package org.owasp.dependencycheck.data.nvdcve;

import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.owasp.dependencycheck.data.cwe.CweDB;
import org.owasp.dependencycheck.dependency.Reference;
import org.owasp.dependencycheck.dependency.Vulnerability;
import org.owasp.dependencycheck.dependency.VulnerableSoftware;
import org.owasp.dependencycheck.utils.DBUtils;
import org.owasp.dependencycheck.utils.DependencyVersion;
import org.owasp.dependencycheck.utils.DependencyVersionUtil;
import org.owasp.dependencycheck.utils.Pair;

/* loaded from: input_file:org/owasp/dependencycheck/data/nvdcve/CveDB.class */
public class CveDB {
    private Connection conn;
    private DatabaseProperties databaseProperties;
    private static final String DELETE_REFERENCE = "DELETE FROM reference WHERE cveid = ?";
    private static final String DELETE_SOFTWARE = "DELETE FROM software WHERE cveid = ?";
    private static final String DELETE_VULNERABILITY = "DELETE FROM vulnerability WHERE id = ?";
    private static final String CLEANUP_ORPHANS = "DELETE FROM CpeEntry WHERE id not in (SELECT CPEEntryId FROM Software); ";
    private static final String INSERT_REFERENCE = "INSERT INTO reference (cveid, name, url, source) VALUES (?, ?, ?, ?)";
    private static final String INSERT_SOFTWARE = "INSERT INTO software (cveid, cpeEntryId, previousVersion) VALUES (?, ?, ?)";
    private static final String INSERT_CPE = "INSERT INTO cpeEntry (cpe, vendor, product) VALUES (?, ?, ?)";
    private static final String SELECT_CPE_ID = "SELECT id FROM cpeEntry WHERE cpe = ?";
    private static final String INSERT_VULNERABILITY = "INSERT INTO vulnerability (cve, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
    private static final String UPDATE_VULNERABILITY = "UPDATE vulnerability SET description=?, cwe=?, cvssScore=?, cvssAccessVector=?, cvssAccessComplexity=?, cvssAuthentication=?, cvssConfidentialityImpact=?, cvssIntegrityImpact=?, cvssAvailabilityImpact=? WHERE id=?";
    private static final String SELECT_CVE_FROM_SOFTWARE = "SELECT cve, cpe, previousVersion FROM software INNER JOIN vulnerability ON vulnerability.id = software.cveId INNER JOIN cpeEntry ON cpeEntry.id = software.cpeEntryId WHERE vendor = ? AND product = ?";
    private static final String SELECT_CPE_ENTRIES = "SELECT cpe FROM cpeEntry WHERE vendor = ? AND product = ?";
    private static final String SELECT_REFERENCE = "SELECT source, name, url FROM reference WHERE cveid = ?";
    private static final String SELECT_VENDOR_PRODUCT_LIST = "SELECT vendor, product FROM cpeEntry GROUP BY vendor, product";
    private static final String SELECT_SOFTWARE = "SELECT cpe, previousVersion FROM software INNER JOIN cpeEntry ON software.cpeEntryId = cpeEntry.id WHERE cveid = ?";
    private static final String SELECT_VULNERABILITY = "SELECT id, description, cwe, cvssScore, cvssAccessVector, cvssAccessComplexity, cvssAuthentication, cvssConfidentialityImpact, cvssIntegrityImpact, cvssAvailabilityImpact FROM vulnerability WHERE cve = ?";
    private static final String SELECT_VULNERABILITY_ID = "SELECT id FROM vulnerability WHERE cve = ?";
    private static final String SELECT_PROPERTIES = "SELECT id, value FROM properties";
    private static final String SELECT_PROPERTY = "SELECT id, value FROM properties WHERE id = ?";
    private static final String INSERT_PROPERTY = "INSERT INTO properties (id, value) VALUES (?, ?)";
    private static final String UPDATE_PROPERTY = "UPDATE properties SET value = ? WHERE id = ?";
    private static final String DELETE_PROPERTY = "DELETE FROM properties WHERE id = ?";

