From 6d1797a866f89c7efe19edb04c5cc99edb5002c7 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 6 Jul 2021 16:32:05 +0200
Subject: [PATCH] Use less report cache SQL when adding results

When multiple results are added when handling an OSP get_scan response
or a host in a CVE scan, only one SQL statement each is run to update
the report and owner of the results and to update the end times of the
report_counts cache of the report.

This addresses AP-1495.
---
 src/manage.c     |  7 +++++-
 src/manage.h     |  3 +++
 src/manage_sql.c | 64 +++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 70 insertions(+), 4 deletions(-)

diff --git a/src/manage.c b/src/manage.c
index e89bdf0b8..2c5266b03 100644
--- a/src/manage.c
+++ b/src/manage.c
@@ -3061,9 +3061,11 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host)
         {
           iterator_t prognosis;
           int prognosis_report_host, start_time;
+          GArray *results;
 
           /* Add report_host with prognosis results and host details. */
 
+          results = g_array_new (TRUE, TRUE, sizeof (result_t));
           start_time = time (NULL);
           prognosis_report_host = 0;
           init_host_prognosis_iterator (&prognosis, report_host);
@@ -3136,12 +3138,15 @@ cve_scan_host (task_t task, report_t report, gvm_host_t *gvm_host)
               result = make_cve_result (task, ip, cve, severity, desc);
               g_free (desc);
 
-              report_add_result (report, result);
+              g_array_append_val (results, result);
 
               g_string_free (locations, TRUE);
             }
           cleanup_iterator (&prognosis);
 
+          report_add_results_array (report, results);
+          g_array_free (results, TRUE);
+
           if (prognosis_report_host)
             {
               /* Complete the report_host. */
diff --git a/src/manage.h b/src/manage.h
index ec9770c9f..1b3d99f77 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1256,6 +1256,9 @@ create_report (array_t*, const char *, const char *, const char *, const char *,
 void
 report_add_result (report_t, result_t);
 
+void
+report_add_results_array (report_t, GArray *);
+
 char*
 report_uuid (report_t);
 
diff --git a/src/manage_sql.c b/src/manage_sql.c
index cb156235f..834166a1e 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -21004,6 +21004,57 @@ report_add_result (report_t report, result_t result)
        report, report);
 }
 
+/**
+ * @brief Add results from an array to a report.
+ */
+void
+report_add_results_array (report_t report, GArray *results)
+{
+  GString *array_sql;
+  int index;
+
+  if (report == 0 || results == NULL || results->len == 0)
+    return;
+
+  array_sql = g_string_new ("(");
+  for (index = 0; index < results->len; index++)
+    {
+      result_t result;
+      result = g_array_index (results, result_t, index);
+      
+      if (index)
+        g_string_append (array_sql, ", ");
+      g_string_append_printf (array_sql, "%llu", result);
+    }
+  g_string_append_c (array_sql, ')');
+
+  sql ("UPDATE results SET report = %llu,"
+       "                   owner = (SELECT reports.owner"
+       "                            FROM reports WHERE id = %llu)"
+       " WHERE id IN %s;",
+       report, report, array_sql->str);
+
+  for (index = 0; index < results->len; index++)
+    {
+      result_t result;
+      result = g_array_index (results, result_t, index);
+      
+      // TODO: Use array to insert multiple results at once
+      report_add_result_for_buffer (report, result);
+    }
+
+  sql ("UPDATE report_counts"
+       " SET end_time = (SELECT coalesce(min(overrides.end_time), 0)"
+       "                 FROM overrides, results"
+       "                 WHERE overrides.nvt = results.nvt"
+       "                 AND results.report = %llu"
+       "                 AND overrides.end_time >= m_now ())"
+       " WHERE report = %llu AND override = 1;",
+       report, report);
+
+  g_string_free (array_sql, TRUE);
+}
+
 /**
  * @brief Filter columns for report iterator.
  */
@@ -28742,6 +28793,7 @@ parse_osp_report (task_t task, report_t report, const char *report_xml)
   char *defs_file = NULL;
   time_t start_time, end_time;
   gboolean has_results = FALSE;
+  GArray *results_array;
 
   assert (task);
   assert (report);
@@ -28755,6 +28807,7 @@ parse_osp_report (task_t task, report_t report, const char *report_xml)
 
   sql_begin_immediate ();
   /* Set the report's start and end times. */
+  results_array = g_array_new (TRUE, TRUE, sizeof (result_t));
   start_time = 0;
   str = entity_attribute (entity, "start_time");
   if (str)
@@ -28876,7 +28929,7 @@ parse_osp_report (task_t task, report_t report, const char *report_xml)
                                     severity_str ?: severity,
                                     qod_int,
                                     path);
-          report_add_result (report, result);
+          g_array_append_val (results_array, result);
         }
       g_free (nvt_id);
       g_free (desc);
@@ -28885,11 +28938,16 @@ parse_osp_report (task_t task, report_t report, const char *report_xml)
     }
 
   if (has_results)
-    sql ("UPDATE reports SET modification_time = m_now() WHERE id = %llu;", 
-	 report);
+    {
+      sql ("UPDATE reports SET modification_time = m_now() WHERE id = %llu;", 
+           report);
+      report_add_results_array (report, results_array);
+    }
+  
 
  end_parse_osp_report:
   sql_commit ();
+  g_array_free (results_array, TRUE);
   g_free (defs_file);
   free_entity (entity);
 }