package com.bitegarden.sonar.plugins.security.util;

import com.bitegarden.sonar.plugins.security.model.SecurityIssue;
import com.bitegarden.sonar.plugins.security.model.common.MeasureResponseValue;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspBreakdownByCategoryRow;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspBreakdownByRuleRow;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspSummary;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspVulnerabilitiesBreakdownByCategory;
import com.bitegarden.sonar.plugins.security.model.owasp.OwaspVulnerabilitiesBreakdownByRule;
import es.sonarqube.security.model.owasp.OwaspReport;
import es.sonarqube.security.model.owasp.OwaspRule;
import es.sonarqube.security.utils.SecurityUtils;
import es.sonarqube.utils.MapField;
import es.sonarqube.utils.WorkDuration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.concurrent.atomic.AtomicLong;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.sonar.api.utils.log.Logger;
import org.sonar.api.utils.log.Loggers;
import org.sonarqube.ws.Measures;
import org.sonarqube.ws.Rules;
import org.sonarqube.ws.client.WsClient;
import org.sonarqube.ws.client.measures.SearchRequest;

/* loaded from: input_file:com/bitegarden/sonar/plugins/security/util/OwaspUtils.class */
public final class OwaspUtils {
    public static final OwaspUtils INSTANCE = new OwaspUtils();
    private static final Logger LOG = Loggers.get(OwaspUtils.class);
    private static final Pattern OWASP_CATEGORY_PATTERN = Pattern.compile("(OWASP Top 10 2017 Category A)\\w+");

    private OwaspUtils() {
    }

    public static List<String> getOwaspCategoriesByHtmlRule(List<String> list, String str) {
        ArrayList arrayList = new ArrayList();
        Matcher matcher = OWASP_CATEGORY_PATTERN.matcher(str);
        LOG.debug("Looking for owasp categories in description:");
        while (matcher.find()) {
            String group = matcher.group();
            LOG.debug("Found: {}", group);
            String str2 = "A" + group.substring(28);
            if (!list.contains(str2)) {
                LOG.debug("Category {} added!", str2);
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public static List<String> getOwaspCategoriesByTags(Rules.Rule rule, String str) {
        ArrayList arrayList = new ArrayList();
        if (rule != null) {
            for (String str2 : rule.getTags().getTagsList()) {
                if (str2.contains(str)) {
                    arrayList.add(str2.substring(6).toUpperCase());
                }
            }
            for (String str3 : rule.getSysTags().getSysTagsList()) {
                if (str3.contains(str)) {
                    arrayList.add(str3.substring(6).toUpperCase());
                }
            }
        }
        return arrayList;
    }

    public static String getOwaspTop10Category(ResourceBundle resourceBundle, int i, String str) {
        return resourceBundle.getString("bitegarden.security.owasp.top10.A" + i + "." + str);
    }

