# Copyright (c) 2022 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details.
# frozen_string_literal: true

# This module is used to track propagation through ERB template rendering
module ERBPropagator
  class << self
    # After ERB#result method is called we need to take the tags to the target and keep the
    # propagation.
    #
    # @param patcher [Contrast::Agent::Assess::Policy::PolicyNode] the node that governs this event
    # @param preshift [Contrast::Agent::Assess::Preshift] Saved state before the propagation
    # @param ret [the Return of the invoked method]
    # @param _block [&block, nil] block passed
    def result_tagger patcher, preshift, ret, _block
      return unless preshift.args.length >= 1
      return unless (properties = Contrast::Agent::Assess::Tracker.properties!(ret))

      used_binding = preshift.args[0]
      binding_variable_set = used_binding.local_variables

      erb_pre_result = preshift.object.src
      parent_events = []
      binding_variable_set binding_variable_set, used_binding, erb_pre_result, properties, parent_events, ret
      properties.build_event(Contrast::Agent::Assess::Events::EventData.new(patcher,
                                                                            ret,
                                                                            preshift.object,
                                                                            ret,
                                                                            preshift.args), 1)
      properties.event.instance_variable_set(:@_parent_events, parent_events)

      ret
    end

    private

    # Checks if binded variables set includes the object we track and proceed to update tags in the returned value
    #
    # @param binding_variable_set [Array<Symbol>] list of local variables used in the binding of params
    # @param used_binding [Binding] the binding in of the current event, saved as preshift argument
    # @param erb_pre_result [String] the source saved in the preshift
    # @param properties [Contrast::Agent::Assess::Properties] properties of the target if none create new
    # @param parent_events [Array<Contrast::Agent::Assess::ContrastEvent>] parents event extracted from the source
    #                                                                      properties
    # @param ret [String] the Return of the invoked method
    # @return [Array<Symbol>]
    def binding_variable_set binding_variable_set, used_binding, erb_pre_result, properties, parent_events, ret
      binding_variable_set.each do |bound_var_symbol|
        bound_variable_value = used_binding.local_variable_get(bound_var_symbol)
        next unless Contrast::Agent::Assess::Tracker.tracked?(bound_variable_value)
        next unless erb_pre_result.include?(bound_var_symbol.to_s)

        start_index = ret.index(bound_variable_value)
        next if start_index.nil?

        properties.copy_from(bound_variable_value, ret, start_index)
        parent_event = Contrast::Agent::Assess::Tracker.properties(bound_variable_value)&.event
        parent_events << parent_event if parent_event
      end
    end
  end
end