package cisa

import (
  "compress/gzip"
  "encoding/json"
  "github.com/pablotron/cvez/feed"
  "github.com/pablotron/cvez/rfc3339"
  "os"
  "reflect"
  "testing"
  "time"
)

// catalog test data
type catalogTestData struct {
  CveIds map[string]feed.CveId `json:"cves"`
  Dates  map[string]rfc3339.Date `json:"dates"`
  Times  map[string]time.Time `json:"times"`
}

func getCatalogTestData(path string) (catalogTestData, error) {
  var r catalogTestData

  // open file
  f, err := os.Open(path)
  if err != nil {
    return r, err
  }
  defer f.Close()

  // open reader
  gz, err := gzip.NewReader(f)
  if err != nil {
    return r, err
  }
  defer gz.Close()

  // create decoder
  d := json.NewDecoder(gz)

  // unmarshal json, return result
  return r, d.Decode(&r)
}

// read gzipped JSON CISA KEV catalog.
func readTestCatalog(path string, fn func(Catalog)) error {
  // open file
  f, err := os.Open(path)
  if err != nil {
    return err
  }
  defer f.Close()

  // create gzip reader
  r, err := gzip.NewReader(f)
  if err != nil {
    return err
  }
  defer r.Close()

  // create decoder
  d := json.NewDecoder(r)

  // unmarshal catalog
  var c Catalog
  if err = d.Decode(&c); err != nil {
    return err
  }

  // invoke callback, return result
  fn(c)

  // return success
  return nil
}


//   "title": "CISA Catalog of Known Exploited Vulnerabilities",
//   "catalogVersion": "2022.03.07",
//   "dateReleased": "2022-03-07T12:45:26.2626Z",
//   "count": 489,
//   "vulnerabilities": [
//     {
//       "cveID": "CVE-2021-27104",
//       "vendorProject": "Accellion",
//       "product": "FTA",
//       "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability",
//       "dateAdded": "2021-11-03",
//       "shortDescription": "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.",
//       "requiredAction": "Apply updates per vendor instructions.",
//       "dueDate": "2021-11-17"
//     },

func TestCatalogUnmarshal(t *testing.T) {
  data, err := getCatalogTestData("testdata/catalog-test-data.json.gz")
  if err != nil {
    t.Error(err)
    return
  }

  tests := []struct {
    path string
    exp  Catalog
  } {{
    path: "testdata/cisa-kevc-20220313-tiny.json.gz",
    exp: Catalog {
      Title: "CISA Catalog of Known Exploited Vulnerabilities",
      Version: "2022.03.07",
      DateReleased: data.Times["2022-03-07T12:45:26.2626Z"],
      Count: 489,
      Vulnerabilities: []Vulnerability {
        Vulnerability {
          CveId: data.CveIds["CVE-2021-27104"],
          VendorProject: "Accellion",
          Product: "FTA",
          Name: "Accellion FTA OS Command Injection Vulnerability",
          DateAdded: data.Dates["2021-11-03"],
          ShortDescription: "Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to various admin endpoints.",
          RequiredAction: "Apply updates per vendor instructions.",
          DueDate: data.Dates["2021-11-17"],
        },

        Vulnerability {
          CveId: data.CveIds["CVE-2021-27102"],
          VendorProject: "Accellion",
          Product: "FTA",
          Name: "Accellion FTA OS Command Injection Vulnerability",
          DateAdded: data.Dates["2021-11-03"],
          ShortDescription: "Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.",
          RequiredAction: "Apply updates per vendor instructions.",
          DueDate: data.Dates["2021-11-17"],
        },

        Vulnerability {
          CveId: data.CveIds["CVE-2013-0625"],
          VendorProject: "Adobe",
          Product: "ColdFusion",
          Name: "Adobe ColdFusion Authentication Bypass Vulnerability",
          DateAdded: data.Dates["2022-03-07"],
          ShortDescription: "Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.",
          RequiredAction: "Apply updates per vendor instructions.",
          DueDate: data.Dates["2022-09-07"],
        },

        Vulnerability {
          CveId: data.CveIds["CVE-2009-3960"],
          VendorProject: "Adobe ",
          Product: "BlazeDS",
          Name: "Adobe BlazeDS Information Disclosure Vulnerability",
          DateAdded: data.Dates["2022-03-07"],
          ShortDescription: "Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability which allows for information disclosure.",
          RequiredAction: "Apply updates per vendor instructions.",
          DueDate: data.Dates["2022-09-07"],
        },
      },
    },
  }}

  for _, test := range(tests) {
    t.Run(test.path, func(t *testing.T) {
      err := readTestCatalog(test.path, func(got Catalog) {
        if !reflect.DeepEqual(got, test.exp) {
          t.Errorf("got %v, exp %v", got, test.exp)
        }
      })

      if err != nil {
        t.Error(err)
        return
      }
    })
  }
}