    public CveDB() throws DatabaseException {
        try {
            open();
            this.databaseProperties = new DatabaseProperties(this);
        } catch (DatabaseException e) {
            throw e;
        }
    }

    protected Connection getConnection() {
        return this.conn;
    }

    public final void open() throws DatabaseException {
        this.conn = ConnectionFactory.getConnection();
    }

    public void close() {
        if (this.conn != null) {
            try {
                this.conn.close();
            } catch (SQLException e) {
                Logger.getLogger(DBUtils.class.getName()).log(Level.SEVERE, "There was an error attempting to close the CveDB, see the log for more details.");
                Logger.getLogger(DBUtils.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
            } catch (Throwable th) {
                Logger.getLogger(DBUtils.class.getName()).log(Level.SEVERE, "There was an exception attempting to close the CveDB, see the log for more details.");
                Logger.getLogger(DBUtils.class.getName()).log(Level.FINE, (String) null, th);
            }
            this.conn = null;
        }
    }

    public boolean isOpen() {
        return this.conn != null;
    }

    public void commit() throws SQLException {
    }

    protected void finalize() throws Throwable {
        Logger.getLogger(DBUtils.class.getName()).log(Level.FINE, "Entering finalize");
        close();
        super.finalize();
    }

    public DatabaseProperties getDatabaseProperties() {
        return this.databaseProperties;
    }

    public Set<VulnerableSoftware> getCPEs(String str, String str2) {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(SELECT_CPE_ENTRIES);
                preparedStatement.setString(1, str);
                preparedStatement.setString(2, str2);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
                    vulnerableSoftware.setCpe(resultSet.getString(1));
                    hashSet.add(vulnerableSoftware);
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "An unexpected SQL Exception occurred; please see the verbose log for more details.");
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
            }
            return hashSet;
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    public Set<Pair<String, String>> getVendorProductList() throws DatabaseException {
        HashSet hashSet = new HashSet();
        ResultSet resultSet = null;
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(SELECT_VENDOR_PRODUCT_LIST);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    hashSet.add(new Pair(resultSet.getString(1), resultSet.getString(2)));
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(preparedStatement);
                return hashSet;
            } catch (SQLException e) {
                throw new DatabaseException("An unexpected SQL Exception occurred; please see the verbose log for more details.", e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Properties getProperties() {
        Properties properties = new Properties();
        PreparedStatement preparedStatement = null;
        ResultSet resultSet = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(SELECT_PROPERTIES);
                resultSet = preparedStatement.executeQuery();
                while (resultSet.next()) {
                    properties.setProperty(resultSet.getString(1), resultSet.getString(2));
                }
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeResultSet(resultSet);
            } catch (SQLException e) {
                Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "An unexpected SQL Exception occurred; please see the verbose log for more details.");
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeResultSet(resultSet);
            }
            return properties;
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    void saveProperties(Properties properties) {
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(UPDATE_PROPERTY);
                preparedStatement2 = getConnection().prepareStatement(INSERT_PROPERTY);
                for (Map.Entry entry : properties.entrySet()) {
                    String obj = entry.getKey().toString();
                    String obj2 = entry.getValue().toString();
                    try {
                        preparedStatement.setString(1, obj2);
                        preparedStatement.setString(2, obj);
                        if (preparedStatement.executeUpdate() == 0) {
                            preparedStatement2.setString(1, obj);
                            preparedStatement2.setString(2, obj2);
                        }
                    } catch (SQLException e) {
                        Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, String.format("Unable to save property '%s' with a value of '%s' to the database", obj, obj2));
                        Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
                    }
                }
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(preparedStatement2);
            } catch (SQLException e2) {
                Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, "Unable to save properties to the database");
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Unable to save properties to the database", (Throwable) e2);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(preparedStatement2);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeStatement(preparedStatement2);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void saveProperty(String str, String str2) {
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(UPDATE_PROPERTY);
                try {
                    preparedStatement.setString(1, str2);
                    preparedStatement.setString(2, str);
                    if (preparedStatement.executeUpdate() == 0) {
                        try {
                            preparedStatement2 = getConnection().prepareStatement(INSERT_PROPERTY);
                            preparedStatement2.setString(1, str);
                            preparedStatement2.setString(2, str2);
                            preparedStatement2.execute();
                        } catch (SQLException e) {
                            Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, "Unable to save properties to the database");
                            Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Unable to save properties to the database", (Throwable) e);
                            DBUtils.closeStatement(preparedStatement);
                            DBUtils.closeStatement(preparedStatement2);
                            return;
                        }
                    }
                } catch (SQLException e2) {
                    Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, String.format("Unable to save property '%s' with a value of '%s' to the database", str, str2));
                    Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e2);
                }
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(preparedStatement2);
            } catch (SQLException e3) {
                Logger.getLogger(CveDB.class.getName()).log(Level.WARNING, "Unable to save properties to the database");
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, "Unable to save properties to the database", (Throwable) e3);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(null);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeStatement(null);
            throw th;
        }
    }

