fix(copyright): Make check strict

Add uploadtree_fk and hash checks whenver required. Signed-off-by: Gaurav Mishra <mishra.gaurav@siemens.com>
fossology · Jun 11, 2021 · eb1394c · eb1394c
1 parent 9053f61
commit eb1394c
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 31 deletions.
diff --git a/src/copyright/ui/ajax-copyright-hist.php b/src/copyright/ui/ajax-copyright-hist.php
@@ -278,21 +278,20 @@ protected function getCopyrights($upload_pk, $item, $uploadTreeTableName, $agent
     $filterParms = $params;
     $searchFilter = $this->addSearchFilter($filterParms);
 
-    $activatedClause = "";
+    $activatedClause = "ce.is_enabled = 'false'";
     if ($activated) {
-      $activatedClause = "NOT";
+      $activatedClause = "ce.is_enabled IS NULL OR ce.is_enabled = 'true'";
     }
     $unorderedQuery = "FROM $tableName AS cp " .
         "INNER JOIN $uploadTreeTableName AS UT ON cp.pfile_fk = UT.pfile_fk " .
         "LEFT JOIN $tableNameEvent AS ce ON ce.".$tableName."_fk = cp.".$tableName."_pk " .
-        "AND ce.upload_fk = $5 " .
+        "AND ce.upload_fk = $5 AND ce.uploadtree_fk = UT.uploadtree_pk " .
         $join .
         "WHERE cp.content!='' " .
         "AND ( UT.lft  BETWEEN  $1 AND  $2 ) " .
         "AND cp.type = $3 " .
         "AND cp.agent_fk= $4 " .
-        "AND cp." . $tableName . "_pk $activatedClause IN " .
-        "(SELECT " . $tableName . "_fk FROM $tableNameEvent WHERE upload_fk = $5 AND is_enabled = false)" .
+        "AND ($activatedClause)" .
         $sql_upload;
     $grouping = " GROUP BY mcontent ";
 

diff --git a/src/copyright/ui/list.php b/src/copyright/ui/list.php
@@ -120,13 +120,14 @@ function GetRows($Uploadtree_pk, $Agent_pk, &$upload_pk, $hash, $type, $tableNam
       /* get all the copyright records for this uploadtree.  */
       $sql = "SELECT
 (CASE WHEN (ce.content IS NULL OR ce.content = '') THEN cp.content ELSE ce.content END) AS content,
+(CASE WHEN (ce.hash IS NULL OR ce.hash = '') THEN cp.hash ELSE ce.hash END) AS hash,
 type, uploadtree_pk, ufile_name, cp.pfile_fk AS PF
                 FROM $tableName AS cp
               INNER JOIN uploadtree UT ON cp.pfile_fk = ut.pfile_fk
                 AND ut.upload_fk=$1
                 AND ut.lft BETWEEN $2 AND $3
               LEFT JOIN $eventTable AS ce ON ce.$eventFk = cp.$tablePk
-                AND ce.upload_fk = $1
+                AND ce.upload_fk = ut.upload_fk AND ce.uploadtree_fk = ut.uploadtree_pk
               WHERE agent_fk=$4 AND (cp.hash=$5 OR ce.hash=$5) AND type=$6 ORDER BY uploadtree_pk";
       $params = [
         $upload_pk, $lft, $rgt, $Agent_pk, $hash, $type
@@ -149,9 +150,10 @@ function GetRows($Uploadtree_pk, $Agent_pk, &$upload_pk, $hash, $type, $tableNam
    * \param string $excl
    * \param int $NumRows the number of instances.
    * \param string $filter
+   * \param string $hash
    * \return array new array and $NumRows
    */
-  function GetRequestedRows($rows, $excl, &$NumRows, $filter)
+  function GetRequestedRows($rows, $excl, &$NumRows, $filter, $hash)
   {
     $NumRows = count($rows);
     $prev = 0;
@@ -183,6 +185,10 @@ function GetRequestedRows($rows, $excl, &$NumRows, $filter)
     for($RowIdx = 0; $RowIdx < $NumRows; $RowIdx++)
     {
       $row = $rows[$RowIdx];
+      /* remove non matching entries */
+      if ($row['hash'] != $hash) {
+        unset($rows[$RowIdx]);
+      }
       /* remove excluded files */
       if ($excl)
       {
@@ -304,7 +310,7 @@ function Output()
 
