package com.h3xstream.retirejs;

import com.esotericsoftware.minlog.Log;
import com.h3xstream.retirejs.repo.JsLibraryResult;
import com.h3xstream.retirejs.repo.ScannerFacade;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.maven.model.Resource;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.project.MavenProject;

/* loaded from: input_file:com/h3xstream/retirejs/RetireJsScan.class */
public class RetireJsScan extends AbstractMojo {
    protected boolean breakOnFailure;
    protected MavenProject project;
    protected File webAppDirectory;

    private void initMiniLog() {
        Log.setLogger(new Log.Logger() { // from class: com.h3xstream.retirejs.RetireJsScan.1
            public void log(int i, String str, String str2, Throwable th) {
                switch (i) {
                    case 1:
                    case 2:
                    case 3:
                        RetireJsScan.this.getLog().debug(str2);
                        return;
                    case 4:
                        RetireJsScan.this.getLog().warn(str2);
                        return;
                    case 5:
                        RetireJsScan.this.getLog().error(str2, th);
                        return;
                    default:
                        return;
                }
            }
        });
        Log.DEBUG();
    }

    public void execute() throws MojoExecutionException, MojoFailureException {
        initMiniLog();
        ArrayList arrayList = new ArrayList();
        this.project.getBasedir();
        if ("pom".equals(this.project.getPackaging())) {
            getLog().debug("Skipping " + this.project.getGroupId() + ":" + this.project.getArtifactId() + " for not being a code project.");
            return;
        }
        try {
            HashSet<Resource> hashSet = new HashSet();
            hashSet.addAll(this.project.getResources());
            hashSet.addAll(this.project.getTestResources());
            for (Resource resource : hashSet) {
                if (resource.getDirectory() != null) {
                    File file = new File(resource.getDirectory());
                    if (file.exists()) {
                        getLog().debug("Scanning directory: " + file.toString());
                        scanDirectory(file, arrayList);
                    }
                }
            }
            if (this.webAppDirectory != null && this.webAppDirectory.exists()) {
                getLog().debug("Scanning directory: " + this.webAppDirectory.toString());
                scanDirectory(this.webAppDirectory, arrayList);
            }
            HashSet hashSet2 = new HashSet();
            hashSet2.addAll(this.project.getCompileSourceRoots());
            hashSet2.addAll(this.project.getTestCompileSourceRoots());
            hashSet2.addAll(this.project.getScriptSourceRoots());
            Iterator it = hashSet2.iterator();
            while (it.hasNext()) {
                File file2 = new File((String) it.next());
                if (file2.exists()) {
                    getLog().debug("Scanning directory: " + file2.toString());
                    scanDirectory(file2, arrayList);
                }
            }
            if (!this.breakOnFailure || arrayList.size() <= 0) {
                return;
            }
            Object[] objArr = new Object[2];
            objArr[0] = Integer.valueOf(arrayList.size());
            objArr[1] = arrayList.size() > 1 ? "s" : "";
            throw new MojoFailureException(String.format("%d known vulnerabilitie%s were identified in the JavaScript librairies.", objArr));
        } catch (Exception e) {
            throw new MojoExecutionException("Unable to scan the file ", e);
        }
    }

    protected void scanDirectory(File file, List<JsLibraryResult> list) throws IOException {
        for (File file2 : file.listFiles()) {
            if (file2.isDirectory()) {
                scanDirectory(file2, list);
            } else if (isJavaScriptFile(file2)) {
                scanJavaScriptFile(file2, list);
            }
        }
    }

    protected boolean isJavaScriptFile(File file) {
        return file.getName().endsWith(".js");
    }

    protected void scanJavaScriptFile(File file, List<JsLibraryResult> list) throws IOException {
        getLog().debug("Scanning " + file.getCanonicalFile());
        List<JsLibraryResult> scanScript = ScannerFacade.getInstance().scanScript(file.getAbsolutePath(), IOUtils.toByteArray(new FileInputStream(file)), 0);
        list.addAll(scanScript);
        if (scanScript.size() > 0) {
            getLog().warn(file.getName() + " contains a vulnerable JavaScript library.");
            getLog().info("Path: " + file.getCanonicalPath());
            for (JsLibraryResult jsLibraryResult : scanScript) {
                getLog().info(jsLibraryResult.getLibrary().getName() + " version " + jsLibraryResult.getDetectedVersion() + " is vulnerable.");
                Iterator it = jsLibraryResult.getVuln().getInfo().iterator();
                while (it.hasNext()) {
                    getLog().info("+ " + ((String) it.next()));
                }
            }
        }
    }
}