    public List<Vulnerability> getVulnerabilities(String str) throws DatabaseException {
        ResultSet resultSet = null;
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            Logger.getLogger(CveDB.class.getName()).log(Level.FINEST, (String) null, (Throwable) e);
        }
        DependencyVersion parseDependencyVersion = parseDependencyVersion(vulnerableSoftware);
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        try {
            try {
                PreparedStatement prepareStatement = getConnection().prepareStatement(SELECT_CVE_FROM_SOFTWARE);
                prepareStatement.setString(1, vulnerableSoftware.getVendor());
                prepareStatement.setString(2, vulnerableSoftware.getProduct());
                resultSet = prepareStatement.executeQuery();
                while (resultSet.next()) {
                    String string = resultSet.getString(1);
                    String string2 = resultSet.getString(2);
                    String string3 = resultSet.getString(3);
                    if (!hashSet.contains(string) && isAffected(vulnerableSoftware.getVendor(), vulnerableSoftware.getProduct(), parseDependencyVersion, string2, string3)) {
                        hashSet.add(string);
                        Vulnerability vulnerability = getVulnerability(string);
                        vulnerability.setMatchedCPE(string2, string3);
                        arrayList.add(vulnerability);
                    }
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeStatement(prepareStatement);
                DBUtils.closeResultSet(resultSet);
                return arrayList;
            } catch (SQLException e2) {
                throw new DatabaseException("Exception retrieving vulnerability for " + str, e2);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            throw th;
        }
    }

