Merge pull request #1321 from mattmundell/predecide-override-severity

In result iterator access severity directly if possible
greenbone · Oct 14, 2020 · 5f759f7 · 5f759f7
2 parents a98bd26 + a41d969
commit 5f759f7
Show file tree

Hide file tree

Showing 4 changed files with 193 additions and 74 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Changed
 - Move EXE credential generation to a Python script [#1260](https://github.com/greenbone/gvmd/pull/1260) [#1262](https://github.com/greenbone/gvmd/pull/1262)
 - Clarify documentation for --scan-host parameter [#1277](https://github.com/greenbone/gvmd/pull/1277)
+- In result iterator access severity directly if possible [#1321](https://github.com/greenbone/gvmd/pull/1321)
 
 ### Fixed
 - Use GMP version with leading zero for feed dirs [#1287](https://github.com/greenbone/gvmd/pull/1287)

diff --git a/src/manage_pg.c b/src/manage_pg.c
@@ -2711,37 +2711,28 @@ create_tables ()
   g_free (owned_clause);
 
   sql ("CREATE OR REPLACE VIEW result_new_severities AS"
-       "  SELECT results.id as result, users.id as user, dynamic, override,"
+       "  SELECT results.id as result, users.id as user, dynamic, 1 AS override,"
        "    CASE WHEN dynamic != 0 THEN"
-       "      CASE WHEN override != 0 THEN"
-       "        coalesce ((SELECT ov_new_severity FROM result_overrides"
-       "                   WHERE result = results.id"
-       "                     AND result_overrides.user = users.id"
-       "                     AND severity_matches_ov"
-       "                           (current_severity (results.severity,"
-       "                                              results.nvt),"
-       "                            ov_old_severity)"
-       "                   LIMIT 1),"
-       "                  current_severity (results.severity, results.nvt))"
-       "      ELSE"
-       "        current_severity (results.severity, results.nvt)"
-       "      END"
+       "      coalesce ((SELECT ov_new_severity FROM result_overrides"
+       "                 WHERE result = results.id"
+       "                   AND result_overrides.user = users.id"
+       "                   AND severity_matches_ov"
+       "                         (current_severity (results.severity,"
+       "                                            results.nvt),"
+       "                          ov_old_severity)"
+       "                 LIMIT 1),"
+       "                current_severity (results.severity, results.nvt))"
        "    ELSE"
-       "      CASE WHEN override != 0 THEN"
-       "        coalesce ((SELECT ov_new_severity FROM result_overrides"
-       "                   WHERE result = results.id"
-       "                     AND result_overrides.user = users.id"
-       "                     AND severity_matches_ov"
-       "                           (results.severity,"
-       "                            ov_old_severity)"
-       "                   LIMIT 1),"
-       "                  results.severity)"
-       "      ELSE"
-       "        results.severity"
-       "      END"
+       "      coalesce ((SELECT ov_new_severity FROM result_overrides"
+       "                 WHERE result = results.id"
+       "                   AND result_overrides.user = users.id"
+       "                   AND severity_matches_ov"
+       "                         (results.severity,"
+       "                          ov_old_severity)"
+       "                 LIMIT 1),"
+       "                results.severity)"
        "    END AS new_severity"
        "  FROM results, users,"
-       "  (SELECT 0 AS override UNION SELECT 1 AS override) AS override_opts,"
        "  (SELECT 0 AS dynamic UNION SELECT 1 AS dynamic) AS dynamic_opts;");
 
   sql ("CREATE OR REPLACE VIEW tls_certificate_source_origins AS"

