package com.checkmarx.sdk.utils.scanner.client;

import com.checkmarx.sdk.config.AstConfig;
import com.checkmarx.sdk.config.Constants;
import com.checkmarx.sdk.config.ContentType;
import com.checkmarx.sdk.config.RestClientConfig;
import com.checkmarx.sdk.dto.GitCredentials;
import com.checkmarx.sdk.dto.HandlerRef;
import com.checkmarx.sdk.dto.LoginSettings;
import com.checkmarx.sdk.dto.PathFilter;
import com.checkmarx.sdk.dto.RemoteRepositoryInfo;
import com.checkmarx.sdk.dto.ResultsBase;
import com.checkmarx.sdk.dto.ScanConfig;
import com.checkmarx.sdk.dto.ScanConfigBase;
import com.checkmarx.sdk.dto.ScannerType;
import com.checkmarx.sdk.dto.SourceLocationType;
import com.checkmarx.sdk.dto.ast.ASTResults;
import com.checkmarx.sdk.dto.ast.AstProjectToScan;
import com.checkmarx.sdk.dto.ast.AstScanStartHandler;
import com.checkmarx.sdk.dto.ast.AstStartScanRequest;
import com.checkmarx.sdk.dto.ast.Project;
import com.checkmarx.sdk.dto.ast.ProjectId;
import com.checkmarx.sdk.dto.ast.ProjectsList;
import com.checkmarx.sdk.dto.ast.SastScanConfigValue;
import com.checkmarx.sdk.dto.ast.report.AstSummaryResults;
import com.checkmarx.sdk.dto.ast.report.Finding;
import com.checkmarx.sdk.dto.ast.report.QueryDescription;
import com.checkmarx.sdk.dto.ast.report.ScanResultsResponse;
import com.checkmarx.sdk.dto.ast.report.SeverityCounter;
import com.checkmarx.sdk.dto.ast.report.SingleScanSummary;
import com.checkmarx.sdk.dto.ast.report.SummaryResponse;
import com.checkmarx.sdk.dto.sca.ClientType;
import com.checkmarx.sdk.dto.scansummary.Severity;
import com.checkmarx.sdk.exception.CxHTTPClientException;
import com.checkmarx.sdk.exception.ScannerRuntimeException;
import com.checkmarx.sdk.utils.State;
import com.checkmarx.sdk.utils.UrlUtils;
import com.checkmarx.sdk.utils.scanner.client.httpClient.HttpClientHelper;
import com.checkmarx.sdk.utils.zip.CxZipUtils;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.EnumUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.message.BasicNameValuePair;
import org.slf4j.Logger;
import org.springframework.web.client.RestClientException;

/* loaded from: input_file:com/checkmarx/sdk/utils/scanner/client/AstClientHelper.class */
public class AstClientHelper extends ScanClientHelper implements IScanClientHelper {
    private final String AST_SCAN_TYPE = "git";
    public static final String OAUTH2 = "oauth2:";
    private static final String TOKEN_SCM_SEPARATOR = "@";
    private static final String CREDENTIALS_TYPE = "apiKey";
    private static final String ENGINE_TYPE_FOR_API = "sast";
    private static final String REF_TYPE_BRANCH = "branch";
    private static final String SUMMARY_PATH = "/api/scan-summary";
    private static final String SCAN_RESULTS_PATH = "/api/results";
    private static final String AUTH_PATH = "/auth/realms/organization/protocol/openid-connect/token";
    private static final String WEB_PROJECT_PATH = "/#/projects/%s/overview";
    private static final String URL_PARSING_EXCEPTION = "URL parsing exception.";
    private static final String DESCRIPTIONS_PATH = "/api/queries/descriptions";
    private static final int DEFAULT_PAGE_SIZE = 1000;
    private static final int NO_FINDINGS_CODE = 4004;
    private static final ObjectMapper objectMapper = new ObjectMapper();
    private static final String API_VERSION = "*/*; version=1.0";
    private static final String SCAN_ID_PARAM_NAME = "scan-id";
    private static final String OFFSET_PARAM_NAME = "offset";
    private static final String LIMIT_PARAM_NAME = "limit";
    private static final String ID_PARAM_NAME = "ids";
    private static final int URL_MAX_CHAR_SIZE = 1490;
    public static final String AST_GET_PROJECT_ID = "/api/projects/?offset=0&limit=20&names=";
    public static final String AST_CREATE_PROJECT = "/api/projects/";
    private String scanId;