     /* slim down to all rows with this hash and type,  and filter */
     $NumInstances = 0;
-    $rows = $this->GetRequestedRows($allRows, $excl, $NumInstances, $filter);
+    $rows = $this->GetRequestedRows($allRows, $excl, $NumInstances, $filter, $hash);
 
     // micro menus
     $OutBuf .= menu_to_1html(menu_find($this->Name, $MenuDepth),0);

diff --git a/src/lib/php/Dao/CopyrightDao.php b/src/lib/php/Dao/CopyrightDao.php
@@ -219,9 +219,9 @@ public function getScannerEntries($tableName, $uploadTreeTableName, $uploadId,
       $statementName .= "._".$extrawhere."_";
     }
 
-    $activatedClause = "";
+    $activatedClause = "ce.is_enabled = 'false'";
     if ($enabled != 'false') {
-      $activatedClause = "NOT";
+      $activatedClause = "ce.is_enabled IS NULL OR ce.is_enabled = 'true'";
       $statementName .= "._"."enabled";
     }
 
@@ -232,11 +232,10 @@ public function getScannerEntries($tableName, $uploadTreeTableName, $uploadId,
   FROM $tableName C
   INNER JOIN $uploadTreeTableName UT ON C.pfile_fk = UT.pfile_fk
   LEFT JOIN $tableNameEvent AS CE ON CE.".$tableName."_fk = C.".$tableName."_pk
-    AND CE.upload_fk = $1
+    AND CE.upload_fk = $1 AND CE.uploadtree_fk = UT.uploadtree_pk
   WHERE C.content IS NOT NULL
     AND C.content!=''
-    AND C." . $tableName . "_pk $activatedClause IN
-(SELECT " . $tableName . "_fk FROM $tableNameEvent WHERE upload_fk = $1 AND is_enabled = false)
+    AND ($activatedClause)
   $extendWClause
 ORDER BY UT.uploadtree_pk, content DESC";
     return $this->dbManager->getRows($sql, $params, $statementName);
@@ -369,12 +368,12 @@ public function getAllEntries($tableName, $uploadId, $uploadTreeTableName, $type
               ON C.pfile_fk = UT.pfile_fk
             LEFT JOIN $tableNameEvent AS CE
               ON CE.".$tableName."_fk = C.".$tableName."_pk
-              AND CE.upload_fk = $1
+              AND CE.upload_fk = $1 AND CE.uploadtree_fk = UT.uploadtree_pk
             $joinType JOIN (SELECT * FROM $tableNameDecision WHERE is_enabled='true') AS CD
               ON C.pfile_fk = CD.pfile_fk
             WHERE C.content IS NOT NULL
               AND C.content!=''
-              AND C.".$tableName."_pk NOT IN (SELECT DISTINCT(".$tableName."_fk) FROM $tableNameEvent TE WHERE TE.upload_fk = $1 AND is_enabled = false)
+              AND (ce.is_enabled IS NULL OR ce.is_enabled = 'true')
               $whereClause
             ORDER BY CD.pfile_fk, UT.uploadtree_pk, C.content, CD.textfinding, CD.$decisionTableKey DESC";
 
@@ -482,11 +481,11 @@ public function updateTable($item, $hash, $content, $userId, $cpTable='copyright
       $agentFilter = ' AND cp.agent_fk='.$latestAgentId;
     }
 
