Merge pull request CactuseSecurity#3046 from Y4nnikH/fix/rsb-all-tab-duplicates

fix(ui rsb): ui crash likely caused by duplicates in query result

Author: tpurschke

roles/lib/files/FWO.Api.Client/APIcalls/allObjects/getAllObjectDetails.graphql

@@ -2,7 +2,7 @@ query getAllObjectDetails (
   $management_id: [Int!]
   $type: [String!]
   $uid: [String!]
-  $time: String
+  $import_id: bigint
   $obj_name: [String!]
   $limit: Int
   $offset: Int
@@ -25,7 +25,8 @@ query getAllObjectDetails (
       offset: $offset
       where: {
         stm_obj_typ: { obj_typ_name: { _in: $type } }
-        active: { _eq: true }
+        obj_last_seen: { _gte: $import_id }
+        obj_create: { _lte: $import_id }
         obj_name: { _in: $obj_name }
         obj_uid: { _in: $uid }
       }
@@ -38,7 +39,8 @@ query getAllObjectDetails (
       offset: $offset
       where: {
         stm_svc_typ: { svc_typ_name: { _in: $type } }
-        active: { _eq: true }
+        svc_last_seen: { _gte: $import_id }
+        svc_create: { _lte: $import_id }
         svc_name: { _in: $obj_name }
         svc_uid: { _in: $uid }
       }
@@ -51,7 +53,8 @@ query getAllObjectDetails (
       offset: $offset
       where: {
         stm_usr_typ: { usr_typ_name: { _in: $type } }
-        active: { _eq: true }
+        user_last_seen: { _gte: $import_id }
+        user_create: { _lte: $import_id }
         user_name: { _in: $obj_name }
         user_uid: { _in: $uid }
       }

roles/lib/files/FWO.Api.Client/APIcalls/networkObject/getNetworkObjectDetails.graphql

@@ -2,7 +2,7 @@ query getNetworkObjectDetails(
   $management_id: [Int!]
   $nwObjTyp: [String!]
   $nwObjUid: [String!]
-  $time: String
+  $import_id: bigint
   $obj_name: [String!]
   $obj_ip: [cidr!]
   $limit: Int
@@ -16,12 +16,13 @@ query getNetworkObjectDetails(
       offset: $offset
       where: {
         stm_obj_typ: { obj_typ_name: { _in: $nwObjTyp } }
-        active: { _eq: true }
+        obj_last_seen: { _gte: $import_id }
+        obj_create: { _lte: $import_id }
         obj_name: { _in: $obj_name }
         obj_ip: { _in: $obj_ip }
         obj_uid: { _in: $nwObjUid }
       }
-      order_by: { obj_name: asc }
+      order_by: [{ obj_name: asc }, { obj_id: asc }]
     ) {
       ...networkObjectDetails
     }

roles/lib/files/FWO.Api.Client/APIcalls/networkService/getNetworkServiceDetails.graphql

@@ -1,6 +1,6 @@
 query getNetworkServiceDetails(
   $management_id: [Int!]
-  $time: String
+  $import_id: bigint
   $svc_name: [String!]
   $svc_port: [Int!]
   $limit: Int
@@ -13,11 +13,12 @@ query getNetworkServiceDetails(
       limit: $limit
       offset: $offset
       where: {
-        active: { _eq: true }
+        svc_last_seen: { _gte: $import_id }
+        svc_create: { _lte: $import_id }
         svc_name: { _in: $svc_name }
         svc_port: { _in: $svc_port }
       }
-      order_by: { svc_name: asc }
+      order_by: [{ svc_name: asc }, { svc_id: asc }]
     ) {
       ...networkServiceDetails
     }

roles/lib/files/FWO.Api.Client/APIcalls/user/getUserDetails.graphql

@@ -1,6 +1,6 @@
-query listUsers(
+query getUserDetails(
   $management_id: [Int!]
-  $time: String
+  $import_id: bigint
   $user_name: [String!]
   $limit: Int
   $offset: Int
@@ -11,8 +11,12 @@ query listUsers(
     userObjects: usrs(
       limit: $limit
       offset: $offset
-      where: { active: { _eq: true }, user_name: { _in: $user_name } }
-      order_by: { user_name: asc }
+      where: {
+        user_last_seen: { _gte: $import_id }
+        user_create: { _lte: $import_id }
+        user_name: { _in: $user_name }
+      }
+      order_by: [{ user_name: asc }, { user_id: asc }]
     ) {
       ...userDetails
     }

roles/ui/files/FWO.UI/Shared/RightSidebar.razor

@@ -1,4 +1,4 @@
-@using System
+@using System
 @using FWO.Report
 @using FWO.Report.Filter
 @using FWO.Ui.Data
@@ -147,6 +147,17 @@
         });
     }
 
+    private async Task<long> GetImportId(int mgmId)
+    {
+        Dictionary<string, object> ImpIdQueryVariables = new()
+        {
+            ["time"] = DateTime.Now.ToString(DynGraphqlQuery.fullTimeFormat), // TODO: if set, use time from lsb
+            ["mgmIds"] = mgmId
+        };
+        List<ManagementReport> result = await apiConnection.SendQueryAsync<List<ManagementReport>>(ReportQueries.getRelevantImportIdsAtTime, ImpIdQueryVariables);
+        return result.First().Import.ImportAggregate.ImportAggregateMax.RelevantImportId ?? 0;
+    }
+
     public async Task FetchContent(RsbTab rsbTab, ObjCategory objType, Func<ReportData, Task> callback, long id = 0, bool nat = false)
     {
         Log.WriteDebug("Fetching Content..", $"nat: {nat}");
@@ -165,6 +176,8 @@
             {
                 case RsbTab.all:
                     queryVars.Add("management_id", (int)id);
+                    queryVars.Add("import_id", await GetImportId((int)id));
+
                     switch (objType)
                     {
                         case ObjCategory.all:
@@ -198,6 +211,7 @@
                     if (objType == ObjCategory.all)
                     {
                         queryVars.Add("rule_id", id);
+                        queryVars.Remove("limit"); // No pagination for rule details
                         query = nat ? RuleQueries.getNatRuleDetails : RuleQueries.getRuleDetails;
                         await FetchObjects(query, queryVars, callback);
                     }
@@ -218,6 +232,7 @@
             ReportData reportData = new();
             bool newObjects = true;
             int fetchCount = 0;
+            int elementsPerFetch = userConfig.ElementsPerFetch;
 
             while (newObjects && (++fetchCount <= userConfig.MaxInitialFetchesRightSidebar || userConfig.AutoFillRightSidebar))
             {
@@ -232,11 +247,11 @@
                 }
 
                 if (queryVars.ContainsKey("offset"))
-                    queryVars["offset"] = (int)queryVars["offset"] + userConfig.ElementsPerFetch;
+                    queryVars["offset"] = (int)queryVars["offset"] + elementsPerFetch;
                 await callback(reportData);
             }
 
-            Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({userConfig.ElementsPerFetch} at a time)");
+            Log.WriteDebug("Lazy Fetch", $"Fetched sidebar objects in {fetchCount - 1} cycle(s) ({elementsPerFetch} at a time)");
 
             if (fetchCount > userConfig.MaxInitialFetchesRightSidebar && !userConfig.AutoFillRightSidebar)
                 DisplayMessageInUi(null, userConfig.GetText("object_fetch_warning"), userConfig.GetText("E0021"), true);