Skip to content

Commit

Permalink
Merge pull request #1397 from mattmundell/count-owner
Browse files Browse the repository at this point in the history 
Add owner checks to report_count queries
  • Loading branch information
@timopollmeier
timopollmeier authored Jan 26, 2021
2 parents 58f5e7b + 0379374 commit 6bd9ee2
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 18 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Fix and simplify SecInfo migration [#1331](https://github.com/greenbone/gvmd/pull/1331)
- Prevent CPE/NVD_ID from being "(null)" [#1369](https://github.com/greenbone/gvmd/pull/1369)
- Check DB versions before CERT severity updates [#1376](https://github.com/greenbone/gvmd/pull/1376)
- Add owner checks to report_count queries [#1397](https://github.com/greenbone/gvmd/pull/1397)

### Removed
- Remove solution element from VT tags [#886](https://github.com/greenbone/gvmd/pull/886)
Expand Down
48 changes: 30 additions & 18 deletions src/manage_pg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1012,12 +1012,18 @@ manage_create_sql_functions ()
" min_qod integer)"
" RETURNS double precision AS $$"
/* Calculate the severity of a report. */
" WITH max_severity AS (SELECT max(severity) AS max"
" FROM report_counts"
" WHERE report = $1"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0 or end_time >= m_now ()))"
" WITH max_severity"
" AS (SELECT max(severity) AS max"
" FROM report_counts"
" WHERE report = $1"
" AND (\"user\""
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0 or end_time >= m_now ()))"
" SELECT CASE"
" WHEN EXISTS (SELECT max FROM max_severity)"
" AND (SELECT max FROM max_severity) IS NOT NULL"
Expand Down Expand Up @@ -1096,18 +1102,24 @@ manage_create_sql_functions ()
" min_qod integer, level text)"
" RETURNS bigint AS $$"
/* Calculate the severity of a report. */
" WITH severity_count AS (SELECT sum (count) AS total"
" FROM report_counts"
" WHERE report = $1"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0"
" or end_time >= m_now ())"
" AND (severity"
" BETWEEN level_min_severity"
" ($4, severity_class ())"
" AND level_max_severity"
" ($4, severity_class ())))"
" WITH severity_count"
" AS (SELECT sum (count) AS total"
" FROM report_counts"
" WHERE report = $1"
" AND (\"user\""
" = (SELECT id FROM users"
" WHERE users.uuid"
" = (SELECT current_setting"
" ('gvmd.user.uuid'))))"
" AND override = $2"
" AND min_qod = $3"
" AND (end_time = 0"
" or end_time >= m_now ())"
" AND (severity"
" BETWEEN level_min_severity"
" ($4, severity_class ())"
" AND level_max_severity"
" ($4, severity_class ())))"
" SELECT CASE"
" WHEN EXISTS (SELECT total FROM severity_count)"
" AND (SELECT total FROM severity_count) IS NOT NULL"
Expand Down

0 comments on commit 6bd9ee2

Please sign in to comment.