown(owaspTopBreakdown));
        owaspSummary.setTechDebt(WorkDuration.create(atomicLong.get()).encode(8));
        long topBreakdownTotalIssues = getTopBreakdownTotalIssues(owaspTopBreakdown);
        owaspSummary.setTotalIssues(FormatUtils.getNumber(locale).format(topBreakdownTotalIssues));
        owaspSummary.setTotalIssuesValue(topBreakdownTotalIssues);
        long totalHotspots = owaspTopBreakdown.getTotalHotspots();
        owaspSummary.setTotalHotspots(FormatUtils.getNumber(locale).format(totalHotspots));
        owaspSummary.setTotalHotspotsValue(totalHotspots);
        return owaspSummary;
    }

    public static String getSummaryRatingByTopBreakdown(OwaspTopBreakdown owaspTopBreakdown) {
        String str = "A";
        if (owaspTopBreakdown.getTotalBlocker() > 0) {
            str = "E";
        } else if (owaspTopBreakdown.getTotalCritical() > 0) {
            str = "D";
        } else if (owaspTopBreakdown.getTotalMajor() > 0) {
            str = "C";
        } else if (owaspTopBreakdown.getTotalMinor() > 0) {
            str = "B";
        }
        return str;
    }

    public static List<SecurityIssue> generateOwaspSecurityListForHotspots(Map<String, List<String>> map, String str, Map<String, Rules.Rule> map2) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            String key = entry.getKey();
            List<String> value = entry.getValue();
            Rules.Rule rule = map2.get(key);
            List<String> owaspCategoriesFromRuleDescription = getOwaspCategoriesFromRuleDescription(rule.getHtmlDesc(), str);
            LOGGER.debug("OWASP hotspot rule ({}) found categories ({}) with total ({})", new Object[]{key, owaspCategoriesFromRuleDescription, Integer.valueOf(value.size())});
            Iterator<String> it = owaspCategoriesFromRuleDescription.iterator();
            while (it.hasNext()) {
                SecurityIssue createSecurityIssueByOwaspCategory = createSecurityIssueByOwaspCategory(rule, it.next());
                createSecurityIssueByOwaspCategory.setCount(Long.valueOf(value.size()));
                createSecurityIssueByOwaspCategory.setHotspotsIds(String.join(",", value));
                arrayList.add(createSecurityIssueByOwaspCategory);
            }
        }
        return SecurityUtils.sortSecurityIssueWithCategoryBySeverityAndCount(arrayList);
    }

    public static List<SecurityIssue> generateOwaspSecurityListForIssues(Map<String, Long> map, String str, Map<String, Rules.Rule> map2) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, Long> entry : map.entrySet()) {
            String key = entry.getKey();
            Long value = entry.getValue();
            if (map2.containsKey(key)) {
                Rules.Rule rule = map2.get(key);
                List<String> owaspCategoriesFromRuleDescription = getOwaspCategoriesFromRuleDescription(rule.getHtmlDesc(), str);
                LOGGER.debug("OWASP issue rule ({}) found categories ({}) with total ({})", new Object[]{key, owaspCategoriesFromRuleDescription, value});
                Iterator<String> it = owaspCategoriesFromRuleDescription.iterator();
                while (it.hasNext()) {
                    SecurityIssue createSecurityIssueByOwaspCategory = createSecurityIssueByOwaspCategory(rule, it.next());
                    createSecurityIssueByOwaspCategory.setCount(value);
                    arrayList.add(createSecurityIssueByOwaspCategory);
                }
            }
        }
        return SecurityUtils.sortSecurityIssueWithCategoryBySeverityAndCount(arrayList);
    }

