From d22536008eb33e9f7b0a8a09209cfbf313c278f2 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 7 Nov 2024 16:23:10 +0100 Subject: [PATCH 1/2] Add: The table scap.affected_products is filled for the new JSON feed. This commit contains the filling of the table scap.affected_products and a small bug-fix for the CVE scan. --- src/manage_sql.c | 2 +- src/manage_sql_secinfo.c | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/manage_sql.c b/src/manage_sql.c index be266c79a..613775b10 100644 --- a/src/manage_sql.c +++ b/src/manage_sql.c @@ -20511,7 +20511,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria) " JOIN scap.cpe_nodes_match_criteria c" " ON n.id = c.node_id" " JOIN scap.cpe_match_strings r" - " ON c.match_criteria = r.match_criteria_id" + " ON c.match_criteria_id = r.match_criteria_id" " WHERE criteria like '%s%%';", quoted_criteria); g_free (quoted_criteria); diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index 4e6d3d6fc..ed4903771 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -4043,6 +4043,31 @@ update_scap_cves () return 0; } +/** + * @brief Update SCAP affected products. + * + * Assume that the databases are attached. + * + * @return 0 success, -1 error. + */ +static int +update_scap_affected_products () +{ + g_info ("Updating affected products"); + + sql ("INSERT INTO scap2.affected_products" + " SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id" + " FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria," + " scap2.cpe_matches, scap2.cpes" + " WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id" + " AND scap2.cpe_nodes_match_criteria.vulnerable = 1" + " AND scap2.cpe_nodes_match_criteria.match_criteria_id =" + " scap2.cpe_matches.match_criteria_id" + " AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;"); + + return 0; +} + /** * @brief Insert a SCAP CPE match string from JSON. * @@ -5606,6 +5631,15 @@ update_scap (gboolean reset_scap_db) return -1; } + g_debug ("%s: update affected_products", __func__); + setproctitle ("Syncing SCAP: Updating affected products"); + + if (update_scap_affected_products () == -1) + { + abort_scap_update (); + return -1; + } + g_debug ("%s: updating user defined data", __func__); g_debug ("%s: update epss", __func__); From b3ff0ab4d139f99cf8905d3bbaf4089661d1c2dd Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Mon, 11 Nov 2024 10:03:19 +0100 Subject: [PATCH 2/2] Small amendment. --- src/manage_sql_secinfo.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index ed4903771..fead001e6 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -4047,10 +4047,8 @@ update_scap_cves () * @brief Update SCAP affected products. * * Assume that the databases are attached. - * - * @return 0 success, -1 error. */ -static int +static void update_scap_affected_products () { g_info ("Updating affected products"); @@ -4064,8 +4062,6 @@ update_scap_affected_products () " AND scap2.cpe_nodes_match_criteria.match_criteria_id =" " scap2.cpe_matches.match_criteria_id" " AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;"); - - return 0; } /** @@ -5634,11 +5630,7 @@ update_scap (gboolean reset_scap_db) g_debug ("%s: update affected_products", __func__); setproctitle ("Syncing SCAP: Updating affected products"); - if (update_scap_affected_products () == -1) - { - abort_scap_update (); - return -1; - } + update_scap_affected_products (); g_debug ("%s: updating user defined data", __func__);