package org.owasp.dependencycheck.data.nvdcve;

import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.owasp.dependencycheck.BaseDBTestCase;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.dependency.VulnerableSoftwareBuilder;
import us.springett.parsers.cpe.Cpe;
import us.springett.parsers.cpe.CpeBuilder;
import us.springett.parsers.cpe.values.LogicalValue;
import us.springett.parsers.cpe.values.Part;

/* loaded from: input_file:org/owasp/dependencycheck/data/nvdcve/CveDBIT.class */
class CveDBIT extends BaseDBTestCase {
    private CveDB instance = null;

    CveDBIT() {
    }

    @Override // org.owasp.dependencycheck.BaseDBTestCase, org.owasp.dependencycheck.BaseTest
    @BeforeEach
    public void setUp() throws Exception {
        super.setUp();
        this.instance = new CveDB(getSettings());
        this.instance.open();
    }

    @Override // org.owasp.dependencycheck.BaseTest
    @AfterEach
    public void tearDown() throws Exception {
        this.instance.close();
        super.tearDown();
    }

    @Test
    void testGetCPEs() {
        Assertions.assertTrue(this.instance.getCPEs("apache", "struts").size() > 5);
    }

    @Test
    void testgetVulnerability() {
        Assertions.assertTrue(this.instance.getVulnerability("CVE-2014-0094").getDescription().startsWith("The ParametersInterceptor in Apache Struts"));
    }

    @Test
    void testGetVulnerabilities() throws Exception {
        CpeBuilder cpeBuilder = new CpeBuilder();
        Assertions.assertTrue(this.instance.getVulnerabilities(cpeBuilder.part(Part.APPLICATION).vendor("apache").product("struts").version("2.1.2").build()).size() > 5);
        List vulnerabilities = this.instance.getVulnerabilities(cpeBuilder.part(Part.APPLICATION).vendor("apache").product("tomcat").version("6.0.1").build());
        Assertions.assertTrue(vulnerabilities.size() > 1);
        boolean z = false;
        Iterator it = vulnerabilities.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if ("CVE-2014-0075".equals(((Vulnerability) it.next()).getName())) {
                z = true;
                break;
            }
        }
        Assertions.assertTrue(z, "Expected " + "CVE-2014-0075" + ", but was not identified");
        boolean z2 = false;
        Iterator it2 = vulnerabilities.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            } else if ("CVE-2014-0096".equals(((Vulnerability) it2.next()).getName())) {
                z2 = true;
                break;
            }
        }
        Assertions.assertTrue(z2, "Expected " + "CVE-2014-0096" + ", but was not identified");
        List vulnerabilities2 = this.instance.getVulnerabilities(cpeBuilder.part(Part.APPLICATION).vendor("jenkins").product("mailer").version("1.13").build());
        Assertions.assertFalse(vulnerabilities2.isEmpty());
        boolean z3 = false;
        Iterator it3 = vulnerabilities2.iterator();
        while (true) {
            if (!it3.hasNext()) {
                break;
            } else if ("CVE-2017-2651".equals(((Vulnerability) it3.next()).getName())) {
                z3 = true;
                break;
            }
        }
        Assertions.assertTrue(z3, "Expected " + "CVE-2017-2651" + ", but was not identified");
        List vulnerabilities3 = this.instance.getVulnerabilities(cpeBuilder.part(Part.APPLICATION).vendor("fasterxml").product("jackson-databind").version("2.8.1").build());
        Assertions.assertFalse(vulnerabilities3.isEmpty());
        boolean z4 = false;
        Iterator it4 = vulnerabilities3.iterator();
        while (true) {
            if (!it4.hasNext()) {
                break;
            } else if ("CVE-2017-15095".equals(((Vulnerability) it4.next()).getName())) {
                z4 = true;
                break;
            }
        }
        Assertions.assertTrue(z4, "Expected " + "CVE-2017-15095" + ", but was not identified");
    }

    @Test
    void testGetMatchingSoftware() throws Exception {
        VulnerableSoftwareBuilder vulnerableSoftwareBuilder = new VulnerableSoftwareBuilder();
        HashSet hashSet = new HashSet();
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("openssl").product("openssl").version("1.0.1e").build());
        CpeBuilder cpeBuilder = new CpeBuilder();
        Cpe build = cpeBuilder.part(Part.APPLICATION).vendor("openssl").product("openssl").version("1.0.1o").build();
        Assertions.assertNull(this.instance.getMatchingSoftware(build, hashSet));
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("openssl").product("openssl").version("1.0.1p").build());
        Assertions.assertNull(this.instance.getMatchingSoftware(build, hashSet));
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("openssl").product("openssl").version("1.0.1p").versionStartIncluding("1.0.0").versionEndExcluding("1.0.1p").build());
        VulnerableSoftware matchingSoftware = this.instance.getMatchingSoftware(build, hashSet);
        Assertions.assertNotNull(matchingSoftware);
        Assertions.assertEquals("cpe:/a:openssl:openssl:1.0.1p", matchingSoftware.toCpe22Uri());
        hashSet.clear();
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("3.2.5").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("3.2.6").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("3.2.7").versionStartIncluding("3.0.0").versionEndIncluding("3.2.7").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.0.1").versionStartIncluding("4.0.0").versionEndIncluding("4.0.1").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.0.0").update("m1").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.0.0").update("m2").build());
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.0.0").update("rc1").build());
        Assertions.assertEquals("cpe:/a:springsource:spring_framework:3.2.7", this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("3.2.2").build(), hashSet).toCpe22Uri());
        Assertions.assertNull(this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("3.2.12").build(), hashSet));
        Assertions.assertEquals("cpe:/a:springsource:spring_framework:4.0.1", this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.0.0").build(), hashSet).toCpe22Uri());
        Assertions.assertNull(this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("4.1.0").build(), hashSet));
        hashSet.clear();
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version(LogicalValue.NA).build());
        Assertions.assertNull(this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("springsource").product("spring_framework").version("1.6.3").build(), hashSet));
        hashSet.clear();
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("eclipse").product("jetty").update("20170531").versionEndIncluding("9.5.6").build());
        Assertions.assertNull(this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("eclipse").product("jetty").version("9.0.0").update("20170532").build(), hashSet));
        Assertions.assertEquals("cpe:/a:eclipse:jetty::20170531", this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("eclipse").product("jetty").version("9.0.0").update("20170531").build(), hashSet).toCpe22Uri());
        hashSet.clear();
        hashSet.add(vulnerableSoftwareBuilder.part(Part.APPLICATION).vendor("jenkins").product("mailer").versionEndExcluding("1.20").targetSw("jenkins").build());
        Assertions.assertEquals("cpe:/a:jenkins:mailer:::~~~jenkins~~", this.instance.getMatchingSoftware(cpeBuilder.part(Part.APPLICATION).vendor("jenkins").product("mailer").version("1.13").build(), hashSet).toCpe22Uri());
    }
}
