Add --secinfo-fast_init option to toggle COPY SQL

timopollmeier · timopollmeier · commit 22e591e33e6a · 2025-02-11T11:27:41.000+01:00
diff --git a/doc/gvmd.8 b/doc/gvmd.8
@@ -217,6 +217,9 @@ Time out tasks that are more than TIME minutes overdue. -1 to disable, 0 for min
 \fB--secinfo-commit-size=\fINUMBER\fB\f1
 During CERT and SCAP sync, commit updates to the database every NUMBER items, 0 for unlimited.
 .TP
+\fB--secinfo-fast_init=\fINUMBER\fB\f1
+Whether to prefer faster SQL with less checks for non-incremental SecInfo updates. 0 to use statements with more checks, 1 to use faster statements, default: 1
+.TP
 \fB-c, --unix-socket=\fIFILENAME\fB\f1
 Listen on UNIX socket at FILENAME.
 .TP
diff --git a/doc/gvmd.8.xml b/doc/gvmd.8.xml
@@ -508,6 +508,14 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
            NUMBER items, 0 for unlimited.</p>
       </optdesc>
     </option>
+    <option>
+      <p><opt>--secinfo-fast_init=<arg>NUMBER</arg></opt></p>
+      <optdesc>
+        <p>Whether to prefer faster SQL with less checks for non-incremental
+           SecInfo updates. 0 to use statements with more checks, 1 to use
+           faster statements, default: 1</p>
+      </optdesc>
+    </option>
     <option>
       <p><opt>-c, --unix-socket=<arg>FILENAME</arg></opt></p>
       <optdesc>
diff --git a/doc/gvmd.html b/doc/gvmd.html
@@ -451,6 +451,14 @@ <h2>Options</h2>
       
     
     
+      <p><b>--secinfo-fast-init=<em>NUMBER</em></b></p>
+      
+        <p>Whether to prefer faster SQL with less checks for non-incremental
+           SecInfo updates. 0 to use statements with more checks, 1 to use
+           faster statements, default: 1</p>
+      
+    
+    
       <p><b>--slave-commit-size=<em>NUMBER</em></b></p>
       
         <p>During slave updates, commit after every NUMBER updated results and
diff --git a/src/gvmd.c b/src/gvmd.c
@@ -1867,6 +1867,7 @@ gvmd (int argc, char** argv, char *env[])
   static int schedule_timeout = SCHEDULE_TIMEOUT_DEFAULT;
   static int affected_products_query_size
     = AFFECTED_PRODUCTS_QUERY_SIZE_DEFAULT;
+  static int secinfo_fast_init = SECINFO_FAST_INIT_DEFAULT;
   static int secinfo_commit_size = SECINFO_COMMIT_SIZE_DEFAULT;
   static gchar *delete_scanner = NULL;
   static gchar *verify_scanner = NULL;
@@ -2242,6 +2243,13 @@ gvmd (int argc, char** argv, char *env[])
           "During CERT and SCAP sync, commit updates to the database every"
           " <number> items, 0 for unlimited, default: "
           G_STRINGIFY (SECINFO_COMMIT_SIZE_DEFAULT), "<number>" },
+        { "secinfo-fast-init", '\0', 0, G_OPTION_ARG_INT,
+          &secinfo_fast_init,
+          "Whether to prefer faster SQL with less checks for non-incremental"
+          " SecInfo updates."
+          " 0 to use statements with more checks, 1 to use faster statements,"
+          " default: "
+          G_STRINGIFY (SECINFO_FAST_INIT_DEFAULT), "<number>" },
         { "set-encryption-key", '\0', 0, G_OPTION_ARG_STRING,
           &set_encryption_key,
           "Set the encryption key with the given UID as the new default"
@@ -2370,7 +2378,9 @@ gvmd (int argc, char** argv, char *env[])
   /* Set the connection auto retry */
   set_scanner_connection_retry (scanner_connection_retry);
 
-  /* Set SQL sizes */
+  /* Set SQL sizes and related options */
+
+  set_secinfo_fast_init (secinfo_fast_init);
 
   set_affected_products_query_size (affected_products_query_size);
 
diff --git a/src/manage_sql_secinfo.c b/src/manage_sql_secinfo.c
@@ -81,6 +81,12 @@ static int affected_products_query_size = AFFECTED_PRODUCTS_QUERY_SIZE_DEFAULT;
  */
 static int secinfo_commit_size = SECINFO_COMMIT_SIZE_DEFAULT;
 
+/**
+ * @brief Whether to prefer faster SQL with less checks for non-incremental
+ *        SecInfo updates.
+ */
+static int secinfo_fast_init = SECINFO_FAST_INIT_DEFAULT;
+
 /**
  * @brief Maximum number of rows in a EPSS INSERT.
  */
@@ -3199,7 +3205,7 @@ update_scap_cpes ()
 
   g_info ("Updating CPEs");
 
-  ret = update_scap_cpes_from_json_file (full_path, TRUE);
+  ret = update_scap_cpes_from_json_file (full_path, secinfo_fast_init);
 
   g_free (full_path);
 
@@ -4638,7 +4644,7 @@ update_scap_cpe_match_strings ()
   gvm_json_pull_parser_t parser;
   inserts_t inserts, matches_inserts;
   db_copy_buffer_t copy_buffer, matches_copy_buffer;
-  gboolean use_copy = TRUE;
+  gboolean use_copy = secinfo_fast_init;
 
   current_json_path = g_build_filename (GVM_SCAP_DATA_DIR,
                                         "nvd-cpe-matches.json.gz",
@@ -6270,3 +6276,17 @@ set_secinfo_commit_size (int new_commit_size)
   else
     secinfo_commit_size = new_commit_size;
 }
+
+/**
+ * @brief Set the SecInfo fast initialization option.
+ *
+ * @param new_fast_init The new SecInfo fast initialization option.
+ */
+void
+set_secinfo_fast_init (int new_fast_init)
+{
+  if (new_fast_init < 0)
+    secinfo_fast_init = SECINFO_FAST_INIT_DEFAULT;
+  else
+    secinfo_fast_init = new_fast_init;
+}
diff --git a/src/manage_sql_secinfo.h b/src/manage_sql_secinfo.h
@@ -170,6 +170,11 @@
  */
 #define AFFECTED_PRODUCTS_QUERY_SIZE_DEFAULT 1000
 
+/**
+ * @brief Default for secinfo_copy.
+ */
+#define SECINFO_FAST_INIT_DEFAULT 1
+
 /**
  * @brief Default for secinfo_commit_size.
  */
@@ -202,6 +207,9 @@ set_affected_products_query_size (int);
 void
 set_secinfo_commit_size (int);
 
+void
+set_secinfo_fast_init (int);
+
 void
 update_scap_extra ();
 
