package es.sonarqube.security.manager;

import com.bitegarden.extensions.asvs.managers.ChapterManager;
import es.sonarqube.security.model.SecurityStandardType;
import es.sonarqube.security.model.SonarQubeSecurityParams;
import es.sonarqube.security.model.asvs.ASVSBreakdown;
import es.sonarqube.security.model.asvs.ASVSChapter;
import es.sonarqube.security.model.asvs.ASVSReport;
import es.sonarqube.security.utils.ASVSUtils;
import es.sonarqube.security.utils.ParamUtils;
import es.sonarqube.security.utils.SecurityUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonarqube.ws.Issues;
import org.sonarqube.ws.Rules;
import org.sonarqube.ws.client.HttpConnector;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.WsClientFactories;

/* loaded from: input_file:META-INF/lib/sonarqube-security-manager-1.6.3.jar:es/sonarqube/security/manager/OwaspASVSManager.class */
public class OwaspASVSManager {
    private final WsClient wsClient;
    private final Locale userLocale;
    private static final Logger LOGGER = LoggerFactory.getLogger(OwaspASVSManager.class);

    public OwaspASVSManager(WsClient wsClient, Locale locale) {
        this.wsClient = wsClient;
        this.userLocale = locale;
    }

    public OwaspASVSManager(String str, String str2, Locale locale) {
        this.wsClient = WsClientFactories.getDefault().newClient(HttpConnector.newBuilder().url(str).token(str2).build());
        this.userLocale = locale;
    }

    protected static ASVSReport getASVSReport(String str, String str2, Locale locale, String str3, String str4) {
        return SecurityManagerFactory.createOwaspASVSManager(str, str2, locale).getASVSReport(str3, str4, (String) null);
    }

    protected static ASVSReport getASVSReport(String str, String str2, Locale locale, String str3, String str4, String str5) {
        return SecurityManagerFactory.createOwaspASVSManager(str, str2, locale).getASVSReport(str3, str4, str5);
    }

    protected static ASVSReport getASVSReport(String str, String str2, Locale locale, List<String> list, String str3) {
        return SecurityManagerFactory.createOwaspASVSManager(str, str2, locale).getASVSReport(list, (String) null, str3);
    }

    protected static ASVSReport getASVSReport(String str, String str2, Locale locale, List<String> list) {
        return SecurityManagerFactory.createOwaspASVSManager(str, str2, locale).getASVSReport(list, (String) null, (String) null);
    }

    protected static ASVSReport getASVSReport(WsClient wsClient, Locale locale, String str, String str2) {
        return SecurityManagerFactory.createOwaspASVSManager(wsClient, locale).getASVSReport(str, str2, (String) null);
    }

    protected static ASVSReport getASVSReport(WsClient wsClient, Locale locale, String str, String str2, String str3) {
        return SecurityManagerFactory.createOwaspASVSManager(wsClient, locale).getASVSReport(str, str2, str3);
    }

    protected static ASVSReport getASVSReport(WsClient wsClient, Locale locale, List<String> list) {
        return SecurityManagerFactory.createOwaspASVSManager(wsClient, locale).getASVSReport(list, (String) null, (String) null);
    }

    protected static ASVSReport getASVSReport(WsClient wsClient, Locale locale, List<String> list, String str) {
        return SecurityManagerFactory.createOwaspASVSManager(wsClient, locale).getASVSReport(list, (String) null, str);
    }

    public ASVSReport getASVSReport(String str, String str2) {
        return getASVSReport(Collections.singletonList(str), str2, (String) null);
    }

    public ASVSReport getASVSReport(String str, String str2, String str3) {
        if (ParamUtils.hasValue(str)) {
            return getASVSReport(Collections.singletonList(str), str2, str3);
        }
        LOGGER.warn("Cannot get ASVS report because project key has not value");
        return new ASVSReport();
    }

