package com.liferay.source.formatter.check;

import com.liferay.exportimport.kernel.lar.PortletDataContext;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.json.JSONObjectImpl;
import com.liferay.portal.kernel.json.JSONException;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.scheduler.SchedulerEngine;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.source.formatter.SourceFormatterArgs;
import com.liferay.source.formatter.check.util.SourceUtil;
import com.liferay.source.formatter.util.FileUtil;
import com.liferay.source.formatter.util.GradleBuildFile;
import com.liferay.source.formatter.util.GradleDependency;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.io.StringReader;
import java.net.URL;
import java.net.URLConnection;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.apache.maven.artifact.versioning.DefaultArtifactVersion;
import org.apache.maven.artifact.versioning.InvalidVersionSpecificationException;
import org.apache.maven.artifact.versioning.VersionRange;
import org.dom4j.Element;

/* loaded from: input_file:com/liferay/source/formatter/check/LibraryVulnerabilitiesCheck.class */
public class LibraryVulnerabilitiesCheck extends BaseFileCheck {
    private static final String _CI_PROPERTIES_URL = "http://mirrors.lax.liferay.com/github.com/liferay/liferay-jenkins-ee/commands/build.properties";
    private static final String _SEVERITIES_KEY = "severities";
    private String _cachedKnownVulnerabilities;
    private final Map<String, List<SecurityVulnerabilityNode>> _cachedVulnerableVersionMap = new ConcurrentHashMap();
    private String _githubAccessToken;
    private static final String _BUILD_PROPERTIES_FILE_NAME = "build." + System.getProperty("user.name") + ".properties";
    private static final Log _log = LogFactoryUtil.getLog((Class<?>) LibraryVulnerabilitiesCheck.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/liferay/source/formatter/check/LibraryVulnerabilitiesCheck$SecurityAdvisoryEcosystemEnum.class */
    public enum SecurityAdvisoryEcosystemEnum {
        MAVEN,
        NPM
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/liferay/source/formatter/check/LibraryVulnerabilitiesCheck$SecurityVulnerabilityNode.class */
    public static class SecurityVulnerabilityNode {
        private String _permalink;
        private String _summary;
        private VersionRange _versionRange;

        private SecurityVulnerabilityNode() {
        }

        public String getPermalink() {
            return this._permalink;
        }

        public String getSummary() {
            return this._summary;
        }

        public VersionRange getVersionRange() {
            return this._versionRange;
        }

        public void setPermalink(String str) {
            this._permalink = str;
        }

        public void setSummary(String str) {
            this._summary = str;
        }

        public void setVersionRange(String str) throws InvalidVersionSpecificationException {
            if (str.contains(",")) {
                this._versionRange = VersionRange.createFromVersionSpec(StringUtil.replace(str.replaceAll("([=<>]+.+?, )([=<>]+)(.+)", "$1$3$2"), new String[]{">=", ">", "<=", "<"}, new String[]{"[", "(", "]", ")"}));
                return;
            }
            String[] split = str.split(" ", 2);
            if (split[0].equals("=")) {
                this._versionRange = VersionRange.createFromVersion(split[1]);
                return;
            }
            if (split[0].equals("<")) {
                this._versionRange = VersionRange.createFromVersionSpec("(," + split[1] + ")");
                return;
            }
            if (split[0].equals("<=")) {
                this._versionRange = VersionRange.createFromVersionSpec("(," + split[1] + "]");
            } else if (split[0].equals(">")) {
                this._versionRange = VersionRange.createFromVersionSpec("(" + split[1] + ",)");
            } else if (split[0].equals(">=")) {
                this._versionRange = VersionRange.createFromVersionSpec("[" + split[1] + ",)");
            }
        }
    }

    @Override // com.liferay.source.formatter.check.BaseSourceCheck, com.liferay.source.formatter.check.SourceCheck
    public boolean isLiferaySourceCheck() {
        return true;
    }

