#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Regenerates the toplevel .snyk file from the dependency-check-suppressions.xml found in this directory.
"""

import re
import os


script_dir = os.path.dirname(os.path.abspath(__file__))
with open(os.path.join(script_dir, "dependency-check-suppressions.xml"), "r") as f:
    xml_lines = [line.strip() for line in f.readlines()]

snyk_data = {"ignore": {}}

# Parse XML (keeping track of comments)
last_comment = None
i = 0
while i < len(xml_lines):
    # Detect XML comments (these contain the suppression reason)
    if xml_lines[i].startswith("<!--") and xml_lines[i].endswith("-->"):
        last_comment = xml_lines[i][4:-3].strip()

    # Collect CVE suppressions
    if "<suppress>" in xml_lines[i]:
        cve_ids = []
        packages = ''
        i += 1
        while i < len(xml_lines):
            if xml_lines[i].startswith("<!--") and xml_lines[i].endswith("-->"):
                last_comment = xml_lines[i][4:-3].strip() 
            if "<cve>" in xml_lines[i] and "</cve>" in xml_lines[i]:
                cve_ids.append(xml_lines[i].strip().replace("<cve>", "").replace("</cve>", "").strip())
            if "<packageUrl" in xml_lines[i] and "</packageUrl>" in xml_lines[i]:
                packages = re.sub(r'<packageUrl(?: regex="(?:true|false)")?>|</packageUrl>', '', xml_lines[i]).strip()
            if "</suppress>" in xml_lines[i]:
                break
            i += 1
        reason = (last_comment + " -- " + packages) if last_comment else "Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml"

        # Add suppressions
        for cve_id in cve_ids:
            snyk_data["ignore"][cve_id] = [{"reason": reason}]

        last_comment = None
    else:
        i += 1

with open(os.path.join(script_dir, "../.snyk"), "w") as snyk_file:
    snyk_file.write("# Snyk (https://snyk.io) policy file, provides ignores for known false positives.\n")
    snyk_file.write("# This file is autogenerated from .build/dependency-check-suppressions.xml\n")
    snyk_file.write("version: v1.25.0\n")
    snyk_file.write("ignore:\n")
    for cve_id, ignores in sorted(snyk_data["ignore"].items()):
        snyk_file.write("  {}:\n".format(cve_id))
        for ignore in ignores:
            snyk_file.write("    - reason: {}\n".format(ignore['reason']))