diff --git a/common/peewee_conditions.py b/common/peewee_conditions.py index 1212622c0..b959ad088 100644 --- a/common/peewee_conditions.py +++ b/common/peewee_conditions.py @@ -4,6 +4,7 @@ # pylint: disable=singleton-comparison,superfluous-parens from peewee import Expression +from peewee import Value from peewee import fn from psycopg2.extras import Json @@ -13,14 +14,13 @@ from .peewee_model import SystemVulnerabilities -def system_is_active(opt_out=False, stale=False, deleted=False, edge=False, rh_account_id=None): +def system_is_active(opt_out=False, stale=False, deleted=False, edge=False): """ Filter out invalid systems from system_platform table. - Filter by rh_account_id if present. Expects table: system_platform """ - cond = SystemPlatform.rh_account_id == rh_account_id + cond = Value(True) if opt_out is not None: cond &= SystemPlatform.opt_out == opt_out diff --git a/manager/base.py b/manager/base.py index e1491751d..9a4774a8b 100644 --- a/manager/base.py +++ b/manager/base.py @@ -591,7 +591,7 @@ def get_subquery(cves: List[int], rh_account_id): subquery = (SystemVulnerabilities.select(SystemVulnerabilities.id, SystemVulnerabilities.rule_id, SystemVulnerabilities.cve_id) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=rh_account_id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.cve_id.in_(cves)) .where(SystemVulnerabilities.mitigation_reason.is_null(True)) .where((SystemVulnerabilities.rh_account_id == rh_account_id))) @@ -641,7 +641,7 @@ def get_system_count(rh_account, include_cyndi=True, filters=None, filters_args= query = SystemPlatform.select(fn.COUNT(SystemPlatform.id).alias("count"))\ .where((SystemPlatform.rh_account_id == rh_account) & ((SystemPlatform.last_evaluation.is_null(False)) | (SystemPlatform.advisor_evaluated.is_null(False))) - & system_is_active(rh_account_id=rh_account, edge=None)) + & system_is_active(edge=None)) if include_cyndi: query = cyndi_join(query) @@ -662,7 +662,7 @@ def get_system_count_by_type(rh_account_id) -> Dict[str, int]: query = (SystemPlatform.select(*selectables) .where((SystemPlatform.rh_account_id == rh_account_id) & ((SystemPlatform.last_evaluation.is_null(False)) | (SystemPlatform.advisor_evaluated.is_null(False))) & - system_is_active(rh_account_id=rh_account_id, edge=None)) + system_is_active(edge=None)) .dicts()) query = cyndi_join(query) return query.first() diff --git a/manager/cve_handler.py b/manager/cve_handler.py index e9c6ff3f4..f22e60ee0 100644 --- a/manager/cve_handler.py +++ b/manager/cve_handler.py @@ -259,7 +259,7 @@ def _full_query(rh_account_id, synopsis, parsed_args, filters, remediation_filte .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id)) .where(CveMetadata.cve == synopsis) .where(SystemVulnerabilities.rh_account_id == rh_account_id) - .where(system_is_active(rh_account_id=rh_account_id, edge=None)) + .where(system_is_active(edge=None)) .where(system_is_vulnerable(rule_subselect=False))) if remediation_filter: subq = subq.where(SystemVulnerabilities.remediation_type_id << remediation_filter) @@ -319,7 +319,7 @@ def _unpatched_full_query(rh_account_id, synopsis, parsed_args, filters): .join(CveAccountData, JOIN.LEFT_OUTER, on=((CveAccountData.rh_account_id == rh_account_id) & (CveMetadata.id == CveAccountData.cve_id))) .where(CveMetadata.cve == synopsis) - .where(system_is_active(rh_account_id=rh_account_id, edge=None)) + .where(system_is_active(edge=None)) .where(SystemVulnerablePackage.rh_account_id == rh_account_id)) unfixed_subq = cyndi_join(unfixed_subq) unfixed_subq = apply_filters(unfixed_subq, parsed_args, filters, {"unfixed": [True]}) @@ -365,7 +365,7 @@ def _id_query(rh_account_id, synopsis, parsed_args, filters, remediation_filter= .