    @Override // com.liferay.source.formatter.check.BaseFileCheck
    protected String doProcess(String str, String str2, String str3) throws Exception {
        SourceFormatterArgs sourceFormatterArgs = getSourceProcessor().getSourceFormatterArgs();
        if (!sourceFormatterArgs.isCheckVulnerabilities()) {
            return str3;
        }
        this._githubAccessToken = _getGithubAccessToken(sourceFormatterArgs);
        if (str.endsWith(".gradle")) {
            _checkGradleLibraryVulnerabilities(str, str2, str3);
        } else if (str.endsWith(".json")) {
            _checkJsonLibraryVulnerabilities(str, str2, str3);
        } else if (str.endsWith(".properties")) {
            _checkPropertiesLibraryVulnerabilities(str, str2, str3);
        } else if (str.endsWith("ivy.xml")) {
            _checkIvyXmlLibraryVulnerabilities(str, str2, str3);
        } else if (str.endsWith("pom.xml")) {
            _checkPomXmlLibraryVulnerabilities(str, str2, str3);
        }
        return str3;
    }

    private static boolean _isGenerateVulnerableLibrariesCacheFile() {
        if (Validator.isNull(System.getenv("JENKINS_HOME"))) {
            return false;
        }
        String str = System.getenv(SchedulerEngine.JOB_NAME);
        if (Validator.isNull(str)) {
            return false;
        }
        return str.contains("liferay-binaries-cache-upstream");
    }

    private void _checkGradleLibraryVulnerabilities(String str, String str2, String str3) throws Exception {
        GradleBuildFile gradleBuildFile = new GradleBuildFile(str3);
        List<GradleDependency> gradleDependencies = gradleBuildFile.getGradleDependencies();
        gradleDependencies.addAll(gradleBuildFile.getBuildScriptDependencies());
        for (GradleDependency gradleDependency : gradleDependencies) {
            String group = gradleDependency.getGroup();
            String name = gradleDependency.getName();
            String version = gradleDependency.getVersion();
            if (!Validator.isNull(group) && !Validator.isNull(name) && !Validator.isNull(version)) {
                _checkVulnerabilities(str, str2, group + ":" + name, version, SecurityAdvisoryEcosystemEnum.MAVEN);
            }
        }
    }

    private void _checkIvyXmlLibraryVulnerabilities(String str, String str2, String str3) throws Exception {
        if (Validator.isNull(str3)) {
            return;
        }
        Iterator<Element> it = SourceUtil.readXML(str3).getRootElement().elements("dependencies").iterator();
        while (it.hasNext()) {
            for (Element element : it.next().elements(PortletDataContext.REFERENCE_TYPE_DEPENDENCY)) {
                String attributeValue = element.attributeValue("name");
                String attributeValue2 = element.attributeValue("org");
                String attributeValue3 = element.attributeValue("rev");
                if (!Validator.isNull(attributeValue) && !Validator.isNull(attributeValue2) && !Validator.isNull(attributeValue3)) {
                    _checkVulnerabilities(str, str2, attributeValue2 + ":" + attributeValue, attributeValue3, SecurityAdvisoryEcosystemEnum.MAVEN);
                }
            }
        }
    }

    private void _checkJsonLibraryVulnerabilities(String str, String str2, String str3) throws Exception {
        if (Validator.isNull(str3)) {
            return;
        }
        try {
            JSONObjectImpl jSONObjectImpl = new JSONObjectImpl(str3);
            _checkVersionInJsonFile(str, str2, jSONObjectImpl.getJSONObject("dependencies"));
            _checkVersionInJsonFile(str, str2, jSONObjectImpl.getJSONObject("devDependencies"));
        } catch (JSONException e) {
            if (_log.isDebugEnabled()) {
                _log.debug((Throwable) e);
            }
        }
    }

