def _report_system_cve_status_usage(self, connection):
if self.debug:
print("generating system-CVE-status usage report...\n")
start = time.time()
print(" account # system-CVEs with status set")
print("------------ -----------------------------")
with NamedCursor(connection) as cur:
cur.execute(
"""SELECT ra.name,
count(ra.name)
FROM system_vulnerabilities sv
JOIN system_platform sp
ON sv.system_id = sp.id
JOIN rh_account ra
ON sp.rh_account_id = ra.id
WHERE sv.status_id != 0
AND ra.name not in %s
GROUP BY ra.name
ORDER BY count(ra.name) DESC""",
[tuple(self.exclude_accounts)])
for row in cur.fetchall():
print(f"{row[0]:12s} {row[1]}")
print("------------------------------------------")
print("Duration: %s milliseconds\n" % str(
(time.time() - start) * 1000))
def query_system_cve_status_usage(self, connection):
"""Query for system cve status usage."""
start = time.time()
system_cve_status_usage = []
if self.debug:
print("generating system-CVE-status usage report...\n")
print(" account # system-CVEs with status set")
print("------------ -----------------------------")
with NamedCursor(connection) as cur:
cur.execute("""SELECT ra.name,
count(ra.name)
FROM system_vulnerabilities sv
JOIN system_platform sp
ON sv.system_id = sp.id
JOIN rh_account ra
ON sp.rh_account_id = ra.id
WHERE sv.status_id != 0
AND sp.opt_out = false
AND sp.stale = false
AND sp.when_deleted IS NULL
GROUP BY ra.name
ORDER BY count(ra.name) DESC""")
for row in cur.fetchall():
system_cve_status_usage.append(row)
if self.debug:
print(f"{row[0]:12s} {row[1]}")
if self.debug:
print("------------------------------------------")
print("system-CVE-status usage query took %s milliseconds\n" % str(
(time.time() - start) * 1000))
return system_cve_status_usage
def query_cve_status_usage(self, connection):
"""Query for cve status usage."""
start = time.time()
cve_status_usage = []
if self.debug:
print("generating CVE-status usage report...\n")
print(" account # CVEs with status set")
print("------------ ----------------------")
with NamedCursor(connection) as cur:
cur.execute("""SELECT ra.name,
count(ra.name)
FROM cve_account_data cad
JOIN rh_account ra
ON cad.rh_account_id = ra.id
WHERE cad.status_id != 0
GROUP BY ra.name
ORDER BY count(ra.name) DESC""")
for row in cur.fetchall():
cve_status_usage.append(row)
if self.debug:
print(f"{row[0]:12s} {row[1]}")
if self.debug:
print("-----------------------------------")
print("CVE-status usage query took %s milliseconds\n" % str(
(time.time() - start) * 1000))
return cve_status_usage
async def re_evaluate_systems(self, repo_based: bool):
"""Schedule re-evaluation for all systems in DB."""
with DatabasePoolConnection() as conn:
if repo_based:
updated_repos = self._get_updated_repos(conn)
with NamedCursor(conn) as cur:
if repo_based:
LOGGER.info("Re-evaluating in repo-based mode")
self.select_repo_based_inventory_ids(cur, updated_repos)
else:
LOGGER.info("Re-evaluating all systems")
self.select_all_inventory_ids(cur)
total_scheduled = 0
while True:
await RE_EVALUATION_KAFKA_BATCH_SEMAPHORE.acquire()
rows = cur.fetchmany(size=RE_EVALUATION_KAFKA_BATCH_SIZE)
if not rows:
RE_EVALUATION_KAFKA_BATCH_SEMAPHORE.release()
break
msgs = [{"type": "re-evaluate_system", "host": {"id": inventory_id}} for inventory_id, in rows]
total_scheduled += len(msgs)
future = self.evaluator_queue.send_list(msgs)
future.add_done_callback(lambda x: RE_EVALUATION_KAFKA_BATCH_SEMAPHORE.release())
LOGGER.info("%s systems scheduled for re-evaluation", total_scheduled)
conn.commit()
def re_evaluate_systems(self):
"""Schedule re-evaluation for all systems in DB."""
LOGGER.info("Re-evaluating all systems")
conn = DatabaseHandler.get_connection()
with NamedCursor(conn) as cur:
cur.execute("select inventory_id from system_platform")
# reevaluate updates for every system in the DB
for inventory_id, in cur:
self.evaluator_queue.send({
"type": "re-evaluate_system",
"system_id": inventory_id
})
conn.commit()
DatabaseHandler.close_connection()
def _report_cve_business_risk_usage(self, connection):
if self.debug:
print("generating CVE-business risk usage report...\n")
start = time.time()
print(" account # CVEs with business risk set")
print("------------ -----------------------------")
with NamedCursor(connection) as cur:
cur.execute(
"""SELECT ra.name,
count(ra.name)
FROM cve_account_data cad
JOIN rh_account ra
ON cad.rh_account_id = ra.id
WHERE cad.business_risk_id != 0
AND ra.name not in %s
GROUP BY ra.name
ORDER BY count(ra.name) DESC""",
[tuple(self.exclude_accounts)])
for row in cur.fetchall():
print(f"{row[0]:12s} {row[1]}")
print("------------------------------------------")
print("Duration: %s milliseconds\n" % str(
(time.time() - start) * 1000))