    public ASVSReport getASVSReport(List<String> list, String str, String str2) {
        LOGGER.debug("Generating ASVS report...");
        SonarQubeSecurityParams sonarQubeSecurityParams = SecurityUtils.getSonarQubeSecurityParams(SecurityUtils.getSonarqubeSecurityCacheProperties(com.bitegarden.sonar.plugins.security.util.ParamUtils.ASVS_TYPE, str2), this.wsClient, SecurityStandardType.ASVS);
        ArrayList arrayList = new ArrayList();
        LOGGER.debug("Processing all project keys...");
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(ASVSUtils.getASVSReportForProject(it.next(), str, sonarQubeSecurityParams, this.wsClient, this.userLocale));
        }
        ASVSReport aSVSReport = new ASVSReport();
        AtomicReference atomicReference = new AtomicReference();
        AtomicInteger atomicInteger = new AtomicInteger(0);
        ASVSBreakdown aSVSBreakdown = new ASVSBreakdown();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        arrayList.forEach(aSVSReport2 -> {
            atomicReference.set(aSVSReport2.getAsvsVersion());
            aSVSReport.setIssuesRuleByCweMap(aSVSReport2.getIssuesRuleByCweMap());
            aSVSReport.setHotspotsRuleByCweMap(aSVSReport2.getHotspotsRuleByCweMap());
            aSVSReport.setIssuesByCweMap(aSVSReport2.getIssuesByCweMap());
            LOGGER.debug("Processing aggregated report rating with current value ({})", aSVSReport.getRating());
            aSVSReport.setRating(SecurityUtils.getWorstRating(aSVSReport.getRating(), aSVSReport2.getRating()));
            LOGGER.debug("Aggregated report rating processed with new value ({})", aSVSReport.getRating());
            ASVSBreakdown asvsBreakdown = aSVSReport2.getAsvsBreakdown();
            LOGGER.debug("Processing aggregated chapters...");
            asvsBreakdown.getAsvsChapters().forEach(aSVSChapter -> {
                linkedHashMap.put(aSVSChapter.getShortCode(), ASVSUtils.getAggregatedASVSChapterByChapter(linkedHashMap, aSVSChapter));
            });
            LOGGER.debug("Aggregated chapters processed, total chapters processed ({})...", Integer.valueOf(linkedHashMap.size()));
            asvsBreakdown.getAsvsSections().forEach(aSVSSection -> {
                linkedHashMap2.put(aSVSSection.getTitle(), ASVSUtils.getAggregatedASVSSection(linkedHashMap2, aSVSSection));
            });
            LOGGER.debug("Adding supported requirements by Chapter map to aggregated report...");
            aSVSReport.setSupportedSectionsByChapter(aSVSReport2.getSupportedSectionsByChapter());
            LOGGER.debug("Supported requirements by Chapter map added...");
            LOGGER.debug("Adding no computable sections requirements by Chapter map to aggregated report...");
            aSVSReport.setNoComputableSectionsByChapter(aSVSReport2.getNoComputableSectionsByChapter());
            LOGGER.debug("No computable requirements by Chapter map added...");
            LOGGER.debug("Setting total values to aggregated report...");
            aSVSReport.setTotalASVSRequirementSupported(aSVSReport2.getTotalASVSRequirementSupported());
            aSVSReport.setTotalCweSupported(aSVSReport2.getTotalCweSupported());
            aSVSReport.setTotalCweASVSSupported(aSVSReport2.getTotalCweASVSSupported());
            aSVSReport.setTotalSonarQubeRequirementSupported(aSVSReport2.getTotalSonarQubeRequirementSupported());
            LOGGER.debug("Total values added...");
        });
        ArrayList arrayList2 = new ArrayList(linkedHashMap2.values());
        aSVSBreakdown.setAsvsSections(arrayList2);
        aSVSReport.setAsvsVersion((String) atomicReference.get());
        aSVSReport.setAsvsBreakdown(aSVSBreakdown);
        ArrayList arrayList3 = new ArrayList();
        LOGGER.debug("Iterate ASVS sections to calculate total A rating and failed requirements");
        arrayList2.forEach(aSVSSection -> {
            String chapterShortCode = aSVSSection.getChapterShortCode();
            ASVSChapter aSVSChapter = (ASVSChapter) linkedHashMap.get(chapterShortCode);
            aSVSSection.getAsvsRequirementList().forEach(aSVSRequirement -> {
                if ("A".equals(aSVSRequirement.getRating())) {
                    atomicInteger.getAndIncrement();
                }
            });
            if (arrayList3.contains(chapterShortCode)) {
                aSVSChapter.setTotalRequirementFailed(aSVSChapter.getTotalRequirementFailed() + aSVSSection.getAsvsRequirementList().size());
            } else {
                aSVSChapter.setTotalRequirementFailed(aSVSSection.getAsvsRequirementList().size());
                arrayList3.add(chapterShortCode);
            }
            AtomicInteger atomicInteger2 = new AtomicInteger();
            aSVSReport.getSupportedSectionsByChapter().get(chapterShortCode).forEach(aSVSSection -> {
                atomicInteger2.getAndAdd(aSVSSection.getAsvsRequirementList().size());
            });
            aSVSChapter.setTotalRequirementPassed(atomicInteger2.intValue() - aSVSChapter.getTotalRequirementFailed());
            linkedHashMap.put(chapterShortCode, aSVSChapter);
        });
        LOGGER.debug("Iterate ASVS sections finish...");
        aSVSReport.getNoComputableSectionsByChapter().forEach((str3, list2) -> {
            ASVSChapter aSVSChapter = (ASVSChapter) linkedHashMap.get(str3);
            list2.forEach(aSVSSection2 -> {
                aSVSChapter.setTotalNoComputableRequirements(aSVSChapter.getTotalNoComputableRequirements() + aSVSSection2.getTotalNotComputable());
            });
            linkedHashMap.put(str3, aSVSChapter);
        });
        ArrayList arrayList4 = new ArrayList(linkedHashMap.values());
        aSVSBreakdown.setAsvsChapters(arrayList4);
        aSVSReport.setPassedSectionsByChapter(ASVSUtils.getPassedSectionsByChapter(aSVSReport.getSupportedSectionsByChapter(), aSVSBreakdown.getAsvsChapters(), aSVSBreakdown.getAsvsSections()));
        aSVSReport.setFailedSectionsByChapter(ASVSUtils.getFailedSectionsByChapter(aSVSBreakdown.getAsvsChapters(), aSVSBreakdown.getAsvsSections()));
        LOGGER.debug("Calculate totals for aggregated ASVS report...");
        aSVSReport.setTotalHotspots(((Integer) arrayList4.stream().map((v0) -> {
            return v0.getTotalHotspots();
        }).reduce(0, (v0, v1) -> {
            return Integer.sum(v0, v1);
        })).intValue());
        aSVSReport.setTotalIssues(((Integer) arrayList4.stream().map((v0) -> {
            return v0.getTotalIssues();
        }).reduce(0, (v0, v1) -> {
            return Integer.sum(v0, v1);
        })).intValue());
        aSVSReport.setTotalRequirementPassed(((Integer) arrayList4.stream().map((v0) -> {
            return v0.getTotalRequirementPassed();
        }).reduce(0, (v0, v1) -> {
            return Integer.sum(v0, v1);
        })).intValue());
        aSVSReport.setTotalRequirementFailed(((Integer) arrayList4.stream().map((v0) -> {
            return v0.getTotalRequirementFailed();
        }).reduce(0, (v0, v1) -> {
            return Integer.sum(v0, v1);
        })).intValue());
        aSVSReport.setTotalRatingARequirements(atomicInteger.intValue() + aSVSReport.getTotalRequirementPassed());
        LOGGER.debug("Totals for aggregated ASVS report calculate finish...");
        return aSVSReport;
    }