    public AstClientHelper(RestClientConfig restClientConfig, Logger logger) {
        super(restClientConfig, logger);
        this.AST_SCAN_TYPE = "git";
        AstConfig astConfig = this.config.getAstConfig();
        validate(astConfig);
        this.httpClient = createHttpClient(StringUtils.stripEnd(astConfig.getApiUrl(), "/"));
        this.httpClient.setCustomHeader("Accept", API_VERSION);
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.IScanClientHelper
    public ResultsBase init() {
        this.log.debug("Initializing {} client.", getScannerDisplayName());
        ASTResults aSTResults = new ASTResults();
        try {
            this.httpClient.login(getLoginSettings(getClientType()));
        } catch (Exception e) {
            super.handleInitError(e, aSTResults);
        }
        return aSTResults;
    }

    private LoginSettings getLoginSettings(ClientType clientType) throws MalformedURLException {
        return LoginSettings.builder().accessControlBaseUrl(UrlUtils.parseURLToString(this.config.getAstConfig().getApiUrl(), AUTH_PATH)).clientTypeForPasswordAuth(clientType).build();
    }

    private ClientType getClientType() {
        AstConfig astConfig = this.config.getAstConfig();
        return ClientType.builder().clientId(astConfig.getClientId()).clientSecret(astConfig.getClientSecret()).scopes("ast-api").grantType("client_credentials").build();
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected String getScannerDisplayName() {
        return ScannerType.AST_SAST.getDisplayName();
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected void uploadArchive(byte[] bArr, String str) throws IOException {
        this.log.info("Uploading the zipped data.");
        ByteArrayEntity byteArrayEntity = new ByteArrayEntity(bArr);
        String rootUri = this.httpClient.getRootUri();
        this.httpClient.setRootUri(str);
        try {
            this.httpClient.putRequest("", "", byteArrayEntity, JsonNode.class, 200, "upload ZIP file");
            this.httpClient.setRootUri(rootUri);
        } catch (Throwable th) {
            this.httpClient.setRootUri(rootUri);
            throw th;
        }
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.IScanClientHelper
    public ResultsBase initiateScan() {
        this.log.info("----------------------------------- Initiating {} Scan:------------------------------------", getScannerDisplayName());
        ASTResults aSTResults = new ASTResults();
        this.scanId = null;
        AstConfig astConfig = this.config.getAstConfig();
        try {
            SourceLocationType sourceLocationType = astConfig.getSourceLocationType();
            String determineProjectId = determineProjectId(this.config.getProjectName());
            this.scanId = extractScanIdFrom(sourceLocationType == SourceLocationType.REMOTE_REPOSITORY ? submitSourcesFromRemoteRepo(determineProjectId, astConfig) : submitAllSourcesFromLocalDir(determineProjectId, astConfig));
            aSTResults.setScanId(this.scanId);
        } catch (Exception e) {
            this.log.error(e.getMessage());
            setState(State.FAILED);
            aSTResults.setException(new ScannerRuntimeException("Error creating scan.", e));
        }
        return aSTResults;
    }

    private HttpResponse submitAllSourcesFromLocalDir(String str, ScanConfigBase scanConfigBase) throws IOException {
        this.log.info("Using local directory flow.");
        return initiateScanForUpload(str, CxZipUtils.getZippedSources(this.config, new PathFilter("", "", this.log), this.config.getSourceDir(), this.log), scanConfigBase);
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected ScanConfig getScanConfig() {
        String presetName = this.config.getAstConfig().getPresetName();
        if (StringUtils.isEmpty(presetName)) {
            throw new ScannerRuntimeException("Scan preset must be specified.");
        }
        return ScanConfig.builder().type("sast").value(SastScanConfigValue.builder().incremental(Boolean.toString(this.config.getAstConfig().isIncremental())).presetName(presetName).build()).build();
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected HandlerRef getBranchToScan(RemoteRepositoryInfo remoteRepositoryInfo) {
        return HandlerRef.builder().type(REF_TYPE_BRANCH).value(remoteRepositoryInfo.getBranch()).build();
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.IScanClientHelper
    public ResultsBase waitForScanResults() {
        ASTResults aSTResults;
        try {
            waitForScanToFinish(this.scanId);
            aSTResults = retrieveScanResults();
        } catch (ScannerRuntimeException e) {
            this.log.error(e.getMessage());
            aSTResults = new ASTResults();
            aSTResults.setException(e);
        }
        return aSTResults;
    }

