From edc6448c08fd11768833f6e3164f7e96e339f5a8 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Fri, 8 Mar 2024 17:36:52 +0100 Subject: [PATCH] Fix: Improved the SQL for the selection of the delta report results. --- src/manage_sql.c | 50 ++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index 7f5182670..93284576a 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -27930,23 +27930,41 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta, "nvts_cols"); extra_with = g_strdup_printf(" comparison AS (" - " WITH r1 as (SELECT results.id, description, host, report, port," + " WITH r1a as (SELECT results.id, description, host, report, port," " severity, nvt, results.qod, results.uuid, hostname," " path, r1_lateral.new_severity as new_severity " " FROM results " - " LEFT JOIN (SELECT cvss_base, oid AS nvts_oid from nvts)" + " LEFT JOIN (SELECT cvss_base, oid AS nvts_oid FROM nvts)" " AS nvts_cols" " ON nvts_cols.nvts_oid = results.nvt" " %s, LATERAL %s AS r1_lateral" " WHERE report = %llu)," - " r2 as (SELECT results.*, r2_lateral.new_severity AS new_severity" + " r2a as (SELECT results.*, r2_lateral.new_severity AS new_severity" " FROM results" - " LEFT JOIN (SELECT cvss_base, oid AS nvts_oid from nvts)" + " LEFT JOIN (SELECT cvss_base, oid AS nvts_oid FROM nvts)" " AS nvts_cols" " ON nvts_cols.nvts_oid = results.nvt" " %s, LATERAL %s AS r2_lateral" - " WHERE report = %llu)" - " SELECT r1.id AS result1_id," + " WHERE report = %llu)," + " r1 as (SELECT DISTINCT ON (r1a.id) r1a.*, r2a.id as r2id, row_number() over w1 as r1_rank" + " FROM r1a LEFT JOIN r2a ON r1a.host = r2a.host" + " AND normalize_port(r1a.port) = normalize_port(r2a.port)" + " AND r1a.nvt = r2a.nvt " + " AND (r1a.new_severity = 0) = (r2a.new_severity = 0)" + " AND (r1a.description = r2a.description)" + " WINDOW w1 AS (PARTITION BY r1a.host, normalize_port(r1a.port)," + " r1a.nvt, r1a.new_severity = 0, r2a.id is null ORDER BY r2a.id)" + " ORDER BY r1a.id)," + " r2 as (SELECT DISTINCT ON (r2a.id) r2a.*, r1a.id as r1id, row_number() over w2 as r2_rank" + " FROM r2a LEFT JOIN r1a ON r2a.host = r1a.host" + " AND normalize_port(r2a.port) = normalize_port(r1a.port)" + " AND r2a.nvt = r1a.nvt " + " AND (r2a.new_severity = 0) = (r1a.new_severity = 0)" + " AND (r2a.description = r1a.description)" + " WINDOW w2 AS (PARTITION BY r2a.host, normalize_port(r2a.port)," + " r2a.nvt, r2a.new_severity = 0, r1a.id is null ORDER BY r1a.id)" + " ORDER BY r2a.id)" + " (SELECT r1.id AS result1_id," " r2.id AS result2_id," " compare_results(" " r1.description," @@ -27972,7 +27990,7 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta, " r2.path AS delta_path," " r2.host AS delta_host," RESULT_HOSTNAME_SQL("r2.hostname", "r2.host", "r2.report") - " AS delta_hostname," + " AS delta_hostname," " r2.nvt_version AS delta_nvt_version" " FROM r1" " FULL OUTER JOIN r2" @@ -27980,20 +27998,10 @@ init_v2_delta_iterator (report_t report, iterator_t *results, report_t delta, " AND normalize_port(r1.port) = normalize_port(r2.port)" " AND r1.nvt = r2.nvt " " AND (r1.new_severity = 0) = (r2.new_severity = 0)" - " AND (r1.description = r2.description" - " OR NOT EXISTS (SELECT * FROM r2" - " WHERE r1.description = r2.description" - " AND r1.host = r2.host" - " AND normalize_port(r1.port) = normalize_port(r2.port)" - " AND r1.nvt = r2.nvt" - " AND (r1.new_severity = 0) = (r2.new_severity = 0))" - " OR NOT EXISTS (SELECT * FROM r1" - " WHERE r1.description = r2.description" - " AND r1.host = r2.host" - " AND normalize_port(r1.port) = normalize_port(r2.port)" - " AND r1.nvt = r2.nvt" - " AND (r1.new_severity = 0) = (r2.new_severity = 0)))" - " )", + " AND ((r1id IS NULL AND r2id IS NULL) OR" + " r2id = r2.id OR r1id = r1.id)" + " AND r1_rank = r2_rank" + " ) ) ", opts_tables, with_lateral, report,