diff --git a/commons-persistence/src/main/resources/schema.sql b/commons-persistence/src/main/resources/schema.sql index d5c9dd0b9..478866e35 100644 --- a/commons-persistence/src/main/resources/schema.sql +++ b/commons-persistence/src/main/resources/schema.sql @@ -13,7 +13,7 @@ DELETE FROM databasechangeloglock; INSERT INTO databasechangeloglock (ID, LOCKED) VALUES (1, FALSE); -- Lock Database -UPDATE databasechangeloglock SET LOCKED = TRUE, LOCKEDBY = 'devastation (192.168.178.40)', LOCKGRANTED = NOW() WHERE ID = 1 AND LOCKED = FALSE; +UPDATE databasechangeloglock SET LOCKED = TRUE, LOCKEDBY = 'ctrl (172.17.0.1)', LOCKGRANTED = NOW() WHERE ID = 1 AND LOCKED = FALSE; SET SEARCH_PATH TO public, "$user","public"; @@ -28,9 +28,9 @@ SET SEARCH_PATH TO public, "$user","public"; -- Update Database Script -- ********************************************************************* -- Change Log: migration/changelog-main.xml --- Ran at: 09/02/2024, 19:50 --- Against: dtrack@jdbc:postgresql://localhost:32813/dtrack --- Liquibase version: 4.25.0 +-- Ran at: 3/1/24, 3:13 PM +-- Against: dtrack@jdbc:postgresql://localhost:32772/dtrack +-- Liquibase version: 4.26.0 -- ********************************************************************* SET SEARCH_PATH TO public, "$user","public"; @@ -678,33 +678,33 @@ ALTER TABLE "VULNERABLESOFTWARE_VULNERABILITIES" ADD CONSTRAINT "VULNERABLESOFTW ALTER TABLE "WORKFLOW_STATE" ADD CONSTRAINT "WORKFLOW_STATE_WORKFLOW_STATE_FK" FOREIGN KEY ("PARENT_STEP_ID") REFERENCES "WORKFLOW_STATE" ("ID") ON UPDATE NO ACTION ON DELETE NO ACTION DEFERRABLE INITIALLY DEFERRED; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-1', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 1, '9:e7700e247afb261422573e3f05934bec', 'createTable tableName=WORKFLOW_STATE; createTable tableName=COMPONENT; createTable tableName=EVENTSERVICELOG; createTable tableName=LICENSEGROUP; createTable tableName=LICENSE; createTable tableName=ANALYSISCOMMENT; createTable tableName=VIOLATION...', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-1', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 1, '9:e7700e247afb261422573e3f05934bec', 'createTable tableName=WORKFLOW_STATE; createTable tableName=COMPONENT; createTable tableName=EVENTSERVICELOG; createTable tableName=LICENSEGROUP; createTable tableName=LICENSE; createTable tableName=ANALYSISCOMMENT; createTable tableName=VIOLATION...', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-2::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; -- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-2', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 2, '9:517d11a50b5ced1713523790ba3bcae4', 'customChange', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-2', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 2, '9:517d11a50b5ced1713523790ba3bcae4', 'customChange', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-3::VithikaS SET SEARCH_PATH TO public, "$user","public"; -- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-3', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 3, '9:ee0beaad46c8e53c67cdaba2078b3807', 'customChange', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-3', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 3, '9:ee0beaad46c8e53c67cdaba2078b3807', 'customChange', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-4::VithikaS SET SEARCH_PATH TO public, "$user","public"; CREATE TABLE "VULNERABILITY_POLICY" ("ID" BIGINT GENERATED BY DEFAULT AS IDENTITY NOT NULL, "ANALYSIS" JSONB NOT NULL, "AUTHOR" VARCHAR(255), "CONDITIONS" TEXT[] NOT NULL, "CREATED" TIMESTAMP WITH TIME ZONE, "DESCRIPTION" VARCHAR(255), "NAME" VARCHAR(255) NOT NULL, "RATINGS" JSONB, "UPDATED" TIMESTAMP WITH TIME ZONE, "VALID_FROM" TIMESTAMP WITH TIME ZONE, "VALID_UNTIL" TIMESTAMP WITH TIME ZONE, CONSTRAINT "VULNERABILITYPOLICY_PK" PRIMARY KEY ("ID")); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-4', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 4, '9:7862672bed2288bc1fd22fedc48faed7', 'createTable tableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-4', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 4, '9:7862672bed2288bc1fd22fedc48faed7', 'createTable tableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-5::VithikaS SET SEARCH_PATH TO public, "$user","public"; CREATE UNIQUE INDEX "VULNERABILITY_POLICY_NAME_IDX" ON "VULNERABILITY_POLICY"("NAME"); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-5', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 5, '9:446394406c6e7e4d242d86b2196c355e', 'createIndex indexName=VULNERABILITY_POLICY_NAME_IDX, tableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-5', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 5, '9:446394406c6e7e4d242d86b2196c355e', 'createIndex indexName=VULNERABILITY_POLICY_NAME_IDX, tableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-6::sahibamittal SET SEARCH_PATH TO public, "$user","public"; @@ -723,7 +723,7 @@ ALTER TABLE "ANALYSIS" ADD "CVSSV3VECTOR" VARCHAR(255); ALTER TABLE "ANALYSIS" ADD "SEVERITY" VARCHAR(255); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-6', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 6, '9:dfa7456dd92ba75e3c70415f816cc06d', 'addColumn tableName=ANALYSIS', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-6', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 6, '9:dfa7456dd92ba75e3c70415f816cc06d', 'addColumn tableName=ANALYSIS', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-7::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -734,7 +734,7 @@ CREATE UNIQUE INDEX "FINDINGATTRIBUTION_COMPOUND_IDX" ON "FINDINGATTRIBUTION"("C CREATE UNIQUE INDEX "COMPONENTS_VULNERABILITIES_COMPOSITE_IDX" ON "COMPONENTS_VULNERABILITIES"("COMPONENT_ID", "VULNERABILITY_ID"); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-7', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 7, '9:12b96e591a0610f135462cb64eab26fe', 'dropIndex indexName=FINDINGATTRIBUTION_COMPOUND_IDX, tableName=FINDINGATTRIBUTION; createIndex indexName=FINDINGATTRIBUTION_COMPOUND_IDX, tableName=FINDINGATTRIBUTION; createIndex indexName=COMPONENTS_VULNERABILITIES_COMPOSITE_IDX, tableName=COMPO...', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-7', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 7, '9:12b96e591a0610f135462cb64eab26fe', 'dropIndex