fix: merge_knownexploited is expected to be a procedure using Postgre…

…SQL (#5317)
jeremylong · Jan 17, 2023 · e63738a · e63738a
2 parents 4c375f1 + 364e1b7
commit e63738a
Showing 1 changed file with 16 additions and 17 deletions.
diff --git a/core/src/main/resources/data/initialize_postgres.sql b/core/src/main/resources/data/initialize_postgres.sql
@@ -6,7 +6,7 @@ DROP FUNCTION IF EXISTS public.save_property;
 DROP FUNCTION IF EXISTS public.update_vulnerability;
 DROP FUNCTION IF EXISTS public.insert_software;
 DROP FUNCTION IF EXISTS public.merge_ecosystem;
-DROP FUNCTION IF EXISTS public.merge_knownexploited;
+DROP PROCEDURE IF EXISTS public.merge_knownexploited;
 DROP TABLE IF EXISTS software;
 DROP TABLE IF EXISTS cpeEntry;
 DROP TABLE IF EXISTS reference;
@@ -105,35 +105,34 @@ $$ LANGUAGE plpgsql;
 GRANT EXECUTE ON FUNCTION public.merge_ecosystem(VARCHAR(255), VARCHAR(255), varchar(255)) TO dcuser;
 
 
-CREATE FUNCTION merge_knownexploited (
-    IN p_cveID varchar(20),
+CREATE PROCEDURE merge_knownexploited (
+    IN p_cveID VARCHAR(20),
     IN p_vendorProject VARCHAR(255),
     IN p_product VARCHAR(255),
     IN p_vulnerabilityName VARCHAR(500),
-    IN p_dateAdded CHAR(10),
+    IN p_dateAdded VARCHAR(10),
     IN p_shortDescription VARCHAR(2000),
     IN p_requiredAction VARCHAR(1000),
-    IN p_dueDate CHAR(10),
-    IN p_notes VARCHAR(2000))
-RETURNS void
+    IN p_dueDate VARCHAR(10),
+    IN p_notes VARCHAR(2000) default '')
 AS $$
 BEGIN
 IF EXISTS(SELECT 1 FROM knownExploited WHERE cveID=p_cveID) THEN
-    UPDATE knownExploited
-    SET vendorProject=p_vendorProject, product=p_product, vulnerabilityName=p_vulnerabilityName, 
-        dateAdded=p_dateAdded, shortDescription=p_shortDescription, requiredAction=p_requiredAction, 
-        dueDate=p_dueDate, notes=p_notes
-    WHERE cveID=p_cveID;
+UPDATE knownExploited
+SET vendorProject=p_vendorProject, product=p_product, vulnerabilityName=p_vulnerabilityName,
+    dateAdded=p_dateAdded, shortDescription=p_shortDescription, requiredAction=p_requiredAction,
+    dueDate=p_dueDate, notes=p_notes
+WHERE cveID=p_cveID;
 ELSE
-    INSERT INTO knownExploited (cveID, vendorProject, product, vulnerabilityName,
-            dateAdded, shortDescription, requiredAction, dueDate, notes)
-    VALUES (p_cveID, p_vendorProject, p_product, p_vulnerabilityName, p_dateAdded,
-            p_shortDescription, p_requiredAction, p_dueDate, p_notes);
+INSERT INTO knownExploited (cveID, vendorProject, product, vulnerabilityName,
+                            dateAdded, shortDescription, requiredAction, dueDate, notes)
+VALUES (p_cveID, p_vendorProject, p_product, p_vulnerabilityName, p_dateAdded,
+    p_shortDescription, p_requiredAction, p_dueDate, p_notes);
 END IF;
 END
 $$ LANGUAGE plpgsql;
 
-GRANT EXECUTE ON FUNCTION public.merge_knownexploited(varchar(20), VARCHAR(255), VARCHAR(255), VARCHAR(500), CHAR(10), VARCHAR(2000), VARCHAR(1000), CHAR(10), VARCHAR(2000)) TO dcuser;
+GRANT EXECUTE ON PROCEDURE public.merge_knownexploited(VARCHAR(20), VARCHAR(255), VARCHAR(255), VARCHAR(500), VARCHAR(10), VARCHAR(2000), VARCHAR(1000), VARCHAR(10), VARCHAR(2000)) TO dcuser;
 
 CREATE FUNCTION update_vulnerability (
     IN p_cveId VARCHAR(20), IN p_description VARCHAR(8000), IN p_v2Severity VARCHAR(20),