package org.owasp.dependencycheck.analyzer;

import java.io.File;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.owasp.dependencycheck.BaseTest;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
import org.owasp.dependencycheck.dependency.Dependency;
import org.owasp.dependencycheck.dependency.EvidenceType;
import org.owasp.dependencycheck.exception.InitializationException;
import org.owasp.dependencycheck.utils.InvalidSettingException;

/* loaded from: input_file:org/owasp/dependencycheck/analyzer/NodePackageAnalyzerTest.class */
class NodePackageAnalyzerTest extends BaseTest {
    private NodePackageAnalyzer analyzer;
    private Engine engine;

    NodePackageAnalyzerTest() {
    }

    private NodeAuditAnalyzer getNodeAuditAnalyzer(Engine engine) {
        for (NodeAuditAnalyzer nodeAuditAnalyzer : engine.getAnalyzers()) {
            if (nodeAuditAnalyzer instanceof NodeAuditAnalyzer) {
                return nodeAuditAnalyzer;
            }
        }
        return null;
    }

    private NodePackageAnalyzer getNodePackageAnalyzer(Engine engine) {
        for (NodePackageAnalyzer nodePackageAnalyzer : engine.getAnalyzers()) {
            if (nodePackageAnalyzer instanceof NodePackageAnalyzer) {
                return nodePackageAnalyzer;
            }
        }
        return null;
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        if (getSettings().getBoolean("analyzer.node.package.enabled")) {
            this.engine = new Engine(getSettings());
            getNodeAuditAnalyzer(this.engine).setFilesMatched(true);
            this.analyzer = getNodePackageAnalyzer(this.engine);
            this.analyzer.setFilesMatched(true);
            this.analyzer.initialize(getSettings());
            try {
                this.analyzer.prepare(this.engine);
            } catch (InitializationException e) {
                if (!e.getMessage().startsWith("Missing package.lock or npm-shrinkwrap.lock file")) {
                    throw e;
                }
            }
        }
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @AfterEach
    public void tearDown() throws Exception {
        if (getSettings().getBoolean("analyzer.node.package.enabled")) {
            this.analyzer.close();
            this.engine.close();
        }
        super.tearDown();
    }

    @Test
    void testGetName() throws InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        MatcherAssert.assertThat(this.analyzer.getName(), CoreMatchers.is("Node.js Package Analyzer"));
    }

    @Test
    void testSupportsFiles() throws InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        MatcherAssert.assertThat(Boolean.valueOf(this.analyzer.accept(new File("package-lock.json"))), CoreMatchers.is(true));
        MatcherAssert.assertThat(Boolean.valueOf(this.analyzer.accept(new File("npm-shrinkwrap.json"))), CoreMatchers.is(true));
    }

    @Test
    void testAnalyzeShrinkwrapJson() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/npm-shrinkwrap.json"));
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/node_modules/dns-sync/package.json"));
        this.engine.addDependency(dependency);
        this.engine.addDependency(dependency2);
        this.analyzer.analyze(dependency, this.engine);
        this.analyzer.analyze(dependency2, this.engine);
        testLock();
    }