    public static double getAggregatedOwaspRiskFactor(OwaspTopBreakdown owaspTopBreakdown, long j) {
        return SecurityUtils.computeFactorRisk(j, Double.valueOf((owaspTopBreakdown.getTotalBlocker() * SecurityUtils.getSeverityWeights().get("SEVERE").intValue()) + (owaspTopBreakdown.getTotalCritical() * SecurityUtils.getSeverityWeights().get("SERIOUS").intValue()) + (owaspTopBreakdown.getTotalMajor() * SecurityUtils.getSeverityWeights().get("IMPORTANT").intValue()) + (owaspTopBreakdown.getTotalMinor() * SecurityUtils.getSeverityWeights().get("APPRECIABLE").intValue()) + (owaspTopBreakdown.getTotalInfo() * SecurityUtils.getSeverityWeights().get("INSIGNIFICANT").intValue())));
    }

    public static List<OwaspRule> getAggregatedOwaspRuleList(List<OwaspRule> list) {
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        LOGGER.debug("Getting aggregated owasp rules list...");
        list.forEach(owaspRule -> {
            String str = owaspRule.getRuleKey() + "_" + owaspRule.getCategories();
            LOGGER.debug("Processing rule ({}) with categories ({})", owaspRule.getRuleKey(), owaspRule.getCategories());
            if (!hashMap.containsKey(str)) {
                LOGGER.debug("Rule not processed before, add rule...");
                hashMap.put(str, owaspRule);
                return;
            }
            LOGGER.debug("Rule processed before, aggregated values...");
            OwaspRule owaspRule = (OwaspRule) hashMap.get(str);
            owaspRule.setIssues(owaspRule.getIssues() + owaspRule.getIssues());
            owaspRule.setHotspots(owaspRule.getHotspots() + owaspRule.getHotspots());
            hashMap.put(str, owaspRule);
        });
        hashMap.forEach((str, owaspRule2) -> {
            arrayList.add(owaspRule2);
        });
        LOGGER.debug("All aggregated owasp rules processed...");
        return sortOwaspRuleBySeverityAndCount(arrayList);
    }

