Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Require Postgres 9.6 as a minimum (9.0) #872

Merged
merged 8 commits into from
Nov 20, 2019
Merged

Require Postgres 9.6 as a minimum (9.0) #872

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c62857c
Specify minimum Postgres version
mattmundell Nov 19, 2019
3a1b808
Check Postgres version
mattmundell Nov 19, 2019
bb5fb4a
Remove code for Postgres versions < 9.6
mattmundell Nov 19, 2019
c5df86e
Remove unused version function
mattmundell Nov 19, 2019
5961412
Replace merge functions with 9.6 SQL
mattmundell Nov 20, 2019
e408c73
Add SCAP migrator for unique constraint
mattmundell Nov 20, 2019
dcff55d
Update changelog
mattmundell Nov 20, 2019
3fef338
Also check Postgres version in cmake
mattmundell Nov 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Update SCAP and CERT feed info in sync scripts [#809](https://github.com/greenbone/gvmd/pull/809)
- Try authentication when verifying GMP scanners [#837](https://github.com/greenbone/gvmd/pull/837)
- Try importing private keys with libssh if GnuTLS fails [#841](https://github.com/greenbone/gvmd/pull/841)
- Require Postgres 9.6 as a minimum [#872](https://github.com/greenbone/gvmd/pull/872)

### Fixed
- Consider results_trash when deleting users [#799](https://github.com/greenbone/gvmd/pull/799)
Expand Down
2 changes: 1 addition & 1 deletion INSTALL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ Prerequisites:
* glib-2.0 >= 2.42
* gnutls >= 3.2.15
* libgvm_base, libgvm_util, libgvm_osp, libgvm_gmp >= 11.0.0
* PostgreSQL database
* PostgreSQL database >= 9.6
* pkg-config
* libical >= 1.0.0

Expand Down
8 changes: 8 additions & 0 deletions src/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,14 @@ find_package (PostgreSQL REQUIRED)
if (NOT PostgreSQL_FOUND)
message (SEND_ERROR "The PostgreSQL library is required.")
endif (NOT PostgreSQL_FOUND)
string (REGEX MATCH "^[ \t]*\([0-9]+\)\\.\([0-9]+\)\(.*\)" TEMP ${PostgreSQL_VERSION_STRING})
if (NOT CMAKE_MATCH_1)
message (SEND_ERROR "Error matching PostgreSQL version.")
elseif ((CMAKE_MATCH_1 EQUAL 9 AND CMAKE_MATCH_2 LESS 6)
OR (CMAKE_MATCH_1 LESS 9))
message (SEND_ERROR "PostgreSQL version >= 9.6 is required")
message (STATUS "PostgreSQL version ${CMAKE_MATCH_1}.${CMAKE_MATCH_2}${CMAKE_MATCH_3}")
endif (NOT CMAKE_MATCH_1)

message (STATUS "Looking for gpgme...")
find_library (GPGME gpgme)
Expand Down
3 changes: 2 additions & 1 deletion src/manage_pg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3600,6 +3600,7 @@ manage_db_init (const gchar *name)
sql ("CREATE TABLE scap.affected_products"
" (cve INTEGER NOT NULL,"
" cpe INTEGER NOT NULL,"
" UNIQUE (cve, cpe),"
" FOREIGN KEY(cve) REFERENCES cves(id),"
" FOREIGN KEY(cpe) REFERENCES cpes(id));");
sql ("CREATE INDEX afp_cpe_idx"
Expand Down Expand Up @@ -3696,7 +3697,7 @@ manage_db_init (const gchar *name)
/* Init tables. */

sql ("INSERT INTO scap.meta (name, value)"
" VALUES ('database_version', '15');");
" VALUES ('database_version', '16');");
sql ("INSERT INTO scap.meta (name, value)"
" VALUES ('last_update', '0');");
}
Expand Down
49 changes: 13 additions & 36 deletions src/manage_sql.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21040,16 +21040,8 @@ result_nvt_notice (const gchar *nvt)
{
if (nvt == NULL)
return;
if (sql_int ("SELECT current_setting ('server_version_num')::integer;")
< 90500)
sql ("INSERT into result_nvts (nvt)"
" SELECT '%s' WHERE NOT EXISTS (SELECT * FROM result_nvts"
" WHERE nvt = '%s');",
nvt,
nvt);
else
sql ("INSERT INTO result_nvts (nvt) VALUES ('%s') ON CONFLICT DO NOTHING;",
nvt);
sql ("INSERT INTO result_nvts (nvt) VALUES ('%s') ON CONFLICT DO NOTHING;",
nvt);
}

