From f33c32e0b7993e50e123b47c69e79cfdc8271d47 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Tue, 17 Sep 2024 15:56:51 +0200 Subject: [PATCH 1/3] improve view --- extra-schema.sql | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/extra-schema.sql b/extra-schema.sql index e231240..fbb5c6c 100644 --- a/extra-schema.sql +++ b/extra-schema.sql @@ -10,17 +10,40 @@ CREATE OR REPLACE VIEW public.sourcepackagecve dist_cpe.cpe_version AS gardenlinux_version, deb_cve.debsec_vulnerable AS is_vulnerable, all_cve.data ->> 'published'::text AS cve_published_date, + CASE + WHEN (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'baseScore')::numeric IS NOT NULL THEN + (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'baseScore')::numeric + WHEN (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'baseScore')::numeric IS NOT NULL THEN + (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'baseScore')::numeric + WHEN (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'baseScore')::numeric IS NOT NULL THEN + (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'baseScore')::numeric + WHEN (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'baseScore')::numeric IS NOT NULL THEN + (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'baseScore')::numeric + END AS base_score, + CASE + WHEN (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'vectorString')::text IS NOT NULL THEN + (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'vectorString')::text + WHEN (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'vectorString')::text IS NOT NULL THEN + (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'vectorString')::text + WHEN (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'vectorString')::text IS NOT NULL THEN + (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'vectorString')::text + WHEN (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'vectorString')::text IS NOT NULL THEN + (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'vectorString')::text + END AS vector_string, (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'baseScore')::numeric AS base_score_v40, (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'baseScore')::numeric AS base_score_v31, (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'baseScore')::numeric AS base_score_v30, + (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'baseScore')::numeric AS base_score_v2, (data->'metrics'->'cvssMetricV40'->0->'cvssData'->>'vectorString')::text AS vector_string_v40, (data->'metrics'->'cvssMetricV31'->0->'cvssData'->>'vectorString')::text AS vector_string_v31, - (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'vectorString')::text AS vector_string_v30 + (data->'metrics'->'cvssMetricV30'->0->'cvssData'->>'vectorString')::text AS vector_string_v30, + (data->'metrics'->'cvssMetricV2'->0->'cvssData'->>'vectorString')::text AS vector_string_v2 FROM all_cve JOIN deb_cve USING (cve_id) JOIN dist_cpe ON deb_cve.dist_id = dist_cpe.id - WHERE dist_cpe.cpe_product = 'gardenlinux'::text - ORDER BY all_cve.cve_id; + WHERE + dist_cpe.cpe_product = 'gardenlinux'::text AND + deb_cve.debsec_vulnerable = TRUE; ALTER TABLE public.sourcepackagecve OWNER TO glvd; From 5d5b142aff0c056937b1764c776366480eeb9a60 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Tue, 17 Sep 2024 16:34:12 +0200 Subject: [PATCH 2/3] oras --- .github/workflows/ingest-snapshot.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/ingest-snapshot.yaml b/.github/workflows/ingest-snapshot.yaml index e776675..2e2b933 100644 --- a/.github/workflows/ingest-snapshot.yaml +++ b/.github/workflows/ingest-snapshot.yaml @@ -32,6 +32,8 @@ jobs: - name: Check out repository code uses: actions/checkout@v4 + - uses: oras-project/setup-oras@v1 + - name: Ingest Data run: /usr/local/src/ingest-postgres.sh @@ -49,6 +51,12 @@ jobs: run: | pg_dump --schema-only -h postgres -p 5432 -U glvd glvd > glvd-schema.sql + - run: oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io + + - run: oras push ghcr.io/gardenlinux/glvd-db-snapshot:latest glvd.sql + + - run: oras logout ghcr.io + - uses: actions/upload-artifact@v4 with: name: glvd.sql From fdcbd3111ce56916a5db80ea279f4cb92d8062b9 Mon Sep 17 00:00:00 2001 From: Florian Wilhelm Date: Wed, 18 Sep 2024 14:19:30 +0200 Subject: [PATCH 3/3] Revert "oras" This reverts commit 5d5b142aff0c056937b1764c776366480eeb9a60. --- .github/workflows/ingest-snapshot.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/ingest-snapshot.yaml b/.github/workflows/ingest-snapshot.yaml index 2e2b933..e776675 100644 --- a/.github/workflows/ingest-snapshot.yaml +++ b/.github/workflows/ingest-snapshot.yaml @@ -32,8 +32,6 @@ jobs: - name: Check out repository code uses: actions/checkout@v4 - - uses: oras-project/setup-oras@v1 - - name: Ingest Data run: /usr/local/src/ingest-postgres.sh @@ -51,12 +49,6 @@ jobs: run: | pg_dump --schema-only -h postgres -p 5432 -U glvd glvd > glvd-schema.sql - - run: oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io - - - run: oras push ghcr.io/gardenlinux/glvd-db-snapshot:latest glvd.sql - - - run: oras logout ghcr.io - - uses: actions/upload-artifact@v4 with: name: glvd.sql