fix: Updated postgres__sql_va_send_scan_report_enabled_on_sql_server …

…query (#1030)
cloudquery · Aug 20, 2024 · fba97e2 · fba97e2
1 parent b8ea9b9
commit fba97e2
Showing 1 changed file with 24 additions and 17 deletions.
diff --git a/transformations/azure/macros/sql/va_send_scan_report_enabled_on_sql_server.sql b/transformations/azure/macros/sql/va_send_scan_report_enabled_on_sql_server.sql
@@ -7,33 +7,40 @@
 {% macro postgres__sql_va_send_scan_report_enabled_on_sql_server(framework, check_id) %}
 WITH vulnerability_emails AS (
     SELECT
-        id,
-        UNNEST((v.properties->'recurringScans'->>'emails')::text[]) AS emails
+        _cq_parent_id,
+        UNNEST(
+            CASE
+                WHEN v.properties->'recurringScans'->'emails' IS NULL THEN ARRAY[NULL::text]
+                WHEN jsonb_typeof(v.properties->'recurringScans'->'emails') <> 'array' THEN ARRAY[NULL::text]
+                WHEN jsonb_array_length(v.properties->'recurringScans'->'emails') = 0 THEN ARRAY[NULL::text]
+                ELSE ARRAY(
+                    SELECT jsonb_array_elements_text(v.properties->'recurringScans'->'emails')
+                )
+            END
+        ) AS emails
     FROM azure_sql_server_vulnerability_assessments v
 ),
 emails_count AS (
     SELECT
-        id,
-        count(emails) AS emails_number
+        _cq_parent_id,
+        COUNT(emails) AS emails_number
     FROM vulnerability_emails
-    GROUP BY id
+    GROUP BY _cq_parent_id
 )
-
 SELECT
   s.id AS server_id,
-  '{{framework}}' As framework,
-  '{{check_id}}' As check_id,
-  'Ensure that VA setting Send scan reports to is configured for a SQL server (Automated)' as title,
+  'cis_v1.3.0' AS framework,
+  '4.2.4' AS check_id,
+  'Ensure that VA setting Send scan reports to is configured for a SQL server (Automated)' AS title,
   s.subscription_id,
-  case
-    when c.emails_number = 0 OR c.emails_number IS NULL
-      then 'fail' else 'pass'
-  end
+  CASE
+    WHEN c.emails_number = 0 OR c.emails_number IS NULL
+      THEN 'fail'
+    ELSE 'pass'
+  END AS result
 FROM azure_sql_servers s
-    LEFT JOIN azure_sql_server_vulnerability_assessments sv ON
-        s._cq_id = sv._cq_parent_id
-    LEFT JOIN emails_count c ON
-        sv.id = c.id
+LEFT JOIN emails_count c ON
+    s._cq_id = c._cq_parent_id
 {% endmacro %}
 
 {% macro snowflake__sql_va_send_scan_report_enabled_on_sql_server(framework, check_id) %}