indexName=FINDINGATTRIBUTION_COMPOUND_IDX, tableName=FINDINGATTRIBUTION; createIndex indexName=FINDINGATTRIBUTION_COMPOUND_IDX, tableName=FINDINGATTRIBUTION; createIndex indexName=COMPONENTS_VULNERABILITIES_COMPOSITE_IDX, tableName=COMPO...', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-8::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -743,21 +743,21 @@ ALTER TABLE "ANALYSIS" ADD "VULNERABILITY_POLICY_ID" BIGINT; ALTER TABLE "ANALYSIS" ADD CONSTRAINT "ANALYSIS_VULNERABILITY_POLICY_ID_FK" FOREIGN KEY ("VULNERABILITY_POLICY_ID") REFERENCES "VULNERABILITY_POLICY" ("ID"); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-8', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 8, '9:31a1e91e36e2a26e106445a8b30807d3', 'addColumn tableName=ANALYSIS; addForeignKeyConstraint baseTableName=ANALYSIS, constraintName=ANALYSIS_VULNERABILITY_POLICY_ID_FK, referencedTableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-8', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 8, '9:31a1e91e36e2a26e106445a8b30807d3', 'addColumn tableName=ANALYSIS; addForeignKeyConstraint baseTableName=ANALYSIS, constraintName=ANALYSIS_VULNERABILITY_POLICY_ID_FK, referencedTableName=VULNERABILITY_POLICY', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-9::VithikaS SET SEARCH_PATH TO public, "$user","public"; CREATE TABLE "VULNERABILITY_POLICY_BUNDLE" ("ID" BIGINT GENERATED BY DEFAULT AS IDENTITY NOT NULL, "URL" VARCHAR(2048) NOT NULL, "HASH" VARCHAR(255), "LAST_SUCCESSFUL_SYNC" TIMESTAMP WITH TIME ZONE, "CREATED" TIMESTAMP WITH TIME ZONE, "UPDATED" TIMESTAMP WITH TIME ZONE, CONSTRAINT "VULNERABILITY_POLICY_BUNDLE_PK" PRIMARY KEY ("ID")); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-9', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 9, '9:72938937f19745d81e124eda9cee8287', 'createTable tableName=VULNERABILITY_POLICY_BUNDLE', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-9', 'VithikaS', 'migration/changelog-v5.3.0.xml', NOW(), 9, '9:72938937f19745d81e124eda9cee8287', 'createTable tableName=VULNERABILITY_POLICY_BUNDLE', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-10::sahibamittal SET SEARCH_PATH TO public, "$user","public"; ALTER TABLE "NOTIFICATIONRULE" ADD "LOG_SUCCESSFUL_PUBLISH" BOOLEAN; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-10', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 10, '9:f949af110fa2b959b38090997161f594', 'addColumn tableName=NOTIFICATIONRULE', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-10', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 10, '9:f949af110fa2b959b38090997161f594', 'addColumn tableName=NOTIFICATIONRULE', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-11::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -765,51 +765,84 @@ SET SEARCH_PATH TO public, "$user","public"; ALTER TABLE "COMPONENT" DROP CONSTRAINT IF EXISTS "COMPONENT_CLASSIFIER_check"; ALTER TABLE "COMPONENT" ADD CONSTRAINT "COMPONENT_CLASSIFIER_check" - CHECK ("CLASSIFIER" IS NULL OR "CLASSIFIER"::TEXT = ANY(ARRAY['APPLICATION', 'CONTAINER', 'DEVICE', 'FILE', 'FIRMWARE', 'FRAMEWORK', 'LIBRARY', 'OPERATING_SYSTEM'])); + CHECK ("CLASSIFIER" IS NULL OR "CLASSIFIER"::TEXT = ANY(ARRAY['APPLICATION', 'CONTAINER', 'DEVICE', 'FILE', 'FIRMWARE', 'FRAMEWORK', 'LIBRARY', 'OPERATING_SYSTEM'])); ALTER TABLE "INTEGRITY_META_COMPONENT" DROP CONSTRAINT IF EXISTS "INTEGRITY_META_COMPONENT_STATUS_check"; ALTER TABLE "INTEGRITY_META_COMPONENT" ADD CONSTRAINT "INTEGRITY_META_COMPONENT_STATUS_check" - CHECK ("STATUS" IS NULL OR "STATUS"::TEXT = ANY(ARRAY['IN_PROGRESS', 'NOT_AVAILABLE', 'PROCESSED'])); + CHECK ("STATUS" IS NULL OR "STATUS"::TEXT = ANY(ARRAY['IN_PROGRESS', 'NOT_AVAILABLE', 'PROCESSED'])); ALTER TABLE "PROJECT" DROP CONSTRAINT IF EXISTS "PROJECT_CLASSIFIER_check"; ALTER TABLE "PROJECT" ADD CONSTRAINT "PROJECT_CLASSIFIER_check" - CHECK ("CLASSIFIER" IS NULL OR "CLASSIFIER"::TEXT = ANY(ARRAY['APPLICATION', 'CONTAINER', 'DEVICE', 'FILE', 'FIRMWARE', 'FRAMEWORK', 'LIBRARY', 'OPERATING_SYSTEM'])); + CHECK ("CLASSIFIER" IS NULL OR "CLASSIFIER"::TEXT = ANY(ARRAY['APPLICATION', 'CONTAINER', 'DEVICE', 'FILE', 'FIRMWARE', 'FRAMEWORK', 'LIBRARY', 'OPERATING_SYSTEM'])); ALTER TABLE "WORKFLOW_STATE" DROP CONSTRAINT IF EXISTS "WORKFLOW_STATE_STEP_check"; ALTER TABLE "WORKFLOW_STATE" ADD CONSTRAINT "WORKFLOW_STATE_STEP_check" - CHECK ("STEP"::TEXT = ANY(ARRAY['BOM_CONSUMPTION', 'BOM_PROCESSING', 'METRICS_UPDATE', 'POLICY_BUNDLE_SYNC', 'POLICY_EVALUATION', 'REPO_META_ANALYSIS', 'VULN_ANALYSIS'])); + CHECK ("STEP"::TEXT = ANY(ARRAY['BOM_CONSUMPTION', 'BOM_PROCESSING', 'METRICS_UPDATE', 'POLICY_BUNDLE_SYNC', 'POLICY_EVALUATION', 'REPO_META_ANALYSIS', 'VULN_ANALYSIS'])); ALTER TABLE "WORKFLOW_STATE" DROP CONSTRAINT IF EXISTS "WORKFLOW_STATE_STATUS_check"; ALTER TABLE "WORKFLOW_STATE" ADD CONSTRAINT "WORKFLOW_STATE_STATUS_check" - CHECK ("STATUS"::TEXT = ANY(ARRAY['CANCELLED', 'COMPLETED', 'FAILED', 'NOT_APPLICABLE', 'PENDING', 'TIMED_OUT'])); + CHECK ("STATUS"::TEXT = ANY(ARRAY['CANCELLED', 'COMPLETED', 'FAILED', 'NOT_APPLICABLE', 'PENDING', 'TIMED_OUT'])); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-11', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 11, '9:c020c3afe2cd80c3b794954946d953d4', 'sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-11', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 11, '9:c020c3afe2cd80c3b794954946d953d4', 'sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-12::sahibamittal SET SEARCH_PATH TO public, "$user","public"; DROP TABLE "CPE"; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-12', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 12, '9:d016a4c841a5eedc0c14f43a0e656636', 'dropTable tableName=CPE', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-12', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 12, '9:d016a4c841a5eedc0c14f43a0e656636', 'dropTable tableName=CPE', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-13::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; CREATE EXTENSION IF NOT EXISTS PG_TRGM; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-13', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 13, '9:a0dc400a05beb0c54c46115f6c767926', 'sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-13', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 13, '9:a0dc400a05beb0c54c46115f6c767926', 'sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-v5.3.0.xml::v5.3.0-14::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; CREATE