    private void _checkPomXmlLibraryVulnerabilities(String str, String str2, String str3) throws Exception {
        if (Validator.isNull(str3)) {
            return;
        }
        Element rootElement = SourceUtil.readXML(str3).getRootElement();
        Iterator<Element> it = rootElement.elements("dependencies").iterator();
        while (it.hasNext()) {
            for (Element element : it.next().elements(PortletDataContext.REFERENCE_TYPE_DEPENDENCY)) {
                Element element2 = element.element("artifactId");
                Element element3 = element.element("groupId");
                Element element4 = element.element("version");
                if (element2 != null && element3 != null && element4 != null) {
                    String text = element4.getText();
                    if (!text.startsWith("$")) {
                        _checkVulnerabilities(str, str2, element3.getText() + ":" + element2.getText(), text, SecurityAdvisoryEcosystemEnum.MAVEN);
                    }
                }
            }
        }
        Iterator<Element> it2 = rootElement.elements("build").iterator();
        while (it2.hasNext()) {
            Iterator<Element> it3 = it2.next().elements("plugins").iterator();
            while (it3.hasNext()) {
                for (Element element5 : it3.next().elements("plugin")) {
                    Element element6 = element5.element("artifactId");
                    Element element7 = element5.element("groupId");
                    Element element8 = element5.element("version");
                    if (element6 != null && element7 != null && element8 != null) {
                        String text2 = element8.getText();
                        if (!text2.startsWith("$")) {
                            _checkVulnerabilities(str, str2, element7.getText() + ":" + element6.getText(), text2, SecurityAdvisoryEcosystemEnum.MAVEN);
                        }
                    }
                }
            }
        }
    }

    private void _checkPropertiesLibraryVulnerabilities(String str, String str2, String str3) throws Exception {
        Properties properties = new Properties();
        properties.load(new StringReader(str3));
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String property = properties.getProperty((String) propertyNames.nextElement());
            if (!Validator.isNull(property)) {
                String[] split = property.split(":");
                if (split.length >= 3) {
                    _checkVulnerabilities(str, str2, split[0] + ":" + split[1], split[2], SecurityAdvisoryEcosystemEnum.MAVEN);
                }
            }
        }
    }

    private void _checkVersionInJsonFile(String str, String str2, JSONObject jSONObject) throws Exception {
        if (jSONObject == null) {
            return;
        }
        for (String str3 : jSONObject.keySet()) {
            String string = jSONObject.getString(str3);
            if (!string.startsWith("^") && !string.startsWith("~") && !string.startsWith("*")) {
                _checkVulnerabilities(str, str2, str3, string, SecurityAdvisoryEcosystemEnum.NPM);
            }
        }
    }

    private void _checkVulnerabilities(String str, String str2, SecurityAdvisoryEcosystemEnum securityAdvisoryEcosystemEnum, DefaultArtifactVersion defaultArtifactVersion) {
        for (SecurityVulnerabilityNode securityVulnerabilityNode : this._cachedVulnerableVersionMap.get(securityAdvisoryEcosystemEnum + ":" + str2)) {
            if (securityVulnerabilityNode.getVersionRange().containsVersion(defaultArtifactVersion)) {
                addMessage(str, StringBundler.concat("Library '", str2, ":", defaultArtifactVersion, "' contains known vulnerabilities(", securityVulnerabilityNode.getSummary(), ", ", securityVulnerabilityNode.getPermalink(), ")"));
                return;
            }
        }
    }

    private void _checkVulnerabilities(String str, String str2, String str3, String str4, SecurityAdvisoryEcosystemEnum securityAdvisoryEcosystemEnum) throws Exception {
        if (str4.matches("(\\d|v).+")) {
            for (String str5 : StringUtil.splitLines(_getCachedKnownVulnerabilities())) {
                String[] split = StringUtil.split(str5, ";");
                VersionRange createFromVersionSpec = VersionRange.createFromVersionSpec(split[2]);
                DefaultArtifactVersion defaultArtifactVersion = new DefaultArtifactVersion(str4);
                if (split.length == 5 && Objects.equals(securityAdvisoryEcosystemEnum.name(), split[0]) && str3.equals(split[1]) && createFromVersionSpec.containsVersion(defaultArtifactVersion)) {
                    addMessage(str, StringBundler.concat("Library '", str3, ":", str4, "' contains known vulnerabilities(", split[3], ", ", split[4], ")"));
                    return;
                }
            }
            if (Validator.isNull(this._githubAccessToken)) {
                return;
            }
            if (!this._cachedVulnerableVersionMap.containsKey(securityAdvisoryEcosystemEnum + ":" + str3)) {
                _generateVulnerableVersionMap(str3, securityAdvisoryEcosystemEnum, getAttributeValues(_SEVERITIES_KEY, str2));
            }
            _checkVulnerabilities(str, str3, securityAdvisoryEcosystemEnum, new DefaultArtifactVersion(str4));
        }
    }

