#!/usr/bin/perl -w
use strict;

# Functional interface
use Text::CSV_XS qw( csv );

use Data::Dumper;
use JSON;

my $dn = `dirname $0`;chomp($dn);
my $pwd = `pwd`;chomp($pwd);
if ($dn !~ /^\//) { $dn = $pwd . "/" . $dn; }
push @INC,$dn;
my $cverepobase=`dirname $dn`;
chomp($cverepobase);

require CanDBReader;

my $basepath = "$cverepobase/image-scanning/reports/suse-cve-db";
my $basevexpath = "$cverepobase/image-scanning/reports/vex";

# CVE -> rancher product -> image -> status
%RancherCVE::status = ();

foreach my $yearpath (<$basepath/*>) {
	my $year = $yearpath;

	$year =~ s/.*\///;
	next unless ($year =~ /^\d*$/);
	# print "$year\n";

	# print "$yearpath:\n";
	foreach my $cvefn (<$yearpath/*>) {
		my $cve = $cvefn;

		if ($cve =~ /\/cve-[^\/]*$/i) {
			$cve =~ s/.*\/cve-([^\/]*)$/CVE-$1/;
			$cve =~ s/.csv$//;

			next unless ($cve =~ /^CVE-/);

			# print STDERR "\t$cve\n" if -t STDERR;

			my $csv = csv (in => "$cvefn");    # as array of array

			my @cvelines =  @{$csv};

			while (my $cvestatus = shift @cvelines) {
				my @cvestatus = @{$cvestatus};
				# print STDERR Dumper $cvestatus;
				# CVE-2024-26883,rancher/mirrored-fluent-fluent-bit:2.2.0-debug,rancher/v2.7-head,linux-libc-dev,pending review
				# next unless ($cvestatus[0] =~ /^CVE/);

				my $xcve	= $cvestatus[0];
				my $container	= $cvestatus[1];
				my $release	= $cvestatus[2];
				my $package	= $cvestatus[3];
				my $status	= $cvestatus[4];

				next if ($release eq "release");	# header line

				# print STDERR "\t\t$container, $release, $package $status\n" if -t STDERR;

				$RancherCVE::status{$cve}->{$release}->{$container}->{$package} = $status;
			}
			next;
		}
		if ($cve =~ /\/suse-su-/i) {
			# print STDERR "have $cve\n";
			my $csv = csv (in => "$cvefn");    # as array of array

			my @cvelines =  @{$csv};

			while (my $cvestatus = shift @cvelines) {
				my @cvestatus = @{$cvestatus};
				# print STDERR Dumper $cvestatus;
				#vulnerability_id,image,release,target,state
				#SUSE-SU-2024:0140-1,rancher/fleet-agent:v0.7.0,Harvester v1.2.1,"libssh-config,libssh4",Affected
				# next unless ($cvestatus[0] =~ /^CVE/);

				my $xsu		= $cvestatus[0];
				my $container	= $cvestatus[1];
				my $release	= $cvestatus[2];
				my $package	= $cvestatus[3];
				my $status	= $cvestatus[4];

				next if ($xsu eq "vulnerability_id");	# header line
				next if ($xsu !~ /^SUSE-SU/);	# header line

				# print STDERR "\t\t$container, $release, $package $status\n" if -t STDERR;

				if (defined($CanDBReader::advisoryid2cve{$xsu})) {
					my %cves = %{$CanDBReader::advisoryid2cve{$xsu}};
					foreach my $scve (keys %cves) {
						# print STDERR "adding for $xsu: $scve / $container / $release / $package / $status\n";
						$RancherCVE::status{$scve}->{$release}->{$container}->{$package} = $status;
					}
				} else {
					print STDERR "no cves found for $xsu\n" if -t STDERR;
				}
			}
		}

	}
}

foreach my $vexpath (<$basevexpath/*.openvex.json>) {
	my $mapref;

	if (!open(VEX,"<$vexpath")) {
		warn "cannot open $vexpath:$!\n";
		next;
	}
	my $json = join("",<VEX>);
	close(VEX);

	eval {
		$mapref = decode_json($json);
	} or do {
		die "json invalid: $json\n";
	};
	foreach my $statement (@{$mapref->{'statements'}}) {
		print STDERR Dumper($statement) if -t STDERR;
	}
}

1;