From 07458b8141b65a1e95a1cb323b99e1c577bacd5c Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Fri, 11 Nov 2016 04:22:35 +0000
Subject: [PATCH 4/6] Mapping supports vendor:product combination
---
src/core.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++----------------
src/core.h | 4 ++--
src/main.c | 17 ++++++++++++---
3 files changed, 71 insertions(+), 23 deletions(-)
diff --git a/src/core.c b/src/core.c
index 8f809a3..d03f856 100644
--- a/src/core.c
+++ b/src/core.c
@@ -63,7 +63,11 @@ struct CveDB {
sqlite3 *db;
sqlite3_stmt *insert;
sqlite3_stmt *insert_product;
- sqlite3_stmt *search_product;
+ /*
+ * index 0 - search by product
+ * index 1 - search by product and vendor
+ */
+ sqlite3_stmt *search_product[2];
sqlite3_stmt *get_cve;
};
@@ -148,32 +152,39 @@ struct cve_entry_t *cve_db_get_cve(CveDB *self, char *id)
return t;
}
-GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version, GList *in)
+GList *cve_db_get_issues_frac_compare(CveDB *self, char *vendor, char *product, char *version, GList *in)
{
int rc = 0;
GList *list = in;
int ret = 0;
+ int idx = vendor ? 1 : 0;
if (!self || !self->db) {
return NULL;
}
- sqlite3_reset(self->search_product);
+ sqlite3_reset(self->search_product[idx]);
- if (sqlite3_bind_text(self->search_product, 1, product, -1, SQLITE_STATIC) != SQLITE_OK) {
+ if (sqlite3_bind_text(self->search_product[idx], 1, product, -1, SQLITE_STATIC) != SQLITE_OK) {
fprintf(stderr, "cve_db_get_issues_frac_compare(): %s\n", sqlite3_errmsg(self->db));
return NULL;
}
- while ((rc = sqlite3_step(self->search_product)) == SQLITE_ROW) {
- if ((const char *)sqlite3_column_text(self->search_product, 1) == NULL) /*skip over (null) product*/
+ if (idx)
+ if (sqlite3_bind_text(self->search_product[idx], 2, vendor, -1, SQLITE_STATIC) != SQLITE_OK) {
+ fprintf(stderr, "cve_db_get_issues_frac_compare(): %s\n", sqlite3_errmsg(self->db));
+ return NULL;
+ }
+
+ while ((rc = sqlite3_step(self->search_product[idx])) == SQLITE_ROW) {
+ if ((const char *)sqlite3_column_text(self->search_product[idx], 1) == NULL) /*skip over (null) product*/
continue;
- if ((const char *)sqlite3_column_text(self->search_product, 2) == NULL) /*skip over (null) version*/
+ if ((const char *)sqlite3_column_text(self->search_product[idx], 2) == NULL) /*skip over (null) version*/
continue;
- ret = strverscmp(version, (const char *)sqlite3_column_text(self->search_product, 2));
+ ret = strverscmp(version, (const char *)sqlite3_column_text(self->search_product[idx], 2));
if (ret <= 0) { /* our version <= NVD version */
- list = g_list_append(list, g_strdup((const char*)sqlite3_column_text(self->search_product, 0)));
+ list = g_list_append(list, g_strdup((const char*)sqlite3_column_text(self->search_product[idx], 0)));
}
}
@@ -187,30 +198,38 @@ GList *cve_db_get_issues_frac_compare(CveDB *self, char *product, char *version,
return list;
}
-GList *cve_db_get_issues(CveDB *self, char *product, char *version, GList *in)
+GList *cve_db_get_issues(CveDB *self, char *vendor, char *product, char *version, GList *in)
{
int rc = 0;
GList *list = in;
+ int idx = vendor ? 1 : 0;
if (!self || !self->db) {
return NULL;
}
- sqlite3_reset(self->search_product);
+ sqlite3_reset(self->search_product[idx]);
/* Product */
- if (sqlite3_bind_text(self->search_product, 1, product, -1, SQLITE_STATIC) != SQLITE_OK) {
+ if (sqlite3_bind_text(self->search_product[idx], 1, product, -1, SQLITE_STATIC) != SQLITE_OK) {
fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db));
goto bail;
}
/* Version */
- if (sqlite3_bind_text(self->search_product, 2, version, -1, SQLITE_STATIC) != SQLITE_OK) {
+ if (sqlite3_bind_text(self->search_product[idx], 2, version, -1, SQLITE_STATIC) != SQLITE_OK) {
fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db));
goto bail;
}
- while ((rc = sqlite3_step(self->search_product) == SQLITE_ROW)) {
- list = g_list_append(list, g_strdup((const gchar*)sqlite3_column_text(self->search_product, 0)));
+ /* Version */
+ if (idx)
+ if (sqlite3_bind_text(self->search_product[idx], 3, vendor, -1, SQLITE_STATIC) != SQLITE_OK) {
+ fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db));
+ goto bail;
+ }
+
+ while ((rc = sqlite3_step(self->search_product[idx]) == SQLITE_ROW)) {
+ list = g_list_append(list, g_strdup((const gchar*)sqlite3_column_text(self->search_product[idx], 0)));
}
if (rc != SQLITE_OK) {
fprintf(stderr, "cve_db_get_issues(): %s\n", sqlite3_errmsg(self->db));
@@ -645,7 +664,22 @@ CveDB *cve_db_new(const char *path)
cve_db_free(ret);
return NULL;
}
- ret->search_product = stm;
+ ret->search_product[0] = stm;
+ stm = NULL;
+
+ /* Search product and vendor. */
+ if (use_frac_compare) {
+ q = "select ID, PRODUCT, VERSION from PRODUCTS where PRODUCT = ? and VENDOR = ?";
+ } else {
+ q = "SELECT ID FROM PRODUCTS WHERE PRODUCT = ? AND VERSION = ? COLLATE NOCASE and VENDOR = ?";
+ }
+ rc = sqlite3_prepare_v2(ret->db, q, -1, &stm, NULL);
+ if (rc != SQLITE_OK) {
+ fprintf(stderr, "cve_db_new(): %s\n", sqlite3_errmsg(ret->db));
+ cve_db_free(ret);
+ return NULL;
+ }
+ ret->search_product[1] = stm;
stm = NULL;
/* Get CVE. */
@@ -673,8 +707,11 @@ void cve_db_free(CveDB *self)
if (self->insert_product) {
sqlite3_finalize(self->insert_product);
}
- if (self->search_product) {
- sqlite3_finalize(self->search_product);
+ if (self->search_product[0]) {
+ sqlite3_finalize(self->search_product[0]);
+ }
+ if (self->search_product[1]) {
+ sqlite3_finalize(self->search_product[1]);
}
if (self->get_cve) {
sqlite3_finalize(self->get_cve);
diff --git a/src/core.h b/src/core.h
index 7a18b7d..4cdc785 100644
--- a/src/core.h
+++ b/src/core.h
@@ -84,8 +84,8 @@ struct cve_entry_t *cve_db_get_cve(CveDB *db, char *id);
*
* @return A newly allocated list of strings if found, otherwise NULL
*/
-GList *cve_db_get_issues(CveDB *db, char *product, char *version, GList *in);
-GList *cve_db_get_issues_frac_compare(CveDB *db, char *product, char *version,
+GList *cve_db_get_issues(CveDB *db, char *vendor, char *product, char *version, GList *in);
+GList *cve_db_get_issues_frac_compare(CveDB *db, char *vendor, char *product, char *version,
GList *in);
/**
diff --git a/src/main.c b/src/main.c
index 5ee6adb..26bfd1e 100644
--- a/src/main.c
+++ b/src/main.c
@@ -114,16 +114,27 @@ static void cve_add_package_internal(struct source_package_t *pkg)
t = g_strsplit(q, " ", 10);
while (t[i]) {
+ gchar **p;
+ gchar *vendor, *product;
if (strlen(t[i]) == 0) {
i++;
continue;
}
+ p = g_strsplit(t[i], ":", 2);
+ if (p[1]) {
+ vendor = p[0];
+ product = p[1];
+ } else {
+ vendor = NULL;
+ product = p[0];
+ }
if (use_frac_compare)
issues = cve_db_get_issues_frac_compare(self->cve_db,
- t[i], pkg->version, issues);
+ vendor, product, pkg->version, issues);
else
- issues = cve_db_get_issues(self->cve_db, t[i],
- pkg->version, issues);
+ issues = cve_db_get_issues(self->cve_db, vendor,
+ product, pkg->version, issues);
+ g_strfreev(p);
i++;
}
g_strfreev(t);
--
2.10.1