    public static Map<String, String> getSecurityMeasuresMap(String str, Map<String, Integer> map, Locale locale, WsClient wsClient, OwaspReport owaspReport) {
        LOG.debug("Getting security measures map for project ({})", str);
        HashMap hashMap = new HashMap();
        LOG.debug("Getting measures values...");
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setProjectKeys(Collections.singletonList(str));
        searchRequest.setMetricKeys(ParamUtils.CORE_METRIC_LIST);
        Measures.SearchWsResponse search = wsClient.measures().search(searchRequest);
        LOG.debug("Measures values obtained...");
        LOG.debug("Calculate total measures values by severity...");
        int parseInt = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure -> {
            return measure.getMetric().equals(MapField.BLOCKER_ISSUES);
        }).collect(Collectors.toList())).get(0)).getValue());
        int parseInt2 = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure2 -> {
            return measure2.getMetric().equals(MapField.CRITICAL_ISSUES);
        }).collect(Collectors.toList())).get(0)).getValue());
        int parseInt3 = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure3 -> {
            return measure3.getMetric().equals(MapField.MAJOR_ISSUES);
        }).collect(Collectors.toList())).get(0)).getValue());
        int parseInt4 = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure4 -> {
            return measure4.getMetric().equals(MapField.MINOR_ISSUES);
        }).collect(Collectors.toList())).get(0)).getValue());
        int parseInt5 = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure5 -> {
            return measure5.getMetric().equals(MapField.INFO_ISSUES);
        }).collect(Collectors.toList())).get(0)).getValue());
        HashMap hashMap2 = new HashMap();
        hashMap2.put("BLOCKER", 0L);
        hashMap2.put("CRITICAL", 0L);
        hashMap2.put("MAJOR", 0L);
        hashMap2.put("MINOR", 0L);
        hashMap2.put("INFO", 0L);
        owaspReport.getOwaspIssuesBreakdown().forEach(owaspRule -> {
            hashMap2.put(owaspRule.getSeverity(), Long.valueOf(((Long) hashMap2.getOrDefault(owaspRule.getSeverity(), 0L)).longValue() + owaspRule.getIssues()));
        });
        hashMap.put("owaspblockerviolations", FormatUtils.getNumber(locale).format(((Long) hashMap2.get("BLOCKER")).doubleValue()));
        hashMap.put("owaspcriticalviolations", FormatUtils.getNumber(locale).format(((Long) hashMap2.get("CRITICAL")).doubleValue()));
        hashMap.put("owaspmajorviolations", FormatUtils.getNumber(locale).format(((Long) hashMap2.get("MAJOR")).doubleValue()));
        hashMap.put("owaspminorviolations", FormatUtils.getNumber(locale).format(((Long) hashMap2.get("MINOR")).doubleValue()));
        hashMap.put("owaspinfoviolations", FormatUtils.getNumber(locale).format(((Long) hashMap2.get("INFO")).doubleValue()));
        hashMap.put("owaspviolations", FormatUtils.getNumber(locale).format(hashMap2.values().stream().mapToLong((v0) -> {
            return Long.valueOf(v0);
        }).sum()));
        LOG.debug("Calculate total measures values by severity finish...");
        LOG.debug("Calculate Owasp weight...");
        double d = 0.0d;
        for (String str2 : new String[]{"INFO", "MINOR", "MAJOR", "CRITICAL", "BLOCKER"}) {
            d += ((Long) hashMap2.get(str2)).doubleValue() * map.get(SecurityPluginUtils.parseSonarQubeSeverity2SecurityPluginSeverity(str2)).doubleValue();
        }
        hashMap.put("owaspweight", FormatUtils.getNumber(locale).format(d));
        LOG.debug("Calculate Owasp weight finish...");
        LOG.debug("Calculate total issues weight...");
        int intValue = Integer.valueOf(parseInt * map.get("SEVERE").intValue()).intValue() + Integer.valueOf(parseInt2 * map.get("SERIOUS").intValue()).intValue() + Integer.valueOf(parseInt3 * map.get("IMPORTANT").intValue()).intValue() + Integer.valueOf(parseInt4 * map.get("APPRECIABLE").intValue()).intValue() + Integer.valueOf(parseInt5 * map.get("INSIGNIFICANT").intValue()).intValue();
        int i = intValue <= 0 ? 1 : intValue;
        LOG.debug("Calculate total issues weight finish...");
        LOG.debug("Calculate violations density...");
        hashMap.put("owaspviolationsdensity", FormatUtils.getPercentage(locale).format(d / i));
        LOG.debug("Calculate violations density finish...");
        int parseInt6 = Integer.parseInt(((Measures.Measure) ((List) search.getMeasuresList().stream().filter(measure6 -> {
            return measure6.getMetric().equals(MapField.NCLOC);
        }).collect(Collectors.toList())).get(0)).getValue());
        LOG.debug("Calculate Owasp factor risk...");
        double computeFactorRisk = SecurityPluginUtils.computeFactorRisk(parseInt6, Double.valueOf(d));
        hashMap.put(MapField.OWASP_FACTOR_RISK, FormatUtils.getPercentage(locale).format(computeFactorRisk / 100.0d));
        hashMap.put("owaspfactorrisk_value", Double.toString(computeFactorRisk));
        LOG.debug("Calculate Owasp factor risk finish...");
        LOG.debug("Getting security measures map for project ({}) finish...", str);
        return hashMap;
    }

