package com.sonatype.insight.scanner.call.flow.analyzer.bomxray;

import com.google.common.annotations.VisibleForTesting;
import com.sonatype.cat.bomxray.embedded.BomXrayRuntime;
import com.sonatype.cat.bomxray.java.callflow2.Callflow2;
import com.sonatype.cat.bomxray.java.callflow2.workspace2.WorkspaceMethodKt;
import com.sonatype.cat.bomxray.java.callflow2.workspace2.WorkspaceMethodSignature;
import com.sonatype.clm.dto.model.signature.ComponentWithSignatures;
import com.sonatype.clm.dto.model.signature.ComponentWithSignaturesList;
import com.sonatype.clm.dto.model.signature.FunctionSignature;
import com.sonatype.clm.dto.model.signature.Signature;
import com.sonatype.clm.dto.model.signature.VulnerabilitySignatureAnalysisDTO;
import com.sonatype.insight.scanner.call.flow.analyzer.CallFlowGraphHandler;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import kotlin.sequences.SequencesKt;
import org.slf4j.Logger;

/* loaded from: input_file:com/sonatype/insight/scanner/call/flow/analyzer/bomxray/BomXrayHandler.class */
public class BomXrayHandler implements CallFlowGraphHandler<Callflow2> {

    @VisibleForTesting
    static final String ANALYZER_NAME = "Bom-Xray";
    private final Logger log;
    private final BomXrayRuntime bomxray;
    private final Callflow2 callflow;
    private final VulnerabilitySignatureAnalysisDTO.MetricsDTO metricsDTO;

    public BomXrayHandler(Logger logger, BomXrayRuntime bomXrayRuntime, Callflow2 callflow2, VulnerabilitySignatureAnalysisDTO.MetricsDTO metricsDTO) {
        this.log = (Logger) Objects.requireNonNull(logger);
        this.bomxray = (BomXrayRuntime) Objects.requireNonNull(bomXrayRuntime);
        this.callflow = (Callflow2) Objects.requireNonNull(callflow2);
        this.metricsDTO = (VulnerabilitySignatureAnalysisDTO.MetricsDTO) Objects.requireNonNull(metricsDTO);
    }

    @Override // com.sonatype.insight.scanner.call.flow.analyzer.CallFlowGraphHandler
    public VulnerabilitySignatureAnalysisDTO buildVulnerabilitySignatureAnalysis(ComponentWithSignaturesList componentWithSignaturesList) {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        ArrayList arrayList = new ArrayList();
        List<ComponentWithSignatures> components = componentWithSignaturesList.getComponents();
        if (components == null || components.isEmpty()) {
            this.log.info("No vulnerable components found");
        } else {
            this.log.info("Detecting callable vulnerable methods from {} vulnerable components", Integer.valueOf(components.size()));
            Set set = SequencesKt.toSet(getCallFlowGraph().getMethods());
            for (ComponentWithSignatures componentWithSignatures : components) {
                if (isDebugEnabled) {
                    this.log.debug("Vulnerable component: {}, {} vulnerable method signatures", componentWithSignatures.getPackageUrl(), Integer.valueOf(componentWithSignatures.getSignatures().size()));
                }
                for (Signature signature : componentWithSignatures.getSignatures()) {
                    boolean contains = set.contains(convert(signature.getFunctionSignature()));
                    if (isDebugEnabled) {
                        this.log.debug("Vulnerable method signature: {}{}", signature.getFunctionSignature().getFunctionDescriptor(), contains ? " FOUND" : "");
                    }
                    if (contains) {
                        arrayList.add(convert(signature));
                    }
                }
            }
            if (arrayList.isEmpty()) {
                this.log.info("No callable vulnerable methods found");
            } else {
                this.log.info("Found {} callable vulnerable methods", Integer.valueOf(arrayList.size()));
            }
        }
        VulnerabilitySignatureAnalysisDTO vulnerabilitySignatureAnalysisDTO = new VulnerabilitySignatureAnalysisDTO();
        vulnerabilitySignatureAnalysisDTO.analyzer = new VulnerabilitySignatureAnalysisDTO.AnalyzerDTO();
        vulnerabilitySignatureAnalysisDTO.analyzer.name = ANALYZER_NAME;
        vulnerabilitySignatureAnalysisDTO.analyzer.version = this.bomxray.getVersion();
        vulnerabilitySignatureAnalysisDTO.signatures = arrayList;
        vulnerabilitySignatureAnalysisDTO.metricsDTO = this.metricsDTO;
        return vulnerabilitySignatureAnalysisDTO;
    }

    @VisibleForTesting
    Callflow2 getCallFlowGraph() {
        return this.callflow;
    }

    private WorkspaceMethodSignature convert(FunctionSignature functionSignature) {
        return WorkspaceMethodKt.getMethodSignature(functionSignature.getFunctionDescriptor());
    }

    private static VulnerabilitySignatureAnalysisDTO.SignatureDTO convert(Signature signature) {
        VulnerabilitySignatureAnalysisDTO.SignatureDTO signatureDTO = new VulnerabilitySignatureAnalysisDTO.SignatureDTO();
        signatureDTO.anchor = signature.getAnchor();
        VulnerabilitySignatureAnalysisDTO.TraceDTO traceDTO = new VulnerabilitySignatureAnalysisDTO.TraceDTO();
        traceDTO.functionDescriptor = signature.getFunctionSignature().getFunctionDescriptor();
        traceDTO.functionParameters = signature.getFunctionSignature().getFunctionParameters();
        signatureDTO.traces = Collections.singletonList(traceDTO);
        return signatureDTO;
    }
}
