#!/usr/local/cpanel/3rdparty/bin/perl

#                                      Copyright 2025 WebPros International, LLC
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited.
package bin::vulnerability_check_completed;

use cPstrict;

=encoding utf-8

=head1 NAME

vulnerability-check-completed - Send a vulnerability scan complete event to the SSE stream.

=head1 USAGE

vulnerability-check-completed --instance-id <instance-id> --site-path <site-path> --old-vulnerabilities <old-vulnerabilities> --new-vulnerabilities <new-vulnerabilities>

=head1 DESCRIPTION

This script is used to send a vulnerability scan complete event to the SSE stream. It takes the following arguments:

=over

=item --instance-id <instance-id>

The instance ID the vulnerability scan was performed on.

=item --site-path <site-path>

The site path of the instance.

=item --old-vulnerabilities <old-vulnerabilities>

The old vulnerabilities found during the scan.

=item --new-vulnerabilities <new-vulnerabilities>

The new vulnerabilities found during the scan.

=item --help

Display this help message.

=back

=head1 EXAMPLE

vulnerability-check-completed --instance-id 12345 --site-path /home/user/public_html --old-vulnerabilities "CVE-2021-1234,CVE-2021-5678" --new-vulnerabilities "CVE-2022-1234,CVE-2022-5678"

=cut

use Getopt::Long ();

use Cpanel::AccessIds       ();
use Cpanel::User::SSEEvents ();

our $DEBUG     = 0;
our $DEBUG_LOG = '/var/cpanel/logs/vulnerability-check-completed.log';

exit run() unless caller;

sub run () {

    if ($DEBUG) {
        open my $log, '>>', $DEBUG_LOG or die "Could not open log file: $!";
        print {$log} _time() . " Script invoked with the following parameters:\n";
        print {$log} ( _time() . " $_\n" ) for @ARGV;
        close $log;
    }

    my ( $help, $instance_id, $site_path, $old_vulnerabilities, $new_vulnerabilities );

    Getopt::Long::GetOptions(
        "instance-id=i"         => \$instance_id,
        "site-path=s"           => \$site_path,
        "old-vulnerabilities=s" => \$old_vulnerabilities,
        "new-vulnerabilities=s" => \$new_vulnerabilities,
        "help"                  => \$help,
    );

    my @missing;
    push @missing, 'instance-id' unless length $instance_id;
    push @missing, 'site-path'   unless length $site_path;

    if ( $help || @missing ) {
        require Cpanel::SafeRun::Object;
        _say( Cpanel::SafeRun::Object->new_or_die( program => "$^Xdoc", args => [ '-T', $0 ] )->stdout() );
        return 1;
    }

    $old_vulnerabilities = [ split( ',', $old_vulnerabilities // "" ) ];
    $new_vulnerabilities = [ split( ',', $new_vulnerabilities // "" ) ];

    my ($user) = ( split( '/', $site_path ) )[2];

    Cpanel::AccessIds::do_as_user(
        $user,
        sub {

            my $db = Cpanel::User::SSEEvents->new();

            $db->add_event(
                'vulnerability_scan_complete',
                {
                    instance_id         => $instance_id,
                    old_vulnerabilities => $old_vulnerabilities,
                    new_vulnerabilities => $new_vulnerabilities,
                }
            );

        }
    );

    return 0;
}

# For mocking
sub _say ($msg) {
    say $msg;
    return;
}

sub _time () {
    return scalar localtime();
}

1;
