How do database upgrades work ?
32 views
Skip to first unread message
Geoffrey Dudragne
Apr 9, 2015, 2:34:25 PM4/9/15
to thre...@googlegroups.com
Hi everybody,
I wonder how the database upgrade works from one version to another. I imagine that between each release of Threadfix there are new entries to be added in the database like generic vulnerability names or this kind of things, and that these are added automatically when we deploy the new .war to the server (that's what I understand from this topic https://groups.google.com/forum/#!topic/threadfix/qnai26tnvBE )
I would like to understand the mechanism to add some entries to be deployed with a new .war, and avoid having to add these by hand, but so far I can't figure out how this is currently achieved.
From what I found in the repo, there seem to be 3 files with sql statements added when new entries, but I don't get how these are used:
import.sql
import-mysql.sql
threadfix-backup.script
Could you give me short explanation on how you manage these database upgrades please ?
Thanks a lot.
Geoffrey
I wonder how the database upgrade works from one version to another. I imagine that between each release of Threadfix there are new entries to be added in the database like generic vulnerability names or this kind of things, and that these are added automatically when we deploy the new .war to the server (that's what I understand from this topic https://groups.google.com/forum/#!topic/threadfix/qnai26tnvBE )
I would like to understand the mechanism to add some entries to be deployed with a new .war, and avoid having to add these by hand, but so far I can't figure out how this is currently achieved.
From what I found in the repo, there seem to be 3 files with sql statements added when new entries, but I don't get how these are used:
import.sql
import-mysql.sql
threadfix-backup.script
Could you give me short explanation on how you manage these database upgrades please ?
Thanks a lot.
Geoffrey
Mac Collins
Apr 9, 2015, 3:04:33 PM4/9/15
to thre...@googlegroups.com
Hi Geoffrey,
We abandoned SQL a while back because it was more work for users and we ran into trouble with different databases using different SQL. Now we use a homegrown updater that leverages Hibernate to do this. The mappings themselves are contained in CSV files.
This link has all of the CSV files in it. We use a custom @MappingsUpdater annotation to pull updater implementations from the classpath. This allows us to pull updates from built-in files (ChannelVulnerabilityUpdater, GenericVulnerabilityUpdater, etc.)
and also plugin files, such as those found in the plugin-examples directory. The mappings updater classes point to a relative location containing CSV files, and contain the logic to construct and save various domain objects based on the CSV data. A date is
also stored so that ThreadFix can skip unnecessary updates.
If you're trying to add more vulnerability types for scanners, we have a UI solution for this now. Go to the Unmapped Findings tab on the application page and go through the dialog there.
If you're adding your own scanner, please follow
the instructions and put the mappings in the CSV file there.
Let me know if you have any other questions.
Thanks,
Mac
--
You received this message because you are subscribed to the Google Groups "ThreadFix" group.
To unsubscribe from this group and stop receiving emails from it, send an email to threadfix+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "ThreadFix" group.
To unsubscribe from this group and stop receiving emails from it, send an email to threadfix+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Geoffrey Dudragne
Apr 9, 2015, 3:58:23 PM4/9/15
to thre...@googlegroups.com
Hi Mac,
I was totally missing that point, thank you very much for the info !
Geoffrey
I was totally missing that point, thank you very much for the info !
Geoffrey
Reply all
Reply to author
Forward
0 new messages