import { PolicyValidator } from './src';
import { parsePolicyV2 } from '@nihal1983/core';
import { PRContext } from './src/types';
import * as fs from 'fs';
import * as path from 'path';

describe('Vulnerable Code Pattern Detection', () => {
  const policyPath = path.join(__dirname, 'test-scenarios', 'CODE-POLICY.md');

  // Skip if policy file doesn't exist
  if (!fs.existsSync(policyPath)) {
    console.warn('⚠️ Test policy not found. Skipping vulnerable code test.');
    it('should skip test', () => { expect(true).toBe(true); });
    return;
  }

  const vulnerableCode = `var { Client } = require('pg')
var express = require("express");

var port = 8080;

var client = new Client({
  user: "postgres",
  password: "mysecretpassword",  // HARDCODED PASSWORD
  host: "localhost",
  port: 5432,
  database: "postgres",
})
client.connect()

var main = async () => {
  await client.query(\`
    create table if not exists users
    (
        id       serial constraint users_pk primary key,
        email    text not null,
        name     text not null,
        password text
    );
  \`)

  var app = express();

  app.get('/user/:id', async function (req, res) {
    try {
      // SQL INJECTION - string interpolation
      var user = await client.query(\`select *
                                     from users
                                     where id = \${req.params.id}\`)
      res.send(user.rows[0]);  // Returns ALL fields including password
    } catch (e) {
      res.send({ "error": e.message });
    }
  })

  app.listen(port);
}

main()`;

  it('should detect security violations in vulnerable code', async () => {
    const policyContent = fs.readFileSync(policyPath, 'utf-8');
    const parseResult = parsePolicyV2(policyContent);
    expect(parseResult.success).toBe(true);

    const validator = new PolicyValidator(parseResult.policy!);

    const context: PRContext = {
      pr: {
        number: 1,
        title: 'feat: add user API endpoint',
        description: `
## What Changed
Added user lookup endpoint

## Why
Users need to query user data. Ticket: PB-999

## Testing
Tested locally with curl
                `,
        branch: 'feature/user-api'
      },
      ticket: {
        id: '10999',
        key: 'PB-999',
        summary: 'Add user API',
        description: 'Add endpoint for user lookup',
        type: 'Feature',
        status: 'In Progress',
        priority: 'Medium',
        fields: {},
        acceptanceCriteria: [],
        labels: []
      },
      files: [
        {
          path: 'src/index.ts',
          status: 'added',
          content: vulnerableCode,
          additions: 50,
          deletions: 0
        }
      ]
    };

    const result = await validator.validate(context);

    expect(result.status).toBeDefined();
    expect(result.violations).toBeDefined();

    // Should detect at least one security violation
    if (result.violations.length === 0) {
      console.log('No violations found. Result:', JSON.stringify(result, null, 2));
    }
    expect(result.violations.length).toBeGreaterThan(0);
  });
});