    private Vulnerability getVulnerability(String str) throws DatabaseException {
        String cweName;
        PreparedStatement preparedStatement = null;
        PreparedStatement preparedStatement2 = null;
        PreparedStatement preparedStatement3 = null;
        ResultSet resultSet = null;
        ResultSet resultSet2 = null;
        ResultSet resultSet3 = null;
        Vulnerability vulnerability = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(SELECT_VULNERABILITY);
                preparedStatement.setString(1, str);
                resultSet = preparedStatement.executeQuery();
                if (resultSet.next()) {
                    vulnerability = new Vulnerability();
                    vulnerability.setName(str);
                    vulnerability.setDescription(resultSet.getString(2));
                    String string = resultSet.getString(3);
                    if (string != null && (cweName = CweDB.getCweName(string)) != null) {
                        string = string + " " + cweName;
                    }
                    int i = resultSet.getInt(1);
                    vulnerability.setCwe(string);
                    vulnerability.setCvssScore(resultSet.getFloat(4));
                    vulnerability.setCvssAccessVector(resultSet.getString(5));
                    vulnerability.setCvssAccessComplexity(resultSet.getString(6));
                    vulnerability.setCvssAuthentication(resultSet.getString(7));
                    vulnerability.setCvssConfidentialityImpact(resultSet.getString(8));
                    vulnerability.setCvssIntegrityImpact(resultSet.getString(9));
                    vulnerability.setCvssAvailabilityImpact(resultSet.getString(10));
                    preparedStatement2 = getConnection().prepareStatement(SELECT_REFERENCE);
                    preparedStatement2.setInt(1, i);
                    resultSet2 = preparedStatement2.executeQuery();
                    while (resultSet2.next()) {
                        vulnerability.addReference(resultSet2.getString(1), resultSet2.getString(2), resultSet2.getString(3));
                    }
                    preparedStatement3 = getConnection().prepareStatement(SELECT_SOFTWARE);
                    preparedStatement3.setInt(1, i);
                    resultSet3 = preparedStatement3.executeQuery();
                    while (resultSet3.next()) {
                        String string2 = resultSet3.getString(1);
                        String string3 = resultSet3.getString(2);
                        if (string3 == null) {
                            vulnerability.addVulnerableSoftware(string2);
                        } else {
                            vulnerability.addVulnerableSoftware(string2, string3);
                        }
                    }
                }
                DBUtils.closeResultSet(resultSet);
                DBUtils.closeResultSet(resultSet2);
                DBUtils.closeResultSet(resultSet3);
                DBUtils.closeStatement(preparedStatement);
                DBUtils.closeStatement(preparedStatement2);
                DBUtils.closeStatement(preparedStatement3);
                return vulnerability;
            } catch (SQLException e) {
                throw new DatabaseException("Error retrieving " + str, e);
            }
        } catch (Throwable th) {
            DBUtils.closeResultSet(resultSet);
            DBUtils.closeResultSet(resultSet2);
            DBUtils.closeResultSet(resultSet3);
            DBUtils.closeStatement(preparedStatement);
            DBUtils.closeStatement(preparedStatement2);
            DBUtils.closeStatement(preparedStatement3);
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    public void updateVulnerability(Vulnerability vulnerability) throws DatabaseException {
        try {
            try {
                PreparedStatement prepareStatement = getConnection().prepareStatement(SELECT_VULNERABILITY_ID);
                PreparedStatement prepareStatement2 = getConnection().prepareStatement(DELETE_VULNERABILITY);
                PreparedStatement prepareStatement3 = getConnection().prepareStatement(DELETE_REFERENCE);
                PreparedStatement prepareStatement4 = getConnection().prepareStatement(DELETE_SOFTWARE);
                PreparedStatement prepareStatement5 = getConnection().prepareStatement(UPDATE_VULNERABILITY);
                PreparedStatement prepareStatement6 = getConnection().prepareStatement(INSERT_VULNERABILITY, 1);
                PreparedStatement prepareStatement7 = getConnection().prepareStatement(INSERT_REFERENCE);
                PreparedStatement prepareStatement8 = getConnection().prepareStatement(SELECT_CPE_ID);
                PreparedStatement prepareStatement9 = getConnection().prepareStatement(INSERT_CPE, 1);
                PreparedStatement prepareStatement10 = getConnection().prepareStatement(INSERT_SOFTWARE);
                int i = 0;
                prepareStatement.setString(1, vulnerability.getName());
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    i = executeQuery.getInt(1);
                    prepareStatement3.setInt(1, i);
                    prepareStatement3.execute();
                    prepareStatement4.setInt(1, i);
                    prepareStatement4.execute();
                }
                DBUtils.closeResultSet(executeQuery);
                ResultSet resultSet = null;
                if (i == 0) {
                    prepareStatement6.setString(1, vulnerability.getName());
                    prepareStatement6.setString(2, vulnerability.getDescription());
                    prepareStatement6.setString(3, vulnerability.getCwe());
                    prepareStatement6.setFloat(4, vulnerability.getCvssScore());
                    prepareStatement6.setString(5, vulnerability.getCvssAccessVector());
