单独运行查询时,查询返回结果;将查询添加到较大的查询中时,查询返回歧义

时间:2019-03-29 16:32:23

标签: mysql sql security metasploit

我正在尝试编写一个查询,该查询按主机名汇总漏洞,并包含有关该主机的信息。查询正在Rapid7 InsightVM中运行

返回资产信息的查询成功运行,除了当我追加该查询以返回漏洞信息时,它为description返回了模棱两可的引用错误。但是ip addresshost_nameasset_id的值返回就可以了。

我只是试图将它们组合在一起以返回该信息。我觉得缺少明显的东西。

这将从资产表中返回我想要的内容,包括操作系统说明(Windows,RHEL等):

SELECT da.asset_id, da.host_name, da.ip_address, dos.description
FROM dim_asset da
JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
JOIN fact_asset fa ON fa.asset_id = da.asset_id
GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description

这将返回一个含糊不清的描述引用,它适用于asset_id,host_name和ip_address:

    WITH remediations AS (
        SELECT DISTINCT fr.solution_id AS ultimate_soln_id, summary, fix, estimate, riskscore, dshs.solution_id AS solution_id
        FROM fact_remediation(10,'riskscore DESC') fr
        JOIN dim_solution ds USING (solution_id)
        JOIN dim_solution_highest_supercedence dshs ON (fr.solution_id = dshs.superceding_solution_id AND ds.solution_id = dshs.superceding_solution_id)

    ),

    assets AS (
        SELECT da.asset_id, da.host_name, da.ip_address, dos.description
        FROM dim_asset da
        JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id
        JOIN fact_asset fa ON fa.asset_id = da.asset_id
        GROUP BY da.asset_id, da.host_name, da.ip_address, dos.description
    )

    SELECT
       csv(DISTINCT dv.title) AS "Vulnerability Title",
       host_name AS "Asset Hostname", ip_address AS "Asset IP", description AS "OS",
       round(sum(dv.riskscore)) AS "Asset Risk",
       summary AS "Solution",
       fix as "Fix"

    FROM remediations r
       JOIN dim_asset_vulnerability_solution dvs USING (solution_id)
       JOIN dim_vulnerability dv USING (vulnerability_id)
       JOIN assets USING (asset_id)

    GROUP BY r.riskscore, host_name, ip_address, asset_id, summary, fix
    ORDER BY "Asset Risk" DESC     WITH remediations AS (

1 个答案:

答案 0 :(得分:0)

dim_asset_vulnerability_solutiondim_vulnerability最有可能也有一个description字段。只需使用选定的来源限定所选字段即可解决此问题。

...
a.host_name AS "Asset Hostname", a.ip_address AS "Asset IP", a.description AS "OS"
...
JOIN assets AS a USING (asset_id)
...
GROUP BY r.riskscore, a.host_name, a.ip_address, asset_id, summary, fix

注意:asset_id没问题,因为USING具有一些额外的“魔术”,可以合并由其合并的引用。

评论:除非有特殊原因,否则GROUP BY不能代替SELECT DISTINCT特别是指CTE资产

相关问题
最新问题