package org.owasp.dependencycheck.analyzer;

import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.Evidence;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.exception.ExceptionCollection;
import org.owasp.dependencycheck.exception.InitializationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/ElixirMixAuditAnalyzerIT.class */
public class ElixirMixAuditAnalyzerIT extends BaseDBTestCase {
    private static final Logger LOGGER = LoggerFactory.getLogger(ElixirMixAuditAnalyzerIT.class);
    private ElixirMixAuditAnalyzer analyzer;

    @Override // org.owasp.dependencycheck.BaseDBTestCase, org.owasp.dependencycheck.BaseTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        getSettings().setBoolean("odc.autoupdate", false);
        getSettings().setBoolean("analyzer.nexus.enabled", false);
        getSettings().setBoolean("analyzer.central.enabled", false);
        this.analyzer = new ElixirMixAuditAnalyzer();
        this.analyzer.initialize(getSettings());
        this.analyzer.setFilesMatched(true);
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @After
    public void tearDown() throws Exception {
        if (this.analyzer != null) {
            this.analyzer.close();
            this.analyzer = null;
        }
        super.tearDown();
    }

    @Test
    public void testAnalysis() throws AnalysisException, DatabaseException {
        try {
            Engine engine = new Engine(getSettings());
            try {
                engine.openDatabase();
                this.analyzer.prepare(engine);
                this.analyzer.analyze(new Dependency(BaseTest.getResourceAsFile(this, "elixir/vulnerable/mix.lock")), engine);
                Dependency[] dependencies = engine.getDependencies();
                Assert.assertEquals("should be one result exactly", 1L, dependencies.length);
                Dependency dependency = dependencies[0];
                Assert.assertTrue(dependency.isVirtual());
                Assert.assertEquals("plug:1.3.4", dependency.getPackagePath());
                Assert.assertEquals("1.3.4", dependency.getVersion());
                Assert.assertEquals("plug", dependency.getName());
                Evidence evidence = (Evidence) dependency.getEvidence(EvidenceType.PRODUCT).iterator().next();
                Assert.assertEquals("Package", evidence.getName());
                Assert.assertEquals("plug", evidence.getValue());
                Evidence evidence2 = (Evidence) dependency.getEvidence(EvidenceType.VERSION).iterator().next();
                Assert.assertEquals("Version", evidence2.getName());
                Assert.assertEquals("1.3.4", evidence2.getValue());
                Assert.assertTrue(dependency.getFilePath().endsWith("elixir/vulnerable/mix.lock"));
                Assert.assertTrue(dependency.getFileName().equals("mix.lock"));
                Vulnerability vulnerability = (Vulnerability) dependency.getVulnerabilities().iterator().next();
                Assert.assertEquals("2018-1000883", vulnerability.getName());
                Assert.assertEquals("Cookie headers were not validated\n", vulnerability.getDescription());
                Assert.assertEquals(-1.0d, vulnerability.getCvssV2().getCvssData().getBaseScore().doubleValue(), 0.0d);
                Assert.assertEquals("cpe:2.3:a:plug_project:plug:1.3.4:*:*:*:*:*:*:*", ((VulnerableSoftware) vulnerability.getVulnerableSoftware().iterator().next()).toString());
                engine.close();
            } finally {
            }
        } catch (InitializationException | DatabaseException | AnalysisException e) {
            LOGGER.warn("Exception setting up ElixirAuditAnalyzer. Make sure Elixir and the mix_audit escript is installed. You may also need to set property \"analyzer.mix.audit.path\".");
            Assume.assumeNoException("Exception setting up ElixirMixAuditAnalyzer; mix_audit may not be installed, or property \"analyzer.mix.audit.path\" may not be set.", e);
        }
    }

    @Test
    public void testInvalidMixAuditExecutable() throws AnalysisException, DatabaseException {
        getSettings().setString("analyzer.mix.audit.path", BaseTest.getResourceAsFile(this, "elixir/invalid_executable").getAbsolutePath());
        this.analyzer.initialize(getSettings());
        try {
            this.analyzer.prepare((Engine) null);
        } catch (InitializationException e) {
            Assert.assertNotNull(e);
        } finally {
            Assert.assertFalse(this.analyzer.isEnabled());
        }
    }

    @Test
    public void testDependenciesPath() throws AnalysisException, DatabaseException {
        Engine engine = new Engine(getSettings());
        try {
            try {
                engine.scan(BaseTest.getResourceAsFile(this, "elixir/mix.lock"));
                engine.analyzeDependencies();
            } catch (NullPointerException e) {
                LOGGER.error("NPE", e);
                Assert.fail(e.getMessage());
            } catch (ExceptionCollection e2) {
                Assume.assumeNoException("Exception setting up ElixirMixAuditAnalyzer; mix_audit may not be installed, or property \"analyzer.mix.audit.path\" may not be set.", e2);
                engine.close();
                return;
            }
            LOGGER.info("{} dependencies found.", Integer.valueOf(engine.getDependencies().length));
            Assert.assertEquals("should find 0 (vulnerable) dependencies", 0L, r0.length);
            engine.close();
        } catch (Throwable th) {
            try {
                engine.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
