package org.owasp.dependencycheck.analyzer;

import java.io.File;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import org.apache.commons.lang3.mutable.MutableInt;
import org.junit.Assert;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.data.cpe.IndexEntry;
import org.owasp.dependencycheck.dependency.Confidence;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.naming.Identifier;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/CPEAnalyzerIT.class */
public class CPEAnalyzerIT extends BaseDBTestCase {
    @Test
    public void testBuildSearch() throws Exception {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("apache software foundation", new MutableInt(1));
        hashMap2.put("struts 2 core", new MutableInt(1));
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        cPEAnalyzer.initialize(getSettings());
        Assert.assertTrue("product:(struts 2 core) AND vendor:(apache software foundation)".equals(cPEAnalyzer.buildSearch(hashMap, hashMap2, hashSet2, hashSet)));
        hashSet2.add("apache");
        hashSet.add("struts2");
        Assert.assertTrue("product:(struts^2 2 core struts2^2) AND vendor:(apache^2 software foundation)".equals(cPEAnalyzer.buildSearch(hashMap, hashMap2, hashSet2, hashSet)));
        cPEAnalyzer.close();
    }

    @Test
    public void testDetermineCPE_full() throws Exception {
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        try {
            Engine engine = new Engine(getSettings());
            Throwable th = null;
            try {
                try {
                    engine.openDatabase(true, true);
                    cPEAnalyzer.initialize(getSettings());
                    cPEAnalyzer.prepare(engine);
                    FileNameAnalyzer fileNameAnalyzer = new FileNameAnalyzer();
                    fileNameAnalyzer.initialize(getSettings());
                    fileNameAnalyzer.prepare(engine);
                    JarAnalyzer jarAnalyzer = new JarAnalyzer();
                    jarAnalyzer.initialize(getSettings());
                    jarAnalyzer.accept(new File("test.jar"));
                    jarAnalyzer.prepare(engine);
                    HintAnalyzer hintAnalyzer = new HintAnalyzer();
                    hintAnalyzer.initialize(getSettings());
                    hintAnalyzer.prepare(engine);
                    FalsePositiveAnalyzer falsePositiveAnalyzer = new FalsePositiveAnalyzer();
                    falsePositiveAnalyzer.initialize(getSettings());
                    falsePositiveAnalyzer.prepare(engine);
                    CpeSuppressionAnalyzer cpeSuppressionAnalyzer = new CpeSuppressionAnalyzer();
                    cpeSuppressionAnalyzer.initialize(getSettings());
                    cpeSuppressionAnalyzer.prepare(engine);
                    callDetermineCPE_full("spring-context-support-2.5.5.jar", "cpe:2.3:a:springsource:spring_framework:2.5.5:*:*:*:*:*:*:*", cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:2.3:a:pivotal_software:spring_framework:3.0.0:release:*:*:*:*:*:*", cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    callDetermineCPE_full("spring-core-3.0.0.RELEASE.jar", "cpe:2.3:a:springsource:spring_framework:3.0.0:release:*:*:*:*:*:*", cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    callDetermineCPE_full("jaxb-xercesImpl-1.5.jar", null, cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    callDetermineCPE_full("ehcache-core-2.2.0.jar", null, cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    callDetermineCPE_full("xstream-1.4.8.jar", "cpe:2.3:a:xstream_project:xstream:1.4.8:*:*:*:*:*:*:*", cPEAnalyzer, fileNameAnalyzer, jarAnalyzer, hintAnalyzer, falsePositiveAnalyzer, cpeSuppressionAnalyzer);
                    if (engine != null) {
                        if (0 != 0) {
                            try {
                                engine.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            engine.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            cPEAnalyzer.close();
        }
    }

    public void callDetermineCPE_full(String str, String str2, CPEAnalyzer cPEAnalyzer, FileNameAnalyzer fileNameAnalyzer, JarAnalyzer jarAnalyzer, HintAnalyzer hintAnalyzer, FalsePositiveAnalyzer falsePositiveAnalyzer, CpeSuppressionAnalyzer cpeSuppressionAnalyzer) throws Exception {
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, str));
        fileNameAnalyzer.analyze(dependency, (Engine) null);
        jarAnalyzer.analyze(dependency, (Engine) null);
        hintAnalyzer.analyze(dependency, (Engine) null);
        cPEAnalyzer.analyze(dependency, (Engine) null);
        falsePositiveAnalyzer.analyze(dependency, (Engine) null);
        cpeSuppressionAnalyzer.analyze(dependency, (Engine) null);
        if (str2 == null) {
            dependency.getVulnerableSoftwareIdentifiers().forEach(identifier -> {
                Assert.fail("Unexpected match found: { dep:'" + dependency.getFileName() + "', found:'" + identifier + "' }");
            });
            return;
        }
        boolean z = false;
        Iterator it = dependency.getVulnerableSoftwareIdentifiers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (str2.equals(((Identifier) it.next()).getValue())) {
                z = true;
                break;
            }
        }
        Assert.assertTrue("Match not found: { dep:'" + dependency.getFileName() + "', exp:'" + str2 + "' }", z);
    }