INDEX CONCURRENTLY IF NOT EXISTS "COMPONENT_DIRECT_DEPENDENCIES_GIN_IDX" - ON "COMPONENT" USING GIN ("DIRECT_DEPENDENCIES" GIN_TRGM_OPS); + ON "COMPONENT" USING GIN ("DIRECT_DEPENDENCIES" GIN_TRGM_OPS); -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-14', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 14, '9:a4bae9b1ef83c8b2ed112ea10d1148fe', 'sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-14', 'nscuro@protonmail.com', 'migration/changelog-v5.3.0.xml', NOW(), 14, '9:a4bae9b1ef83c8b2ed112ea10d1148fe', 'sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); + +-- Changeset migration/changelog-v5.3.0.xml::v5.3.0-15::sahibamittal +SET SEARCH_PATH TO public, "$user","public"; + +CREATE TABLE "PROJECT_METADATA" ("ID" BIGINT GENERATED BY DEFAULT AS IDENTITY NOT NULL, "PROJECT_ID" BIGINT NOT NULL, "SUPPLIER" TEXT, "AUTHORS" TEXT, CONSTRAINT "PROJECT_METADATA_PK" PRIMARY KEY ("ID")); + +ALTER TABLE "PROJECT_METADATA" ADD CONSTRAINT "PROJECT_METADATA_PROJECT_ID_FK" FOREIGN KEY ("PROJECT_ID") REFERENCES "PROJECT" ("ID") ON UPDATE NO ACTION ON DELETE NO ACTION DEFERRABLE INITIALLY DEFERRED; + +ALTER TABLE "COMPONENT" ADD "SUPPLIER" TEXT; + +ALTER TABLE "PROJECT" ADD "SUPPLIER" TEXT; + +ALTER TABLE "PROJECT" ADD "MANUFACTURER" TEXT; + +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.3.0-15', 'sahibamittal', 'migration/changelog-v5.3.0.xml', NOW(), 15, '9:bcb140e9c76c2f720b69c5cd210f8149', 'createTable tableName=PROJECT_METADATA; addForeignKeyConstraint baseTableName=PROJECT_METADATA, constraintName=PROJECT_METADATA_PROJECT_ID_FK, referencedTableName=PROJECT; addColumn tableName=COMPONENT; addColumn tableName=PROJECT', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); + +-- Changeset migration/changelog-v5.4.0.xml::v5.4.0-1::nscuro@protonmail.com +SET SEARCH_PATH TO public, "$user","public"; + +ALTER TABLE "PROJECT_METADATA" ADD "TOOLS" TEXT; + +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.4.0-1', 'nscuro@protonmail.com', 'migration/changelog-v5.4.0.xml', NOW(), 16, '9:16f1130d4a0a8de85660ce3b2594031e', 'addColumn tableName=PROJECT_METADATA', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); + +-- Changeset migration/changelog-v5.4.0.xml::v5.4.0-2::nscuro@protonmail.com +SET SEARCH_PATH TO public, "$user","public"; + +CREATE UNIQUE INDEX "PROJECT_NAME_VERSION_IDX" ON "PROJECT" ("NAME", "VERSION") + WHERE "VERSION" IS NOT NULL; + +CREATE UNIQUE INDEX "PROJECT_NAME_VERSION_NULL_IDX" ON "PROJECT" ("NAME") + WHERE "VERSION" IS NULL; + +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('v5.4.0-2', 'nscuro@protonmail.com', 'migration/changelog-v5.4.0.xml', NOW(), 17, '9:769e7854f4bf932042b679d9ef04daf5', 'sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::function_cvssv2-to-severity::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -824,15 +857,15 @@ CREATE OR REPLACE FUNCTION "CVSSV2_TO_SEVERITY"( AS $$ SELECT - CASE - WHEN "base_score" >= 7 THEN 'HIGH' - WHEN "base_score" >= 4 THEN 'MEDIUM' - WHEN "base_score" > 0 THEN 'LOW' - ELSE 'UNASSIGNED' - END; + CASE + WHEN "base_score" >= 7 THEN 'HIGH' + WHEN "base_score" >= 4 THEN 'MEDIUM' + WHEN "base_score" > 0 THEN 'LOW' + ELSE 'UNASSIGNED' + END; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_cvssv2-to-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 15, '9:ffacc71dcf91b47c983c2bd8c70d7620', 'createProcedure path=procedures/function_cvssv2-to-severity.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_cvssv2-to-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 18, '9:ffacc71dcf91b47c983c2bd8c70d7620', 'createProcedure path=procedures/function_cvssv2-to-severity.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::function_cvssv3-to-severity::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -847,16 +880,16 @@ CREATE OR REPLACE FUNCTION "CVSSV3_TO_SEVERITY"( AS $$ SELECT - CASE - WHEN "base_score" >= 9 THEN 'CRITICAL' - WHEN "base_score" >= 7 THEN 'HIGH' - WHEN "base_score" >= 4 THEN 'MEDIUM' - WHEN "base_score" > 0 THEN 'LOW' - ELSE 'UNASSIGNED' - END; + CASE + WHEN "base_score" >= 9 THEN 'CRITICAL' + WHEN "base_score" >= 7 THEN 'HIGH' + WHEN "base_score" >= 4 THEN 'MEDIUM' + WHEN "base_score" > 0 THEN 'LOW' + ELSE 'UNASSIGNED' + END; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_cvssv3-to-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 16, '9:7499dcecb7ce2dfcafba4838ef851413', 'createProcedure path=procedures/function_cvssv3-to-severity.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_cvssv3-to-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 19, '9:7499dcecb7ce2dfcafba4838ef851413', 'createProcedure path=procedures/function_cvssv3-to-severity.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::function_calc-severity::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -880,16 +913,16 @@ CREATE OR REPLACE FUNCTION "CALC_SEVERITY"( AS $$ SELECT - CASE - WHEN "severity_override" IS NOT NULL THEN "severity_override" - WHEN "cvssv3_base_score" IS NOT NULL THEN "CVSSV3_TO_SEVERITY"("cvssv3_base_score") - WHEN "cvssv2_base_score" IS NOT NULL THEN "CVSSV2_TO_SEVERITY"("cvssv2_base_score") - WHEN "severity" IS NOT NULL THEN "severity" - ELSE 'UNASSIGNED' - END; + CASE + WHEN "severity_override" IS NOT NULL THEN "severity_override" + WHEN "cvssv3_base_score" IS NOT NULL THEN "CVSSV3_TO_SEVERITY"("cvssv3_base_score") + WHEN "cvssv2_base_score" IS NOT NULL THEN "CVSSV2_TO_SEVERITY"("cvssv2_base_score") + WHEN "severity" IS NOT NULL THEN "severity" + ELSE 'UNASSIGNED' + END; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_calc-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 17, '9:ecdf69ae9545f33a8e08020a6f5dbe61', 'createProcedure path=procedures/function_calc-severity.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_calc-severity', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 20, '9:ecdf69ae9545f33a8e08020a6f5dbe61', 'createProcedure path=procedures/function_calc-severity.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::function_calc-risk-score::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -914,7 +947,7 @@ $$ SELECT (("critical" * 10) + ("high" * 5) + ("medium" * 3) + ("low" * 1) + ("unassigned" * 5))::NUMERIC; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_calc-risk-score', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 18, '9:8eca48b5ebb1c65e2625ed5d6063bf2e', 'createProcedure path=procedures/function_calc-risk-score.