diff --git a/src/manage_sql.c b/src/manage_sql.c
@@ -21432,7 +21432,7 @@ where_qod (int min_qod)
 /**
  * @brief Result iterator columns.
  */
-#define BASE_RESULT_ITERATOR_COLUMNS                                          \
+#define PRE_BASE_RESULT_ITERATOR_COLUMNS(new_severity_sql)                    \
     { "results.id", NULL, KEYWORD_TYPE_INTEGER },                             \
     { "results.uuid", NULL, KEYWORD_TYPE_STRING },                            \
     { "nvts.name",                                                            \
@@ -21455,12 +21455,7 @@ where_qod (int min_qod)
     { "port", "location", KEYWORD_TYPE_STRING },                              \
     { "nvt", NULL, KEYWORD_TYPE_STRING },                                     \
     { "severity_to_type (severity)", "original_type", KEYWORD_TYPE_STRING },  \
-    { "severity_to_type ((SELECT new_severity FROM result_new_severities"     \
-      "                  WHERE result_new_severities.result = results.id"     \
-      "                  AND result_new_severities.user = opts.user_id"       \
-      "                  AND result_new_severities.override = opts.override"  \
-      "                  AND result_new_severities.dynamic = opts.dynamic"    \
-      "                  LIMIT 1))",                                          \
+    { "severity_to_type (" new_severity_sql ")",                              \
       "type",                                                                 \
       KEYWORD_TYPE_STRING },                                                  \
     { "description", NULL, KEYWORD_TYPE_STRING },                             \
@@ -21471,12 +21466,7 @@ where_qod (int min_qod)
       KEYWORD_TYPE_DOUBLE },                                                  \
     { "nvt_version", NULL, KEYWORD_TYPE_STRING },                             \
     { "severity", "original_severity", KEYWORD_TYPE_DOUBLE },                 \
-    { "(SELECT new_severity FROM result_new_severities"                       \
-      " WHERE result_new_severities.result = results.id"                      \
-      " AND result_new_severities.user = opts.user_id"                        \
-      " AND result_new_severities.override = opts.override"                   \
-      " AND result_new_severities.dynamic = opts.dynamic"                     \
-      " LIMIT 1)",                                                            \
+    { new_severity_sql,                                                       \
       "severity",                                                             \
       KEYWORD_TYPE_DOUBLE },                                                  \
     { "nvts.name",                                                            \
@@ -21576,6 +21566,30 @@ where_qod (int min_qod)
       NULL,                                                                   \
       KEYWORD_TYPE_STRING },
 
+/**
+ * @brief Result iterator columns.
+ */
+#define BASE_RESULT_ITERATOR_COLUMNS                                          \
+  PRE_BASE_RESULT_ITERATOR_COLUMNS("results.severity")
+
+/**
+ * @brief Result iterator columns.
+ */
+#define BASE_RESULT_ITERATOR_COLUMNS_D                                        \
+  PRE_BASE_RESULT_ITERATOR_COLUMNS("current_severity (results.severity,"      \
+                                   "                  results.nvt)")
+
+/**
+ * @brief Result iterator columns.
+ */
+#define BASE_RESULT_ITERATOR_COLUMNS_OD                                       \
+  PRE_BASE_RESULT_ITERATOR_COLUMNS("(SELECT new_severity"                     \
+      " FROM result_new_severities"                                           \
+      " WHERE result_new_severities.result = results.id"                      \
+      " AND result_new_severities.user = opts.user_id"                        \
+      " AND result_new_severities.dynamic = opts.dynamic"                     \
+      " LIMIT 1)")
+
 /**
  * @brief Result iterator columns.
  */
@@ -21591,6 +21605,36 @@ where_qod (int min_qod)
     { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
   }
 
+/**
+ * @brief Result iterator columns.
+ */
+#define RESULT_ITERATOR_COLUMNS_D                                             \
+  {                                                                           \
+    BASE_RESULT_ITERATOR_COLUMNS_D                                            \
+    { SECINFO_SQL_RESULT_CERT_BUNDS,                                          \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { SECINFO_SQL_RESULT_DFN_CERTS,                                           \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
+  }
+
+/**
+ * @brief Result iterator columns.
+ */
+#define RESULT_ITERATOR_COLUMNS_OD                                            \
+  {                                                                           \
+    BASE_RESULT_ITERATOR_COLUMNS_OD                                           \
+    { SECINFO_SQL_RESULT_CERT_BUNDS,                                          \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { SECINFO_SQL_RESULT_DFN_CERTS,                                           \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
+  }
+
 /**
  * @brief Result iterator columns, when CERT db is not loaded.
  */
@@ -21606,6 +21650,36 @@ where_qod (int min_qod)
     { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
   }
 
