#!/usr/bin/perl -w
# watches incidents
use strict;

my $dn = `dirname $0`;chomp($dn);
my $pwd = `pwd`;chomp($pwd);
if ($dn !~ /^\//) { $dn = $pwd . "/" . $dn; }
push @INC,$dn;

require CanDBReader;
require UpdateInfoReader;
UpdateInfoReader->import_product_updates();
require SMASHData;

delete $UpdateInfoReader::patchtitle{""};	# Avoid warning

my $isc = "osc -A https://api.suse.de/";

my %allpatches = ();
foreach my $cve (keys %UpdateInfoReader::productsinqa) {
	&SMASHData::read_smash_issue($cve,1);
	print STDERR "cve in qa $cve\n" if -t STDERR;
	foreach my $prod (keys %{$UpdateInfoReader::productsinqa{$cve}}) {
		print STDERR "cve $cve prod $prod\n" if -t STDERR;
		foreach my $patch (keys %{$UpdateInfoReader::productsinqa{$cve}->{$prod}->{'patchnames'}}) {
			$allpatches{$patch} = 1;
			print STDERR "recorded patch $patch\n" if -t STDERR;
		}
	}
}

my %mismatch = ();
my %ltssupdates = ();

foreach my $patch (sort keys %allpatches) {
	if (!defined($UpdateInfoReader::patchseverity{$patch})) {
		print "$patch has no update info severity?\n";
	}
	my $severity = $UpdateInfoReader::patchseverity{$patch};

	# check later if we have ltss enabled
	if (($severity eq "important") || ($severity eq "critical")) {
		if ($patch =~ /-(\d*)$/) {
			$ltssupdates{$1} = $severity;
			if ($1 < 20000) { print "bad number: $patch\n"; next; }
		} else {
			print "$patch does not parse out as -\\d*\$ ?\n";
			next;
		}
	}

	if (!defined($UpdateInfoReader::patchreferences{$patch})) {
		print "patch $patch has no references?\n";
		next;
	}
	foreach my $reference (keys %{$UpdateInfoReader::patchreferences{$patch}}) {
		next unless ($reference =~ /CVE-/);
		my $smashseverity;
		&SMASHData::read_smash_issue($reference,1);
		if (!defined($SMASHData::severity{$reference})) {
			print STDERR "no severity for reference $reference in $patch?\n";
			next;
		}
		$smashseverity = $SMASHData::severity{$reference};
		if ($smashseverity ne $severity) {
			if ( 	
				(($severity eq "moderate") && (($smashseverity eq "important") || ($smashseverity eq "critical"))) ||
				(($severity eq "low") && (($smashseverity eq "moderate") || ($smashseverity eq "important") || ($smashseverity eq "critical"))) ||
				(($severity eq "important") && ($smashseverity eq "critical"))
			) {
				$patch =~ /-(\d*)$/;
				my $patchid = $1;
				$mismatch{"$patchid.$reference"} = "SUSE:Maintenance:$patchid ($UpdateInfoReader::patchtitle{$patch}) has severity $severity, but $reference smash is $smashseverity!\n";
			}
		}
	}
}

if (%mismatch) {
	print "The following incidents have a severity that is lower than the\n";
	print "SMASH severity from one or more of its references.\n";
	print "Please check if this is OK.\n";
	print "\n";

	foreach my $pref (sort keys %mismatch) {
		print $mismatch{$pref};
	}
}

my @channels = ();

foreach my $id (sort keys %ltssupdates) {
	my $haveltsschannels = 0;
	my $ltsschannelsenabled = 0;
	open(OSC,"$isc ls SUSE:Maintenance:$id|");
	while (<OSC>) {
		$haveltsschannels = 1 if (/LTSS/);
	}
	close(OSC)|| warn "$isc ls SUSE:Maintenance:$id";
	open(OSC,"$isc pr SUSE:Maintenance:$id|");
	while (<OSC>) {
		$ltsschannelsenabled = 1 if (/SUSE_Updates.*LTSS/);
	}
	close(OSC);

	if ($haveltsschannels && !$ltsschannelsenabled) {
		push @channels,"SUSE:Maintenance:$id should have LTSS channels enabled due to severity $ltssupdates{$id}, but they are not enabled yet.\n";
	}
}

if (@channels) {
	print "The following incidents have a severity important or critical,\n";
	print "but do not have LTSS enabled. Please check if this is OK.\n";
	print "\n";
	print join("",@channels);
}