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id)) .where(CveMetadata.cve == synopsis) .where(SystemVulnerabilities.rh_account_id == rh_account_id) - .where(system_is_active(rh_account_id=rh_account_id, edge=None)) + .where(system_is_active(edge=None)) .where(system_is_vulnerable(rule_subselect=False))) if remediation_filter: subq = subq.where(SystemVulnerabilities.remediation_type_id << remediation_filter) @@ -413,7 +413,7 @@ def _unpatched_id_query(rh_account_id, synopsis, parsed_args, filters): (CveMetadata.id == CveAccountData.cve_id))) .where(CveMetadata.cve == synopsis) .where(SystemVulnerablePackage.rh_account_id == rh_account_id) - .where(system_is_active(rh_account_id=rh_account_id, edge=None))) + .where(system_is_active(edge=None))) unfixed_subq = cyndi_join(unfixed_subq) unfixed_subq = apply_filters(unfixed_subq, parsed_args, filters, {"unfixed": [True]}) @@ -500,7 +500,7 @@ def _cve_details(cls, synopsis, advisory_available): .join(InsightsRule, JOIN.LEFT_OUTER, on=(SystemVulnerabilities.rule_id == InsightsRule.id)) .where((SystemVulnerabilities.rh_account_id == rh_account_id)) .where(CveMetadata.cve == synopsis) - .where(system_is_active(rh_account_id=rh_account_id, edge=None))) + .where(system_is_active(edge=None))) base_cnt_query = cyndi_join(base_cnt_query) abnv_query = base_cnt_query.where(system_is_abnv()) @@ -528,7 +528,7 @@ def _cve_details(cls, synopsis, advisory_available): .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id)) .where(CveMetadata.cve == synopsis) .where(SystemVulnerabilities.rh_account_id == rh_account_id) - .where(system_is_active(rh_account_id=rh_account_id, edge=None)) + .where(system_is_active(edge=None)) .where(system_is_vulnerable()) .group_by(fn.COALESCE(SystemCveData.status_id, fn.COALESCE(CveAccountData.status_id, 0))) @@ -550,7 +550,7 @@ def _cve_details(cls, synopsis, advisory_available): (CveMetadata.id == CveAccountData.cve_id))) .where(CveMetadata.cve == synopsis) .where(SystemVulnerablePackage.rh_account_id == rh_account_id) - .where(system_is_active(rh_account_id=rh_account_id, edge=None)) + .where(system_is_active(edge=None)) .group_by(fn.COALESCE(SystemCveData.status_id, fn.COALESCE(CveAccountData.status_id, 0))) .dicts()) diff --git a/manager/dashbar_handler.py b/manager/dashbar_handler.py index e6b81f351..fc39bc764 100644 --- a/manager/dashbar_handler.py +++ b/manager/dashbar_handler.py @@ -84,7 +84,7 @@ def handle_get(cls, **kwargs): .join(CveRuleMapping, JOIN.LEFT_OUTER, on=((SystemVulnerabilities.cve_id == CveRuleMapping.cve_id))) .join(InsightsRule, JOIN.LEFT_OUTER, on=(CveRuleMapping.rule_id == InsightsRule.id)) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_is_vulnerable()) .where(SystemVulnerabilities.remediation_type_id << DEFAULT_REMEDIATION_FILTER)) diff --git a/manager/dashboard_handler.py b/manager/dashboard_handler.py index 65ced9e4a..1a6089e6e 100644 --- a/manager/dashboard_handler.py +++ b/manager/dashboard_handler.py @@ -112,7 +112,7 @@ def handle_get(cls, **kwargs): active_cves_subquery = (SystemVulnerabilities .select(fn.Distinct(SystemVulnerabilities.cve_id).alias("cve_id_")) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_is_vulnerable()) .where(SystemVulnerabilities.remediation_type_id << DEFAULT_REMEDIATION_FILTER)) @@ -198,7 +198,7 @@ def