    private void testLock() {
        boolean contains = System.getProperty("os.name").toLowerCase().contains("mac");
        boolean z = false;
        boolean z2 = false;
        Dependency dependency = null;
        for (Dependency dependency2 : this.engine.getDependencies()) {
            if (!contains && "fsevents".equals(dependency2.getName())) {
                Assertions.fail("fsevents need to be skipped on non mac");
            }
            if ("react-dom".equals(dependency2.getName())) {
                Assertions.fail("react-dom need to be skipped because it's an alias");
            }
            if ("braces".equals(dependency2.getName())) {
                z = true;
            }
            if ("expand-range".equals(dependency2.getName())) {
                z2 = true;
            }
            if ("fake_submodule".equals(dependency2.getName())) {
                Assertions.fail("start with file: need to be skipped because it's a local package");
            }
            if ("react-dom".equals(dependency2.getName())) {
                Assertions.fail("start with file: need to be skipped because it's a local package");
            }
            if ("dns-sync".equals(dependency2.getName())) {
                dependency = dependency2;
            }
        }
        Assertions.assertTrue(z, "need to contain braces");
        Assertions.assertTrue(z2, "need to contain expand-range (dependency of braces)");
        String obj = dependency.getEvidence(EvidenceType.VENDOR).toString();
        MatcherAssert.assertThat(obj, CoreMatchers.containsString("Sanjeev Koranga"));
        MatcherAssert.assertThat(obj, CoreMatchers.containsString("dns-sync"));
        MatcherAssert.assertThat(dependency.getEvidence(EvidenceType.PRODUCT).toString(), CoreMatchers.containsString("dns-sync"));
        MatcherAssert.assertThat(dependency.getEvidence(EvidenceType.VERSION).toString(), CoreMatchers.containsString("0.1.3"));
        Assertions.assertEquals("nodejs", dependency.getEcosystem());
        Assertions.assertEquals("dns-sync", dependency.getName());
        Assertions.assertEquals("0.1.3", dependency.getVersion());
    }

    @Test
    void testAnalyzePackageJsonWithShrinkwrap() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/package.json"));
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/npm-shrinkwrap.json"));
        this.engine.addDependency(dependency);
        this.engine.addDependency(dependency2);
        Assertions.assertEquals(2, this.engine.getDependencies().length);
        this.analyzer.analyze(dependency, this.engine);
        Assertions.assertEquals(1, this.engine.getDependencies().length);
        Assertions.assertEquals(dependency2, this.engine.getDependencies()[0]);
        this.analyzer.analyze(dependency2, this.engine);
        testLock();
    }

    @Test
    void testWithoutLock() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/no_lock/package.json"));
        this.engine.addDependency(dependency);
        this.analyzer.analyze(dependency, this.engine);
        Assertions.assertEquals(1, this.engine.getDependencies().length, "Expected 1 dependencies");
    }

    @Test
    void testPackageLockV2() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/test_lockv2/package.json"));
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/test_lockv2/package-lock.json"));
        this.engine.addDependency(dependency);
        this.engine.addDependency(dependency2);
        this.analyzer.analyze(dependency, this.engine);
        Assertions.assertEquals(1, this.engine.getDependencies().length, "Expected 1 dependencies");
        this.analyzer.analyze(dependency2, this.engine);
        Assertions.assertEquals(6, this.engine.getDependencies().length, "Expected 1 dependencies");
    }

    @Test
    void testPackageLockV3() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.audit.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/test_lockv3/package.json"));
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/test_lockv3/package-lock.json"));
        this.engine.addDependency(dependency);
        this.engine.addDependency(dependency2);
        this.analyzer.analyze(dependency, this.engine);
        Assertions.assertEquals(1, this.engine.getDependencies().length, "Expected 1 dependencies");
        this.analyzer.analyze(dependency2, this.engine);
        Assertions.assertEquals(6, this.engine.getDependencies().length, "Expected 1 dependencies");
    }

    @Test
    void testLocalPackageDependency() throws AnalysisException, InvalidSettingException {
        Assumptions.assumeTrue(getSettings().getBoolean("analyzer.node.package.enabled"));
        Dependency dependency = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/local_package/package.json"));
        Dependency dependency2 = new Dependency(BaseTest.getResourceAsFile(this, "nodejs/local_package/package-lock.json"));
        this.engine.addDependency(dependency);
        this.engine.addDependency(dependency2);
        this.analyzer.analyze(dependency, this.engine);
        Assertions.assertEquals(1, this.engine.getDependencies().length, "Expected 1 dependencies");
        this.analyzer.analyze(dependency2, this.engine);
        Assertions.assertEquals(2, this.engine.getDependencies().length, "Expected 2 dependencies");
    }
}
