Add: The table scap.affected_products is filled for the new JSON feed.

This commit contains the filling of the table scap.affected_products and a small bug-fix for the CVE scan.
greenbone · Nov 7, 2024 · d225360 · d225360
1 parent a72ba1d
commit d225360
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -20511,7 +20511,7 @@ init_cpe_match_nodes_iterator (iterator_t* iterator, const char *criteria)
                  " JOIN scap.cpe_nodes_match_criteria c"
                  " ON n.id = c.node_id"
                  " JOIN scap.cpe_match_strings r"
-                 " ON c.match_criteria = r.match_criteria_id"
+                 " ON c.match_criteria_id = r.match_criteria_id"
                  " WHERE criteria like '%s%%';",
                  quoted_criteria);
   g_free (quoted_criteria);

diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
@@ -4043,6 +4043,31 @@ update_scap_cves ()
   return 0;
 }
 
+/**
+ * @brief Update SCAP affected products.
+ *
+ * Assume that the databases are attached.
+ *
+ * @return 0 success, -1 error.
+ */
+static int
+update_scap_affected_products ()
+{
+  g_info ("Updating affected products");
+
+  sql ("INSERT INTO scap2.affected_products"
+       "  SELECT DISTINCT scap2.cpe_match_nodes.cve_id, scap2.cpes.id"
+       "    FROM scap2.cpe_match_nodes, scap2.cpe_nodes_match_criteria,"
+       "         scap2.cpe_matches, scap2.cpes"
+       "    WHERE scap2.cpe_match_nodes.id = scap2.cpe_nodes_match_criteria.node_id"
+       "      AND scap2.cpe_nodes_match_criteria.vulnerable = 1"
+       "      AND scap2.cpe_nodes_match_criteria.match_criteria_id ="
+       "            scap2.cpe_matches.match_criteria_id"
+       "      AND scap2.cpe_matches.cpe_name_id = scap2.cpes.cpe_name_id;");
+
+  return 0;
+}
+
 /**
  * @brief Insert a SCAP CPE match string from JSON.
  *
@@ -5606,6 +5631,15 @@ update_scap (gboolean reset_scap_db)
       return -1;
     }
 
+  g_debug ("%s: update affected_products", __func__);
+  setproctitle ("Syncing SCAP: Updating affected products");
+
+  if (update_scap_affected_products () == -1)
+    {
+      abort_scap_update ();
+      return -1;
+    }
+
   g_debug ("%s: updating user defined data", __func__);
 
   g_debug ("%s: update epss", __func__);