#
# Copyright (c) 2013 Hal Brodigan (postmodern.mod3 at gmail.com)
# Modifications Copyright (c) 2013 Jon Frisby (jfrisby@mrjoy.com), or their
# respective authors.
#
# mrjoy-bundler-audit is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# mrjoy-bundler-audit is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with mrjoy-bundler-audit.  If not, see <http://www.gnu.org/licenses/>.
#

require 'bundler/audit/scanner'
require 'bundler/audit/version'

require 'thor'
require 'bundler'
require 'bundler/vendored_thor'

module Bundler
  module Audit
    class CLI < ::Thor

      default_task :check
      map '--version' => :version

      desc 'check', 'Checks the Gemfile.lock for insecure dependencies'
      method_option :verbose, :type => :boolean, :aliases => '-v'
      method_option :ignore, :type => :array, :aliases => '-i'

      def check
        scanner    = Scanner.new
        vulnerable = false

        scanner.scan(:ignore => options.ignore) do |result|
          vulnerable = true

          case result
          when Scanner::InsecureSource
            print_warning "Insecure Source URI found: #{result.source}"
          when Scanner::UnpatchedGem
            print_advisory result.gem, result.advisory
          end
        end

        if vulnerable
          say "Unpatched versions found!", :red
          exit 1
        else
          say "No unpatched versions found", :green
        end
      end

      desc 'update', 'Updates the ruby-advisory-db'
      def update
        say "Updating ruby-advisory-db ..."

        Database.update!
        puts "ruby-advisory-db: #{Database.new.size} advisories"
      end

      desc 'version', 'Prints the bundler-audit version'
      def version
        database = Database.new

        puts "#{File.basename($0)} #{VERSION} (advisories: #{database.size})"
      end

      protected

      def say(message="", color=nil)
        color = nil unless $stdout.tty?
        super(message.to_s, color)
      end

      def print_warning(message)
        say message, :yellow
      end

      def print_advisory(gem, advisory)
        print_affected_gem(gem)

        say "Advisory: ", :red
        say advisory.id

        say "Criticality: ", :red
        say *(CRITICALITY_MAP[advisory.criticality] || "Unknown")

        say "URL: ", :red
        say advisory.url

        print_advisory_details advisory
        print_advisory_solution advisory

        say
      end

    protected
      def print_affected_gem(gem)
        say "Name: ", :red
        say gem.name

        say "Version: ", :red
        say gem.version
      end

      def print_advisory_details(advisory)
        if options.verbose?
          say "Description:", :red
          say

          print_wrapped advisory.description, :indent => 2
          say
        else
          say "Title: ", :red
          say advisory.title
        end
      end

      def print_advisory_solution(advisory)
        unless advisory.patched_versions.empty?
          say "Solution: upgrade to ", :red
          say advisory.patched_versions.join(', ')
        else
          say "Solution: ", :red
          say "remove or disable this gem until a patch is available!", [:red, :bold]
        end
      end

      CRITICALITY_MAP = {
        :low    => ["Low"],
        :medium => ["Medium", :yellow],
        :high   => ["High", [:red, :bold]],
      }
    end
  end
end