    public static String computeASVSTopRating(List<String> list, String str, WsClient wsClient, Locale locale, String str2) {
        LOGGER.debug("Generating ASVS Rating ...");
        SonarQubeSecurityParams sonarQubeSecurityParams = SecurityUtils.getSonarQubeSecurityParams(SecurityUtils.getSonarqubeSecurityCacheProperties(com.bitegarden.sonar.plugins.security.util.ParamUtils.ASVS_TYPE, str2), wsClient, SecurityStandardType.ASVS);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(getASVSRatingForProject(it.next(), str, wsClient, locale, sonarQubeSecurityParams));
        }
        return SecurityUtils.getWorstRatingFromRatingList(arrayList);
    }

    private static String getASVSRatingForProject(String str, String str2, WsClient wsClient, Locale locale, SonarQubeSecurityParams sonarQubeSecurityParams) {
        try {
            LOGGER.debug("Getting issues rules by cwe map...");
            Map<String, List<Rules.Rule>> issuesRuleByCweMap = sonarQubeSecurityParams.getIssuesRuleByCweMap();
            ArrayList arrayList = new ArrayList();
            List<String> supportedCWEList = sonarQubeSecurityParams.getSupportedCWEList();
            HashMap hashMap = new HashMap();
            sonarQubeSecurityParams.getSupportedCWEList().forEach(str3 -> {
                List<Issues.Issue> issueListByCweMap = SecurityUtils.getIssueListByCweMap(hashMap, str3);
                issueListByCweMap.addAll(SecurityUtils.searchSonarQubeIssuesByRule(str, str2, wsClient, (List) issuesRuleByCweMap.getOrDefault(str3, new ArrayList())));
                arrayList.addAll(issueListByCweMap);
                LOGGER.debug("Issues by cwe ({}) obtained, total issues ({})", str3, Integer.valueOf(issueListByCweMap.size()));
            });
            LOGGER.debug("Issues by cwe map obtained, total cwe processed ({})", Integer.valueOf(hashMap.size()));
            LOGGER.debug("Processing all ASVS chapters...");
            ChapterManager.getAllChapters(locale).forEach(chapter -> {
                LOGGER.debug("Processing all ASVS sections for chapter ({})", chapter.getShortCode());
                chapter.getSections().forEach(section -> {
                    LOGGER.debug("Processing all ASVS requirements for section ({})", section.getShortCode());
                    section.getRequirements().forEach(requirement -> {
                        requirement.getCwe().forEach(num -> {
                            String num = num.toString();
                            if (supportedCWEList.contains(num)) {
                                LOGGER.debug("Supported cwe code ({}) detected... processing all data..", num);
                                arrayList.addAll((List) hashMap.getOrDefault(num, new ArrayList()));
                            }
                        });
                    });
                });
            });
            List list = (List) arrayList.stream().collect(Collectors.collectingAndThen(Collectors.toCollection(() -> {
                return new TreeSet(Comparator.comparing((v0) -> {
                    return v0.getKey();
                }));
            }), (v1) -> {
                return new ArrayList(v1);
            }));
            LOGGER.debug("sonarQubeIssuesWithoutDuplicates ASVS calculated, getting rating...");
            return SecurityUtils.computeRatingBySonarQubeIssues(list);
        } catch (Exception e) {
            LOGGER.error("Error getting ASVS rating for project keys ({}) and branch ({}), reason -> {}", new Object[]{str, str2, e.getMessage()});
            LOGGER.debug("Error getting ASVS rating for project keys ({}) and branch ({})", new Object[]{str, str2, e});
            return "";
        }
    }
}
