refactor: change selects to use the system_cve_data table

RHINENG-2328

manager/cve_handler.py

@@ -59,6 +59,7 @@
 from common.peewee_model import InventoryHosts
 from common.peewee_model import RHAccount
 from common.peewee_model import Status
+from common.peewee_model import SystemCveData
 from common.peewee_model import SystemPlatform
 from common.peewee_model import SystemVulnerabilities
 from common.peewee_model import SystemVulnerablePackage
@@ -220,9 +221,9 @@ def _full_query(rh_account_id, synopsis, parsed_args, filters, remediation_filte
                        SystemPlatform.stale_timestamp,
                        SystemPlatform.stale_warning_timestamp,
                        SystemPlatform.culled_timestamp,
-                       Status.id.alias("status_id"),
-                       Status.name.alias("status_name"),
-                       SystemVulnerabilities.status_text.alias("status_text"),
+                       fn.COALESCE(Status.id, 0).alias("status_id"),
+                       fn.COALESCE(Status.name, DEFAULT_STATUS).alias("status_name"),
+                       SystemCveData.status_text.alias("status_text"),
                        SystemVulnerabilities.rule_hit_details,
                        SystemVulnerabilities.when_mitigated,
                        SystemVulnerabilities.first_reported,
@@ -248,8 +249,10 @@ def _full_query(rh_account_id, synopsis, parsed_args, filters, remediation_filte
         subq = (SystemVulnerabilities
                 .select(*selectables)
                 .join(SystemPlatform, on=(SystemVulnerabilities.system_id == SystemPlatform.id))
-                .join(Status, on=(SystemVulnerabilities.status_id == Status.id))
                 .join(CveMetadata, on=(SystemVulnerabilities.cve_id == CveMetadata.id))
+                .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                          & (CveMetadata.id == SystemCveData.cve_id)))
+                .join(Status, JOIN.LEFT_OUTER, on=(SystemCveData.status_id == Status.id))
                 .join(CveAccountData, JOIN.LEFT_OUTER, on=((CveAccountData.rh_account_id == rh_account_id)
                                                            & (CveMetadata.id == CveAccountData.cve_id)))
                 .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id))
@@ -280,9 +283,9 @@ def _unpatched_full_query(rh_account_id, synopsis, parsed_args, filters):
                                 SystemPlatform.stale_timestamp,
                                 SystemPlatform.stale_warning_timestamp,
                                 SystemPlatform.culled_timestamp,
-                                Value(0).alias("status_id"),
-                                Value("Not Reviewed").alias("status_name"),
-                                Value(None).alias("status_text"),
+                                fn.COALESCE(Status.id, 0).alias("status_id"),
+                                fn.COALESCE(Status.name, DEFAULT_STATUS).alias("status_name"),
+                                SystemCveData.status_text.alias("status_text"),
                                 Value(None).alias("rule_hit_details"),
                                 Value(datetime.min).alias("when_mitigated"),
                                 SystemVulnerablePackage.first_reported,
@@ -308,6 +311,9 @@ def _unpatched_full_query(rh_account_id, synopsis, parsed_args, filters):
                         .join(SystemPlatform, on=(SystemVulnerablePackage.system_id == SystemPlatform.id))
                         .join(VulnerablePackageCVE, on=(SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id))
                         .join(CveMetadata, on=(VulnerablePackageCVE.cve_id == CveMetadata.id))
+                        .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                                  & (CveMetadata.id == SystemCveData.cve_id)))
+                        .join(Status, JOIN.LEFT_OUTER, on=(SystemCveData.status_id == Status.id))
                         .join(CveAccountData, JOIN.LEFT_OUTER, on=((CveAccountData.rh_account_id == rh_account_id) &
                               (CveMetadata.id == CveAccountData.cve_id)))
                         .where(CveMetadata.cve == synopsis)
@@ -331,8 +337,8 @@ def _id_query(rh_account_id, synopsis, parsed_args, filters, remediation_filter=
                         SystemPlatform.last_upload,
                         SystemPlatform.advisor_evaluated.alias("rules_evaluation"),
                         InsightsRule.name.alias("rule_id"),
-                        SystemVulnerabilities.status_id.alias("status_id"),
-                        SystemVulnerabilities.status_text.alias("status_text"),
+                        fn.COALESCE(SystemCveData.status_id, 0).alias("status_id"),
+                        SystemCveData.status_text.alias("status_text"),
                         SystemVulnerabilities.first_reported,
                         SystemVulnerabilities.advisories,
                         SystemVulnerabilities.mitigation_reason,
@@ -348,6 +354,8 @@ def _id_query(rh_account_id, synopsis, parsed_args, filters, remediation_filter=
                         )
                 .join(SystemPlatform, on=(SystemVulnerabilities.system_id == SystemPlatform.id))
                 .join(CveMetadata, on=(SystemVulnerabilities.cve_id == CveMetadata.id))
+                .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                          & (CveMetadata.id == SystemCveData.cve_id)))
                 .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id))
                 .where(CveMetadata.cve == synopsis)
                 .where(SystemVulnerabilities.rh_account_id == rh_account_id)
@@ -372,8 +380,8 @@ def _unpatched_id_query(rh_account_id, synopsis, parsed_args, filters):
                                 SystemPlatform.last_upload,
                                 SystemPlatform.advisor_evaluated.alias("rules_evaluation"),
                                 Value(None).alias("rule_id"),
-                                Value(0).alias("status_id"),
-                                Value(None).alias("status_text"),
+                                fn.COALESCE(SystemCveData.status_id, 0).alias("status_id"),
+                                SystemCveData.status_text.alias("status_text"),
                                 SystemVulnerablePackage.first_reported,
                                 Value(None).alias("advisories"),
                                 Value(None).alias("mitigation_reason"),
@@ -391,6 +399,8 @@ def _unpatched_id_query(rh_account_id, synopsis, parsed_args, filters):
                         .join(SystemPlatform, on=(SystemVulnerablePackage.system_id == SystemPlatform.id))
                         .join(VulnerablePackageCVE, on=(SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id))
                         .join(CveMetadata, on=(VulnerablePackageCVE.cve_id == CveMetadata.id))
+                        .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                                  & (CveMetadata.id == SystemCveData.cve_id)))
                         .where(CveMetadata.cve == synopsis)
                         .where(SystemVulnerablePackage.rh_account_id == rh_account_id)
                         .where(system_is_active(rh_account_id=rh_account_id, edge=edge_feature_arg())))
@@ -496,28 +506,35 @@ def _cve_details(cls, synopsis, advisory_available):
         remediation_filter, return_only_first_subq = get_remediation_filter(advisory_available)
 
