refactor: database schema code

[inosmeet]

Closes: #3117.
cc @terriko @anthonyharrison

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.44%. Comparing base (d6cbe40) to head (f85cd84).
Report is 148 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3968      +/-   ##
==========================================
+ Coverage   75.41%   80.44%   +5.03%     
==========================================
  Files         808      820      +12     
  Lines       11983    12567     +584     
  Branches     1598     1950     +352     
==========================================
+ Hits         9037    10110    +1073     
+ Misses       2593     2042     -551     
- Partials      353      415      +62     

Flag	Coverage Δ
longtests	79.94% <100.00%> (+4.53%)	⬆️
win-longtests	78.49% <100.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[terriko]

Hm, so self.table_schemas()[1] definitely looks nicer, but I don't think it really adds a lot of clarity and readability. We'd really want it to be something like self.table_schemas["range"] or maybe self.table_schemas.range

probably switching it to a dictionary (the first of those options) will make it easier to iterate in some of the other code. I'd suggest that you get rid of the table_schemas() function and instead make a nice class data structure that can be used directly.

Might want to think about whether we can make a data structure that makes it easier to do #3965 too. They're not quite using the same data but close.

[inosmeet]

Sure, I'll look into it.
It might take a couple of days though (my mid-sem exams are going on)

[inosmeet]

for #3965:
bandit doesn't like dynamic queries with variable table name, it will throw errors even if we have validated table names.
we can do the following, but it doesn't look good. And we can also keep using #nosec if assured of validation.

# Define pre-defined queries for each table
queries = {
    "cve_severity": "SELECT * FROM cve_severity WHERE 1=0",
    "cve_range": "SELECT * FROM cve_range WHERE 1=0",
    "cve_exploited": "SELECT * FROM cve_exploited WHERE 1=0",
    "cve_metrics": "SELECT * FROM cve_metrics WHERE 1=0",
    "metrics": "SELECT * FROM metrics WHERE 1=0"
}

# Check if the table_name is valid and select the corresponding query
if table_name in queries:
    query = queries[table_name]
    cursor.execute(query)
else:
    # Handle invalid table names
    raise ValueError("Invalid table name")

I don't think any other structural changes will help.
Let me know what you think.

[terriko]

In general, I don't mind putting # nosec on bandit stuff when there's no good alternative -- it adds a bit of release overhead for me because I review all the nosec lines at that point, but if we provide sufficient explanation in the comments it's not a big deal to note them and move on.

But that said, i think what you've got above is a nice solution that pleases bandit and makes the whole thing a little easier to understand, so let's go with that.

[terriko]

Thanks! Let's get this merged.