    public static List<OwaspBreakdown> getAggregatedOwaspBreakdownList(OwaspTopBreakdown owaspTopBreakdown, OwaspTopBreakdown owaspTopBreakdown2) {
        LOGGER.debug("Getting aggregated OWASP breakdown list...");
        List<OwaspBreakdown> owaspBreakdownList = owaspTopBreakdown.getOwaspBreakdownList();
        owaspBreakdownList.forEach(owaspBreakdown -> {
            owaspTopBreakdown2.getOwaspBreakdownList().forEach(owaspBreakdown -> {
                if (owaspBreakdown.getCategory().equals(owaspBreakdown.getCategory())) {
                    LOGGER.debug("Calculating aggregated blocker issues and rules...");
                    owaspBreakdown.setBlockerIssues(owaspBreakdown.getBlockerIssues() + owaspBreakdown.getBlockerIssues());
                    owaspBreakdown.setBlockerRules(SecurityUtils.getAggregatedRules(owaspBreakdown.getBlockerRules(), owaspBreakdown.getBlockerRules()));
                    LOGGER.debug("Aggregated blocker issues and rules done...");
                    LOGGER.debug("Calculating aggregated critical issues and rules...");
                    owaspBreakdown.setCriticalIssues(owaspBreakdown.getCriticalIssues() + owaspBreakdown.getCriticalIssues());
                    owaspBreakdown.setCriticalRules(SecurityUtils.getAggregatedRules(owaspBreakdown.getCriticalRules(), owaspBreakdown.getCriticalRules()));
                    LOGGER.debug("Aggregated critical issues and rules done...");
                    LOGGER.debug("Calculating aggregated major issues and rules...");
                    owaspBreakdown.setMajorIssues(owaspBreakdown.getMajorIssues() + owaspBreakdown.getMajorIssues());
                    owaspBreakdown.setMajorRules(SecurityUtils.getAggregatedRules(owaspBreakdown.getMajorRules(), owaspBreakdown.getMajorRules()));
                    LOGGER.debug("Aggregated major issues and rules done...");
                    LOGGER.debug("Calculating aggregated minor issues and rules...");
                    owaspBreakdown.setMinorIssues(owaspBreakdown.getMinorIssues() + owaspBreakdown.getMinorIssues());
                    owaspBreakdown.setMinorRules(SecurityUtils.getAggregatedRules(owaspBreakdown.getMinorRules(), owaspBreakdown.getMinorRules()));
                    LOGGER.debug("Aggregated minor issues and rules done...");
                    LOGGER.debug("Calculating aggregated info issues and rules...");
                    owaspBreakdown.setInfoIssues(owaspBreakdown.getInfoIssues() + owaspBreakdown.getInfoIssues());
                    owaspBreakdown.setInfoRules(SecurityUtils.getAggregatedRules(owaspBreakdown.getInfoRules(), owaspBreakdown.getInfoRules()));
                    LOGGER.debug("Aggregated info issues and rules done...");
                    LOGGER.debug("Calculating aggregated hotspots and rules...");
                    owaspBreakdown.setHotspots(owaspBreakdown.getHotspots() + owaspBreakdown.getHotspots());
                    List<String> listFromCommaSeparatedString = ParamUtils.getListFromCommaSeparatedString(owaspBreakdown.getHotspotsIds());
                    ParamUtils.getListFromCommaSeparatedString(owaspBreakdown.getHotspotsIds()).forEach(str -> {
                        if (listFromCommaSeparatedString.contains(str)) {
                            return;
                        }
                        listFromCommaSeparatedString.add(str);
                    });
                    owaspBreakdown.setHotspotsIds(String.join(",", listFromCommaSeparatedString));
                    owaspBreakdown.setRating(SecurityUtils.getWorstRating(owaspBreakdown.getRating(), owaspBreakdown.getRating()));
                    LOGGER.debug("Aggregated hotspots and rules done...");
                }
            });
        });
        return owaspBreakdownList;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x0162. Please report as an issue. */
    public static OwaspBreakdown getOwaspBreakdown(String str, Map<String, Long> map, Map<String, Map<String, Long>> map2, Map<String, Rules.Rule> map3, String str2) {
        OwaspBreakdown owaspBreakdown = new OwaspBreakdown();
        owaspBreakdown.setCategory(str2);
        LOGGER.debug("Getting OWASP breakdown...");
        Iterator<Map.Entry<String, Long>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            Rules.Rule rule = map3.get(it.next().getKey());
            if (rule != null && getOwaspCategoriesFromRuleDescription(rule.getHtmlDesc(), str).contains(str2)) {
                LOGGER.debug("Processing totals for OWASP category ({})", str2);
                owaspBreakdown.setBlockerIssues(owaspBreakdown.getBlockerIssues() + map2.get("BLOCKER").getOrDefault(rule.getKey(), 0L).longValue());
                owaspBreakdown.setCriticalIssues(owaspBreakdown.getCriticalIssues() + map2.get("CRITICAL").getOrDefault(rule.getKey(), 0L).longValue());
                owaspBreakdown.setMajorIssues(owaspBreakdown.getMajorIssues() + map2.get("MAJOR").getOrDefault(rule.getKey(), 0L).longValue());
                owaspBreakdown.setMinorIssues(owaspBreakdown.getMinorIssues() + map2.get("MINOR").getOrDefault(rule.getKey(), 0L).longValue());
                owaspBreakdown.setInfoIssues(owaspBreakdown.getInfoIssues() + map2.get("INFO").getOrDefault(rule.getKey(), 0L).longValue());
                String key = rule.getKey();
                String severity = rule.getSeverity();
                boolean z = -1;
                switch (severity.hashCode()) {
                    case -1560189025:
                        if (severity.equals("CRITICAL")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2251950:
                        if (severity.equals("INFO")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 73121177:
                        if (severity.equals("MAJOR")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 73363349:
                        if (severity.equals("MINOR")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 696544730:
                        if (severity.equals("BLOCKER")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        LOGGER.debug("Blocker rule detected, setting value to breakdown");
                        owaspBreakdown.setBlockerRules(key);
                        break;
                    case true:
                        LOGGER.debug("Critical rule detected, setting value to breakdown");
                        owaspBreakdown.setCriticalRules(key);
                        break;
                    case true:
                        LOGGER.debug("Major rule detected, setting value to breakdown");
                        owaspBreakdown.setMajorRules(key);
                        break;
                    case true:
                        LOGGER.debug("Minor rule detected, setting value to breakdown");
                        owaspBreakdown.setMinorRules(key);
                        break;
                    case true:
                    default:
                        LOGGER.debug("Info rule detected, setting value to breakdown");
                        owaspBreakdown.setInfoRules(key);
                        break;
                }
            }
        }
        return owaspBreakdown;
    }