+/**
+ * @brief Result iterator columns, when CERT db is not loaded.
+ */
+#define RESULT_ITERATOR_COLUMNS_D_NO_CERT                                     \
+  {                                                                           \
+    BASE_RESULT_ITERATOR_COLUMNS_D                                            \
+    { "0",                                                                    \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { "0",                                                                    \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
+  }
+
+/**
+ * @brief Result iterator columns, when CERT db is not loaded.
+ */
+#define RESULT_ITERATOR_COLUMNS_OD_NO_CERT                                    \
+  {                                                                           \
+    BASE_RESULT_ITERATOR_COLUMNS_OD                                           \
+    { "0",                                                                    \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { "0",                                                                    \
+      NULL,                                                                   \
+      KEYWORD_TYPE_INTEGER },                                                 \
+    { NULL, NULL, KEYWORD_TYPE_UNKNOWN }                                      \
+  }
+
 /**
  * @brief Generate the extra_tables string for a result iterator.
  *
@@ -21662,6 +21736,37 @@ result_iterator_opts_table (int override, int dynamic)
   return ret;
 }
 
+/**
+ * @brief Get new severity clause.
+ *
+ * @param[in]  apply_overrides  Whether to apply overrides.
+ * @param[in]  dynamic_severity Whether to use dynamic severity.
+ *
+ * @return Newly allocated clause.
+ */
+static gchar*
+new_severity_clause (int apply_overrides, int dynamic_severity)
+{
+  if (apply_overrides)
+    /* Overrides, maybe dynamic. */
+    return g_strdup_printf ("(SELECT new_severity FROM result_new_severities"
+                            " WHERE result_new_severities.result = results.id"
+                            " AND result_new_severities.user"
+                            "     = (SELECT id FROM users WHERE uuid = '%s')"
+                            " AND dynamic = %d"
+                            " LIMIT 1)",
+                            current_credentials.uuid,
+                            dynamic_severity);
+
+  if (dynamic_severity)
+    /* Dynamic, no overrides. */
+    return g_strdup ("current_severity (results.severity,"
+                     "                  results.nvt)");
+
+  /* No dynamic, no overrides. */
+  return g_strdup ("results.severity");
+}
+
 /**
  * @brief Get extra_where string for a result iterator or count.
  *
@@ -21694,17 +21799,7 @@ results_extra_where (int trash, report_t report, const gchar* host,
 
   // Build clause fragments
 
-  new_severity_sql
-    = g_strdup_printf ("(SELECT new_severity FROM result_new_severities"
-                       " WHERE result_new_severities.result = results.id"
-                       " AND result_new_severities.user"
-                       "     = (SELECT id FROM users WHERE uuid = '%s')"
-                       " AND override = %d"
-                       " AND dynamic = %d"
-                       " LIMIT 1)",
-                       current_credentials.uuid,
-                       apply_overrides,
-                       dynamic_severity);
+  new_severity_sql = new_severity_clause (apply_overrides, dynamic_severity);
 
   // Build filter clauses
 
@@ -21795,15 +21890,21 @@ init_result_get_iterator_severity (iterator_t* iterator, const get_data_t *get,
   column_array_set
    (filterable_columns,
     "type",
-    g_strdup_printf ("severity_to_type"
-                     " ((SELECT new_severity FROM result_new_severities"
-                     "   WHERE result_new_severities.result = results.id"
-                     "   AND result_new_severities.user = opts.user_id"
-                     "   AND result_new_severities.override = %i"
-                     "   AND result_new_severities.dynamic = %i"
-                     "   LIMIT 1))",
-                     apply_overrides,
-                     dynamic_severity));
+    apply_overrides
+     /* Overrides, maybe dynamic. */
+     ? g_strdup_printf ("severity_to_type"
+                        " ((SELECT new_severity FROM result_new_severities"
+                        "   WHERE result_new_severities.result = results.id"
+                        "   AND result_new_severities.user = opts.user_id"
+                        "   AND result_new_severities.dynamic = %i"
+                        "   LIMIT 1))",
+                        dynamic_severity)
+     : (dynamic_severity
+         /* Dynamic, no overrides. */
+         ? g_strdup ("current_severity (results.severity,"
+                     "                  results.nvt)")
+         /* No dynamic, no overrides. */
+         : g_strdup ("results.severity")));
 
