In the PNE, there was a sql command "SELECT cve_id, cpe FROM affectedproduct WHERE cve_id = ? GROUP BY product_name, affected_product_id ORDER BY cve_id DESC, version ASC;";.
It's grouping by product_name and affected_product_id simultaneously, and since the id is unique this does not grouping at all. This query is being updated to reflect new architecture and is not keeping the inert grouping, but SHOULD we be doing grouping on product? And how would we select the appropriate cpe string if we are?
This is an investigative issue to confirm that no grouping is desired, not necessarily a bug.
In the PNE, there was a sql command
"SELECT cve_id, cpe FROM affectedproduct WHERE cve_id = ? GROUP BY product_name, affected_product_id ORDER BY cve_id DESC, version ASC;";.It's grouping by
product_nameandaffected_product_idsimultaneously, and since the id is unique this does not grouping at all. This query is being updated to reflect new architecture and is not keeping the inert grouping, but SHOULD we be doing grouping on product? And how would we select the appropriate cpe string if we are?This is an investigative issue to confirm that no grouping is desired, not necessarily a bug.