From 0def545e85cf17ed7b47d454b30b7c0ef63b126a Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 10 Dec 2024 09:44:12 +0100
Subject: [PATCH] Fix: Handle schemas in SCAP rebuild correctly
The SCAP rebuild will now use the "scap2" schema for the "cpe_matches"
table and create_view_vulns explicitly uses the "scap.cves".
This fixes the SCAP rebuild either not working at all for old, missing
or empty "scap" schemas or using using outdated CPE match data.
---
src/gmp.c | 4 +++-
src/manage.h | 2 +-
src/manage_pg.c | 2 +-
src/manage_sql.c | 7 +++++--
src/manage_sql_secinfo.c | 6 +++++-
5 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/src/gmp.c b/src/gmp.c
index 6648af6c8..b26378a66 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13367,7 +13367,9 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
vee ?: "");
iterator_t cpe_matches;
- init_cpe_match_string_matches_iterator (&cpe_matches, match_criteria_id);
+ init_cpe_match_string_matches_iterator (
+ &cpe_matches, match_criteria_id, NULL
+ );
xml_string_append (buffer, "<matched_cpes>");
while (next (&cpe_matches))
diff --git a/src/manage.h b/src/manage.h
index b7d7a3cee..680400a76 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1751,7 +1751,7 @@ int
cpe_match_string_iterator_vulnerable (iterator_t*);
void
-init_cpe_match_string_matches_iterator (iterator_t*, const char *);
+init_cpe_match_string_matches_iterator (iterator_t*, const char *, const char*);
const char*
cpe_matches_cpe_name_id (iterator_t*);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 56ea9f7e0..dfd272043 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1834,7 +1834,7 @@ create_view_vulns ()
" severity, "
G_STRINGIFY (QOD_DEFAULT) " AS qod,"
" 'cve' AS type"
- " FROM cves"
+ " FROM scap.cves"
" WHERE uuid in (SELECT * FROM used_nvts)");
else
sql ("CREATE OR REPLACE VIEW vulns AS"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 320a427ae..d24ac857b 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20661,15 +20661,18 @@ DEF_ACCESS (cpe_match_string_iterator_version_end_excl, 7);
*
* @param[in] iterator Iterator.
* @param[in] match_criteria_id The match criteria id to get the matches for.
+ * @param[in] schema Schema name, NULL for the default "scap".
*/
void
init_cpe_match_string_matches_iterator (iterator_t* iterator,
- const char *match_criteria_id)
+ const char *match_criteria_id,
+ const char *schema)
{
init_iterator (iterator,
"SELECT cpe_name_id, cpe_name"
- " FROM scap.cpe_matches"
+ " FROM %s.cpe_matches"
" WHERE match_criteria_id = '%s'",
+ schema ? schema : "scap",
match_criteria_id);
}
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index c80247780..37be2185f 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3500,7 +3500,11 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
if (vulnerable)
{
iterator_t cpe_matches;
- init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id);
+ init_cpe_match_string_matches_iterator (
+ &cpe_matches,
+ quoted_match_criteria_id,
+ "scap2"
+ );
while (next (&cpe_matches))
g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
cleanup_iterator (&cpe_matches);