    @Test
    public void testDetermineCPE() throws Exception {
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "struts2-core-2.1.2.jar"));
        CpeSuppressionAnalyzer cpeSuppressionAnalyzer = new CpeSuppressionAnalyzer();
        cpeSuppressionAnalyzer.initialize(getSettings());
        cpeSuppressionAnalyzer.prepare((Engine) null);
        new FileNameAnalyzer().analyze(dependency, (Engine) null);
        HintAnalyzer hintAnalyzer = new HintAnalyzer();
        hintAnalyzer.initialize(getSettings());
        hintAnalyzer.prepare((Engine) null);
        JarAnalyzer jarAnalyzer = new JarAnalyzer();
        jarAnalyzer.initialize(getSettings());
        jarAnalyzer.accept(new File("test.jar"));
        jarAnalyzer.prepare((Engine) null);
        jarAnalyzer.analyze(dependency, (Engine) null);
        hintAnalyzer.analyze(dependency, (Engine) null);
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "commons-validator-1.4.0.jar"));
        jarAnalyzer.analyze(dependency2, (Engine) null);
        hintAnalyzer.analyze(dependency2, (Engine) null);
        Dependency dependency3 = new Dependency(BaseTest.getResourceAsFile(this, "spring-core-2.5.5.jar"));
        jarAnalyzer.analyze(dependency3, (Engine) null);
        hintAnalyzer.analyze(dependency3, (Engine) null);
        Dependency dependency4 = new Dependency(BaseTest.getResourceAsFile(this, "spring-core-3.0.0.RELEASE.jar"));
        jarAnalyzer.analyze(dependency4, (Engine) null);
        hintAnalyzer.analyze(dependency4, (Engine) null);
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        Engine engine = new Engine(getSettings());
        Throwable th = null;
        try {
            try {
                engine.openDatabase(true, true);
                cPEAnalyzer.initialize(getSettings());
                cPEAnalyzer.prepare(engine);
                cPEAnalyzer.determineCPE(dependency2);
                cPEAnalyzer.determineCPE(dependency);
                cPEAnalyzer.determineCPE(dependency3);
                cPEAnalyzer.determineCPE(dependency4);
                cPEAnalyzer.close();
                cpeSuppressionAnalyzer.analyze(dependency2, engine);
                dependency2.getVulnerableSoftwareIdentifiers().forEach(identifier -> {
                    Assert.fail("Apache Common Validator found an unexpected CPE identifier - " + identifier.getValue());
                });
                Assert.assertTrue("Incorrect match size - struts", dependency.getVulnerableSoftwareIdentifiers().size() >= 1);
                boolean z = false;
                Iterator it = dependency.getVulnerableSoftwareIdentifiers().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    } else if ("cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*".equals(((Identifier) it.next()).getValue())) {
                        z = true;
                        break;
                    }
                }
                Assert.assertTrue("Incorrect match - struts", z);
                Assert.assertTrue("Incorrect match size - spring3 - " + dependency4.getVulnerableSoftwareIdentifiers().size(), dependency4.getVulnerableSoftwareIdentifiers().size() >= 1);
                jarAnalyzer.close();
                cpeSuppressionAnalyzer.close();
                if (engine != null) {
                    if (0 == 0) {
                        engine.close();
                        return;
                    }
                    try {
                        engine.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (engine != null) {
                if (th != null) {
                    try {
                        engine.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    engine.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testDetermineIdentifiers() throws Exception {
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        Engine engine = new Engine(getSettings());
        Throwable th = null;
        try {
            try {
                engine.openDatabase(true, true);
                cPEAnalyzer.initialize(getSettings());
                cPEAnalyzer.prepare(engine);
                callDetermieIdentifiers("pivotal_software", "spring_framework", "4.3.4.release", "cpe:2.3:a:pivotal_software:spring_framework:4.3.4:release:*:*:*:*:*:*", cPEAnalyzer);
                callDetermieIdentifiers("eclipse", "jetty", "20.4.8.v20171121", "cpe:2.3:a:eclipse:jetty:20.4.8:20171121:*:*:*:*:*:*", cPEAnalyzer);
                callDetermieIdentifiers("openssl", "openssl", "1.0.1c", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cPEAnalyzer);
                cPEAnalyzer.close();
                if (engine != null) {
                    if (0 == 0) {
                        engine.close();
                        return;
                    }
                    try {
                        engine.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (engine != null) {
                if (th != null) {
                    try {
                        engine.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    engine.close();
                }
            }
            throw th4;
        }
    }

