Skip to content

Commit

Permalink
Separated SQL statement for making copy of vulnversions
Browse files Browse the repository at this point in the history
  • Loading branch information
@ctevse
ctevse committed Dec 11, 2023
1 parent 1c1fcea commit d28f4e5
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions db/src/main/java/edu/rit/se/nvip/db/repositories/VulnerabilityRepository.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,8 +119,8 @@ public String getCveId(String vulnId) {
private static final String INSERT_DESCRIPTION = "INSERT INTO description (description, created_date, gpt_func, cve_id, is_user_generated) VALUES (?, ?, ?, ?, ?)";
private static final String INSERT_JT = "INSERT INTO rawdescriptionjt (description_id, raw_description_id) VALUES (?, ?)";
private static final String INSERT_VULN_VERSION = "INSERT INTO vulnerabilityversion (cve_id, description_id, created_date, published_date, last_modified_date) VALUES (?, ?, NOW(), ?, ?)";
private static final String COPY_PREV_VERSION_KEYS = "UPDATE vulnerabilityversion SET vdo_set_id = (SELECT vdo_set_id FROM vulnerabilityversion WHERE cve_id = ? ORDER BY created_date DESC LIMIT 1), " +
"cpe_set_id = (SELECT cpe_set_id FROM vulnerabilityversion WHERE cve_id = ? ORDER BY created_date DESC LIMIT 1) WHERE vuln_version_id = ?";
private static final String SELECT_PREV_VERSION_KEYS = "SELECT vdo_set_id, cpe_set_id FROM vulnerabilityversion WHERE cve_id = ? ORDER BY created_date DESC LIMIT 1";
private static final String COPY_PREV_VERSION_KEYS = "UPDATE vulnerabilityversion SET vdo_set_id = ?, cpe_set_id = ? WHERE vuln_version_id = ?";
private static final String INSERT_VULNERABILITY = "INSERT INTO vulnerability (cve_id, created_date, vuln_version_id) VALUES (?, NOW(), ?)";
private static final String UPDATE_VULNERABILITY = "UPDATE vulnerability SET vuln_version_id = ? WHERE cve_id = ?";
private static final String DELETE_JOB = "DELETE FROM cvejobtrack WHERE cve_id = ?";
Expand All @@ -138,6 +138,7 @@ public int insertOrUpdateVulnerabilityFull(CompositeVulnerability vuln, boolean
PreparedStatement descriptionStatement = conn.prepareStatement(INSERT_DESCRIPTION, Statement.RETURN_GENERATED_KEYS);
PreparedStatement jtStatement = conn.prepareStatement(INSERT_JT);
PreparedStatement vvStatement = conn.prepareStatement(INSERT_VULN_VERSION, Statement.RETURN_GENERATED_KEYS);
PreparedStatement prevVersionsStatement = conn.prepareStatement(SELECT_PREV_VERSION_KEYS);
PreparedStatement copyStatement = conn.prepareStatement(COPY_PREV_VERSION_KEYS);
PreparedStatement vulnStatement = conn.prepareStatement(newVuln ? INSERT_VULNERABILITY : UPDATE_VULNERABILITY);
PreparedStatement jobStatement = conn.prepareStatement(DELETE_JOB)) {
Expand Down Expand Up @@ -174,7 +175,12 @@ public int insertOrUpdateVulnerabilityFull(CompositeVulnerability vuln, boolean
}
// if we're updating, copy over the vdo/cpe pointers to this new version
if (!newVuln) {
populateCopyStatement(copyStatement, vuln);
prevVersionsStatement.setString(1, vuln.getCveId());
rs = prevVersionsStatement.executeQuery();

copyStatement.setInt(1, rs.getInt("vdo_set_id"));
copyStatement.setInt(2, rs.getInt("cpe_set_id"));
copyStatement.setString(3, vuln.getCveId());
copyStatement.executeUpdate();
}
// insert new vuln row or update version pointer
Expand Down Expand Up @@ -254,12 +260,6 @@ private void populateVulnVersionInsert(PreparedStatement vvStatement, CompositeV
vvStatement.setTimestamp(4, vuln.getLastModifiedDate());
}

private void populateCopyStatement(PreparedStatement copyStatement, CompositeVulnerability vuln) throws SQLException{
copyStatement.setString(1, vuln.getCveId());
copyStatement.setString(2, vuln.getCveId());
copyStatement.setInt(3, vuln.getVersionId());
}

private void populateJobDelete(PreparedStatement jobStatement, CompositeVulnerability vuln) throws SQLException {
jobStatement.setString(1, vuln.getCveId());
}
Expand Down

0 comments on commit d28f4e5

Please sign in to comment.