    public static OwaspVulnerabilitiesBreakdownByRule getOwaspVulnerabilitiesBreakdownByRule(WsClient wsClient, Map<String, Map<String, String>> map) {
        OwaspVulnerabilitiesBreakdownByRule owaspVulnerabilitiesBreakdownByRule = new OwaspVulnerabilitiesBreakdownByRule();
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        map.forEach((str, map2) -> {
            map2.forEach((str, str2) -> {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.add(str.toUpperCase());
                if (hashMap.containsKey(str)) {
                    OwaspBreakdownByRuleRow owaspBreakdownByRuleRow = (OwaspBreakdownByRuleRow) hashMap.get(str);
                    owaspBreakdownByRuleRow.getCategoryList().addAll(arrayList2);
                    hashMap.put(str, owaspBreakdownByRuleRow);
                    return;
                }
                Rules.Rule rule = SecurityPluginUtils.getRule(str, wsClient);
                if (rule != null) {
                    OwaspBreakdownByRuleRow owaspBreakdownByRuleRow2 = new OwaspBreakdownByRuleRow();
                    owaspBreakdownByRuleRow2.setRuleKey(str);
                    owaspBreakdownByRuleRow2.setVulnerabilities(Long.parseLong(str2));
                    owaspBreakdownByRuleRow2.setRuleName(rule.getName());
                    owaspBreakdownByRuleRow2.setSeverity(rule.getSeverity());
                    owaspBreakdownByRuleRow2.setCategoryList(arrayList2);
                    owaspBreakdownByRuleRow2.setRuleLanguage(rule.getLang());
                    arrayList.add(owaspBreakdownByRuleRow2);
                    hashMap.put(str, owaspBreakdownByRuleRow2);
                }
            });
        });
        owaspVulnerabilitiesBreakdownByRule.setOwaspBreakdownByRuleRows(sortBreakdownByRuleRows(arrayList));
        return owaspVulnerabilitiesBreakdownByRule;
    }

    public static String getSummaryRatingByBreakdownCategories(OwaspVulnerabilitiesBreakdownByCategory owaspVulnerabilitiesBreakdownByCategory) {
        String str = "A";
        if (owaspVulnerabilitiesBreakdownByCategory.getTotalBlocker() > 0) {
            str = "E";
        } else if (owaspVulnerabilitiesBreakdownByCategory.getTotalCritical() > 0) {
            str = "D";
        } else if (owaspVulnerabilitiesBreakdownByCategory.getTotalMajor() > 0) {
            str = "C";
        } else if (owaspVulnerabilitiesBreakdownByCategory.getTotalMinor() > 0) {
            str = "B";
        }
        return str;
    }

    public static List<OwaspBreakdownByRuleRow> getOwaspBreakdownByRuleRows(List<SecurityIssue> list) {
        ArrayList arrayList = new ArrayList();
        list.forEach(securityIssue -> {
            OwaspBreakdownByRuleRow owaspBreakdownByRuleRow = new OwaspBreakdownByRuleRow();
            owaspBreakdownByRuleRow.setHotspots(securityIssue.getCount().longValue());
            owaspBreakdownByRuleRow.setRuleLanguage(securityIssue.getRuleLanguage());
            owaspBreakdownByRuleRow.setRuleKey(securityIssue.getRuleKey());
            owaspBreakdownByRuleRow.setRuleName(securityIssue.getRuleName());
            owaspBreakdownByRuleRow.setSeverity(securityIssue.getSeverity());
            owaspBreakdownByRuleRow.setCategoryList(securityIssue.getCategories());
            owaspBreakdownByRuleRow.setHotspotsIds(securityIssue.getHotspotsIds());
            arrayList.add(owaspBreakdownByRuleRow);
        });
        return arrayList;
    }

    public static OwaspVulnerabilitiesBreakdownByCategory getOwaspVulnerabilitiesBreakdownByCategory(List<OwaspBreakdownByCategoryRow> list) {
        AtomicLong atomicLong = new AtomicLong();
        AtomicLong atomicLong2 = new AtomicLong();
        AtomicLong atomicLong3 = new AtomicLong();
        AtomicLong atomicLong4 = new AtomicLong();
        AtomicLong atomicLong5 = new AtomicLong();
        AtomicLong atomicLong6 = new AtomicLong();
        list.forEach(owaspBreakdownByCategoryRow -> {
            atomicLong.addAndGet(owaspBreakdownByCategoryRow.getBlockerVulnerabilities());
            atomicLong2.addAndGet(owaspBreakdownByCategoryRow.getCriticalVulnerabilities());
            atomicLong3.addAndGet(owaspBreakdownByCategoryRow.getMajorVulnerabilities());
            atomicLong4.addAndGet(owaspBreakdownByCategoryRow.getMinorVulnerabilities());
            atomicLong5.addAndGet(owaspBreakdownByCategoryRow.getInfoVulnerabilities());
            atomicLong6.addAndGet(owaspBreakdownByCategoryRow.getHotspots());
        });
        OwaspVulnerabilitiesBreakdownByCategory owaspVulnerabilitiesBreakdownByCategory = new OwaspVulnerabilitiesBreakdownByCategory();
        owaspVulnerabilitiesBreakdownByCategory.setTotalBlocker(atomicLong.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setTotalCritical(atomicLong2.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setTotalMajor(atomicLong3.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setTotalMinor(atomicLong4.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setTotalInfo(atomicLong5.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setTotalHotspots(atomicLong6.longValue());
        owaspVulnerabilitiesBreakdownByCategory.setOwaspBreakdownByCategoryRows(list);
        return owaspVulnerabilitiesBreakdownByCategory;
    }