handle_get(cls, **kwargs): .select(SystemVulnerabilities.rule_id.alias("rule_id_"), fn.Count(fn.Distinct(SystemVulnerabilities.system_id)).alias("systems_affected_")) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_has_rule_hit()) .group_by(SystemVulnerabilities.rule_id) diff --git a/manager/report_handler.py b/manager/report_handler.py index b28475d77..d7d2f2f41 100644 --- a/manager/report_handler.py +++ b/manager/report_handler.py @@ -122,7 +122,7 @@ def handle_get(cls, **kwargs): .select(SystemVulnerabilities.cve_id.alias("cve_id_"), fn.Count(SystemVulnerabilities.id).alias("systems_affected_")) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_is_vulnerable()) .where(SystemVulnerabilities.remediation_type_id << DEFAULT_REMEDIATION_FILTER) @@ -199,7 +199,7 @@ def handle_get(cls, **kwargs): fn.COUNT(fn.Distinct(SystemVulnerabilities.system_id)).alias("systems_affected")) .join(InsightsRule, on=(SystemVulnerabilities.rule_id == InsightsRule.id)) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_has_rule_hit(rule_subselect=False)) .where(SystemVulnerabilities.remediation_type_id << DEFAULT_REMEDIATION_FILTER) @@ -236,7 +236,7 @@ def handle_get(cls, **kwargs): .join(CveRuleMapping, on=(InsightsRule.id == CveRuleMapping.rule_id)) .join(CveMetadata, on=(CveRuleMapping.cve_id == CveMetadata.id)) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=account_data.id, edge=None))) + system_is_active(edge=None))) .where(SystemVulnerabilities.rh_account_id == account_data.id) .where(system_has_rule_hit()) .where(SystemVulnerabilities.remediation_type_id << DEFAULT_REMEDIATION_FILTER) diff --git a/manager/status_handler.py b/manager/status_handler.py index b0e62cbe6..2f8cd6c09 100644 --- a/manager/status_handler.py +++ b/manager/status_handler.py @@ -85,11 +85,9 @@ def _prepare_data(data: Dict[str, any]) -> Tuple[Optional[List[str]], List[str], @staticmethod def _apply_system_list_filter(query: Query, - rh_account_id: int, in_inventory_id_list: Optional[List[str]]) -> Query: query = cyndi_join(query) - query = query.where((SystemPlatform.rh_account_id == rh_account_id) & - (SystemPlatform.when_deleted.is_null(True))) + query = query.where(SystemPlatform.when_deleted.is_null(True)) if in_inventory_id_list is not None: query = query.where(SystemPlatform.inventory_id << in_inventory_id_list) return query @@ -104,9 +102,10 @@ def _get_current_status(cls, SystemCveData.status_id, SystemCveData.status_text) .join(CveMetadata, on=(SystemCveData.cve_id == CveMetadata.id)) .join(SystemPlatform, on=(SystemCveData.system_id == SystemPlatform.id)) + .where(SystemPlatform.rh_account_id == rh_account_id) .where(CveMetadata.cve << in_cve_list) .dicts()) - system_cve_details = cls._apply_system_list_filter(system_cve_details, rh_account_id, in_inventory_id_list) + system_cve_details = cls._apply_system_list_filter(system_cve_details, in_inventory_id_list) current_status = {} for system_cve_detail in system_cve_details: current_status.setdefault(system_cve_detail["cve"], {})[system_cve_detail["inventory_id"]] = \ @@ -140,7 +139,7 @@ def _get_affected_pairs(cls, (SystemVulnerabilities.rule_id << (InsightsRule.select(InsightsRule.id) .where((InsightsRule.active == True) & (InsightsRule.rule_only == False))))))) .dicts()) - fixable_pairs = cls._apply_system_list_filter(fixable_pairs, rh_account_id, in_inventory_id_list) + fixable_pairs = cls._apply_system_list_filter(fixable_pairs, in_inventory_id_list) for pair in fixable_pairs: affected_pairs.add(SystemCvePair(pair["inventory_id"], pair["cve"])) @@ -154,7 +153,7 @@ def _get_affected_pairs(cls, (CveMetadata.select(CveMetadata.id).where( CveMetadata.cve << in_cve_list)))) .dicts()) - unfixable_pairs = cls._apply_system_list_filter(unfixable_pairs, rh_account_id, in_inventory_id_list) + unfixable_pairs = cls._apply_system_list_filter(unfixable_pairs, in_inventory_id_list) for pair in unfixable_pairs: affected_pairs.add(SystemCvePair(pair["inventory_id"], pair["cve"])) return affected_pairs diff --git a/manager/system_handler.py b/manager/system_handler.py index b1e15a023..95de5614b 100644 --- a/manager/system_handler.py +++ b/manager/system_handler.py @@ -208,7 +208,7 @@ def _full_query(rh_account_id, query_args, parsed_args, filters, remediation_fil fn.COALESCE(SystemVulnerabilities.remediation_type_id, remediation.PLAYBOOK.value).alias("remediation_type_id"), ) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(edge=None, stale=None, rh_account_id=rh_account_id))) + system_is_active(edge=None, stale=None))) .join(CveMetadata, on=(SystemVulnerabilities.cve_id == CveMetadata.id)) .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id) & (CveMetadata.id == SystemCveData.cve_id))) @@ -268,7 +268,7 @@ def _unpatched_full_query(rh_account_id, query_args, parsed_args, filters): ) .distinct() .join(SystemPlatform, on=(SystemVulnerablePackage.system_id == SystemPlatform.id) & - system_is_active(edge=None, stale=None, rh_account_id=rh_account_id)) + system_is_active(edge=None, stale=None)) .join(VulnerablePackageCVE, on=(SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id)) .join(CveMetadata, on=(VulnerablePackageCVE.cve_id == CveMetadata.id)) .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id) @@ -316,7 +316,7 @@ def _id_query(rh_account_id, query_args, parsed_args, filters, remediation_filte fn.COALESCE(SystemVulnerabilities.remediation_type_id, remediation.PLAYBOOK.value).alias("remediation_type_id"), ) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(edge=None, stale=None, rh_account_id=rh_account_id))) + system_is_active(edge=None, stale=None))) .join(CveMetadata, on=(SystemVulnerabilities.cve_id == CveMetadata.id)) .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id) & (CveMetadata.id == SystemCveData.cve_id))) @@ -367,7 +367,7 @@ def _unpatched_id_query(rh_account_id, query_args, parsed_args, filters): ) .distinct() .join(SystemPlatform, on=(SystemVulnerablePackage.system_id == SystemPlatform.id) & - system_is_active(edge=None, stale=None, rh_account_id=rh_account_id)) + system_is_active(edge=None, stale=None)) .join(VulnerablePackageCVE, on=(SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id)) .join(CveMetadata, on=(VulnerablePackageCVE.cve_id == CveMetadata.id)) .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id) @@ -458,7 +458,8 @@ def _full_query(rh_account_id): return (SystemPlatform .select(*selectables) - .where(system_is_active(rh_account_id=rh_account_id, deleted=False, edge=False, opt_out=None, stale=None)) + .where(SystemPlatform.rh_account_id == rh_account_id) + .where(system_is_active(deleted=False, edge=False, opt_out=None, stale=None)) .where(SystemPlatform.last_evaluation.is_null(False) | SystemPlatform.advisor_evaluated.is_null(False)) .dicts()) @@ -474,7 +475,8 @@ def _id_query(rh_account_id, list_args): query = (SystemPlatform .select(*selectables) - .where(system_is_active(rh_account_id=rh_account_id, deleted=False, edge=False, opt_out=None, stale=None)) + .where(SystemPlatform.rh_account_id == rh_account_id) + .where(system_is_active(deleted=False, edge=False, opt_out=None, stale=None)) .where(SystemPlatform.last_evaluation.is_null(False) | SystemPlatform.advisor_evaluated.is_null(False)) .dicts()) diff --git a/manager/vulnerabilities_handler.py b/manager/vulnerabilities_handler.py index 674e146f9..07f2b3da9 100644 --- a/manager/vulnerabilities_handler.py +++ b/manager/vulnerabilities_handler.py @@ -204,7 +204,7 @@ def _count_subquery(rh_account_id, args, filters, remediation_filter=None): .alias("systems_status_divergent_"), fn.Bool_Or(SystemVulnerabilities.advisory_available).alias("advisory_available_")) .join(SystemPlatform, on=((SystemVulnerabilities.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=rh_account_id, edge=None))) + system_is_active(edge=None))) .join(CveAccountData, JOIN.LEFT_OUTER, on=((SystemVulnerabilities.cve_id == CveAccountData.cve_id) & (CveAccountData.rh_account_id == rh_account_id))) .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id) @@ -235,7 +235,7 @@ def _unpatched_count_subquery(rh_account_id, args, filters): .alias("systems_status_divergent_"), Value(False).alias("advisory_available_")) .join(SystemPlatform, on=((SystemVulnerablePackage.system_id == SystemPlatform.id) & - system_is_active(rh_account_id=rh_account_id, edge=None))) + system_is_active(edge=None))) .join(VulnerablePackageCVE, on=((SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id))) .join(CveAccountData, JOIN.LEFT_OUTER, on=((VulnerablePackageCVE.cve_id == CveAccountData.cve_id) & (CveAccountData.rh_account_id == rh_account_id))) diff --git a/taskomatic/jobs/cacheman.py b/taskomatic/jobs/cacheman.py index b9b63dc92..e4fff7722 100644 --- a/taskomatic/jobs/cacheman.py +++ b/taskomatic/jobs/cacheman.py @@ -63,7 +63,6 @@ def _select_count_affected(account_id, group_ids): BOOL_OR(sv.advisory_available) AS advisory_available FROM system_vulnerabilities_active sv INNER JOIN system_platform sp ON (sv.system_id = sp.id AND - sp.rh_account_id = %s AND sp.opt_out = false AND sp.stale = false AND sp.when_deleted IS NULL) INNER JOIN @@ -79,7 +78,7 @@ def _select_count_affected(account_id, group_ids): GROUP BY sv.cve_id """ ).format(edge_patched_cond=edge_patched_cond, edge_unpatched_cond=edge_unpatched_cond, groups_cond=groups_cond), - [account_id, account_id, account_id, groups_arg], + [account_id, account_id, groups_arg], ) @@ -101,7 +100,6 @@ def _select_count_unpatched(account_id, group_ids): FALSE AS advisory_available FROM system_vulnerable_package svp INNER JOIN system_platform sp ON (svp.system_id = sp.id AND - sp.rh_account_id = %s AND sp.opt_out = false AND sp.stale = false AND sp.when_deleted IS NULL) INNER JOIN @@ -115,7 +113,7 @@ def _select_count_unpatched(account_id, group_ids): GROUP BY vpc.cve_id """ ).format(edge_unpatched_cond=edge_unpatched_cond, groups_cond=groups_cond), - [account_id, account_id, account_id, groups_arg], + [account_id, account_id, groups_arg], ) @@ -255,7 +253,6 @@ def _materialize_rule_cache(cur, account_id, account_name, group_ids, current_ca SELECT sv.rule_id, COUNT(*) FROM system_vulnerabilities_active AS sv JOIN system_platform AS sp ON (sv.system_id = sp.id AND - sp.rh_account_id = %s AND sp.opt_out = FALSE AND sp.stale = FALSE AND sp.when_deleted IS NULL) @@ -266,7 +263,7 @@ def _materialize_rule_cache(cur, account_id, account_name, group_ids, current_ca {groups_cond} GROUP BY sv.rule_id """ - cur.execute(SQL(main_sq).format(groups_cond=groups_cond), [account_id, account_id, groups_arg]) + cur.execute(SQL(main_sq).format(groups_cond=groups_cond), [account_id, groups_arg]) current_rule_cache = current_cache.get(account_id, {}).get("rule_cache", {})