    private void _generateVulnerableVersionMap(String str, SecurityAdvisoryEcosystemEnum securityAdvisoryEcosystemEnum, List<String> list) throws Exception {
        if (this._cachedVulnerableVersionMap.containsKey(securityAdvisoryEcosystemEnum + ":" + str)) {
            return;
        }
        List<SecurityVulnerabilityNode> _getSecurityVulnerabilityNodes = _getSecurityVulnerabilityNodes(str, null, securityAdvisoryEcosystemEnum, list, this._githubAccessToken);
        this._cachedVulnerableVersionMap.put(securityAdvisoryEcosystemEnum + ":" + str, _getSecurityVulnerabilityNodes);
        if (_isGenerateVulnerableLibrariesCacheFile()) {
            for (SecurityVulnerabilityNode securityVulnerabilityNode : _getSecurityVulnerabilityNodes) {
                String str2 = StringUtil.merge(new String[]{securityAdvisoryEcosystemEnum.toString(), str, String.valueOf(securityVulnerabilityNode.getVersionRange()), securityVulnerabilityNode.getSummary(), securityVulnerabilityNode.getPermalink()}, ";") + "\n";
                synchronized (this) {
                    _write(new File(getPortalDir(), "vulnerable_libraries.txt"), str2);
                }
            }
        }
    }

    private synchronized String _getCachedKnownVulnerabilities() throws Exception {
        if (Validator.isNotNull(this._cachedKnownVulnerabilities)) {
            return this._cachedKnownVulnerabilities;
        }
        this._cachedKnownVulnerabilities = "";
        if (!_isGenerateVulnerableLibrariesCacheFile()) {
            File file = new File(getPortalDir(), "../liferay-binaries-cache-2020/vulnerable_libraries.txt");
            if (file.exists()) {
                this._cachedKnownVulnerabilities = FileUtil.read(file);
            }
        }
        return this._cachedKnownVulnerabilities;
    }

    private String _getCiGithubAccessToken() {
        Properties properties = new Properties();
        try {
            URLConnection openConnection = new URL(_CI_PROPERTIES_URL).openConnection();
            openConnection.connect();
            properties.load(openConnection.getInputStream());
        } catch (IOException e) {
            if (_log.isDebugEnabled()) {
                _log.debug((Throwable) e);
            }
        }
        return properties.getProperty("github.access.token");
    }

    private synchronized String _getGithubAccessToken(SourceFormatterArgs sourceFormatterArgs) throws Exception {
        if (Validator.isNotNull(this._githubAccessToken)) {
            return this._githubAccessToken;
        }
        if (sourceFormatterArgs.isUseCiGithubAccessToken() || _isGenerateVulnerableLibrariesCacheFile()) {
            this._githubAccessToken = _getCiGithubAccessToken();
        } else {
            this._githubAccessToken = _getLocalGithubAccessToken();
        }
        return this._githubAccessToken;
    }

    private String _getLocalGithubAccessToken() throws Exception {
        File portalDir = getPortalDir();
        if (portalDir == null) {
            return "";
        }
        File file = new File(portalDir.getAbsolutePath(), _BUILD_PROPERTIES_FILE_NAME);
        if (!file.exists()) {
            return null;
        }
        Properties properties = new Properties();
        properties.load(Files.newInputStream(file.toPath(), new OpenOption[0]));
        return properties.getProperty("github.access.token");
    }