    public static long getTotalOwaspVulnerabilities(OwaspVulnerabilitiesBreakdownByCategory owaspVulnerabilitiesBreakdownByCategory) {
        return owaspVulnerabilitiesBreakdownByCategory.getTotalBlocker() + owaspVulnerabilitiesBreakdownByCategory.getTotalCritical() + owaspVulnerabilitiesBreakdownByCategory.getTotalMajor() + owaspVulnerabilitiesBreakdownByCategory.getTotalMinor() + owaspVulnerabilitiesBreakdownByCategory.getTotalInfo();
    }

    public static OwaspSummary getSummary(AtomicLong atomicLong, OwaspVulnerabilitiesBreakdownByCategory owaspVulnerabilitiesBreakdownByCategory) {
        OwaspSummary owaspSummary = new OwaspSummary();
        owaspSummary.setRating(getSummaryRatingByBreakdownCategories(owaspVulnerabilitiesBreakdownByCategory));
        owaspSummary.setTechDebt(WorkDuration.create(atomicLong.get()).encode(8));
        owaspSummary.setTotalOwaspVulnerabilities(String.valueOf(getTotalOwaspVulnerabilities(owaspVulnerabilitiesBreakdownByCategory)));
        return owaspSummary;
    }

    public static List<OwaspBreakdownByRuleRow> sortBreakdownByRuleRows(List<OwaspBreakdownByRuleRow> list) {
        return (List) list.stream().filter(owaspBreakdownByRuleRow -> {
            return (owaspBreakdownByRuleRow.getCategories() == null || owaspBreakdownByRuleRow.getCategories().isEmpty()) ? false : true;
        }).sorted(Comparator.comparing((v0) -> {
            return v0.getVulnerabilities();
        }).reversed()).sorted(Comparator.comparing(owaspBreakdownByRuleRow2 -> {
            return Integer.valueOf(ParamUtils.SEVERITY_ORDER.indexOf(owaspBreakdownByRuleRow2.getSeverity()));
        })).collect(Collectors.toList());
    }

    public static List<String> getOwaspMetricsKeys() {
        return Arrays.asList("owaspviolations", "owaspblockerviolations", "owaspcriticalviolations", "owaspmajorviolations", "owaspminorviolations", "owaspinfoviolations", MapField.OWASP_FACTOR_RISK, "owaspviolationsdensity", "owasprating", "owasptechnicaldebt", "owaspweight");
    }

    public static List<MeasureResponseValue> getMeasureResponseValuesBySecurityMeasuresMap(List<String> list, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        map.forEach((str, str2) -> {
            if (list.contains(str)) {
                LOG.debug("Metric ({}) detected in request param, adding value ({}) to response", str, str2);
                MeasureResponseValue measureResponseValue = new MeasureResponseValue();
                measureResponseValue.setKey(str);
                if (str2.contains("%")) {
                    measureResponseValue.setValue(str2.replace(" ", "").replace("%", ""));
                } else {
                    measureResponseValue.setValue(str2);
                }
                arrayList.add(measureResponseValue);
            }
        });
        return arrayList;
    }

    public static Map<String, String> getCategoriesRuleMap(List<OwaspRule> list) {
        LOG.debug("Getting categories rule map...");
        HashMap hashMap = new HashMap();
        for (OwaspRule owaspRule : list) {
            LOG.debug("Getting category rule of {}", owaspRule.getRuleKey());
            Iterator<String> it = owaspRule.getCategoryList().iterator();
            while (it.hasNext()) {
                String concat = it.next().concat(SecurityUtils.HYPHEN_PARAM).concat(owaspRule.getSeverity());
                hashMap.put(concat, ((String) hashMap.getOrDefault(concat, "")).concat(owaspRule.getRuleKey()).concat(","));
            }
        }
        return hashMap;
    }

    public OwaspUtils getInstance() {
        return INSTANCE;
    }
}
