# Copyright (c) 2020 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

cs__scoped_require 'contrast/core_extensions/object'

module Contrast
  module Utils
    module Assess
      # TrackingUtil has methods for determining if a object is being tracked
      class TrackingUtil
        def self.tracked? obj
          return false if obj.nil?

          if Contrast::Utils::DuckUtils.quacks_like_tracked_hash?(obj)
            obj.each_pair do |k, v|
              return true if tracked?(k)
              return true if tracked?(v)
            end
            false
          elsif Contrast::Utils::DuckUtils.quacks_like_tracked_enumerable?(obj)
            obj.any? do |ele|
              tracked?(ele) unless obj == ele
            end
          elsif Contrast::Utils::DuckUtils.quacks_to?(obj, :cs__tracked?)
            obj.cs__tracked?
          else
            false
          end
        rescue StandardError => e
          # This is used to ask if a ton of objects are tracked. They may not
          # all be iterable. Bad things could happen in some cases, like when
          # checking a closed statement for SQL injection trigger events
          logger.warn("#{ e } trying to TrackingUtil.tracked? on object of class #{ obj.cs__class }.")
          false
        end
      end
    end
  end
end