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('function_calc-risk-score', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 21, '9:8eca48b5ebb1c65e2625ed5d6063bf2e', 'createProcedure path=procedures/function_calc-risk-score.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::procedure_update-component-metrics::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -926,7 +959,7 @@ CREATE OR REPLACE PROCEDURE "UPDATE_COMPONENT_METRICS"( AS $$ DECLARE -"v_component" RECORD; -- The component to update metrics for + "v_component" RECORD; -- The component to update metrics for "v_vulnerability" RECORD; -- Loop variable for iterating over vulnerabilities the component is affected by "v_alias" RECORD; -- Loop variable for iterating over aliases of a vulnerability "v_aliases_seen" TEXT[]; -- Array of aliases encountered while iterating over vulnerabilities @@ -960,74 +993,74 @@ DECLARE "v_policy_violations_security_unaudited" INT := 0; -- Number of unaudited policy violations of type security "v_existing_id" BIGINT; -- ID of the existing row that matches the data point calculated in this procedure BEGIN -SELECT "ID", "PROJECT_ID" INTO "v_component" FROM "COMPONENT" WHERE "UUID" = "component_uuid"; -IF "v_component" IS NULL THEN + SELECT "ID", "PROJECT_ID" INTO "v_component" FROM "COMPONENT" WHERE "UUID" = "component_uuid"; + IF "v_component" IS NULL THEN RAISE EXCEPTION 'Component with UUID % does not exist', "component_uuid"; -END IF; + END IF; -FOR "v_vulnerability" IN SELECT "VULNID", "SOURCE", "V"."SEVERITY", "A"."SEVERITY" AS "SEVERITY_OVERRIDE", "CVSSV2BASESCORE", "CVSSV3BASESCORE" - FROM "VULNERABILITY" AS "V" + FOR "v_vulnerability" IN SELECT "VULNID", "SOURCE", "V"."SEVERITY", "A"."SEVERITY" AS "SEVERITY_OVERRIDE", "CVSSV2BASESCORE", "CVSSV3BASESCORE" + FROM "VULNERABILITY" AS "V" INNER JOIN "COMPONENTS_VULNERABILITIES" AS "CV" ON "CV"."COMPONENT_ID" = "v_component"."ID" - AND "CV"."VULNERABILITY_ID" = "V"."ID" + AND "CV"."VULNERABILITY_ID" = "V"."ID" LEFT OUTER JOIN "ANALYSIS" AS "A" ON "A"."COMPONENT_ID" = "v_component"."ID" - AND "A"."COMPONENT_ID" = "CV"."COMPONENT_ID" - AND "A"."VULNERABILITY_ID" = "V"."ID" - WHERE "A"."SUPPRESSED" != TRUE OR "A"."SUPPRESSED" IS NULL + AND "A"."COMPONENT_ID" = "CV"."COMPONENT_ID" + AND "A"."VULNERABILITY_ID" = "V"."ID" + WHERE "A"."SUPPRESSED" != TRUE OR "A"."SUPPRESSED" IS NULL LOOP CONTINUE WHEN ("v_vulnerability"."SOURCE" || '|' || "v_vulnerability"."VULNID") = ANY ("v_aliases_seen"); -FOR "v_alias" IN SELECT * - FROM "VULNERABILITYALIAS" AS "VA" - WHERE ("v_vulnerability"."SOURCE" = 'GITHUB' AND - "VA"."GHSA_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'INTERNAL' AND - "VA"."INTERNAL_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'NVD' AND - "VA"."CVE_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'OSSINDEX' AND - "VA"."SONATYPE_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'OSV' AND - "VA"."OSV_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'SNYK' AND - "VA"."SNYK_ID" = "v_vulnerability"."VULNID") - OR ("v_vulnerability"."SOURCE" = 'VULNDB' AND - "VA"."VULNDB_ID" = "v_vulnerability"."VULNID") - LOOP + FOR "v_alias" IN SELECT * + FROM "VULNERABILITYALIAS" AS "VA" + WHERE ("v_vulnerability"."SOURCE" = 'GITHUB' AND + "VA"."GHSA_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'INTERNAL' AND + "VA"."INTERNAL_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'NVD' AND + "VA"."CVE_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'OSSINDEX' AND + "VA"."SONATYPE_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'OSV' AND + "VA"."OSV_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'SNYK' AND + "VA"."SNYK_ID" = "v_vulnerability"."VULNID") + OR ("v_vulnerability"."SOURCE" = 'VULNDB' AND + "VA"."VULNDB_ID" = "v_vulnerability"."VULNID") + LOOP IF "v_alias"."GHSA_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'GITHUB|' || "v_alias"."GHSA_ID"); -END IF; + END IF; IF "v_alias"."INTERNAL_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'INTERNAL|' || "v_alias"."INTERNAL_ID"); -END IF; + END IF; IF "v_alias"."CVE_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'NVD|' || "v_alias"."CVE_ID"); -END IF; + END IF; IF "v_alias"."SONATYPE_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'OSSINDEX|' || "v_alias"."SONATYPE_ID"); -END IF; + END IF; IF "v_alias"."OSV_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'OSV|' || "v_alias"."OSV_ID"); -END IF; + END IF; IF "v_alias"."SNYK_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'SNYK|' || "v_alias"."SNYK_ID"); -END IF; + END IF; IF "v_alias"."VULNDB_ID" IS NOT NULL THEN "v_aliases_seen" = array_append("v_aliases_seen", 'VULNDB|' || "v_alias"."VULNDB_ID"); -END IF; -END LOOP; + END IF; + END LOOP; "v_vulnerabilities" := "v_vulnerabilities" + 1; -SELECT "CALC_SEVERITY"( - "v_vulnerability"."SEVERITY", - "v_vulnerability"."SEVERITY_OVERRIDE", - "v_vulnerability"."CVSSV3BASESCORE", - "v_vulnerability"."CVSSV2BASESCORE") -INTO "v_severity"; + SELECT "CALC_SEVERITY"( + "v_vulnerability"."SEVERITY", + "v_vulnerability"."SEVERITY_OVERRIDE", + "v_vulnerability"."CVSSV3BASESCORE", + "v_vulnerability"."CVSSV2BASESCORE") + INTO "v_severity"; -IF "v_severity" = 'CRITICAL' THEN + IF "v_severity" = 'CRITICAL' THEN "v_critical" := "v_critical" + 1; ELSEIF "v_severity" = 'HIGH' THEN "v_high" := "v_high" + 1; @@ -1035,52 +1068,52 @@ IF "v_severity" = 'CRITICAL' THEN "v_medium" := "v_medium" + 1; ELSEIF "v_severity" = 'LOW' THEN "v_low" := "v_low" + 1; -ELSE + ELSE "v_unassigned" := "v_unassigned" + 1; -END IF; + END IF; -END LOOP; + END LOOP; "v_risk_score" = "CALC_RISK_SCORE"("v_critical", "v_high", "v_medium", "v_low", "v_unassigned"); -SELECT COUNT(*) -FROM "ANALYSIS" AS "A" -WHERE "A"."COMPONENT_ID" = "v_component"."ID" - AND "A"."SUPPRESSED" = FALSE - AND "A"."STATE" != 'NOT_SET' + SELECT COUNT(*) + FROM "ANALYSIS" AS "A" + WHERE "A"."COMPONENT_ID" = "v_component"."ID" + AND "A"."SUPPRESSED" = FALSE + AND "A"."STATE" != 'NOT_SET' AND "A"."STATE" != 'IN_TRIAGE' -INTO "v_findings_audited"; + INTO "v_findings_audited"; -"v_findings_total" = "v_vulnerabilities"; + "v_findings_total" = "v_vulnerabilities"; "v_findings_unaudited" = "v_findings_total" - "v_findings_audited"; -SELECT COUNT(*) -FROM "ANALYSIS" AS "A" -WHERE "A"."COMPONENT_ID" = "v_component"."ID" - AND "A"."SUPPRESSED" = TRUE - INTO "v_findings_suppressed"; + SELECT COUNT(*) + FROM "ANALYSIS" AS "A" + WHERE "A"."COMPONENT_ID" = "v_component"."ID" + AND "A"."SUPPRESSED" = TRUE + INTO "v_findings_suppressed"; -FOR "v_policy_violation" IN SELECT "PV"."TYPE", "P"."VIOLATIONSTATE" - FROM "POLICYVIOLATION" AS "PV" + FOR "v_policy_violation" IN SELECT "PV"."TYPE", "P"."VIOLATIONSTATE" + FROM "POLICYVIOLATION" AS "PV" INNER JOIN "POLICYCONDITION" AS "PC" ON "PV"."POLICYCONDITION_ID" = "PC"."ID" INNER JOIN "POLICY" AS "P" ON "PC"."POLICY_ID" = "P"."ID" LEFT JOIN "VIOLATIONANALYSIS" AS "VA" ON "VA"."COMPONENT_ID" = "v_component"."ID" AND "VA"."POLICYVIOLATION_ID" = "PV"."ID" - WHERE "PV"."COMPONENT_ID" = "v_component"."ID" - AND ("VA" IS NULL OR "VA"."SUPPRESSED" = FALSE) - LOOP + WHERE "PV"."COMPONENT_ID" = "v_component"."ID" + AND ("VA" IS NULL OR "VA"."SUPPRESSED" = FALSE) + LOOP "v_policy_violations_total" := "v_policy_violations_total" + 1; -IF "v_policy_violation"."TYPE" = 'LICENSE' THEN + IF "v_policy_violation"."TYPE" = 'LICENSE' THEN "v_policy_violations_license_total" := "v_policy_violations_license_total" + 1; ELSEIF "v_policy_violation"."TYPE" = 'OPERATIONAL' THEN "v_policy_violations_operational_total" := "v_policy_violations_operational_total" + 1; ELSEIF "v_policy_violation"."TYPE" = 'SECURITY' THEN "v_policy_violations_security_total" := "v_policy_violations_security_total" + 1; -ELSE + ELSE RAISE EXCEPTION 'Encountered invalid policy violation type %', "v_policy_violation"."TYPE"; -END IF; + END IF; IF "v_policy_violation"."VIOLATIONSTATE" = 'FAIL' THEN "v_policy_violations_fail" := "v_policy_violations_fail" + 1; @@ -1088,85 +1121,85 @@ END IF; "v_policy_violations_warn" := "v_policy_violations_warn" + 1; ELSEIF "v_policy_violation"."VIOLATIONSTATE" = 'INFO' THEN "v_policy_violations_info" := "v_policy_violations_info" + 1; -ELSE + ELSE RAISE EXCEPTION 'Encountered invalid violation state %', "v_policy_violation"."VIOLATIONSTATE"; -end if; -END LOOP; + end if; + END LOOP; -SELECT COUNT(*) -FROM "VIOLATIONANALYSIS" AS "VA" + SELECT COUNT(*) + FROM "VIOLATIONANALYSIS" AS "VA" INNER JOIN "POLICYVIOLATION" AS "PV" ON "PV"."ID" = "VA"."POLICYVIOLATION_ID" -WHERE "VA"."COMPONENT_ID" = "v_component"."ID" - AND "PV"."TYPE" = 'LICENSE' - AND "VA"."SUPPRESSED" = FALSE - AND "VA"."STATE" != 'NOT_SET' -INTO "v_policy_violations_license_audited"; -"v_policy_violations_license_unaudited" = - "v_policy_violations_license_total" - "v_policy_violations_license_audited"; - -SELECT COUNT(*) -FROM "VIOLATIONANALYSIS" AS "VA" + WHERE "VA"."COMPONENT_ID" = "v_component"."ID" + AND "PV"."TYPE" = 'LICENSE' + AND "VA"."SUPPRESSED" = FALSE + AND "VA"."STATE" != 'NOT_SET' + INTO "v_policy_violations_license_audited"; + "v_policy_violations_license_unaudited" = + "v_policy_violations_license_total" - "v_policy_violations_license_audited"; + + SELECT COUNT(*) + FROM "VIOLATIONANALYSIS" AS "VA" INNER JOIN "POLICYVIOLATION" AS "PV" ON "PV"."ID" = "VA"."POLICYVIOLATION_ID" -WHERE "VA"."COMPONENT_ID" = "v_component"."ID" - AND "PV"."TYPE" = 'OPERATIONAL' - AND "VA"."SUPPRESSED" = FALSE - AND "VA"."STATE" != 'NOT_SET' -INTO "v_policy_violations_operational_audited"; -"v_policy_violations_operational_unaudited" = - "v_policy_violations_operational_total" - "v_policy_violations_operational_audited"; - -SELECT COUNT(*) -FROM "VIOLATIONANALYSIS" AS "VA" + WHERE "VA"."COMPONENT_ID" = "v_component"."ID" + AND "PV"."TYPE" = 'OPERATIONAL' + AND "VA"."SUPPRESSED" = FALSE + AND "VA"."STATE" != 'NOT_SET' + INTO "v_policy_violations_operational_audited"; + "v_policy_violations_operational_unaudited" = + "v_policy_violations_operational_total" - "v_policy_violations_operational_audited"; + + SELECT COUNT(*) + FROM "VIOLATIONANALYSIS" AS "VA" INNER JOIN "POLICYVIOLATION" AS "PV" ON "PV"."ID" = "VA"."POLICYVIOLATION_ID" -WHERE "VA"."COMPONENT_ID" = "v_component"."ID" - AND "PV"."TYPE" = 'SECURITY' - AND "VA"."SUPPRESSED" = FALSE - AND "VA"."STATE" != 'NOT_SET' -INTO "v_policy_violations_security_audited"; -"v_policy_violations_security_unaudited" = - "v_policy_violations_security_total" - "v_policy_violations_security_audited"; + WHERE "VA"."COMPONENT_ID" = "v_component"."ID" + AND "PV"."TYPE" = 'SECURITY' + AND "VA"."SUPPRESSED" = FALSE + AND "VA"."STATE" != 'NOT_SET' + INTO "v_policy_violations_security_audited"; + "v_policy_violations_security_unaudited" = + "v_policy_violations_security_total" - "v_policy_violations_security_audited"; "v_policy_violations_audited" = "v_policy_violations_license_audited" + "v_policy_violations_operational_audited" + "v_policy_violations_security_audited"; "v_policy_violations_unaudited" = "v_policy_violations_total" - "v_policy_violations_audited"; -SELECT "ID" -FROM "DEPENDENCYMETRICS" -WHERE "COMPONENT_ID" = "v_component"."ID" - AND "VULNERABILITIES" = "v_vulnerabilities" - AND "CRITICAL" = "v_critical" - AND "HIGH" = "v_high" - AND "MEDIUM" = "v_medium" - AND "LOW" = "v_low" - AND "UNASSIGNED_SEVERITY" = "v_unassigned" - AND "RISKSCORE" = "v_risk_score" - AND "FINDINGS_TOTAL" = "v_findings_total" - AND "FINDINGS_AUDITED" = "v_findings_audited" - AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" - AND "SUPPRESSED" = "v_findings_suppressed" - AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" - AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" - AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" - AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" - AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" - AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" - AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" - AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" - AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" - AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" - AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" - AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" - AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" - AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" - AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" -ORDER BY "LAST_OCCURRENCE" DESC - LIMIT 1 -INTO "v_existing_id"; - -IF "v_existing_id" IS NOT NULL THEN -UPDATE "DEPENDENCYMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; -ELSE + SELECT "ID" + FROM "DEPENDENCYMETRICS" + WHERE "COMPONENT_ID" = "v_component"."ID" + AND "VULNERABILITIES" = "v_vulnerabilities" + AND "CRITICAL" = "v_critical" + AND "HIGH" = "v_high" + AND "MEDIUM" = "v_medium" + AND "LOW" = "v_low" + AND "UNASSIGNED_SEVERITY" = "v_unassigned" + AND "RISKSCORE" = "v_risk_score" + AND "FINDINGS_TOTAL" = "v_findings_total" + AND "FINDINGS_AUDITED" = "v_findings_audited" + AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" + AND "SUPPRESSED" = "v_findings_suppressed" + AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" + AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" + AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" + AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" + AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" + AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" + AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" + AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" + AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" + AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" + AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" + AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" + AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" + AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" + AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" + ORDER BY "LAST_OCCURRENCE" DESC + LIMIT 1 + INTO "v_existing_id"; + + IF "v_existing_id" IS NOT NULL THEN + UPDATE "DEPENDENCYMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; + ELSE INSERT INTO "DEPENDENCYMETRICS" ("COMPONENT_ID", "PROJECT_ID", "VULNERABILITIES", @@ -1228,12 +1261,12 @@ ELSE NOW(), NOW()); -UPDATE "COMPONENT" SET "LAST_RISKSCORE" = "v_risk_score" WHERE "ID" = "v_component"."ID"; -END IF; + UPDATE "COMPONENT" SET "LAST_RISKSCORE" = "v_risk_score" WHERE "ID" = "v_component"."ID"; + END IF; END; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-component-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 19, '9:c3d40a2f6e6ef350744a0ce63561c7e7', 'createProcedure path=procedures/procedure_update-component-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-component-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 22, '9:c3d40a2f6e6ef350744a0ce63561c7e7', 'createProcedure path=procedures/procedure_update-component-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::procedure_update-project-metrics::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -1245,7 +1278,7 @@ CREATE OR REPLACE PROCEDURE "UPDATE_PROJECT_METRICS"( AS $$ DECLARE -"v_project_id" BIGINT; + "v_project_id" BIGINT; "v_component_uuid" TEXT; "v_components" INT; -- Total number of components in the project "v_vulnerable_components" INT; -- Number of vulnerable components in the project @@ -1277,51 +1310,51 @@ DECLARE "v_policy_violations_security_unaudited" INT; -- Number of unaudited policy violations of type security "v_existing_id" BIGINT; -- ID of the existing row that matches the data point calculated in this procedure BEGIN -SELECT "ID" FROM "PROJECT" WHERE "UUID" = "project_uuid" INTO "v_project_id"; -IF "v_project_id" IS NULL THEN + SELECT "ID" FROM "PROJECT" WHERE "UUID" = "project_uuid" INTO "v_project_id"; + IF "v_project_id" IS NULL THEN RAISE EXCEPTION 'Project with UUID % does not exist', "project_uuid"; -END IF; + END IF; -FOR "v_component_uuid" IN SELECT "UUID" FROM "COMPONENT" WHERE "PROJECT_ID" = "v_project_id" + FOR "v_component_uuid" IN SELECT "UUID" FROM "COMPONENT" WHERE "PROJECT_ID" = "v_project_id" LOOP - CALL "UPDATE_COMPONENT_METRICS"("v_component_uuid"); -END LOOP; + CALL "UPDATE_COMPONENT_METRICS"("v_component_uuid"); + END LOOP; -- Aggregate over all most recent DEPENDENCYMETRICS. -- NOTE: SUM returns NULL when no rows match the query, but COUNT returns 0. -- For nullable result columns, use COALESCE(..., 0) to have a default value. -SELECT COUNT(*)::INT, - COALESCE(SUM(CASE WHEN "VULNERABILITIES" > 0 THEN 1 ELSE 0 END)::INT, 0), - COALESCE(SUM("VULNERABILITIES")::INT, 0), - COALESCE(SUM("CRITICAL")::INT, 0), - COALESCE(SUM("HIGH")::INT, 0), - COALESCE(SUM("MEDIUM")::INT, 0), - COALESCE(SUM("LOW")::INT, 0), - COALESCE(SUM("UNASSIGNED_SEVERITY")::INT, 0), - COALESCE(SUM("FINDINGS_TOTAL")::INT, 0), - COALESCE(SUM("FINDINGS_AUDITED")::INT, 0), - COALESCE(SUM("FINDINGS_UNAUDITED")::INT, 0), - COALESCE(SUM("SUPPRESSED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_FAIL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_WARN")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_INFO")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_UNAUDITED")::INT, 0) -FROM (SELECT DISTINCT ON ("DM"."COMPONENT_ID") * - FROM "DEPENDENCYMETRICS" AS "DM" - WHERE "PROJECT_ID" = "v_project_id" - ORDER BY "DM"."COMPONENT_ID", "DM"."LAST_OCCURRENCE" DESC) AS "LATEST_COMPONENT_METRICS" - INTO + SELECT COUNT(*)::INT, + COALESCE(SUM(CASE WHEN "VULNERABILITIES" > 0 THEN 1 ELSE 0 END)::INT, 0), + COALESCE(SUM("VULNERABILITIES")::INT, 0), + COALESCE(SUM("CRITICAL")::INT, 0), + COALESCE(SUM("HIGH")::INT, 0), + COALESCE(SUM("MEDIUM")::INT, 0), + COALESCE(SUM("LOW")::INT, 0), + COALESCE(SUM("UNASSIGNED_SEVERITY")::INT, 0), + COALESCE(SUM("FINDINGS_TOTAL")::INT, 0), + COALESCE(SUM("FINDINGS_AUDITED")::INT, 0), + COALESCE(SUM("FINDINGS_UNAUDITED")::INT, 0), + COALESCE(SUM("SUPPRESSED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_FAIL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_WARN")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_INFO")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_UNAUDITED")::INT, 0) + FROM (SELECT DISTINCT ON ("DM"."COMPONENT_ID") * + FROM "DEPENDENCYMETRICS" AS "DM" + WHERE "PROJECT_ID" = "v_project_id" + ORDER BY "DM"."COMPONENT_ID", "DM"."LAST_OCCURRENCE" DESC) AS "LATEST_COMPONENT_METRICS" + INTO "v_components", "v_vulnerable_components", "v_vulnerabilities", @@ -1350,46 +1383,46 @@ FROM (SELECT DISTINCT ON ("DM"."COMPONENT_ID") * "v_policy_violations_security_audited", "v_policy_violations_security_unaudited"; -"v_risk_score" = "CALC_RISK_SCORE"("v_critical", "v_high", "v_medium", "v_low", "v_unassigned"); - -SELECT "ID" -FROM "PROJECTMETRICS" -WHERE "PROJECT_ID" = "v_project_id" - AND "COMPONENTS" = "v_components" - AND "VULNERABLECOMPONENTS" = "v_vulnerable_components" - AND "VULNERABILITIES" = "v_vulnerabilities" - AND "CRITICAL" = "v_critical" - AND "HIGH" = "v_high" - AND "MEDIUM" = "v_medium" - AND "LOW" = "v_low" - AND "UNASSIGNED_SEVERITY" = "v_unassigned" - AND "RISKSCORE" = "v_risk_score" - AND "FINDINGS_TOTAL" = "v_findings_total" - AND "FINDINGS_AUDITED" = "v_findings_audited" - AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" - AND "SUPPRESSED" = "v_findings_suppressed" - AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" - AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" - AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" - AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" - AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" - AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" - AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" - AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" - AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" - AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" - AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" - AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" - AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" - AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" - AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" -ORDER BY "LAST_OCCURRENCE" DESC - LIMIT 1 -INTO "v_existing_id"; - -IF "v_existing_id" IS NOT NULL THEN -UPDATE "PROJECTMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; -ELSE + "v_risk_score" = "CALC_RISK_SCORE"("v_critical", "v_high", "v_medium", "v_low", "v_unassigned"); + + SELECT "ID" + FROM "PROJECTMETRICS" + WHERE "PROJECT_ID" = "v_project_id" + AND "COMPONENTS" = "v_components" + AND "VULNERABLECOMPONENTS" = "v_vulnerable_components" + AND "VULNERABILITIES" = "v_vulnerabilities" + AND "CRITICAL" = "v_critical" + AND "HIGH" = "v_high" + AND "MEDIUM" = "v_medium" + AND "LOW" = "v_low" + AND "UNASSIGNED_SEVERITY" = "v_unassigned" + AND "RISKSCORE" = "v_risk_score" + AND "FINDINGS_TOTAL" = "v_findings_total" + AND "FINDINGS_AUDITED" = "v_findings_audited" + AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" + AND "SUPPRESSED" = "v_findings_suppressed" + AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" + AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" + AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" + AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" + AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" + AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" + AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" + AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" + AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" + AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" + AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" + AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" + AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" + AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" + AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" + ORDER BY "LAST_OCCURRENCE" DESC + LIMIT 1 + INTO "v_existing_id"; + + IF "v_existing_id" IS NOT NULL THEN + UPDATE "PROJECTMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; + ELSE INSERT INTO "PROJECTMETRICS" ("PROJECT_ID", "COMPONENTS", "VULNERABLECOMPONENTS", @@ -1453,12 +1486,12 @@ ELSE NOW(), NOW()); -UPDATE "PROJECT" SET "LAST_RISKSCORE" = "v_risk_score" WHERE "ID" = "v_project_id"; -END IF; + UPDATE "PROJECT" SET "LAST_RISKSCORE" = "v_risk_score" WHERE "ID" = "v_project_id"; + END IF; end; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-project-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 20, '9:a7b35b9d37fa1deeb3044ace83dc9952', 'createProcedure path=procedures/procedure_update-project-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-project-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 23, '9:a7b35b9d37fa1deeb3044ace83dc9952', 'createProcedure path=procedures/procedure_update-project-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Changeset migration/changelog-procedures.xml::procedure_update-portfolio-metrics::nscuro@protonmail.com SET SEARCH_PATH TO public, "$user","public"; @@ -1468,7 +1501,7 @@ CREATE OR REPLACE PROCEDURE "UPDATE_PORTFOLIO_METRICS"() AS $$ DECLARE -"v_projects" INT; -- Total number of projects in the portfolio + "v_projects" INT; -- Total number of projects in the portfolio "v_vulnerable_projects" INT; -- Number of vulnerable projects in the portfolio "v_components" INT; -- Total number of components in the portfolio "v_vulnerable_components" INT; -- Number of vulnerable components in the portfolio @@ -1503,42 +1536,42 @@ BEGIN -- Aggregate over all most recent DEPENDENCYMETRICS. -- NOTE: SUM returns NULL when no rows match the query, but COUNT returns 0. -- For nullable result columns, use COALESCE(..., 0) to have a default value. -SELECT COUNT(*)::INT, - COALESCE(SUM(CASE WHEN "VULNERABILITIES" > 0 THEN 1 ELSE 0 END)::INT, 0), - COALESCE(SUM("COMPONENTS")::INT, 0), - COALESCE(SUM("VULNERABLECOMPONENTS")::INT, 0), - COALESCE(SUM("VULNERABILITIES")::INT, 0), - COALESCE(SUM("CRITICAL")::INT, 0), - COALESCE(SUM("HIGH")::INT, 0), - COALESCE(SUM("MEDIUM")::INT, 0), - COALESCE(SUM("LOW")::INT, 0), - COALESCE(SUM("UNASSIGNED_SEVERITY")::INT, 0), - COALESCE(SUM("FINDINGS_TOTAL")::INT, 0), - COALESCE(SUM("FINDINGS_AUDITED")::INT, 0), - COALESCE(SUM("FINDINGS_UNAUDITED")::INT, 0), - COALESCE(SUM("SUPPRESSED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_FAIL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_WARN")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_INFO")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_LICENSE_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_UNAUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_TOTAL")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_AUDITED")::INT, 0), - COALESCE(SUM("POLICYVIOLATIONS_SECURITY_UNAUDITED")::INT, 0) -FROM (SELECT DISTINCT ON ("PM"."PROJECT_ID") * - FROM "PROJECTMETRICS" AS "PM" - INNER JOIN "PROJECT" AS "P" ON "P"."ID" = "PM"."PROJECT_ID" - WHERE "P"."ACTIVE" = TRUE -- Only consider active projects - OR "P"."ACTIVE" IS NULL -- ACTIVE is nullable, assume TRUE per default - ORDER BY "PM"."PROJECT_ID", "PM"."LAST_OCCURRENCE" DESC) AS "LATEST_PROJECT_METRICS" - INTO + SELECT COUNT(*)::INT, + COALESCE(SUM(CASE WHEN "VULNERABILITIES" > 0 THEN 1 ELSE 0 END)::INT, 0), + COALESCE(SUM("COMPONENTS")::INT, 0), + COALESCE(SUM("VULNERABLECOMPONENTS")::INT, 