From b5b9f18abefeed4906a9aa469e4d0a591a2a5809 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 20 Oct 2023 21:43:36 +0800
Subject: [PATCH 1/1] fix cve_list_get api query error

---
 apollo/database/proxy/host.py | 13 ++++++++-----
 database/apollo.sql           | 10 ++++++----
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
index b3cabb6..2ce2005 100644
--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
@@ -126,15 +126,18 @@ class HostMysqlProxy(MysqlProxy):
         Returns:
             dict
         """
+        subquery = self.session.query(
+            CveHostAssociation.host_id, CveHostAssociation.cve_id, CveHostAssociation.fixed, CveHostAssociation.affected
+        ).filter(CveHostAssociation.host_id.in_(host_ids)).distinct().subquery()
+
 
         host_cve_fixed_list = (
             self.session.query(
-                CveHostAssociation.host_id,
-                func.COUNT(func.IF(CveHostAssociation.fixed == True, 1, None)).label("fixed_cve_num"),
-                func.COUNT(func.IF(CveHostAssociation.fixed == False, 1, None)).label("unfixed_cve_num"),
+                subquery.c.host_id,
+                func.COUNT(func.IF(subquery.c.fixed == True, 1, None)).label("fixed_cve_num"),
+                func.COUNT(func.IF(subquery.c.fixed == False, 1, None)).label("unfixed_cve_num"),
             )
-            .filter(CveHostAssociation.host_id.in_(host_ids))
-            .group_by(CveHostAssociation.host_id)
+            .group_by(subquery.c.host_id)
             .all()
         )
         return host_cve_fixed_list
diff --git a/database/apollo.sql b/database/apollo.sql
index a3c4ddc..c756ad2 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -179,11 +179,13 @@ BEGIN
 				SET @cve_list_page_count_sql = CONCAT(@cve_list_page_count_sql, 'AND cve.severity IN (', severity, ') ');
     END IF;
 		
-		IF order_by_filed IS NULL or order_by_filed ='' THEN
-        SET @order_by_filed = 'cve_host_user_count.host_num';
-    END IF;
+-- 		IF order_by_filed IS NULL or order_by_filed ='' THEN
+--         SET @order_by_filed = 'cve_host_user_count.host_num';
+--     END IF;
+-- 		 MySql 5.7 version '@' index error 
+
+    SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by);
 		
-    SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by);
 		
 		IF end_limt!=0 THEN
 			SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt);
-- 
2.33.0