package net.ossindex.gradle.output;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import net.ossindex.common.OssiVulnerability;
import net.ossindex.gradle.AuditExtensions;
import net.ossindex.gradle.audit.MavenPackageDescriptor;
import net.ossindex.gradle.input.GradleArtifact;
import org.gradle.api.GradleException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/ossindex/gradle/output/AuditResultReporter.class */
public class AuditResultReporter {
    private static final Logger logger = LoggerFactory.getLogger(AuditResultReporter.class);
    private static final String OSSI_VULN_PREFIX = "https://ossindex.sonatype.org/vuln/";
    private final Set<GradleArtifact> resolvedTopLevelArtifacts;
    private final AuditExtensions settings;
    private Set<GradleArtifact> allGradleArtifacts;
    private String currentVulnerableArtifact = null;
    ArrayList<String> currentVulnerabilityList = new ArrayList<>();
    private String currentVulnerabilityTotals = null;
    private String thisTask;
    private JunitXmlReportWriter junitXmlReportWriter;

    public AuditResultReporter(Set<GradleArtifact> set, AuditExtensions auditExtensions, JunitXmlReportWriter junitXmlReportWriter, String str) {
        this.resolvedTopLevelArtifacts = set;
        this.settings = auditExtensions;
        this.junitXmlReportWriter = junitXmlReportWriter;
        this.thisTask = str;
    }

    public void reportResult(Collection<MavenPackageDescriptor> collection) {
        boolean z = false;
        int sumOfUnfilteredVulnerabilities = getSumOfUnfilteredVulnerabilities(collection);
        int sumOfFilteredVulnerabilities = getSumOfFilteredVulnerabilities(collection);
        int ignoredVulnerabilityCount = getIgnoredVulnerabilityCount(collection);
        int i = sumOfUnfilteredVulnerabilities - ignoredVulnerabilityCount;
        int i2 = i + sumOfFilteredVulnerabilities + ignoredVulnerabilityCount;
        if (i2 == 0) {
            return;
        }
        this.currentVulnerabilityTotals = String.format("%s unignored (of %s total) vulnerabilities found", Integer.valueOf(i), Integer.valueOf(i2));
        logger.error(this.currentVulnerabilityTotals);
        this.allGradleArtifacts = getAllDependencies();
        for (MavenPackageDescriptor mavenPackageDescriptor : collection) {
            if (mavenPackageDescriptor.getVulnerabilities() == null) {
                logger.info("No vulnerabilities in " + mavenPackageDescriptor.getMavenVersionId());
            } else if (this.settings.isIgnored(mavenPackageDescriptor)) {
                logger.info(mavenPackageDescriptor.getMavenVersionId() + " is ignored due to settings");
            } else if (mavenPackageDescriptor.getVulnerabilityMatches() == 0) {
                logger.info("Vulnerabilities in " + mavenPackageDescriptor.getMavenVersionId() + " are excluded due to settings");
            } else {
                GradleArtifact gradleArtifact = null;
                try {
                    gradleArtifact = findImportingArtifactFor(mavenPackageDescriptor);
                } catch (GradleException e) {
                }
                reportVulnerableArtifact(gradleArtifact, mavenPackageDescriptor);
                reportIntroducedVulnerabilities(mavenPackageDescriptor);
                writeTestcaseXml();
                z = true;
            }
        }
        if (!z) {
            writeTestcaseXml();
        }
        if (i > 0) {
            throw new GradleException("Too many vulnerabilities (" + i + ") found.");
        }
    }

    private void writeTestcaseXml() {
        this.junitXmlReportWriter.updateJunitReport(this.currentVulnerabilityTotals, this.thisTask, this.currentVulnerableArtifact, this.currentVulnerabilityList);
    }

    private void reportVulnerableArtifact(GradleArtifact gradleArtifact, MavenPackageDescriptor mavenPackageDescriptor) {
        this.currentVulnerableArtifact = gradleArtifact == null ? String.format("%s introduces %s which has %s vulnerabilities", mavenPackageDescriptor.getMavenVersionId(), mavenPackageDescriptor.getMavenVersionId(), Integer.valueOf(mavenPackageDescriptor.getVulnerabilityMatches())) : String.format("%s introduces %s which has %s vulnerabilities", gradleArtifact.getFullDescription(), mavenPackageDescriptor.getMavenVersionId(), Integer.valueOf(mavenPackageDescriptor.getVulnerabilityMatches()));
        logger.error(this.currentVulnerableArtifact);
    }

    private int reportIntroducedVulnerabilities(MavenPackageDescriptor mavenPackageDescriptor) {
        this.currentVulnerabilityList.clear();
        List<OssiVulnerability> vulnerabilities = mavenPackageDescriptor.getVulnerabilities();
        vulnerabilities.forEach(ossiVulnerability -> {
            reportVulnerability(String.format("=> %s (see %s)", ossiVulnerability.getTitle(), getUriString(ossiVulnerability)));
        });
        return vulnerabilities.size();
    }

    private String getUriString(OssiVulnerability ossiVulnerability) {
        return OSSI_VULN_PREFIX + ossiVulnerability.getId();
    }

    private void reportVulnerability(String str) {
        logger.error(str);
        this.currentVulnerabilityList.add(str);
    }

    private GradleArtifact findImportingArtifactFor(MavenPackageDescriptor mavenPackageDescriptor) {
        return (GradleArtifact) this.allGradleArtifacts.stream().filter(gradleArtifact -> {
            return gradleArtifact.getFullDescription().equals(mavenPackageDescriptor.getMavenVersionId());
        }).map((v0) -> {
            return v0.getTopMostParent();
        }).findAny().orElseThrow(() -> {
            return new GradleException("Couldn't find importing artifact for " + mavenPackageDescriptor.getMavenVersionId());
        });
    }

    private Set<GradleArtifact> getAllDependencies() {
        HashSet hashSet = new HashSet();
        Iterator<GradleArtifact> it = this.resolvedTopLevelArtifacts.iterator();
        while (it.hasNext()) {
            buildDependencies(hashSet, it.next());
        }
        return hashSet;
    }

    private void buildDependencies(Set<GradleArtifact> set, GradleArtifact gradleArtifact) {
        set.add(gradleArtifact);
        for (GradleArtifact gradleArtifact2 : gradleArtifact.getChildren()) {
            if (!set.contains(gradleArtifact2)) {
                buildDependencies(set, gradleArtifact2);
            }
        }
    }

    private int getSumOfUnfilteredVulnerabilities(Collection<MavenPackageDescriptor> collection) {
        return collection.stream().mapToInt((v0) -> {
            return v0.getVulnerabilityMatches();
        }).sum();
    }

    private int getSumOfFilteredVulnerabilities(Collection<MavenPackageDescriptor> collection) {
        int i = 0;
        for (MavenPackageDescriptor mavenPackageDescriptor : collection) {
            i += mavenPackageDescriptor.getAllVulnerabilityCount() - mavenPackageDescriptor.getVulnerabilityMatches();
        }
        return i;
    }

    private int getIgnoredVulnerabilityCount(Collection<MavenPackageDescriptor> collection) {
        int i = 0;
        for (MavenPackageDescriptor mavenPackageDescriptor : collection) {
            if (this.settings.isIgnored(mavenPackageDescriptor)) {
                i += mavenPackageDescriptor.getVulnerabilityMatches();
            }
        }
        return i;
    }
}
