#!/usr/bin/env perl

# $Id: check-updates,v 1.7 2009/01/15 13:21:21 thoger Exp $
# Dump what's VULNERABLE, but been subject to an update
# Lubomir Kundrak <lkundrak@redhat.com>

#use warnings;
use strict;

use Libexig::Audit;
use Libexig::Bodhi;

use Data::Dumper;

my $debug= 1; 

# Parse the audit file
my $audit = new Libexig::Audit ({file => $ARGV[0]});

foreach my $entry (@{$audit->{audit}}) {
	$entry->{'status'} eq 'VULNERABLE' or next;

	# Check if we have some info to compare against
	if (!defined($entry->{'bug'})  &&  !defined($entry->{'since'})) {
		next;
	}

	if ($debug) {
		print "Checking... $entry->{'cve'} $entry->{'component'}";
		if (defined($entry->{'bug'})) {
			print " #$entry->{'bug'}";
		}
		if (defined($entry->{'since'})) {
			print " [since $entry->{'since'}]";
		}
		print "\n";
	}

	# Figure out if since is update id or nvr
	my ($update_nvr, $update_id);
	if (defined($entry->{'since'})) {
		if ($entry->{'since'} =~ /^FEDORA-/) {
			$update_id= $entry->{'since'};
		} else {
			$update_nvr= $entry->{'since'};
		}
	}

	# Go through the updates
	foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) {
		# pre-process update info structure for easier look-up
		map {
			$u->{'_bugs_hash'}->{$_->{'bz_id'}}= $_
			} @{ $u->{'bugs'} };
		map {
			$u->{'_builds_hash'}->{$_->{'package'}->{'name'}}->{$_->{'nvr'}}= $_
			} @{ $u->{'builds'} };

		if (
			# See if the VULNERABLE bug was referenced by an update	
			(defined($entry->{'bug'})  &&
			 defined($u->{'_bugs_hash'}->{$entry->{'bug'}}) )  ||

			# See if since Update ID was found
			(defined($update_id)  &&
			 defined($u->{'updateid'})  &&
			 $u->{'updateid'} eq $update_id )  ||

			# See if since NVR was found
			# TODO: check also higher NVRs to deal with obsoleted update requests?
			(defined($update_nvr)  &&
			 defined($u->{'_builds_hash'}->{$entry->{'component'}})  &&
			 defined($u->{'_builds_hash'}->{$entry->{'component'}}->{$update_nvr}) )
			) {
			;		# update was found, do nothing
		} else {
			next;	# try next update
		}

		if ($debug) {
			print "  -> Found: ", keys(%{ $u->{'_builds_hash'}->{$entry->{'component'}} });
			if (defined($u->{'updateid'})) {
				print " ($u->{'updateid'})";
			}
		}
		
		# Modify the line accordingly
		if ($u->{'status'} eq 'stable') {
			$entry->{'status'}= 'fixed';
			$entry->{'since'}= $u->{'updateid'};
		}
		Libexig::Audit::update_entry ($entry);

		if ($debug) {
			print " - status: $u->{'status'}\n";
		}

		last;
	};
}

$audit->save;