-    $sql = "SELECT DISTINCT ON ($cpTablePk) $cpTablePk, ut.uploadtree_pk, ut.upload_fk, ce." . $cpTableEvent . "_pk
+    $sql = "SELECT DISTINCT ON ($cpTablePk, ut.uploadtree_pk) $cpTablePk, ut.uploadtree_pk, ut.upload_fk, ce." . $cpTableEvent . "_pk
 FROM $cpTable as cp
 INNER JOIN $itemTable AS ut ON cp.pfile_fk = ut.pfile_fk
 LEFT JOIN $cpTableEvent AS ce ON ce.$cpTableEventFk = cp.$cpTablePk
-  AND ce.upload_fk = $3
+  AND ce.upload_fk = ut.upload_fk AND ce.uploadtree_fk = ut.uploadtree_pk
 WHERE $withHash ( ut.lft BETWEEN $1 AND $2 ) $agentFilter AND ut.upload_fk = $3";
 
     $rows = $this->dbManager->getRows($sql, $params, $stmt);
@@ -496,41 +495,34 @@ public function updateTable($item, $hash, $content, $userId, $cpTable='copyright
       $paramEvent[] = $row['upload_fk'];
       $paramEvent[] = $row[$cpTablePk];
       $paramEvent[] = $row['uploadtree_pk'];
-      $sqlExists = "SELECT exists(SELECT 1 FROM $cpTableEvent WHERE $cpTableEventFk = $1 AND upload_fk = $2)::int";
-      $rowExists = $this->dbManager->getSingleRow($sqlExists, array($row[$cpTablePk], $row['upload_fk']), $stmt.'Exists');
+      $sqlExists = "SELECT exists(SELECT 1 FROM $cpTableEvent WHERE $cpTableEventFk = $1 AND upload_fk = $2 AND uploadtree_fk = $3)::int";
+      $rowExists = $this->dbManager->getSingleRow($sqlExists, array($row[$cpTablePk], $row['upload_fk'], $row['uploadtree_pk']), $stmt.'Exists');
       $eventExists = $rowExists['exists'];
       if ($action == "delete") {
+        $paramEvent[] = $scope;
         if ($eventExists) {
-          $paramEvent[] = $scope;
           $sqlEvent = "UPDATE $cpTableEvent SET scope = $4, is_enabled = false
           WHERE upload_fk = $1 AND $cpTableEventFk = $2 AND uploadtree_fk = $3";
           $statement = "$stmt.delete.up";
         } else {
-          $paramEvent[] = $scope;
-          $sqlEvent = "INSERT INTO $cpTableEvent (upload_fk, $cpTableEventFk, uploadtree_fk, scope) VALUES($1, $2, $3, $4)";
+          $sqlEvent = "INSERT INTO $cpTableEvent (upload_fk, $cpTableEventFk, uploadtree_fk, is_enabled, scope) VALUES($1, $2, $3, 'f', $4)";
           $statement = "$stmt.delete";
         }
-      } else if ($action == "rollback") {
-        if ($eventExists) {
+      } else if ($action == "rollback" && $eventExists) {
           $sqlEvent = "UPDATE $cpTableEvent SET scope = 1, is_enabled = true
           WHERE upload_fk = $1 AND $cpTableEventFk = $2 AND uploadtree_fk = $3";
           $statement = "$stmt.rollback.up";
-        } else {
-          $sqlEvent = "DELETE FROM $cpTableEvent WHERE upload_fk = $1 AND uploadtree_fk = $3 AND $cpTableEventFk = $2";
-          $statement = "$stmt.rollback";
-        }
       } else {
-        $paramEvent[] = "true";
         $paramEvent[] = StringOperation::replaceUnicodeControlChar($content);
 
         if ($eventExists) {
           $sqlEvent = "UPDATE $cpTableEvent
-                        SET upload_fk = $1, uploadtree_fk = $3, is_enabled = $4, content = $5, hash = md5($5)
+                       SET upload_fk = $1, content = $4, hash = md5($4)
                        WHERE $cpTableEventFk = $2 AND uploadtree_fk = $3";
           $statement = "$stmt.update";
         } else {
           $sqlEvent = "INSERT INTO $cpTableEvent(upload_fk, uploadtree_fk, $cpTableEventFk, is_enabled, content, hash)
-                       VALUES($1, $3, $2, $4, $5, md5($5))";
+                       VALUES($1, $3, $2, 'true', $4, md5($4))";
           $statement = "$stmt.insert";
         }
       }