   if (dynamic_severity)
     {
@@ -21999,10 +22100,15 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
 {
   static const char *filter_columns[] = RESULT_ITERATOR_FILTER_COLUMNS;
   static column_t columns[] = RESULT_ITERATOR_COLUMNS;
+  static column_t columns_dynamic[] = RESULT_ITERATOR_COLUMNS_D;
+  static column_t columns_overrides_dynamic[] = RESULT_ITERATOR_COLUMNS_OD;
   static column_t columns_no_cert[] = RESULT_ITERATOR_COLUMNS_NO_CERT;
+  static column_t columns_dynamic_no_cert[] = RESULT_ITERATOR_COLUMNS_D_NO_CERT;
+  static column_t columns_overrides_dynamic_no_cert[] = RESULT_ITERATOR_COLUMNS_OD_NO_CERT;
   int ret;
   gchar *filter, *extra_tables, *extra_where, *extra_where_single, *opts_tables;
   int apply_overrides, dynamic_severity;
+  column_t *actual_columns;
 
   if (report == -1)
     {
@@ -22023,6 +22129,37 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
     = filter_term_apply_overrides (filter ? filter : get->filter);
   dynamic_severity = setting_dynamic_severity_int ();
 
+  if (manage_cert_loaded ())
+    {
+      if (apply_overrides)
+        /* Overrides, maybe dynamic. */
+        actual_columns = columns_overrides_dynamic;
+      else
+        {
+          if (dynamic_severity)
+            /* Dynamic, no overrides. */
+            actual_columns = columns_dynamic;
+          else
+            /* No dynamic, no overrides. */
+            actual_columns = columns;
+        }
+    }
+  else
+    {
+      if (apply_overrides)
+        /* Overrides, maybe dynamic. */
+        actual_columns = columns_overrides_dynamic_no_cert;
+      else
+        {
+          if (dynamic_severity)
+            /* Dynamic, no overrides. */
+            actual_columns = columns_dynamic_no_cert;
+          else
+            /* No dynamic, no overrides. */
+            actual_columns = columns_no_cert;
+        }
+    }
+
   opts_tables = result_iterator_opts_table (apply_overrides, dynamic_severity);
   extra_tables = g_strdup_printf (" LEFT OUTER JOIN nvts"
                                   " ON results.nvt = nvts.oid %s",
@@ -22044,7 +22181,7 @@ init_result_get_iterator (iterator_t* iterator, const get_data_t *get,
                             "result",
                             get,
                             /* SELECT columns. */
-                            manage_cert_loaded () ? columns : columns_no_cert,
+                            actual_columns,
                             NULL,
                             /* Filterable columns not in SELECT columns. */
                             NULL,
@@ -46796,7 +46933,7 @@ void
 hosts_set_max_severity (report_t report, int *overrides_arg, int *min_qod_arg)
 {
   gchar *new_severity_sql;
-  int overrides, min_qod;
+  int dynamic_severity, overrides, min_qod;
 
   if (overrides_arg)
     overrides = *overrides_arg;
@@ -46834,17 +46971,8 @@ hosts_set_max_severity (report_t report, int *overrides_arg, int *min_qod_arg)
         }
     }
 
-  new_severity_sql
-    = g_strdup_printf ("(SELECT new_severity FROM result_new_severities"
-                       " WHERE result_new_severities.result = results.id"
-                       " AND result_new_severities.user"
-                       "     = (SELECT id FROM users WHERE uuid = '%s')"
-                       " AND override = %d"
-                       " AND dynamic = %d"
-                       " LIMIT 1)",
-                       current_credentials.uuid,
-                       overrides,
-                       setting_dynamic_severity_int ());
+  dynamic_severity = setting_dynamic_severity_int ();
+  new_severity_sql = new_severity_clause (overrides, dynamic_severity);
 
   sql ("INSERT INTO host_max_severities"
        " (host, severity, source_type, source_id, creation_time)"

diff --git a/src/manage_sql_tickets.c b/src/manage_sql_tickets.c
@@ -115,7 +115,6 @@ ticket_status_integer (const char *status)
      "              FROM users"                                               \
      "              WHERE users.uuid"                                         \
      "                    = (SELECT current_setting ('gvmd.user.uuid')))"     \
-     "       AND result_new_severities.override = 1"                          \
      "       AND result_new_severities.dynamic = 0"                           \
      "       LIMIT 1)"                                                        \
      " ELSE severity"                                                         \