/*
    * This file is part of dependency-check-core.
    *
    * Licensed under the Apache License, Version 2.0 (the "License");
    * you may not use this file except in compliance with the License.
    * You may obtain a copy of the License at
    *
    *     http://www.apache.org/licenses/LICENSE-2.0
    *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   *
   * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
   */
  package org.owasp.dependencycheck.analyzer;
  
  import org.owasp.dependencycheck.Engine;
  import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
  import org.owasp.dependencycheck.data.nuget.NugetPackage;
  import org.owasp.dependencycheck.data.nuget.NuspecParseException;
  import org.owasp.dependencycheck.data.nuget.NuspecParser;
  import org.owasp.dependencycheck.data.nuget.XPathNuspecParser;
  import org.owasp.dependencycheck.dependency.Confidence;
  import org.owasp.dependencycheck.dependency.Dependency;
  import org.owasp.dependencycheck.utils.FileFilterBuilder;
  import org.owasp.dependencycheck.utils.Settings;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
  import java.io.FileFilter;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.IOException;
  import org.owasp.dependencycheck.exception.InitializationException;
  
  /**
   * Analyzer which will parse a Nuspec file to gather module information.
   *
   * @author colezlaw
   */
  public class NuspecAnalyzer extends AbstractFileTypeAnalyzer {
  
      /**
       * The logger.
       */
      private static final Logger LOGGER = LoggerFactory.getLogger(NuspecAnalyzer.class);
  
      /**
       * The name of the analyzer.
       */
      private static final String ANALYZER_NAME = "Nuspec Analyzer";
  
      /**
       * The phase in which the analyzer runs.
       */
      private static final AnalysisPhase ANALYSIS_PHASE = AnalysisPhase.INFORMATION_COLLECTION;
  
      /**
       * The types of files on which this will work.
       */
      private static final String SUPPORTED_EXTENSIONS = "nuspec";
  
      /**
       * Initializes the analyzer once before any analysis is performed.
       *
       * @throws InitializationException if there's an error during initialization
       */
      @Override
      public void initializeFileTypeAnalyzer() throws InitializationException {
      }
  
      /**
       * Returns the analyzer's name.
       *
       * @return the name of the analyzer
       */
      @Override
      public String getName() {
          return ANALYZER_NAME;
      }
  
      /**
       * Returns the key used in the properties file to reference the analyzer's
       * enabled property.
       *
       * @return the analyzer's enabled property setting key
       */
      @Override
      protected String getAnalyzerEnabledSettingKey() {
          return Settings.KEYS.ANALYZER_NUSPEC_ENABLED;
      }
  
      /**
       * Returns the analysis phase under which the analyzer runs.
       *
       * @return the phase under which this analyzer runs
      */
     @Override
     public AnalysisPhase getAnalysisPhase() {
         return ANALYSIS_PHASE;
     }
 
     /**
      * The file filter used to determine which files this analyzer supports.
      */
     private static final FileFilter FILTER = FileFilterBuilder.newInstance().addExtensions(
             SUPPORTED_EXTENSIONS).build();
 
     /**
      * Returns the FileFilter
      *
      * @return the FileFilter
      */
     @Override
     protected FileFilter getFileFilter() {
         return FILTER;
     }
 
     /**
      * Performs the analysis.
      *
      * @param dependency the dependency to analyze
      * @param engine the engine
      * @throws AnalysisException when there's an exception during analysis
      */
     @Override
     public void analyzeDependency(Dependency dependency, Engine engine) throws AnalysisException {
         LOGGER.debug("Checking Nuspec file {}", dependency);
         try {
             final NuspecParser parser = new XPathNuspecParser();
             NugetPackage np = null;
             FileInputStream fis = null;
             try {
                 fis = new FileInputStream(dependency.getActualFilePath());
                 np = parser.parse(fis);
             } catch (NuspecParseException ex) {
                 throw new AnalysisException(ex);
             } catch (FileNotFoundException ex) {
                 throw new AnalysisException(ex);
             } finally {
                 if (fis != null) {
                     try {
                         fis.close();
                     } catch (IOException e) {
                         LOGGER.debug("Error closing input stream");
                     }
                 }
             }
 
             if (np.getOwners() != null) {
                 dependency.getVendorEvidence().addEvidence("nuspec", "owners", np.getOwners(), Confidence.HIGHEST);
             }
             dependency.getVendorEvidence().addEvidence("nuspec", "authors", np.getAuthors(), Confidence.HIGH);
             dependency.getVersionEvidence().addEvidence("nuspec", "version", np.getVersion(), Confidence.HIGHEST);
             dependency.getProductEvidence().addEvidence("nuspec", "id", np.getId(), Confidence.HIGHEST);
             if (np.getTitle() != null) {
                 dependency.getProductEvidence().addEvidence("nuspec", "title", np.getTitle(), Confidence.MEDIUM);
             }
         } catch (Throwable e) {
             throw new AnalysisException(e);
         }
     }
 }