package org.owasp.dependencycheck.dependency;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.TreeSet;
import org.junit.Assert;
import org.junit.Test;
import org.owasp.dependencycheck.BaseTest;
import us.springett.parsers.cpe.exceptions.CpeValidationException;

/* loaded from: input_file:org/owasp/dependencycheck/dependency/VulnerabilityTest.class */
public class VulnerabilityTest extends BaseTest {
    @Test
    public void testDuplicateVersions() throws CpeValidationException {
        Vulnerability vulnerability = new Vulnerability();
        VulnerableSoftwareBuilder vulnerableSoftwareBuilder = new VulnerableSoftwareBuilder();
        vulnerability.addVulnerableSoftware(vulnerableSoftwareBuilder.vendor("owasp").product("dependency-check").version("3.0.0").build());
        vulnerability.addVulnerableSoftware(vulnerableSoftwareBuilder.vendor("owasp").product("dependency-check").version("4.0.0").build());
        vulnerability.addVulnerableSoftware(vulnerableSoftwareBuilder.vendor("owasp").product("dependency-check").version("3.0.0").build());
        Assert.assertEquals(2L, vulnerability.getVulnerableSoftware().size());
    }

    @Test
    public void compareTo_proper_sorting() {
        Vulnerability vulnerability = new Vulnerability("Z most severe");
        vulnerability.setCvssV3(new CvssV3("AV", "AC", "PR", "UI", "SC", "C", "I", "A", 10.0f, "CRITICAL"));
        Vulnerability vulnerability2 = new Vulnerability("Y 2nd most severe");
        vulnerability2.setCvssV3(new CvssV3("AV", "AC", "PR", "UI", "SC", "C", "I", "A", 9.0f, "CRITICAL"));
        Vulnerability vulnerability3 = new Vulnerability("X 3rd most severe");
        vulnerability3.setUnscoredSeverity("Critical");
        Vulnerability vulnerability4 = new Vulnerability("W 4th most severe");
        vulnerability4.setUnscoredSeverity("Foobar");
        Vulnerability vulnerability5 = new Vulnerability("V 5th most severe");
        vulnerability5.setCvssV2(new CvssV2(10.0f, "AV", "AC", "AU", "C", "I", "A", "HIGH"));
        Vulnerability vulnerability6 = new Vulnerability("U 6th most severe");
        CvssV2 cvssV2 = new CvssV2(9.9f, "AV", "AC", "AU", "C", "I", "A", "HIGH");
        vulnerability6.setCvssV2(cvssV2);
        Vulnerability vulnerability7 = new Vulnerability("T 7th most severe");
        CvssV2 cvssV22 = new CvssV2(9.0f, "AV", "AC", "AU", "C", "I", "A", "HIGH");
        vulnerability7.setCvssV2(cvssV22);
        Vulnerability vulnerability8 = new Vulnerability("SA 8th most severe, alphabetical first");
        CvssV3 cvssV3 = new CvssV3("AV", "AC", "PR", "UI", "SC", "C", "I", "A", 8.9f, "HIGH");
        vulnerability8.setCvssV3(cvssV3);
        vulnerability8.setCvssV2(cvssV22);
        Vulnerability vulnerability9 = new Vulnerability("SB 8th most severe, alphabetical second");
        vulnerability9.setCvssV3(cvssV3);
        vulnerability9.setCvssV2(cvssV2);
        Vulnerability vulnerability10 = new Vulnerability("R 9th most severe");
        vulnerability10.setCvssV3(new CvssV3("AV", "AC", "PR", "UI", "SC", "C", "I", "A", 8.0f, "HIGH"));
        vulnerability10.setCvssV2(cvssV2);
        Vulnerability vulnerability11 = new Vulnerability("Q 10th most severe");
        vulnerability11.setUnscoredSeverity("hIGH");
        Vulnerability vulnerability12 = new Vulnerability("P 11th most severe");
        vulnerability12.setCvssV3(new CvssV3("AV", "AC", "PR", "UI", "SC", "C", "I", "A", 6.9f, "MEDIUM"));
        Vulnerability vulnerability13 = new Vulnerability("O 12th most severe");
        vulnerability13.setUnscoredSeverity("meDiUm");
        Assert.assertTrue("V2 HIGH 9.9 to V2 HIGH 9.0, 9.9 should be most severe", vulnerability6.compareTo(vulnerability7) < 0);
        Assert.assertTrue("V2 HIGH 9.9 to V3 CRIT 9.0 should make V3 9.0 should be most severe to retain the CRITICAL rating", vulnerability2.compareTo(vulnerability6) < 0);
        Assert.assertTrue("V3 CRIT 9.9 to V3 CRIT 9.0, 9.9 should be most severe", vulnerability.compareTo(vulnerability2) < 0);
        Assert.assertTrue("V3 CRIT 9.0 to V3 HIGH 8.0 V2 HIGH 9.9, V3 9.0 should be most severe", vulnerability2.compareTo(vulnerability10) < 0);
        Assert.assertTrue("CVSS v3 CRITICAL should be smaller (more severe) than unscored critical", vulnerability2.compareTo(vulnerability3) < 0);
        Assert.assertTrue("unscored critical should be smaller (more severe) than CVSS v2 HIGH 10.0 should be larger (less severe)", vulnerability3.compareTo(vulnerability5) < 0);
        Assert.assertTrue("CVSS v3 CRITICAL should be smaller (more severe) than unscored assumed critical", vulnerability2.compareTo(vulnerability4) < 0);
        Assert.assertTrue("Unscored CRITICAL should be smaller (more severe) than unscored assumed critical", vulnerability3.compareTo(vulnerability4) < 0);
        Assert.assertTrue("unscored assumed critical should be smaller (more severe) than CVSS v2 HIGH 10.0", vulnerability4.compareTo(vulnerability5) < 0);
        Assert.assertTrue("unscored assumed critical should be smaller (more severe) CVSS v2 9.9 v3 8.0 (HIGH)", vulnerability4.compareTo(vulnerability10) < 0);
        Assert.assertTrue("CVSS v3 score should be considered over V2 score; alphabetical sort determines final sequence", vulnerability8.compareTo(vulnerability9) < 0);
        Assert.assertTrue("CVSS v3 medium top-range score should be smaller (more severe) than unscored medium", vulnerability12.compareTo(vulnerability13) < 0);
        List<Vulnerability> asList = Arrays.asList(vulnerability6, vulnerability7, vulnerability2, vulnerability, vulnerability10, vulnerability5, vulnerability8, vulnerability9, vulnerability11, vulnerability12, vulnerability3, vulnerability13, vulnerability4);
        asList.sort((v0, v1) -> {
            return v0.compareTo(v1);
        });
        List asList2 = Arrays.asList("Z", "Y", "X", "W", "V", "U", "T", "SA", "SB", "R", "Q", "P", "O");
        for (int i = 0; i < asList.size(); i++) {
            Assert.assertTrue("Expected start:" + ((String) asList2.get(i)) + " encountered start: " + asList.get(i).getName().substring(0, 2), asList.get(i).getName().startsWith((String) asList2.get(i)));
        }
        testSortStabilityForPermutations(asList);
    }

