# frozen_string_literal: true

module GDK
  module Diagnostic
    class Firewall < Base
      TITLE = 'macOS firewall'

      def success?
        return true unless GDK::Telemetry.team_member?
        return true unless GDK::Machine.macos?

        firewall_disabled?
      end

      def detail
        return if success?

        <<~MESSAGE
          If you are using a managed firewall like SentinelOne or CrowdStrike, we
          recommend disabling the macOS firewall through Settings > Network > Firewall
          to prevent performance problems.
        MESSAGE
      end

      private

      def firewall_disabled?
        @firewall_state ||= GDK::Shellout.new(%w[/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate]).run

        @firewall_state.include?('State = 0')
      end
    end
  end
end