/**
Expand Down Expand Up @@ -49313,17 +49305,13 @@ buffer_insert (GString *results_buffer, GString *result_nvts_buffer,
const char* type, const char* description,
report_t report, user_t owner)
{
static int db_server_version_num = 0;
gchar *nvt_revision, *severity;
gchar *quoted_hostname, *quoted_descr, *quoted_qod_type;
int qod, first;
nvt_t nvt_id = 0;

assert (report);

if (db_server_version_num == 0)
db_server_version_num = sql_server_version ();

if (nvt && strcmp (nvt, "") && (find_nvt (nvt, &nvt_id) || nvt_id <= 0))
{
g_warning ("NVT '%s' not found. Result not created", nvt);
Expand Down Expand Up @@ -49392,25 +49380,15 @@ buffer_insert (GString *results_buffer, GString *result_nvts_buffer,
" description, uuid, qod, qod_type, result_nvt,"
" report)"
" VALUES");
if (db_server_version_num >= 90500)
g_string_append (result_nvts_buffer,
"INSERT INTO result_nvts (nvt) VALUES ");
}

if (db_server_version_num < 90500)
g_string_append_printf
(result_nvts_buffer,
"INSERT into result_nvts (nvt)"
" SELECT '%s' WHERE NOT EXISTS (SELECT * FROM result_nvts"
" WHERE nvt = '%s');\n",
nvt,
nvt);
else
g_string_append_printf
(result_nvts_buffer,
"%s ('%s')",
first ? "" : ",",
nvt);
g_string_append (result_nvts_buffer,
"INSERT INTO result_nvts (nvt) VALUES ");
}

g_string_append_printf
(result_nvts_buffer,
"%s ('%s')",
first ? "" : ",",
nvt);

g_string_append_printf (results_buffer,
"%s"
Expand Down Expand Up @@ -49447,9 +49425,8 @@ update_from_slave_insert (GString *results_buffer, GString *result_nvts_buffer,
{
if (result_nvts_buffer && strlen (result_nvts_buffer->str))
{
if (sql_server_version () >= 90500)
g_string_append (result_nvts_buffer,
" ON CONFLICT (nvt) DO NOTHING;");
g_string_append (result_nvts_buffer,
" ON CONFLICT (nvt) DO NOTHING;");