         status_detail_fixed = (SystemVulnerabilities
-                               .select(SystemVulnerabilities.status_id, fn.Count(SystemVulnerabilities.status_id).alias("systems"))
+                               .select(fn.COALESCE(SystemCveData.status_id, 0).alias("status_id"),
+                                       fn.Count(fn.COALESCE(SystemCveData.status_id, 0)).alias("systems"))
                                .join(SystemPlatform, on=(SystemVulnerabilities.system_id == SystemPlatform.id))
                                .join(CveMetadata, on=(SystemVulnerabilities.cve_id == CveMetadata.id))
+                               .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                                         & (CveMetadata.id == SystemCveData.cve_id)))
                                .join(InsightsRule, JOIN.LEFT_OUTER, on=(InsightsRule.id == SystemVulnerabilities.rule_id))
                                .where(CveMetadata.cve == synopsis)
                                .where(SystemVulnerabilities.rh_account_id == rh_account_id)
                                .where(system_is_active(rh_account_id=rh_account_id, edge=edge))
                                .where(system_is_vulnerable())
-                               .group_by(SystemVulnerabilities.status_id)
+                               .group_by(fn.COALESCE(SystemCveData.status_id, 0))
                                .dicts())
         if remediation_filter:
             status_detail_fixed = status_detail_fixed.where(SystemVulnerabilities.remediation_type_id << remediation_filter)
         status_detail_fixed = cyndi_join(status_detail_fixed)
 
         status_detail_unfixed = (SystemVulnerablePackage
-                                 .select(Value(0).alias("status_id"), fn.Count(SystemVulnerablePackage.id).alias("systems"))
+                                 .select(fn.COALESCE(SystemCveData.status_id, 0).alias("status_id"),
+                                         fn.Count(fn.COALESCE(SystemCveData.status_id, 0)).alias("systems"))
                                  .join(SystemPlatform, on=(SystemVulnerablePackage.system_id == SystemPlatform.id))
                                  .join(VulnerablePackageCVE, on=(SystemVulnerablePackage.vulnerable_package_id == VulnerablePackageCVE.vulnerable_package_id))
                                  .join(CveMetadata, on=(VulnerablePackageCVE.cve_id == CveMetadata.id))
+                                 .join(SystemCveData, JOIN.LEFT_OUTER, on=((SystemPlatform.id == SystemCveData.system_id)
+                                                                           & (CveMetadata.id == SystemCveData.cve_id)))
                                  .where(CveMetadata.cve == synopsis)
                                  .where(SystemVulnerablePackage.rh_account_id == rh_account_id)
                                  .where(system_is_active(rh_account_id=rh_account_id, edge=edge))
+                                 .group_by(fn.COALESCE(SystemCveData.status_id, 0))
                                  .dicts())
         status_detail_unfixed = cyndi_join(status_detail_unfixed)
 

manager/filters.py

@@ -18,6 +18,7 @@
 from common.peewee_model import CveRuleMapping
 from common.peewee_model import InsightsRule
 from common.peewee_model import InventoryHosts
+from common.peewee_model import SystemCveData
 from common.peewee_model import SystemPlatform
 from common.peewee_model import SystemVulnerabilities
 from common.peewee_model import SystemVulnerablePackage
@@ -330,11 +331,7 @@ def _filter_system_cve_by_status(query, args, _kwargs):
         object: Modified query with system CVE status filter applied
     """
     if "status_id" in args and args["status_id"]:
-        if "unfixed" in _kwargs and True in _kwargs["unfixed"]:
-            # We need to filter out unfixed vulnerabilities and must reference dummy values because some tables are non existent
-            query = query.where(Value(0) << args["status_id"])
-        else:
-            query = query.where(SystemVulnerabilities.status_id << args["status_id"])
+        query = query.where(fn.COALESCE(SystemCveData.status_id, 0) << args["status_id"])
     return query