// Copyright 2017 clair authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package database

import (
	"database/sql/driver"
	"errors"
	"strings"
)

// ErrFailedToParseSeverity is the error returned when a severity could not
// be parsed from a string.
var ErrFailedToParseSeverity = errors.New("failed to parse Severity from input")

// Severity defines a standard scale for measuring the severity of a
// vulnerability.
type Severity string

const (
	// UnknownSeverity is either a security problem that has not been assigned to
	// a priority yet or a priority that our system did not recognize.
	UnknownSeverity Severity = "Unknown"

	// NegligibleSeverity is technically a security problem, but is only
	// theoretical in nature, requires a very special situation, has almost no
	// install base, or does no real damage. These tend not to get backport from
	// upstream, and will likely not be included in security updates unless
	// there is an easy fix and some other issue causes an update.
	NegligibleSeverity Severity = "Negligible"

	// LowSeverity is a security problem, but is hard to exploit due to
	// environment, requires a user-assisted attack, a small install base, or
	// does very little damage.  These tend to be included in security updates
	// only when higher priority issues require an update, or if many low
	// priority issues have built up.
	LowSeverity Severity = "Low"

	// MediumSeverity is a real security problem, and is exploitable for many
	// people.  Includes network daemon denial of service attacks, cross-site
	// scripting, and gaining user privileges.  Updates should be made soon for
	// this priority of issue.
	MediumSeverity Severity = "Medium"

	// HighSeverity is a real problem, exploitable for many people in a default
	// installation. Includes serious remote denial of services, local root
	// privilege escalations, or data loss.
	HighSeverity Severity = "High"

	// CriticalSeverity is a world-burning problem, exploitable for nearly all
	// people in a default installation of Linux. Includes remote root privilege
	// escalations, or massive data loss.
	CriticalSeverity Severity = "Critical"

	// Defcon1Severity is a Critical problem which has been manually highlighted
	// by the team. It requires an immediate attention.
	Defcon1Severity Severity = "Defcon1"
)

// Severities lists all known severities, ordered from lowest to highest.
var Severities = []Severity{
	UnknownSeverity,
	NegligibleSeverity,
	LowSeverity,
	MediumSeverity,
	HighSeverity,
	CriticalSeverity,
	Defcon1Severity,
}

// NewSeverity attempts to parse a string into a standard Severity value.
func NewSeverity(s string) (Severity, error) {
	for _, ss := range Severities {
		if strings.EqualFold(s, string(ss)) {
			return ss, nil
		}
	}

	return UnknownSeverity, ErrFailedToParseSeverity
}

// Compare determines the equality of two severities.
//
// If the severities are equal, returns 0.
// If the receiver is less, returns -1.
// If the receiver is greater, returns 1.
func (s Severity) Compare(s2 Severity) int {
	var i1, i2 int

	for i1 = 0; i1 < len(Severities); i1 = i1 + 1 {
		if s == Severities[i1] {
			break
		}
	}
	for i2 = 0; i2 < len(Severities); i2 = i2 + 1 {
		if s2 == Severities[i2] {
			break
		}
	}

	return i1 - i2
}

// Scan implements the database/sql.Scanner interface.
func (s *Severity) Scan(value interface{}) error {
	val, ok := value.([]byte)
	if !ok {
		return errors.New("could not scan a Severity from a non-string input")
	}

	var err error
	*s, err = NewSeverity(string(val))
	if err != nil {
		return err
	}

	return nil
}

// Value implements the database/sql/driver.Valuer interface.
func (s Severity) Value() (driver.Value, error) {
	return string(s), nil
}

// Valid checks if the severity is valid or not.
func (s Severity) Valid() bool {
	for _, v := range Severities {
		if s == v {
			return true
		}
	}
	return false
}