    private ASTResults retrieveScanResults() {
        try {
            ASTResults aSTResults = new ASTResults();
            aSTResults.setScanId(this.scanId);
            aSTResults.setSummary(getSummary());
            aSTResults.setFindings(getFindings());
            aSTResults.setWebReportLink(getWebReportLink(this.config.getAstConfig().getWebAppUrl()));
            return aSTResults;
        } catch (IOException e) {
            throw new ScannerRuntimeException(String.format("Error getting %s scan results.", getScannerDisplayName()), e);
        }
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected String getWebReportPath() throws UnsupportedEncodingException {
        return String.format(WEB_PROJECT_PATH, URLEncoder.encode(this.config.getProjectName(), Constants.ENCODING));
    }

    private AstSummaryResults getSummary() {
        AstSummaryResults astSummaryResults = new AstSummaryResults();
        SingleScanSummary nativeSummary = getNativeSummary(getSummaryResponse(getRelativeSummaryUrl()));
        setFindingCountsPerSeverity(nativeSummary.getSeverityCounters(), astSummaryResults);
        astSummaryResults.setStatusCounters(nativeSummary.getStatusCounters());
        astSummaryResults.setTotalCounter(nativeSummary.getTotalCounter());
        return astSummaryResults;
    }

    private List<Finding> getFindings() throws IOException {
        ScanResultsResponse scanResultsResponse;
        int i = 0;
        int resultsPageSize = this.config.getAstConfig().getResultsPageSize();
        if (resultsPageSize <= 0) {
            resultsPageSize = DEFAULT_PAGE_SIZE;
        }
        ArrayList arrayList = new ArrayList();
        do {
            scanResultsResponse = getScanResultsResponse(getRelativeResultsUrl(i, resultsPageSize));
            List<Finding> results = scanResultsResponse.getResults();
            arrayList.addAll(results);
            i += results.size();
        } while (i < scanResultsResponse.getTotalCount());
        this.log.info(String.format("Total findings: %d", Integer.valueOf(arrayList.size())));
        try {
            populateAdditionalFields(arrayList);
        } catch (ScannerRuntimeException e) {
            this.log.error(e.getMessage());
        }
        return arrayList;
    }

    private void populateAdditionalFields(List<Finding> list) throws IOException {
        HashMap hashMap = new HashMap();
        Set<String> set = (Set) list.stream().map(finding -> {
            return finding.getQueryID();
        }).collect(Collectors.toSet());
        while (set.size() > 0) {
            Set<String> hashSet = new HashSet<>();
            hashMap.putAll((Map) processQueryIDs(set, hashSet).stream().collect(Collectors.toMap((v0) -> {
                return v0.getQueryId();
            }, queryDescription -> {
                return queryDescription;
            })));
            set.removeAll(hashSet);
        }
        this.log.info(String.format("QueryIds with descriptions size: {} ", Integer.valueOf(hashMap.size())));
        list.stream().forEach(finding2 -> {
            finding2.setDescription(((QueryDescription) hashMap.get(finding2.getQueryID())).getResultDescription());
        });
    }

    private String prepareURL(Set<String> set, Set<String> set2) {
        try {
            int length = new URIBuilder().setPath(DESCRIPTIONS_PATH).setParameter(SCAN_ID_PARAM_NAME, this.scanId).build().toString().length();
            URIBuilder uRIBuilder = new URIBuilder();
            uRIBuilder.setPath(DESCRIPTIONS_PATH);
            int i = URL_MAX_CHAR_SIZE - length;
            LinkedList linkedList = new LinkedList();
            for (String str : set) {
                i = ((i - ID_PARAM_NAME.length()) - 2) - str.length();
                if (i > 0) {
                    set2.add(str);
                    linkedList.add(new BasicNameValuePair(ID_PARAM_NAME, str));
                }
            }
            uRIBuilder.setParameters(linkedList);
            String uri = uRIBuilder.setParameter(SCAN_ID_PARAM_NAME, this.scanId).build().toString();
            this.log.debug(String.format("Getting descriptions from %s", uri));
            return uri;
        } catch (URISyntaxException e) {
            throw new ScannerRuntimeException(URL_PARSING_EXCEPTION, e);
        }
    }

    private String getRelativeResultsUrl(int i, int i2) {
        try {
            String uri = new URIBuilder().setPath(SCAN_RESULTS_PATH).setParameter(SCAN_ID_PARAM_NAME, this.scanId).setParameter(OFFSET_PARAM_NAME, Integer.toString(i)).setParameter(LIMIT_PARAM_NAME, Integer.toString(i2)).build().toString();
            if (this.log.isDebugEnabled()) {
                this.log.debug(String.format("Getting findings from %s", uri));
            }
            return uri;
        } catch (URISyntaxException e) {
            throw new ScannerRuntimeException(URL_PARSING_EXCEPTION, e);
        }
    }

