From 859fc20ae8bc7d2ddae453afd4db8cdf1dc403f9 Mon Sep 17 00:00:00 2001
From: Bailey Taylor <bailey@yeahnah.net>
Date: Wed, 29 Oct 2025 11:35:22 +0800
Subject: [PATCH] AI fixing the SQL Limit objects on the reporting.

---
 .../repository/ReportingRepository.java       | 50 +++++++++----------
 .../service/ReportingService.java             | 26 +++++++++-
 2 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/repository/ReportingRepository.java b/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/repository/ReportingRepository.java
index 153563d..82b5d26 100644
--- a/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/repository/ReportingRepository.java
+++ b/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/repository/ReportingRepository.java
@@ -59,38 +59,38 @@ public interface ReportingRepository extends JpaRepository<com.psg.dlsysinfo.dl_
            "WHERE cdv.deviceId IN (SELECT d.deviceId FROM Devices d WHERE d.client.clientId = :clientId)")
     LocalDateTime findLastVulnerabilityScanDate(@Param("clientId") Long clientId);
 
-    // Top Vulnerabilities Query
+    // Top Vulnerabilities Query - Using native SQL for LIMIT support
 
-    @Query("SELECT new com.psg.dlsysinfo.dl_sysinfo_server.dto.TopVulnerabilityDTO(" +
-           "cdv.cveId, " +
-           "cdv.description, " +
-           "cdv.severity, " +
-           "cdv.score, " +
-           "COUNT(DISTINCT cdv.deviceId)) " +
-           "FROM CachedDeviceVuln cdv " +
-           "WHERE cdv.deviceId IN (SELECT d.deviceId FROM Devices d WHERE d.client.clientId = :clientId) " +
-           "GROUP BY cdv.cveId, cdv.description, cdv.severity, cdv.score " +
+    @Query(value = "SELECT cdv.cve_id as cveId, " +
+           "cdv.description as title, " +
+           "cdv.severity as severity, " +
+           "cdv.score as score, " +
+           "COUNT(DISTINCT cdv.device_id) as affectedDevices " +
+           "FROM cached_device_vulns cdv " +
+           "WHERE cdv.device_id IN (SELECT d.device_id FROM devices d WHERE d.client_id = :clientId) " +
+           "GROUP BY cdv.cve_id, cdv.description, cdv.severity, cdv.score " +
            "ORDER BY " +
            "CASE WHEN UPPER(cdv.severity) = 'CRITICAL' THEN 0 " +
            "     WHEN UPPER(cdv.severity) = 'HIGH' THEN 1 " +
            "     WHEN UPPER(cdv.severity) = 'MEDIUM' THEN 2 " +
            "     WHEN UPPER(cdv.severity) = 'LOW' THEN 3 " +
            "     ELSE 4 END, " +
-           "COUNT(DISTINCT cdv.deviceId) DESC")
-    List<TopVulnerabilityDTO> findTopVulnerabilities(@Param("clientId") Long clientId,
-                                                       @Param("limit") int limit);
+           "COUNT(DISTINCT cdv.device_id) DESC " +
+           "LIMIT 20",
+           nativeQuery = true)
+    List<Object[]> findTopVulnerabilitiesNative(@Param("clientId") Long clientId);
 
-    // Vulnerable Software Query
+    // Vulnerable Software Query - Using native SQL for LIMIT support
 
-    @Query("SELECT new com.psg.dlsysinfo.dl_sysinfo_server.dto.VulnerableSoftwareDTO(" +
-           "cis.softwareName, " +
-           "COUNT(cis.id), " +
-           "SUM(CASE WHEN cis.totalCves > 0 THEN 1 ELSE 0 END), " +
-           "MAX(COALESCE(cis.totalCves, 0))) " +
-           "FROM CachedInstalledSoftware cis " +
-           "WHERE cis.deviceId IN (SELECT d.deviceId FROM Devices d WHERE d.client.clientId = :clientId) " +
-           "GROUP BY cis.softwareName " +
-           "ORDER BY (SUM(CASE WHEN cis.totalCves > 0 THEN 1 ELSE 0 END) * 1.0 / COUNT(cis.id) * MAX(COALESCE(cis.totalCves, 0))) DESC")
-    List<VulnerableSoftwareDTO> findVulnerableSoftware(@Param("clientId") Long clientId,
-                                                         @Param("limit") int limit);
+    @Query(value = "SELECT cis.software_name as softwareName, " +
+           "COUNT(cis.id) as totalInstances, " +
+           "SUM(CASE WHEN cis.total_cves > 0 THEN 1 ELSE 0 END) as vulnerableInstances, " +
+           "MAX(COALESCE(cis.total_cves, 0)) as totalCves " +
+           "FROM cached_installed_software cis " +
+           "WHERE cis.device_id IN (SELECT d.device_id FROM devices d WHERE d.client_id = :clientId) " +
+           "GROUP BY cis.software_name " +
+           "ORDER BY (SUM(CASE WHEN cis.total_cves > 0 THEN 1 ELSE 0 END) * 1.0 / COUNT(cis.id) * MAX(COALESCE(cis.total_cves, 0))) DESC " +
+           "LIMIT 20",
+           nativeQuery = true)
+    List<Object[]> findVulnerableSoftwareNative(@Param("clientId") Long clientId);
 }
diff --git a/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/service/ReportingService.java b/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/service/ReportingService.java
index a43a30d..afde51d 100644
--- a/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/service/ReportingService.java
+++ b/src/main/java/com/psg/dlsysinfo/dl_sysinfo_server/service/ReportingService.java
@@ -10,8 +10,11 @@ import org.springframework.cache.annotation.Cacheable;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.math.BigDecimal;
+import java.math.BigInteger;
 import java.time.LocalDateTime;
 import java.util.List;
+import java.util.stream.Collectors;
 
 @Service
 @RequiredArgsConstructor
@@ -62,7 +65,17 @@ public class ReportingService {
     @Transactional(readOnly = true)
     public List<TopVulnerabilityDTO> getTopVulnerabilities(Long clientId) {
         log.info("Fetching top vulnerabilities for client: {}", clientId);
-        return reportingRepository.findTopVulnerabilities(clientId, 20);
+        List<Object[]> results = reportingRepository.findTopVulnerabilitiesNative(clientId);
+
+        return results.stream()
+                .map(row -> TopVulnerabilityDTO.builder()
+                        .cveId((String) row[0])
+                        .title((String) row[1])
+                        .severity((String) row[2])
+                        .score(row[3] != null ? ((Number) row[3]).doubleValue() : null)
+                        .affectedDevices(row[4] != null ? ((Number) row[4]).longValue() : 0L)
+                        .build())
+                .collect(Collectors.toList());
     }
 
     /**
@@ -73,6 +86,15 @@ public class ReportingService {
     @Transactional(readOnly = true)
     public List<VulnerableSoftwareDTO> getVulnerableSoftware(Long clientId) {
         log.info("Fetching vulnerable software for client: {}", clientId);
-        return reportingRepository.findVulnerableSoftware(clientId, 20);
+        List<Object[]> results = reportingRepository.findVulnerableSoftwareNative(clientId);
+
+        return results.stream()
+                .map(row -> VulnerableSoftwareDTO.builder()
+                        .softwareName((String) row[0])
+                        .totalInstances(row[1] != null ? ((Number) row[1]).longValue() : 0L)
+                        .vulnerableInstances(row[2] != null ? ((Number) row[2]).longValue() : 0L)
+                        .totalCves(row[3] != null ? ((Number) row[3]).longValue() : 0L)
+                        .build())
+                .collect(Collectors.toList());
     }
 }