# shellcheck shell=dash

___x_cmd_osv_vuln(){
    [ "$#" -gt 0 ] ||       set -- --help

    local format=app
    while [ $# -gt 0 ]; do
        case "$1" in
            -h|--help)      ___x_cmd help -m osv vuln;
                            return 0
                            ;;
            # TODO: List vulnerability databases supported by osv.dev
            # ls) ;;

            --yml)          format=yml;     shift 1;;
            --json)         format=json;    shift 1;;
            --raw)          format=raw;     shift 1;;
            --co|,)         shift;
                            X_CO_MSHOT_CMD="x osv vuln" ___x_cmd co --mshot "$@"
                            return
                            ;;
            --app)          format=app;     shift 1;;
            *)              break ;;
        esac
    done

    local id="$1"
    local x_
    ___x_cmd_osv_vuln___normalizeid_pat_ "$id" || N=osv M="Unsupported pattern -> $id" log:ret:64
    id="$x_"
    # id="$(___x_cmd_osv_vuln___normalizeid "$id")"

    ___x_cmd_osv_vuln___"$format" "$id"
}

___x_cmd_osv_vuln___app(){
    local ___X_CMD_JO_NAV_FINAL_COMMAND=
    local ___X_CMD_JO_NAV_KP=
    local ___X_CMD_JO_NAV_VALUE=
    ___x_cmd jo nav -- ___x_cmd osv vuln --raw "$@"

    osv:info --id "$@"
    local id=
    ___x_cmd ui select id "Next:"       \
        "output to the terminal in JSON format."  \
        "output to the terminal in YAML format."  \
        "browse page to view"                     \
        "return 1"                      || return 1
    case "$id" in
        1)      ___x_cmd_osv_vuln --json "$@"                    ;;
        2)      ___x_cmd_osv_vuln --yml  "$@"                    ;;
        3)      ___x_cmd open "https://osv.dev/vulnerability/$1" ;;
        *)      return 1                                         ;;
    esac
}

___x_cmd_osv_vuln___yml(){
    ___x_cmd_osv_vuln___raw "$@" | ___x_cmd j2y
}

___x_cmd_osv_vuln___json(){
    ___x_cmd_osv_vuln___raw "$@" | ___x_cmd jo fmt
}

___x_cmd_osv_vuln___raw(){
    ___x_cmd ccmd 1h -- ___x_cmd_osv_vuln___raw_ "$@"
}

# https://google.github.io/osv.dev/get-v1-vulns/
___x_cmd_osv_vuln___raw_(){
    local id="$1"
    ___x_cmd curl "https://api.osv.dev/v1/vulns/${id}" || return 1
}

# ___x_cmd_osv_vuln___normalizeid(){
#     ___x_cmd str upper "$1"
#     # Using case pattern is also OK ...
# }


# https://ossf.github.io/osv-schema/#id-modified-fields
# https://osv.dev/list?ecosystem=Android
___x_cmd_osv_vuln___normalizeid_pat_(){
    local tgt="$1"
    case "$tgt" in
        asb-a-*|ASB-A-*)        x_="ASB-A-${tgt#*-}"    ;;

        alsa-*|ALSA-*)          x_="ALSA-${tgt#*-}"     ;;
        alba-*|ALBA-*)          x_="ALBA-${tgt#*-}"     ;;
        alea-*|ALEA-*)          x_="ALEA-${tgt#*-}"     ;;

        bit-*|BIT-*)            x_="BIT-${tgt#*-}"      ;;

        curl-*|CURL-*)          x_="CURL-${tgt#*-}"     ;; # TODO

        cve-*|CVE-*)            x_="CVE-${tgt#*-}"      ;;

        dsa-*|DSA-*)            x_="DSA-${tgt#*-}"      ;;
        dla-*|DLA-*)            x_="DLA-${tgt#*-}"      ;;
        dtsa-*|DTSA-*)          x_="DTSA-${tgt#*-}"     ;;

        ghsa-*|GHSA-*)          x_="GHSA-${tgt#*-}"     ;;

        go-*|GO-*)              x_="GO-${tgt#*-}"       ;;

        gsd-*|GSD-*)            x_="GSD-${tgt#*-}"      ;;

        hsec-*|HSEC-*)          x_="HSEC-${tgt#*-}"     ;;
        lbsec-*|LBSEC-*)        x_="LBSEC-${tgt#*-}"    ;; # TODO
        mal-*|MAL-*)            x_="MAL-${tgt#*-}"      ;;

        osv-*|OSV-*)            x_="OSV-${tgt#*-}"      ;;

        phsa-*|PHSA-*)          x_="PHSA-${tgt#*-}"     ;; # TODO
        psf-*|PSF-*)            x_="PSF-${tgt#*-}"      ;;

        rlsa-*|RLSA-*)          x_="RLSA-${tgt#*-}"     ;;
        rxsa-*|RXSA-*)          x_="RXSA-${tgt#*-}"     ;;

        rsec-*|RSEC-*)          x_="RSEC-${tgt#*-}"     ;;

        rustsec-*|RUSTSEC-*)    x_="RUSTSEC-${tgt#*-}"  ;;

        usn-*|USN-*)            x_="USN-${tgt#*-}"      ;;
        *)                      return 1 ;;
    esac
}
