From 994e5b95fe890a0152802ba7d732f052aa0b11d9 Mon Sep 17 00:00:00 2001
From: Timo Pollmeier <timo.pollmeier@greenbone.net>
Date: Tue, 10 Dec 2024 09:44:12 +0100
Subject: [PATCH] Fix: Handle schemas in SCAP rebuild correctly

The SCAP rebuild will now use the "scap2" schema for the "cpe_matches"
table and create_view_vulns explicitly uses the "scap.cves".

This fixes the SCAP rebuild either not working at all for old, missing
or empty "scap" schemas or using using outdated CPE match data.
---
 src/gmp.c                | 4 +++-
 src/manage.h             | 2 +-
 src/manage_pg.c          | 2 +-
 src/manage_sql.c         | 7 +++++--
 src/manage_sql_secinfo.c | 6 +++++-
 5 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/gmp.c b/src/gmp.c
index 6648af6c8..b26378a66 100644
--- a/src/gmp.c
+++ b/src/gmp.c
@@ -13367,7 +13367,9 @@ print_cpe_match_nodes_xml (resource_t node, GString *buffer)
                          vee ?: "");
 
       iterator_t cpe_matches;
-      init_cpe_match_string_matches_iterator (&cpe_matches, match_criteria_id);
+      init_cpe_match_string_matches_iterator (
+        &cpe_matches, match_criteria_id, NULL
+      );
       xml_string_append (buffer, "<matched_cpes>");
 
       while (next (&cpe_matches))
diff --git a/src/manage.h b/src/manage.h
index b7d7a3cee..680400a76 100644
--- a/src/manage.h
+++ b/src/manage.h
@@ -1751,7 +1751,7 @@ int
 cpe_match_string_iterator_vulnerable (iterator_t*);
 
 void
-init_cpe_match_string_matches_iterator (iterator_t*, const char *);
+init_cpe_match_string_matches_iterator (iterator_t*, const char *, const char*);
 
 const char*
 cpe_matches_cpe_name_id (iterator_t*);
diff --git a/src/manage_pg.c b/src/manage_pg.c
index 56ea9f7e0..dfd272043 100644
--- a/src/manage_pg.c
+++ b/src/manage_pg.c
@@ -1834,7 +1834,7 @@ create_view_vulns ()
          "       severity, "
          G_STRINGIFY (QOD_DEFAULT) " AS qod,"
          "       'cve' AS type"
-         " FROM cves"
+         " FROM scap.cves"
          " WHERE uuid in (SELECT * FROM used_nvts)");
   else
     sql ("CREATE OR REPLACE VIEW vulns AS"
diff --git a/src/manage_sql.c b/src/manage_sql.c
index 320a427ae..d24ac857b 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -20661,15 +20661,18 @@ DEF_ACCESS (cpe_match_string_iterator_version_end_excl, 7);
  *
  * @param[in]  iterator           Iterator.
  * @param[in]  match_criteria_id  The match criteria id to get the matches for.
+ * @param[in]  schema             Schema name, NULL for the default "scap".
  */
 void
 init_cpe_match_string_matches_iterator (iterator_t* iterator,
-                                       const char *match_criteria_id)
+                                        const char *match_criteria_id,
+                                        const char *schema)
 {
   init_iterator (iterator,
                  "SELECT cpe_name_id, cpe_name"
-                 " FROM scap.cpe_matches"
+                 " FROM %s.cpe_matches"
                  " WHERE match_criteria_id = '%s'",
+                 schema ? schema : "scap",
                  match_criteria_id);
 }
 
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
index c80247780..37be2185f 100644
--- a/src/manage_sql_secinfo.c
+++ b/src/manage_sql_secinfo.c
@@ -3500,7 +3500,11 @@ handle_cve_configurations (resource_t cve_db_id, char * cve_id,
               if (vulnerable)
                 {
                   iterator_t cpe_matches;
-                  init_cpe_match_string_matches_iterator (&cpe_matches, quoted_match_criteria_id);
+                  init_cpe_match_string_matches_iterator (
+                    &cpe_matches,
+                    quoted_match_criteria_id,
+                    "scap2"
+                  );
                   while (next (&cpe_matches))
                     g_string_append_printf (software, "%s ", cpe_matches_cpe_name (&cpe_matches));
                   cleanup_iterator (&cpe_matches);