Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SQL errors in SCAP and CERT update (20.08) #1343

Merged
merged 6 commits into from
Nov 4, 2020
Merged

Fix SQL errors in SCAP and CERT update (20.08) #1343

merged 6 commits into from
Nov 4, 2020

Conversation

timopollmeier
Copy link
Member

@timopollmeier timopollmeier commented Nov 3, 2020
edited
Loading

What:

  • The update of the CVSS score for CERT advisories is only run when the SCAP schema also exists
  • Schema prefixes for tables are added to SCAP and CERT alert checks

Why:
This fixes two SQL errors that could when updating the SCAP and CERT data:

  • If the CERT update finishes without the SCAP schema existing, e.g. during the first update, the error would be the scap.cves table not existing.
  • If the SCAP and CERT alert checks are run after the update, the search_path may only include the default schema, so tables like cves are not found without a prefix (scap.).

How:
Tested by stopping gvmd, dropping the schemas cert and scap, then restarting gvmd to make it rebuild both schemas.

Checklist:

@timopollmeier
Fix condition for updating CVSS in sync_cert
6106537 
The CVSS values are only updated if the SCAP schema exists.
@timopollmeier
Make schema explicit in SCAP and CERT alert checks
20cde3e 
To avoid errors from tables not being found, the SQL in the functions
to check for new or updated SCAP and CERT data now uses schema prefixes.
@timopollmeier
Add SCAP/CERT update SQL fixes to CHANGELOG
e487fb0
@timopollmeier timopollmeier marked this pull request as ready for review November 3, 2020 16:32
mattmundell
mattmundell requested changes Nov 3, 2020
View reviewed changes
src/manage_sql_secinfo.c Outdated Show resolved Hide resolved
@cfi-gb
Copy link
Member

cfi-gb commented Nov 4, 2020

I guess this also replaces (at least parts or) #1295 ? Maybe worth to have a look at the PR.

@timopollmeier
Move last_scap_update declaration in sync_cert
db3a906 
The variable is only used within an if block, so its scope can be
reduced accordingly.
@timopollmeier
Add debug message to sync_cert
fc53de6 
To make the behavior more consistent with the SCAP sync the debug
output now also contains last_cert_update.
@timopollmeier
Copy link
Member Author

I guess this also replaces (at least parts or) #1295 ? Maybe worth to have a look at the PR.

Yes, there is some overlap but #1295 also changes some other table selections in the SQL.

@mattmundell mattmundell merged commit f46187a into greenbone:gvmd-20.08 Nov 4, 2020
@mattmundell mattmundell mentioned this pull request Jan 25, 2021
Closed
2 tasks
@austinsonger austinsonger mentioned this pull request Mar 8, 2021
Closed
@timopollmeier timopollmeier deleted the secinfo-update-fix-20.08 branch October 15, 2021 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattmundell mattmundell mattmundell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@timopollmeier @cfi-gb @mattmundell