#!/usr/bin/perl -w
use strict;

my $dn = `dirname $0`;chomp($dn);
my $pwd = `pwd`;chomp($pwd);
if ($dn !~ /^\//) { $dn = $pwd . "/" . $dn; }
push @INC,$dn;

require CanDBReader;

my %products = (
	'sles12-sp2-ltss' => 'SUSE Linux Enterprise Server 12 SP2-LTSS',
	'sles11-sp3-td'   => 'SUSE Linux Enterprise Server 11 SP3-TERADATA',
	'sles11-sp3-ltss'   => 'SUSE Linux Enterprise Server 11 SP3-LTSS',
	'sles11-sp1-td'   => 'SUSE Linux Enterprise Server 11 SP1-TERADATA',
	'sles12-sp3-td'   => 'SUSE Linux Enterprise Server 12 SP3-TERADATA',
	'sles12-sp3'   => 'SUSE Linux Enterprise Server 12 SP3',
	'sles12-sp3-ltss'   => 'SUSE Linux Enterprise Server 12 SP3-LTSS',
);

require UpdateInfoReader;
UpdateInfoReader->import_product_updates();
require SMASHData;

my %cve2packages = ();
my %cve2time = ();
foreach my $codename (keys %products) {
	print "$products{$codename}\n";
	open(PATCHES,">$codename-patches.csv");
	my %patches = %{$UpdateInfoReader::patches{$products{$codename}}};

	%cve2packages = ();
	%cve2time = ();
	foreach my $patch (keys %patches) {
		next if ($UpdateInfoReader::patchinqa{$patch});

		next if ($patch =~ / GA /);

		my $issued = $UpdateInfoReader::patchissued{$patch};
		my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($issued);

		$year+= 1900;
		$mon ++;
		my $xtime = "$year-$mon-$mday";
		my @references = sort grep (/CVE/, keys %{$UpdateInfoReader::patchreferences{$patch}});

		my %packages = %{$UpdateInfoReader::patchpackages{$patch}};
		my @packages = ();

		foreach my $pkg (sort keys %packages) {
			push @packages, "$pkg-$packages{$pkg}",
		}

		next unless (@references);

		print PATCHES "$patch,$xtime,\"" . join(",", @references) . "\",\"" . join(",", @packages) . "\"\n";
		foreach my $cve (@references) {
			if (!defined($cve2packages{$cve})) {
				$cve2packages{$cve}  = join(",", @packages);
				$cve2time{$cve} = $xtime;
			} else {
				$cve2packages{$cve} .= "," . join(",", @packages);
				$cve2time{$cve} = $xtime;
			}
			#print "\t$xtime:$cve:" . join(",", @packages) . "\n";
		}
	}
	close(PATCHES);
	open(CVES,">$codename-cves.csv");
	foreach my $cve (keys %cve2packages) {
		my $basescore = "unknown";
		read_smash_issue($cve);
		if (defined($SMASHData::cvssv3{$cve}))  {
			my %entry = %{$SMASHData::cvssv3{$cve}};
			my %score;
			if (defined($entry{'SUSE'})) {
				%score = %{$entry{'SUSE'}};
				$basescore = $score{'base_score'};
			} else {
				if (defined($entry{'National Vulnerability Database'})) {
					%score = %{$entry{'National Vulnerability Database'}};
					$basescore = $score{'base_score'};
				}
			}
		}
		print CVES "$cve,$cve2time{$cve},$basescore,\"$cve2packages{$cve}\"\n",
	}
	close(CVES);
}