    private void callDetermieIdentifiers(String str, String str2, String str3, String str4, CPEAnalyzer cPEAnalyzer) throws Exception {
        Dependency dependency = new Dependency();
        dependency.addEvidence(EvidenceType.VENDOR, "test", "vendor", str, Confidence.HIGHEST);
        dependency.addEvidence(EvidenceType.PRODUCT, "test", "product", str2, Confidence.HIGHEST);
        dependency.addEvidence(EvidenceType.VERSION, "test", "version", str3, Confidence.HIGHEST);
        cPEAnalyzer.determineIdentifiers(dependency, str, str2, Confidence.HIGHEST);
        Assert.assertTrue(String.format("%s:%s:%s identifier not found", str, str2, str3), dependency.getVulnerableSoftwareIdentifiers().stream().anyMatch(identifier -> {
            System.out.println(identifier.getValue());
            return str4.equals(identifier.getValue());
        }));
    }

    @Test
    public void testAnalyzeDependency() throws Exception {
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        Engine engine = new Engine(getSettings());
        Throwable th = null;
        try {
            try {
                engine.openDatabase(true, true);
                cPEAnalyzer.initialize(getSettings());
                cPEAnalyzer.prepare(engine);
                callAnalyzeDependency("eclipse", "jetty", "20.4.8.v20171121", "cpe:2.3:a:eclipse:jetty:20.4.8:20171121:*:*:*:*:*:*", cPEAnalyzer, engine);
                callAnalyzeDependency("openssl", "openssl", "1.0.1c", "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*", cPEAnalyzer, engine);
                callAnalyzeDependency("apache", "commons-httpclient", "3.0", "cpe:2.3:a:apache:httpclient:3.0:*:*:*:*:*:*:*", cPEAnalyzer, engine);
                callAnalyzeDependency("org.apache", "commons-httpclient", "3.0", "cpe:2.3:a:apache:httpclient:3.0:*:*:*:*:*:*:*", cPEAnalyzer, engine);
                callAnalyzeDependency("org.apache", "httpclient", "3.0", "cpe:2.3:a:apache:httpclient:3.0:*:*:*:*:*:*:*", cPEAnalyzer, engine);
                cPEAnalyzer.close();
                if (engine != null) {
                    if (0 == 0) {
                        engine.close();
                        return;
                    }
                    try {
                        engine.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (engine != null) {
                if (th != null) {
                    try {
                        engine.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    engine.close();
                }
            }
            throw th4;
        }
    }

    private void callAnalyzeDependency(String str, String str2, String str3, String str4, CPEAnalyzer cPEAnalyzer, Engine engine) throws Exception {
        Dependency dependency = new Dependency(true);
        dependency.addEvidence(EvidenceType.VENDOR, "test", "vendor", str, Confidence.HIGHEST);
        dependency.addEvidence(EvidenceType.PRODUCT, "test", "product", str2, Confidence.HIGHEST);
        dependency.addEvidence(EvidenceType.VERSION, "test", "version", str3, Confidence.HIGHEST);
        dependency.setMd5sum("");
        dependency.setSha1sum("");
        dependency.setSha256sum("");
        cPEAnalyzer.analyzeDependency(dependency, engine);
        Assert.assertTrue(String.format("%s:%s:%s identifier not found", str, str2, str3), dependency.getVulnerableSoftwareIdentifiers().stream().anyMatch(identifier -> {
            System.out.println(identifier.getValue());
            return str4.equals(identifier.getValue());
        }));
    }

    @Test
    public void testSearchCPE() throws Exception {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("apache software foundation", new MutableInt(1));
        hashMap2.put("struts 2 core", new MutableInt(1));
        CPEAnalyzer cPEAnalyzer = new CPEAnalyzer();
        Engine engine = new Engine(getSettings());
        Throwable th = null;
        try {
            engine.openDatabase(true, true);
            cPEAnalyzer.initialize(getSettings());
            cPEAnalyzer.prepare(engine);
            boolean z = false;
            Iterator it = cPEAnalyzer.searchCPE(hashMap, hashMap2, Collections.singleton("apache"), Collections.singleton("struts2"), "java").iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                IndexEntry indexEntry = (IndexEntry) it.next();
                if ("apache".equals(indexEntry.getVendor()) && "struts".equals(indexEntry.getProduct())) {
                    z = true;
                    break;
                }
            }
            Assert.assertTrue("apache:struts was not identified", z);
            if (engine != null) {
                if (0 != 0) {
                    try {
                        engine.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    engine.close();
                }
            }
            cPEAnalyzer.close();
        } catch (Throwable th3) {
            if (engine != null) {
                if (0 != 0) {
                    try {
                        engine.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    engine.close();
                }
            }
            throw th3;
        }
    }
}