                    prepareStatement6.setString(6, vulnerability.getCvssAccessComplexity());
                    prepareStatement6.setString(7, vulnerability.getCvssAuthentication());
                    prepareStatement6.setString(8, vulnerability.getCvssConfidentialityImpact());
                    prepareStatement6.setString(9, vulnerability.getCvssIntegrityImpact());
                    prepareStatement6.setString(10, vulnerability.getCvssAvailabilityImpact());
                    prepareStatement6.execute();
                    try {
                        try {
                            ResultSet generatedKeys = prepareStatement6.getGeneratedKeys();
                            generatedKeys.next();
                            i = generatedKeys.getInt(1);
                            DBUtils.closeResultSet(generatedKeys);
                            resultSet = null;
                        } catch (Throwable th) {
                            DBUtils.closeResultSet(null);
                            throw th;
                        }
                    } catch (SQLException e) {
                        throw new DatabaseException(String.format("Unable to retrieve id for new vulnerability for '%s'", vulnerability.getName()), e);
                    }
                } else if (vulnerability.getDescription().contains("** REJECT **")) {
                    prepareStatement2.setInt(1, i);
                    prepareStatement2.executeUpdate();
                } else {
                    prepareStatement5.setString(1, vulnerability.getDescription());
                    prepareStatement5.setString(2, vulnerability.getCwe());
                    prepareStatement5.setFloat(3, vulnerability.getCvssScore());
                    prepareStatement5.setString(4, vulnerability.getCvssAccessVector());
                    prepareStatement5.setString(5, vulnerability.getCvssAccessComplexity());
                    prepareStatement5.setString(6, vulnerability.getCvssAuthentication());
                    prepareStatement5.setString(7, vulnerability.getCvssConfidentialityImpact());
                    prepareStatement5.setString(8, vulnerability.getCvssIntegrityImpact());
                    prepareStatement5.setString(9, vulnerability.getCvssAvailabilityImpact());
                    prepareStatement5.setInt(10, i);
                    prepareStatement5.executeUpdate();
                }
                prepareStatement7.setInt(1, i);
                for (Reference reference : vulnerability.getReferences()) {
                    prepareStatement7.setString(2, reference.getName());
                    prepareStatement7.setString(3, reference.getUrl());
                    prepareStatement7.setString(4, reference.getSource());
                    prepareStatement7.execute();
                }
                for (VulnerableSoftware vulnerableSoftware : vulnerability.getVulnerableSoftware()) {
                    prepareStatement8.setString(1, vulnerableSoftware.getName());
                    try {
                        try {
                            resultSet = prepareStatement8.executeQuery();
                            int i2 = resultSet.next() ? resultSet.getInt(1) : 0;
                            DBUtils.closeResultSet(resultSet);
                            resultSet = null;
                            if (i2 == 0) {
                                prepareStatement9.setString(1, vulnerableSoftware.getName());
                                prepareStatement9.setString(2, vulnerableSoftware.getVendor());
                                prepareStatement9.setString(3, vulnerableSoftware.getProduct());
                                prepareStatement9.executeUpdate();
                                i2 = DBUtils.getGeneratedKey(prepareStatement9);
                            }
                            if (i2 == 0) {
                                throw new DatabaseException("Unable to retrieve cpeProductId - no data returned");
                            }
                            prepareStatement10.setInt(1, i);
                            prepareStatement10.setInt(2, i2);
                            if (vulnerableSoftware.getPreviousVersion() == null) {
                                prepareStatement10.setNull(3, 12);
                            } else {
                                prepareStatement10.setString(3, vulnerableSoftware.getPreviousVersion());
                            }
                            prepareStatement10.execute();
                        } catch (SQLException e2) {
                            throw new DatabaseException("Unable to get primary key for new cpe: " + vulnerableSoftware.getName(), e2);
                        }
                    } catch (Throwable th2) {
                        DBUtils.closeResultSet(resultSet);
                        throw th2;
                    }
                }
                DBUtils.closeStatement(prepareStatement);
                DBUtils.closeStatement(prepareStatement3);
                DBUtils.closeStatement(prepareStatement4);
                DBUtils.closeStatement(prepareStatement5);
                DBUtils.closeStatement(prepareStatement2);
                DBUtils.closeStatement(prepareStatement6);
                DBUtils.closeStatement(prepareStatement7);
                DBUtils.closeStatement(prepareStatement8);
                DBUtils.closeStatement(prepareStatement9);
                DBUtils.closeStatement(prepareStatement10);
            } catch (SQLException e3) {
                String format = String.format("Error updating '%s'", vulnerability.getName());
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e3);
                throw new DatabaseException(format, e3);
            }
        } catch (Throwable th3) {
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            DBUtils.closeStatement(null);
            throw th3;
        }
    }