    public static Double getOwaspDensity(long j, long j2) {
        double d = 0.0d;
        if (j2 > 0) {
            d = j / j2;
        }
        return Double.valueOf(d);
    }

    public static long getTopBreakdownTotalIssues(OwaspTopBreakdown owaspTopBreakdown) {
        return owaspTopBreakdown.getTotalBlocker() + owaspTopBreakdown.getTotalCritical() + owaspTopBreakdown.getTotalMajor() + owaspTopBreakdown.getTotalMinor() + owaspTopBreakdown.getTotalInfo();
    }

    public static List<OwaspRule> securityIssueListToOwaspRuleList(List<SecurityIssue> list) {
        ArrayList arrayList = new ArrayList();
        list.forEach(securityIssue -> {
            OwaspRule owaspRule = new OwaspRule();
            owaspRule.setRuleLanguage(securityIssue.getRuleLanguage());
            owaspRule.setRuleKey(securityIssue.getRuleKey());
            owaspRule.setRuleName(securityIssue.getRuleName());
            owaspRule.setRuleType(securityIssue.getRuleType());
            owaspRule.setSeverity(securityIssue.getSeverity());
            owaspRule.setCategoryList(securityIssue.getCategories());
            owaspRule.setIssues(securityIssue.getCount().longValue());
            owaspRule.setHotspots(securityIssue.getCount().longValue());
            owaspRule.setHotspotsIds(securityIssue.getHotspotsIds());
            arrayList.add(owaspRule);
        });
        return arrayList;
    }

    public static List<OwaspRule> sortOwaspRuleBySeverityAndCount(List<OwaspRule> list) {
        return (List) list.stream().filter(owaspRule -> {
            return (owaspRule.getCategories() == null || owaspRule.getCategories().isEmpty()) ? false : true;
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getIssues();
        }).reversed()).sorted(Comparator.comparing((v0) -> {
            return v0.getHotspots();
        }).reversed()).sorted(Comparator.comparing(owaspRule2 -> {
            return Integer.valueOf(SecurityConstants.SEVERITY_ORDER.indexOf(owaspRule2.getSeverity()));
        })).collect(Collectors.toList());
    }

    private static SecurityIssue createSecurityIssueByOwaspCategory(Rules.Rule rule, String str) {
        SecurityIssue securityIssue = new SecurityIssue();
        securityIssue.setRuleKey(rule.getKey());
        securityIssue.setRuleName(rule.getName());
        securityIssue.setRuleLanguage(rule.getLang());
        securityIssue.setRuleType(rule.getType());
        securityIssue.setSeverity(rule.getSeverity());
        securityIssue.setCategories(Collections.singletonList(str));
        return securityIssue;
    }

    public static Map<String, List<Rules.Rule>> getOwaspRulesByCategory(List<Rules.Rule> list, String str) {
        HashMap hashMap = new HashMap();
        for (Rules.Rule rule : list) {
            for (String str2 : getOwaspCategoriesFromRuleDescription(rule.getHtmlDesc(), str)) {
                List list2 = (List) hashMap.getOrDefault(str2, new ArrayList());
                list2.add(rule);
                hashMap.put(str2, list2);
            }
        }
        return hashMap;
    }

    public static List<Rules.Rule> getRuleList(Map<String, List<Rules.Rule>> map) {
        if (map == null) {
            return new ArrayList();
        }
        HashSet hashSet = new HashSet();
        Iterator<Map.Entry<String, List<Rules.Rule>>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next().getValue());
        }
        return new ArrayList(hashSet);
    }
}