    private List<QueryDescription> processQueryIDs(Set<String> set, Set<String> set2) throws IOException {
        return (List) this.httpClient.getRequest(prepareURL(set, set2), ContentType.CONTENT_TYPE_APPLICATION_JSON, QueryDescription.class, 200, "retrieving queries description", true);
    }

    private ScanResultsResponse getScanResultsResponse(String str) throws IOException {
        return (ScanResultsResponse) this.httpClient.getRequest(str, ContentType.CONTENT_TYPE_APPLICATION_JSON, ScanResultsResponse.class, 200, "retrieving scan results", false);
    }

    private SummaryResponse getSummaryResponse(String str) {
        SummaryResponse emptySummaryIfApplicable;
        try {
            emptySummaryIfApplicable = (SummaryResponse) this.httpClient.getRequest(str, ContentType.CONTENT_TYPE_APPLICATION_JSON, SummaryResponse.class, 200, "retrieving scan summary", false);
        } catch (Exception e) {
            emptySummaryIfApplicable = getEmptySummaryIfApplicable(e);
        }
        return emptySummaryIfApplicable;
    }

    private SummaryResponse getEmptySummaryIfApplicable(Exception exc) {
        if (!noFindingsWereDetected(exc)) {
            throw new ScannerRuntimeException("Error getting scan summary.", exc);
        }
        SummaryResponse summaryResponse = new SummaryResponse();
        summaryResponse.getScansSummaries().add(new SingleScanSummary());
        return summaryResponse;
    }

    private boolean noFindingsWereDetected(Exception exc) {
        boolean z = false;
        if (exc instanceof CxHTTPClientException) {
            CxHTTPClientException cxHTTPClientException = (CxHTTPClientException) exc;
            if (cxHTTPClientException.getStatusCode() == 404 && StringUtils.isNotEmpty(cxHTTPClientException.getResponseBody())) {
                try {
                    z = objectMapper.readTree(cxHTTPClientException.getResponseBody()).get("code").asInt() == NO_FINDINGS_CODE;
                } catch (Exception e) {
                    this.log.warn("Error parsing the 'Not found' response.", e);
                }
            }
        }
        return z;
    }

    private String getRelativeSummaryUrl() {
        try {
            String uri = new URIBuilder().setPath(SUMMARY_PATH).setParameter("scan-ids", this.scanId).build().toString();
            if (this.log.isDebugEnabled()) {
                this.log.debug(String.format("Getting summary from %s", uri));
            }
            return uri;
        } catch (URISyntaxException e) {
            throw new ScannerRuntimeException(URL_PARSING_EXCEPTION, e);
        }
    }

    private static void setFindingCountsPerSeverity(List<SeverityCounter> list, AstSummaryResults astSummaryResults) {
        if (list == null) {
            return;
        }
        for (SeverityCounter severityCounter : list) {
            Severity severity = (Severity) EnumUtils.getEnum(Severity.class, severityCounter.getSeverity());
            int counter = severityCounter.getCounter();
            if (severity != null) {
                if (severity == Severity.HIGH) {
                    astSummaryResults.setHighVulnerabilityCount(counter);
                } else if (severity == Severity.MEDIUM) {
                    astSummaryResults.setMediumVulnerabilityCount(counter);
                } else if (severity == Severity.LOW) {
                    astSummaryResults.setLowVulnerabilityCount(counter);
                }
            }
        }
    }

    private static SingleScanSummary getNativeSummary(SummaryResponse summaryResponse) {
        return (SingleScanSummary) Optional.ofNullable(summaryResponse).map((v0) -> {
            return v0.getScansSummaries();
        }).filter(list -> {
            return list.size() == 1;
        }).map(list2 -> {
            return (SingleScanSummary) list2.get(0);
        }).orElseThrow(() -> {
            return new ScannerRuntimeException("Invalid summary response.");
        });
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.IScanClientHelper
    public ResultsBase getLatestScanResults() {
        this.log.error("Unsupported Operation.");
        ASTResults aSTResults = new ASTResults();
        aSTResults.setException(new ScannerRuntimeException(new UnsupportedOperationException()));
        return aSTResults;
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.IScanClientHelper
    public void close() {
        Optional.ofNullable(this.httpClient).ifPresent((v0) -> {
            v0.close();
        });
    }