sql ("%s", result_nvts_buffer->str);
g_string_truncate (result_nvts_buffer, 0);
Expand Down
123 changes: 106 additions & 17 deletions src/manage_sql_secinfo.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1517,8 +1517,20 @@ update_dfn_xml (const gchar *xml_path, int last_cert_update,
quoted_refnum = sql_quote (entity_text (refnum));
quoted_title = sql_quote (entity_text (title));
quoted_summary = sql_quote (entity_text (summary));
sql ("SELECT merge_dfn_cert_adv"
" ('%s', %i, %i, '%s', '%s', %i);",
sql ("INSERT INTO cert.dfn_cert_advs"
" (uuid, name, comment, creation_time,"
" modification_time, title, summary, cve_refs)"
" VALUES"
" ('%s', '%s', '', %i, %i, '%s', '%s', %i)"
" ON CONFLICT (uuid) DO UPDATE"
" SET name = EXCLUDED.uuid,"
" comment = '',"
" creation_time = EXCLUDED.creation,"
" modification_time = EXCLUDED.modification,"
" title = EXCLUDED.title,"
" summary = EXCLUDED.summary,"
" cve_refs = EXCLUDED.cve_refs;",
quoted_refnum,
quoted_refnum,
parse_iso_time (entity_text (published)),
parse_iso_time (entity_text (updated)),
Expand Down Expand Up @@ -1803,8 +1815,20 @@ update_bund_xml (const gchar *xml_path, int last_cert_update,
quoted_title = sql_quote (entity_text (title));
quoted_summary = sql_quote (summary->str);
g_string_free (summary, TRUE);
sql ("SELECT merge_bund_adv"
" ('%s', %i, %i, '%s', '%s', %i);",
sql ("INSERT INTO cert.cert_bund_advs"
" (uuid, name, comment, creation_time,"
" modification_time, title, summary, cve_refs)"
" VALUES"
" ('%s', '%s', '', %i, %i, '%s', '%s', %i)"
" ON CONFLICT (uuid) DO UPDATE"
" SET name = EXCLUDED.uuid,"
" comment = '',"
" creation_time = EXCLUDED.creation_time,"
" modification_time = EXCLUDED.modification_time,"
" title = EXCLUDED.title,"
" summary = EXCLUDED.summary,"
" cve_refs = EXCLUDED.cve_refs;",
quoted_refnum,
quoted_refnum,
parse_iso_time (entity_text (date)),
parse_iso_time (entity_text (date)),
Expand Down Expand Up @@ -2096,8 +2120,21 @@ update_scap_cpes (int last_scap_update)
g_free (name_tilde);
quoted_status = sql_quote (status);
quoted_nvd_id = sql_quote (nvd_id);
sql ("SELECT merge_cpe"
" ('%s', '%s', %i, %i, '%s', %s, '%s');",
sql ("INSERT INTO scap.cpes"
" (uuid, name, title, creation_time,"
" modification_time, status, deprecated_by_id,"
" nvd_id)"
" VALUES"
" ('%s', '%s', '%s', %i, %i, '%s', %s, '%s')"
" ON CONFLICT (uuid) DO UPDATE"
" SET name = EXCLUDED.name,"
" title = EXCLUDED.title,"
" creation_time = EXCLUDED.creation_time,"
" modification_time = EXCLUDED.modification_time,"
" status = EXCLUDED.status,"
" deprecated_by_id = EXCLUDED.deprecated_by_id,"
" nvd_id = EXCLUDED.nvd_id;",
quoted_name,
quoted_name,
quoted_title,
parse_iso_time (modification_date),
Expand Down Expand Up @@ -2394,9 +2431,28 @@ update_cve_xml (const gchar *xml_path, int last_scap_update,
g_free (software_tilde);
time_modified = parse_iso_time (entity_text (last_modified));
time_published = parse_iso_time (entity_text (published));
sql ("SELECT merge_cve"
" ('%s', '%s', %i, %i, %s, '%s', '%s', '%s', '%s',"
" '%s', '%s', '%s', '%s');",
sql ("INSERT INTO scap.cves"
" (uuid, name, creation_time, modification_time,"
" cvss, description, vector, complexity,"
" authentication, confidentiality_impact,"
" integrity_impact, availability_impact, products)"
" VALUES"
" ('%s', '%s', %i, %i, %s, '%s', '%s', '%s', '%s',"
" '%s', '%s', '%s', '%s')"
" ON CONFLICT (uuid) DO UPDATE"
" SET name = EXCLUDED.name,"
" creation_time = EXCLUDED.creation_time,"
" modification_time = EXCLUDED.modification_time,"
" cvss = EXCLUDED.cvss,"
" description = EXCLUDED.description,"
" vector = EXCLUDED.vector,"
" complexity = EXCLUDED.complexity,"
" authentication = EXCLUDED.authentication,"
" confidentiality_impact"
" = EXCLUDED.confidentiality_impact,"
" integrity_impact = EXCLUDED.integrity_impact,"
" availability_impact = EXCLUDED.availability_impact,"
" products = EXCLUDED.products;",
quoted_id,
quoted_id,
time_published,
Expand Down Expand Up @@ -2451,13 +2507,22 @@ update_cve_xml (const gchar *xml_path, int last_scap_update,
quoted_product = sql_quote (product_tilde);
g_free (product_tilde);