0), + COALESCE(SUM("VULNERABILITIES")::INT, 0), + COALESCE(SUM("CRITICAL")::INT, 0), + COALESCE(SUM("HIGH")::INT, 0), + COALESCE(SUM("MEDIUM")::INT, 0), + COALESCE(SUM("LOW")::INT, 0), + COALESCE(SUM("UNASSIGNED_SEVERITY")::INT, 0), + COALESCE(SUM("FINDINGS_TOTAL")::INT, 0), + COALESCE(SUM("FINDINGS_AUDITED")::INT, 0), + COALESCE(SUM("FINDINGS_UNAUDITED")::INT, 0), + COALESCE(SUM("SUPPRESSED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_FAIL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_WARN")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_INFO")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_LICENSE_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_OPERATIONAL_UNAUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_TOTAL")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_AUDITED")::INT, 0), + COALESCE(SUM("POLICYVIOLATIONS_SECURITY_UNAUDITED")::INT, 0) + FROM (SELECT DISTINCT ON ("PM"."PROJECT_ID") * + FROM "PROJECTMETRICS" AS "PM" + INNER JOIN "PROJECT" AS "P" ON "P"."ID" = "PM"."PROJECT_ID" + WHERE "P"."ACTIVE" = TRUE -- Only consider active projects + OR "P"."ACTIVE" IS NULL -- ACTIVE is nullable, assume TRUE per default + ORDER BY "PM"."PROJECT_ID", "PM"."LAST_OCCURRENCE" DESC) AS "LATEST_PROJECT_METRICS" + INTO "v_projects", "v_vulnerable_projects", "v_components", @@ -1569,47 +1602,47 @@ FROM (SELECT DISTINCT ON ("PM"."PROJECT_ID") * "v_policy_violations_security_audited", "v_policy_violations_security_unaudited"; -"v_risk_score" = "CALC_RISK_SCORE"("v_critical", "v_high", "v_medium", "v_low", "v_unassigned"); - -SELECT "ID" -FROM "PORTFOLIOMETRICS" -WHERE "PROJECTS" = "v_projects" - AND "VULNERABLEPROJECTS" = "v_vulnerable_projects" - AND "COMPONENTS" = "v_components" - AND "VULNERABLECOMPONENTS" = "v_vulnerable_components" - AND "VULNERABILITIES" = "v_vulnerabilities" - AND "CRITICAL" = "v_critical" - AND "HIGH" = "v_high" - AND "MEDIUM" = "v_medium" - AND "LOW" = "v_low" - AND "UNASSIGNED_SEVERITY" = "v_unassigned" - AND "RISKSCORE" = "v_risk_score" - AND "FINDINGS_TOTAL" = "v_findings_total" - AND "FINDINGS_AUDITED" = "v_findings_audited" - AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" - AND "SUPPRESSED" = "v_findings_suppressed" - AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" - AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" - AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" - AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" - AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" - AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" - AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" - AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" - AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" - AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" - AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" - AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" - AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" - AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" - AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" -ORDER BY "LAST_OCCURRENCE" DESC - LIMIT 1 -INTO "v_existing_id"; - -IF "v_existing_id" IS NOT NULL THEN -UPDATE "PORTFOLIOMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; -ELSE + "v_risk_score" = "CALC_RISK_SCORE"("v_critical", "v_high", "v_medium", "v_low", "v_unassigned"); + + SELECT "ID" + FROM "PORTFOLIOMETRICS" + WHERE "PROJECTS" = "v_projects" + AND "VULNERABLEPROJECTS" = "v_vulnerable_projects" + AND "COMPONENTS" = "v_components" + AND "VULNERABLECOMPONENTS" = "v_vulnerable_components" + AND "VULNERABILITIES" = "v_vulnerabilities" + AND "CRITICAL" = "v_critical" + AND "HIGH" = "v_high" + AND "MEDIUM" = "v_medium" + AND "LOW" = "v_low" + AND "UNASSIGNED_SEVERITY" = "v_unassigned" + AND "RISKSCORE" = "v_risk_score" + AND "FINDINGS_TOTAL" = "v_findings_total" + AND "FINDINGS_AUDITED" = "v_findings_audited" + AND "FINDINGS_UNAUDITED" = "v_findings_unaudited" + AND "SUPPRESSED" = "v_findings_suppressed" + AND "POLICYVIOLATIONS_TOTAL" = "v_policy_violations_total" + AND "POLICYVIOLATIONS_FAIL" = "v_policy_violations_fail" + AND "POLICYVIOLATIONS_WARN" = "v_policy_violations_warn" + AND "POLICYVIOLATIONS_INFO" = "v_policy_violations_info" + AND "POLICYVIOLATIONS_AUDITED" = "v_policy_violations_audited" + AND "POLICYVIOLATIONS_UNAUDITED" = "v_policy_violations_unaudited" + AND "POLICYVIOLATIONS_LICENSE_TOTAL" = "v_policy_violations_license_total" + AND "POLICYVIOLATIONS_LICENSE_AUDITED" = "v_policy_violations_license_audited" + AND "POLICYVIOLATIONS_LICENSE_UNAUDITED" = "v_policy_violations_license_unaudited" + AND "POLICYVIOLATIONS_OPERATIONAL_TOTAL" = "v_policy_violations_operational_total" + AND "POLICYVIOLATIONS_OPERATIONAL_AUDITED" = "v_policy_violations_operational_audited" + AND "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED" = "v_policy_violations_operational_unaudited" + AND "POLICYVIOLATIONS_SECURITY_TOTAL" = "v_policy_violations_security_total" + AND "POLICYVIOLATIONS_SECURITY_AUDITED" = "v_policy_violations_security_audited" + AND "POLICYVIOLATIONS_SECURITY_UNAUDITED" = "v_policy_violations_security_unaudited" + ORDER BY "LAST_OCCURRENCE" DESC + LIMIT 1 + INTO "v_existing_id"; + + IF "v_existing_id" IS NOT NULL THEN + UPDATE "PORTFOLIOMETRICS" SET "LAST_OCCURRENCE" = NOW() WHERE "ID" = "v_existing_id"; + ELSE INSERT INTO "PORTFOLIOMETRICS" ("PROJECTS", "VULNERABLEPROJECTS", "COMPONENTS", @@ -1674,11 +1707,11 @@ ELSE "v_policy_violations_security_unaudited", NOW(), NOW()); -END IF; + END IF; END; $$; -INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-portfolio-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 21, '9:1de7336fd9c6d13ceaccf6a498492eed', 'createProcedure path=procedures/procedure_update-portfolio-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.25.0', '7504651784'); +INSERT INTO databasechangelog (ID, AUTHOR, FILENAME, DATEEXECUTED, ORDEREXECUTED, MD5SUM, DESCRIPTION, COMMENTS, EXECTYPE, CONTEXTS, LABELS, LIQUIBASE, DEPLOYMENT_ID) VALUES ('procedure_update-portfolio-metrics', 'nscuro@protonmail.com', 'migration/changelog-procedures.xml', NOW(), 24, '9:1de7336fd9c6d13ceaccf6a498492eed', 'createProcedure path=procedures/procedure_update-portfolio-metrics.sql', '', 'EXECUTED', NULL, NULL, '4.26.0', '9302418421'); -- Release Database Lock SET SEARCH_PATH TO public, "$user","public";