    private void testSortStabilityForPermutations(List<Vulnerability> list) {
        int size = list.size();
        int i = size % 2 != 0 ? (size / 2) + 1 : size / 2;
        int i2 = size / 2;
        int[] iArr = new int[size];
        int[] iArr2 = new int[size];
        int[] iArr3 = new int[size];
        int[] iArr4 = new int[size];
        for (int i3 = 0; i3 < list.size(); i3++) {
            iArr[i3] = i3;
            iArr4[(size - i3) - 1] = i3;
            if (i3 % 2 == 0) {
                iArr2[i3 / 2] = i3;
                iArr3[(i3 / 2) + i2] = i3;
            } else {
                iArr2[i + (i3 / 2)] = i3;
                iArr3[i3 / 2] = i3;
            }
        }
        ArrayList<int[]> arrayList = new ArrayList();
        arrayList.add(iArr4);
        arrayList.add(iArr2);
        arrayList.add(iArr3);
        arrayList.add(iArr);
        TreeSet treeSet = new TreeSet();
        TreeSet treeSet2 = new TreeSet();
        int[] iArr5 = null;
        for (int[] iArr6 : arrayList) {
            if (treeSet.isEmpty()) {
                iArr5 = iArr6;
                for (int i4 : iArr6) {
                    treeSet.add(list.get(Integer.valueOf(i4).intValue()));
                }
            }
            for (int i5 : iArr6) {
                treeSet2.add(list.get(Integer.valueOf(i5).intValue()));
            }
            assertPermutationSortedEqual((Vulnerability[]) treeSet.toArray(new Vulnerability[0]), (Vulnerability[]) treeSet2.toArray(new Vulnerability[0]), iArr6, iArr5);
        }
    }

    private void assertPermutationSortedEqual(Vulnerability[] vulnerabilityArr, Vulnerability[] vulnerabilityArr2, int[] iArr, int[] iArr2) {
        Assert.assertArrayEquals(String.format("Differently sorted for permutation '%s' versus '%s'", Arrays.toString(iArr2), Arrays.toString(iArr)), vulnerabilityArr, vulnerabilityArr2);
    }
}