    public void cleanupDatabase() {
        PreparedStatement preparedStatement = null;
        try {
            try {
                preparedStatement = getConnection().prepareStatement(CLEANUP_ORPHANS);
                if (preparedStatement != null) {
                    preparedStatement.executeUpdate();
                }
                DBUtils.closeStatement(preparedStatement);
            } catch (SQLException e) {
                Logger.getLogger(CveDB.class.getName()).log(Level.SEVERE, "An unexpected SQL Exception occurred; please see the verbose log for more details.");
                Logger.getLogger(CveDB.class.getName()).log(Level.FINE, (String) null, (Throwable) e);
                DBUtils.closeStatement(preparedStatement);
            }
        } catch (Throwable th) {
            DBUtils.closeStatement(preparedStatement);
            throw th;
        }
    }

    private boolean isAffected(String str, String str2, DependencyVersion dependencyVersion, String str3, String str4) {
        boolean z = false;
        boolean z2 = "apache".equals(str) && "struts".equals(str2);
        DependencyVersion parseDependencyVersion = parseDependencyVersion(str3);
        boolean z3 = (str4 == null || str4.isEmpty()) ? false : true;
        if (dependencyVersion == null || "-".equals(dependencyVersion.toString())) {
            if (parseDependencyVersion == null || "-".equals(parseDependencyVersion.toString())) {
                z = true;
            }
        } else if (dependencyVersion.equals(parseDependencyVersion) || (z3 && dependencyVersion.compareTo(parseDependencyVersion) < 0)) {
            if (!z2) {
                z = true;
            } else if (dependencyVersion.getVersionParts().get(0).equals(parseDependencyVersion.getVersionParts().get(0))) {
                z = true;
            }
        }
        return z;
    }

    private DependencyVersion parseDependencyVersion(String str) {
        VulnerableSoftware vulnerableSoftware = new VulnerableSoftware();
        try {
            vulnerableSoftware.parseName(str);
        } catch (UnsupportedEncodingException e) {
            Logger.getLogger(CveDB.class.getName()).log(Level.FINEST, (String) null, (Throwable) e);
        }
        return parseDependencyVersion(vulnerableSoftware);
    }

    private DependencyVersion parseDependencyVersion(VulnerableSoftware vulnerableSoftware) {
        DependencyVersion dependencyVersion;
        if (vulnerableSoftware.getVersion() == null || vulnerableSoftware.getVersion().length() <= 0) {
            dependencyVersion = new DependencyVersion("-");
        } else {
            dependencyVersion = DependencyVersionUtil.parseVersion((vulnerableSoftware.getRevision() == null || vulnerableSoftware.getRevision().length() <= 0) ? vulnerableSoftware.getVersion() : String.format("%s.%s", vulnerableSoftware.getVersion(), vulnerableSoftware.getRevision()));
        }
        return dependencyVersion;
    }
}