    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r16v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x02e6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:106:0x02e6 */
    /* JADX WARN: Not initialized variable reg: 16, insn: 0x02eb: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r16 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:108:0x02eb */
    /* JADX WARN: Type inference failed for: r15v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable] */
    private List<SecurityVulnerabilityNode> _getSecurityVulnerabilityNodes(String str, String str2, SecurityAdvisoryEcosystemEnum securityAdvisoryEcosystemEnum, List<String> list, String str3) {
        CloseableHttpClient build;
        Throwable th;
        CloseableHttpResponse execute;
        try {
            try {
                build = HttpClientBuilder.create().build();
                th = null;
                String concat = StringBundler.concat("first: 100, package:\\\"", str, "\\\", ecosystem: ", securityAdvisoryEcosystemEnum.name(), ", severities: ", list);
                if (Validator.isNotNull(str2)) {
                    concat = concat + "after: \\\"" + str2 + "\\\"";
                }
                HttpPost httpPost = new HttpPost("https://api.github.com/graphql");
                httpPost.setEntity(new StringEntity(StringBundler.concat("{\"query\": \"{ securityVulnerabilities(", concat, ") ", "{nodes { advisory {summary, permalink} package {name} severity vulnerableVersionRange } pageInfo {endCursor hasNextPage } totalCount }", "}\" }"), ContentType.APPLICATION_JSON));
                httpPost.addHeader("Authorization", "bearer " + str3);
                httpPost.addHeader("Content-Type", "application/json; charset=utf-8");
                execute = build.execute((HttpUriRequest) httpPost);
            } finally {
            }
        } catch (Exception e) {
            _log.error((Throwable) e);
        }
        if (execute.getStatusLine().getStatusCode() != 200) {
            List<SecurityVulnerabilityNode> emptyList = Collections.emptyList();
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    build.close();
                }
            }
            return emptyList;
        }
        JSONObject jSONObject = new JSONObjectImpl(EntityUtils.toString(execute.getEntity(), "UTF-8")).getJSONObject("data");
        if (jSONObject == null) {
            List<SecurityVulnerabilityNode> emptyList2 = Collections.emptyList();
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    build.close();
                }
            }
            return emptyList2;
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("securityVulnerabilities");
        if (jSONObject2 == null) {
            List<SecurityVulnerabilityNode> emptyList3 = Collections.emptyList();
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            return emptyList3;
        }
        if (jSONObject2.getInt("totalCount") == 0) {
            List<SecurityVulnerabilityNode> emptyList4 = Collections.emptyList();
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    build.close();
                }
            }
            return emptyList4;
        }
        ArrayList arrayList = new ArrayList();
        for (JSONObject jSONObject3 : jSONObject2.getJSONArray("nodes")) {
            SecurityVulnerabilityNode securityVulnerabilityNode = new SecurityVulnerabilityNode();
            JSONObject jSONObject4 = jSONObject3.getJSONObject("advisory");
            securityVulnerabilityNode.setPermalink(jSONObject4.getString("permalink"));
            securityVulnerabilityNode.setSummary(jSONObject4.getString("summary"));
            securityVulnerabilityNode.setVersionRange(jSONObject3.getString("vulnerableVersionRange"));
            arrayList.add(securityVulnerabilityNode);
        }
        JSONObject jSONObject5 = jSONObject2.getJSONObject("pageInfo");
        if (jSONObject5.getBoolean("hasNextPage")) {
            arrayList.addAll(_getSecurityVulnerabilityNodes(str, jSONObject5.getString("endCursor"), securityAdvisoryEcosystemEnum, list, str3));
        }
        if (arrayList.isEmpty()) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    build.close();
                }
            }
            return Collections.emptyList();
        }
        if (build != null) {
            if (0 != 0) {
                try {
                    build.close();
                } catch (Throwable th7) {
                    th.addSuppressed(th7);
                }
            } else {
                build.close();
            }
        }
        return arrayList;
        _log.error((Throwable) e);
        return Collections.emptyList();
    }

    private void _write(File file, String str) throws Exception {
        OutputStream newOutputStream = Files.newOutputStream(Paths.get(file.toURI()), StandardOpenOption.CREATE, StandardOpenOption.APPEND);
        Throwable th = null;
        try {
            newOutputStream.write(str.getBytes());
            if (newOutputStream != null) {
                if (0 == 0) {
                    newOutputStream.close();
                    return;
                }
                try {
                    newOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (newOutputStream != null) {
                if (0 != 0) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