    private void validate(ScanConfigBase scanConfigBase) {
        this.log.debug("Validating config.");
        String str = null;
        if (scanConfigBase == null) {
            str = "%s config must be provided.";
        } else if (StringUtils.isBlank(scanConfigBase.getApiUrl())) {
            str = "%s API URL must be provided.";
        }
        if (str != null) {
            throw new IllegalArgumentException(String.format(str, getScannerDisplayName()));
        }
    }

    protected String determineProjectId(String str) {
        try {
            ProjectsList projectsList = (ProjectsList) this.httpClient.getRequest(AST_GET_PROJECT_ID + str, ContentType.CONTENT_TYPE_APPLICATION_JSON, ProjectsList.class, 200, "Failed to get scan ID for scan " + str, false);
            return projectsList.getProjects().size() == 0 ? createProject(str) : projectsList.getProjects().get(0).getId();
        } catch (Exception e) {
            throw new RestClientException(e.getMessage());
        }
    }

    private synchronized String createProject(String str) {
        Project project = new Project();
        project.setName(str);
        this.log.info("Sending the 'start scan' request.");
        try {
            String id = ((ProjectId) this.httpClient.postRequest(AST_CREATE_PROJECT, ContentType.CONTENT_TYPE_APPLICATION_JSON, HttpClientHelper.convertToStringEntity(project), ProjectId.class, 201, "start the scan")).getId();
            this.httpClient.setCustomHeader("Accept", API_VERSION);
            return id;
        } catch (IOException e) {
            throw new RestClientException(e.getMessage());
        }
    }

    protected AstScanStartHandler getScanStartHandler(RemoteRepositoryInfo remoteRepositoryInfo, SourceLocationType sourceLocationType) {
        this.log.debug("Creating the handler object.");
        try {
            HandlerRef branchToScan = getBranchToScan(remoteRepositoryInfo);
            URL url = remoteRepositoryInfo.getUrl();
            GitCredentials calculateGitCredentials = calculateGitCredentials(remoteRepositoryInfo, sourceLocationType);
            if (SourceLocationType.REMOTE_REPOSITORY.equals(sourceLocationType)) {
                url = sanitize(remoteRepositoryInfo.getUrl());
            }
            return AstScanStartHandler.builder().ref(branchToScan).username("").credentials(calculateGitCredentials).repoUrl(url.toString()).build();
        } catch (MalformedURLException e) {
            throw new ScannerRuntimeException(e.getMessage());
        }
    }

    private GitCredentials calculateGitCredentials(RemoteRepositoryInfo remoteRepositoryInfo, SourceLocationType sourceLocationType) {
        String str = "";
        String str2 = "";
        if (SourceLocationType.REMOTE_REPOSITORY.equals(sourceLocationType)) {
            String authority = remoteRepositoryInfo.getUrl().getAuthority();
            if (StringUtils.isNotEmpty(authority) && authority.contains(TOKEN_SCM_SEPARATOR)) {
                str2 = authority.substring(0, authority.indexOf(TOKEN_SCM_SEPARATOR));
                if (str2.contains("oauth2:")) {
                    str2 = str2.split("oauth2:")[1];
                }
                str = CREDENTIALS_TYPE;
            }
        }
        return GitCredentials.builder().type(str).value(str2).build();
    }

    @Override // com.checkmarx.sdk.utils.scanner.client.ScanClientHelper
    protected HttpResponse sendStartScanRequest(RemoteRepositoryInfo remoteRepositoryInfo, SourceLocationType sourceLocationType, String str) throws IOException {
        this.log.debug("Constructing the 'start scan' request");
        AstProjectToScan build = AstProjectToScan.builder().id(str).type("git").handler(getScanStartHandler(remoteRepositoryInfo, sourceLocationType)).build();
        AstStartScanRequest build2 = AstStartScanRequest.builder().branch(remoteRepositoryInfo.getBranch()).project(build).config(Collections.singletonList(getScanConfig())).build();
        if (SourceLocationType.LOCAL_DIRECTORY.equals(sourceLocationType)) {
            build2.setUploadUrl(remoteRepositoryInfo.getUrl().getPath());
        }
        StringEntity convertToStringEntity = HttpClientHelper.convertToStringEntity(build2);
        this.log.info("Sending the 'start scan' request.");
        return (HttpResponse) this.httpClient.postRequest(ScanClientHelper.CREATE_SCAN, ContentType.CONTENT_TYPE_APPLICATION_JSON, convertToStringEntity, HttpResponse.class, 201, "start the scan");
    }
}