sql ("SELECT merge_cpe_name ('%s', '%s', %i, %i)",
sql ("INSERT INTO scap.cpes"
" (uuid, name, creation_time,"
" modification_time)"
" VALUES"
" ('%s', '%s', %i, %i)"
" ON CONFLICT (uuid)"
" DO UPDATE SET name = EXCLUDED.name;",
quoted_product, quoted_product, time_published,
time_modified);
sql ("SELECT merge_affected_product"
" (%llu,"
" (SELECT id FROM cpes"
" WHERE name='%s'))",
sql ("INSERT INTO scap.affected_products"
" (cve, cpe)"
" VALUES"
" (%llu,"
" (SELECT id FROM cpes"
" WHERE name='%s'))"
" ON CONFLICT (cve, cpe) DO NOTHING;",
cve_rowid, quoted_product);
transaction_size ++;
increment_transaction_size (&transaction_size);
Expand Down Expand Up @@ -3052,9 +3117,27 @@ update_ovaldef_xml (gchar **file_and_date, int last_scap_update,
else
quoted_status = sql_quote ("");

sql ("SELECT merge_ovaldef ('%s', '%s', '', %i, %i, %i, %i,"
" '%s', '%s', '%s', '%s', '%s',"
" %i);",
sql ("INSERT INTO scap.ovaldefs"
" (uuid, name, comment, creation_time,"
" modification_time, version, deprecated, def_class,"
" title, description, xml_file, status,"
" max_cvss, cve_refs)"
" VALUES ('%s', '%s', '', %i, %i, %i, %i, '%s', '%s',"
" '%s', '%s', '%s', 0.0, %i)"
" ON CONFLICT (uuid) DO UPDATE"
" SET name = EXCLUDED.name,"
" comment = EXCLUDED.comment,"
" creation_time = EXCLUDED.creation_time,"
" modification_time = EXCLUDED.modification_time,"
" version = EXCLUDED.version,"
" deprecated = EXCLUDED.deprecated,"
" def_class = EXCLUDED.def_class,"
" title = EXCLUDED.title,"
" description = EXCLUDED.description,"
" xml_file = EXCLUDED.xml_file,"
" status = EXCLUDED.status,"
" max_cvss = 0.0,"
" cve_refs = EXCLUDED.cve_refs;",
quoted_id,
quoted_oval_id,
definition_date_oldest == 0
Expand Down Expand Up @@ -4120,6 +4203,12 @@ check_scap_db_version ()
g_info ("Reinitialization of the database necessary");
return manage_db_reinit ("scap");
break;
case 15:
sql ("ALTER TABLE scap.affected_products ADD UNIQUE (cve, cpe);");
sql ("UPDATE scap.meta"
" SET value = '16'"
" WHERE name = 'database_version';");
break;
}
return 0;
}
Expand Down
3 changes: 0 additions & 3 deletions src/sql.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,6 @@

/* Helpers. */

int
sql_server_version ();

const char *
sql_schema ();

Expand Down
20 changes: 9 additions & 11 deletions src/sql_pg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,6 @@ static PGconn *conn = NULL;

/* Helpers. */

/**
* @brief Get the server version number.
*
* @return The version as an integer.
*/
int
sql_server_version ()
{
return sql_int ("SELECT current_setting ('server_version_num')::integer;");
}

/**
* @brief Get main schema name.
*
Expand Down Expand Up @@ -365,6 +354,15 @@ sql_open (const char *database)
g_debug ("%s: socket: %i", __FUNCTION__, PQsocket (conn));
g_debug ("%s: postgres version: %i", __FUNCTION__, PQserverVersion (conn));

if (PQserverVersion (conn) < 90600)
{
g_warning ("%s: PostgreSQL version 9.6 (90600) or higher is required",
__FUNCTION__);
g_warning ("%s: Current version is %i", __FUNCTION__,
PQserverVersion (conn));
goto fail;
}

return 0;

fail:
Expand Down