From edea0be12345ca6e85571a5494af4233febf45e8 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 5 Mar 2024 15:18:36 +0100 Subject: [PATCH 1/4] Fix: Handle value of last_update and SCAP schema when feed update fails. --- src/manage_sql_secinfo.c | 108 ++++++++++++++++++++++++++++----------- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index 4911b73d8..4e69d5ab9 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -3427,38 +3427,15 @@ update_scap_placeholders () " WHERE cpe=cpes.id))" " WHERE cpes.title IS NULL;"); } - + /** - * @brief Finish scap update. - * - * @return 0 success, -1 error. + * @brief Update CERT data that depends on SCAP. */ -static int -update_scap_end () +static void +update_cert_data () { int cert_db_version; - g_debug ("%s: update timestamp", __func__); - - update_scap_timestamp (); - - /* Replace the real scap schema with the new one. */ - - if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" - " information_schema.schemata" - " WHERE schema_name = 'scap');")) - { - sql ("ALTER SCHEMA scap RENAME TO scap3;"); - sql ("ALTER SCHEMA scap2 RENAME TO scap;"); - sql ("DROP SCHEMA scap3 CASCADE;"); - /* View 'vulns' contains references into the SCAP schema, so it is - * removed by the CASCADE. */ - create_view_vulns (); - } - else - sql ("ALTER SCHEMA scap2 RENAME TO scap;"); - - /* Update CERT data that depends on SCAP. */ cert_db_version = manage_cert_db_version(); if (cert_db_version == -1) @@ -3490,6 +3467,39 @@ update_scap_end () update_cvss_dfn_cert (1, last_cert_update, last_scap_update); update_cvss_cert_bund (1, last_cert_update, last_scap_update); } +} + +/** + * @brief Finish scap update. + * + * @return 0 success, -1 error. + */ +static int +update_scap_end () +{ + g_debug ("%s: update timestamp", __func__); + + update_scap_timestamp (); + + /* Replace the real scap schema with the new one. */ + + if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" + " information_schema.schemata" + " WHERE schema_name = 'scap');")) + { + sql ("ALTER SCHEMA scap RENAME TO scap3;"); + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + sql ("DROP SCHEMA scap3 CASCADE;"); + /* View 'vulns' contains references into the SCAP schema, so it is + * removed by the CASCADE. */ + create_view_vulns (); + } + else + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + + /* Update CERT data that depends on SCAP. */ + + update_cert_data (); /* Analyze. */ @@ -3503,6 +3513,46 @@ update_scap_end () return 0; } +/** + * @brief Abort scap update. + */ +static void +abort_scap_update () +{ + g_debug ("%s: update timestamp", __func__); + + if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" + " information_schema.schemata" + " WHERE schema_name = 'scap');")) + { + update_scap_timestamp (); + sql ("UPDATE scap.meta SET value = " + " (SELECT value from scap2.meta WHERE name = 'last_update')" + " WHERE name = 'last_update';"); + sql ("DROP SCHEMA scap2 CASCADE;"); + /* View 'vulns' contains references into the SCAP schema, so it is + * removed by the CASCADE. */ + create_view_vulns (); + } + else + { + /* reset scap2 schema */ + manage_db_init ("scap"); + manage_db_init_indexes ("scap"); + manage_db_add_constraints ("scap"); + + update_scap_timestamp (); + + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + } + + /* Update CERT data that depends on SCAP. */ + update_cert_data (); + + g_info ("%s: Updating SCAP data aborted", __func__); + setproctitle ("Syncing SCAP: aborted"); +} + /** * @brief Try load the feed from feed CSV files. * @@ -3661,7 +3711,7 @@ update_scap (gboolean reset_scap_db) if (update_scap_cpes () == -1) { - update_scap_timestamp (); + abort_scap_update (); return -1; } @@ -3670,7 +3720,7 @@ update_scap (gboolean reset_scap_db) if (update_scap_cves () == -1) { - update_scap_timestamp (); + abort_scap_update (); return -1; } From 894a7197ff871505093cc0da35e44fa77ae69e79 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Tue, 5 Mar 2024 15:18:36 +0100 Subject: [PATCH 2/4] Fix: Handle value of last_update and SCAP schema when feed update fails. --- src/manage_sql_secinfo.c | 108 ++++++++++++++++++++++++++++----------- 1 file changed, 79 insertions(+), 29 deletions(-) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index bf1f26aa1..3e68d2b8a 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -3375,38 +3375,15 @@ update_scap_placeholders () " WHERE cpe=cpes.id))" " WHERE cpes.title IS NULL;"); } - + /** - * @brief Finish scap update. - * - * @return 0 success, -1 error. + * @brief Update CERT data that depends on SCAP. */ -static int -update_scap_end () +static void +update_cert_data () { int cert_db_version; - g_debug ("%s: update timestamp", __func__); - - update_scap_timestamp (); - - /* Replace the real scap schema with the new one. */ - - if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" - " information_schema.schemata" - " WHERE schema_name = 'scap');")) - { - sql ("ALTER SCHEMA scap RENAME TO scap3;"); - sql ("ALTER SCHEMA scap2 RENAME TO scap;"); - sql ("DROP SCHEMA scap3 CASCADE;"); - /* View 'vulns' contains references into the SCAP schema, so it is - * removed by the CASCADE. */ - create_view_vulns (); - } - else - sql ("ALTER SCHEMA scap2 RENAME TO scap;"); - - /* Update CERT data that depends on SCAP. */ cert_db_version = manage_cert_db_version(); if (cert_db_version == -1) @@ -3438,6 +3415,39 @@ update_scap_end () update_cvss_dfn_cert (1, last_cert_update, last_scap_update); update_cvss_cert_bund (1, last_cert_update, last_scap_update); } +} + +/** + * @brief Finish scap update. + * + * @return 0 success, -1 error. + */ +static int +update_scap_end () +{ + g_debug ("%s: update timestamp", __func__); + + update_scap_timestamp (); + + /* Replace the real scap schema with the new one. */ + + if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" + " information_schema.schemata" + " WHERE schema_name = 'scap');")) + { + sql ("ALTER SCHEMA scap RENAME TO scap3;"); + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + sql ("DROP SCHEMA scap3 CASCADE;"); + /* View 'vulns' contains references into the SCAP schema, so it is + * removed by the CASCADE. */ + create_view_vulns (); + } + else + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + + /* Update CERT data that depends on SCAP. */ + + update_cert_data (); /* Analyze. */ @@ -3451,6 +3461,46 @@ update_scap_end () return 0; } +/** + * @brief Abort scap update. + */ +static void +abort_scap_update () +{ + g_debug ("%s: update timestamp", __func__); + + if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" + " information_schema.schemata" + " WHERE schema_name = 'scap');")) + { + update_scap_timestamp (); + sql ("UPDATE scap.meta SET value = " + " (SELECT value from scap2.meta WHERE name = 'last_update')" + " WHERE name = 'last_update';"); + sql ("DROP SCHEMA scap2 CASCADE;"); + /* View 'vulns' contains references into the SCAP schema, so it is + * removed by the CASCADE. */ + create_view_vulns (); + } + else + { + /* reset scap2 schema */ + manage_db_init ("scap"); + manage_db_init_indexes ("scap"); + manage_db_add_constraints ("scap"); + + update_scap_timestamp (); + + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + } + + /* Update CERT data that depends on SCAP. */ + update_cert_data (); + + g_info ("%s: Updating SCAP data aborted", __func__); + setproctitle ("Syncing SCAP: aborted"); +} + /** * @brief Try load the feed from feed CSV files. * @@ -3609,7 +3659,7 @@ update_scap (gboolean reset_scap_db) if (update_scap_cpes () == -1) { - update_scap_timestamp (); + abort_scap_update (); return -1; } @@ -3618,7 +3668,7 @@ update_scap (gboolean reset_scap_db) if (update_scap_cves () == -1) { - update_scap_timestamp (); + abort_scap_update (); return -1; } From 1aea5e646fa726ce4bdc9c6642f14ac4daffd0e6 Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 7 Mar 2024 11:47:53 +0100 Subject: [PATCH 3/4] Some improvements. --- src/manage_sql_secinfo.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index bfe591db2..d45fc11df 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -3433,10 +3433,8 @@ update_cert_data () /** * @brief Finish scap update. - * - * @return 0 success, -1 error. */ -static int +static void update_scap_end () { g_debug ("%s: update timestamp", __func__); @@ -3471,8 +3469,6 @@ update_scap_end () g_info ("%s: Updating SCAP info succeeded", __func__); setproctitle ("Syncing SCAP: done"); - - return 0; } /** @@ -3499,9 +3495,21 @@ abort_scap_update () else { /* reset scap2 schema */ - manage_db_init ("scap"); - manage_db_init_indexes ("scap"); - manage_db_add_constraints ("scap"); + if (manage_db_init ("scap")) + { + g_warning ("%s: could not reset scap2 schema, db init failed", __func__); + return; + } + if (manage_db_init_indexes ("scap")) + { + g_warning ("%s: could not reset scap2 schema, init indexes failed", __func__); + return; + } + if (manage_db_add_constraints ("scap")) + { + g_warning ("%s: could not reset scap2 schema, add constrains failed", __func__); + return; + } update_scap_timestamp (); @@ -3574,7 +3582,8 @@ try_load_csv () return -1; } - return update_scap_end (); + update_scap_end (); + return 0; } return 1; } @@ -3701,7 +3710,8 @@ update_scap (gboolean reset_scap_db) update_scap_placeholders (); - return update_scap_end (); + update_scap_end (); + return 0; } /** From bf8b7842e657ef70c5d5db0b7ba71af33dd6f79e Mon Sep 17 00:00:00 2001 From: Johannes Helmold Date: Thu, 7 Mar 2024 15:54:03 +0100 Subject: [PATCH 4/4] One more improvement. --- src/manage_sql_secinfo.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c index d45fc11df..0a2d90cc7 100644 --- a/src/manage_sql_secinfo.c +++ b/src/manage_sql_secinfo.c @@ -3491,6 +3491,8 @@ abort_scap_update () /* View 'vulns' contains references into the SCAP schema, so it is * removed by the CASCADE. */ create_view_vulns (); + /* Update CERT data that depends on SCAP. */ + update_cert_data (); } else { @@ -3498,27 +3500,27 @@ abort_scap_update () if (manage_db_init ("scap")) { g_warning ("%s: could not reset scap2 schema, db init failed", __func__); - return; } - if (manage_db_init_indexes ("scap")) + else if (manage_db_init_indexes ("scap")) { g_warning ("%s: could not reset scap2 schema, init indexes failed", __func__); - return; } - if (manage_db_add_constraints ("scap")) + else if (manage_db_add_constraints ("scap")) { g_warning ("%s: could not reset scap2 schema, add constrains failed", __func__); - return; } - update_scap_timestamp (); - - sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + if (sql_int ("SELECT EXISTS (SELECT schema_name FROM" + " information_schema.schemata" + " WHERE schema_name = 'scap2');")) + { + update_scap_timestamp (); + sql ("ALTER SCHEMA scap2 RENAME TO scap;"); + /* Update CERT data that depends on SCAP. */ + update_cert_data (); + } } - /* Update CERT data that depends on SCAP. */ - update_cert_data (); - g_info ("%s: Updating SCAP data aborted", __func__); setproctitle ("Syncing SCAP: aborted"); }