From bed686df9046ce42239daac87f809fa444a7107e Mon Sep 17 00:00:00 2001 From: sb Date: Wed, 14 Apr 2021 14:48:42 +0800 Subject: [PATCH] After the demonstration, supplement and improve the process of handling issues in the opengGuass community, and optimize the issues raised --- conf/app.conf | 7 +- conf/product_app.conf | 3 +- controllers/hook.go | 139 +++++++++++++++++++++++++------------ models/modeldb.go | 8 ++- models/reviewer.go | 21 +++++- task/issuetask.go | 12 +++- taskhandler/common.go | 3 +- taskhandler/createissue.go | 20 +++++- taskhandler/hook.go | 2 +- 9 files changed, 156 insertions(+), 59 deletions(-) diff --git a/conf/app.conf b/conf/app.conf index ff5d437..bb3787d 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -58,8 +58,8 @@ oricveflag = 2 oricvecheck = 0 16 19 * * * getissueflag = 2 getissue = 0 50 10 * * * -issueflag = 2 -createissue = 0 18 15 * * * +issueflag = 1 +createissue = 0 55 10 * * * emergissueflag = 2 emergcreateissue = 0 */3 * * * * test = 0/10 * * * * * @@ -189,8 +189,9 @@ email_port = 587 gauss_owner = cve-gauss # git token git_gauss_token = "${GITEE_GAUSS_TOKEN||xxx}" -gauss_version = 1.1.0,1.0.1,1.0.0 +gauss_version = 2.0.0,1.1.0,1.0.1,1.0.0 gauss_issue_path = security +gauss_branch_path = openGauss-server sa_init_value = 1001 pr_repo = "openGauss-server,openGauss-connector-jdbc,openGauss-connector-odbc,openGauss-OM,openGauss-third_party" nvd_relink = https://nvd.nist.gov/vuln/detail/ \ No newline at end of file diff --git a/conf/product_app.conf b/conf/product_app.conf index be9e42e..5513913 100644 --- a/conf/product_app.conf +++ b/conf/product_app.conf @@ -182,8 +182,9 @@ email_port = 587 gauss_owner = opengauss # git token git_gauss_token = "${GITEE_GAUSS_TOKEN||xxx}" -gauss_version = 1.1.0,1.0.1,1.0.0 +gauss_version = 2.0.0,1.1.0,1.0.1,1.0.0 gauss_issue_path = security +gauss_branch_path = openGauss-server sa_init_value = 1001 pr_repo = "openGauss-server,openGauss-connector-jdbc,openGauss-connector-odbc,openGauss-OM,openGauss-third_party" nvd_relink = https://nvd.nist.gov/vuln/detail/ diff --git a/controllers/hook.go b/controllers/hook.go index b011503..1e5d1f9 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -326,20 +326,31 @@ func gaussCloseIssueProc(issueHook *models.IssuePayload, issueTmp *models.IssueT taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, path, token) } } else { - //1. change issue status - issueTmp.IssueStatus = 2 - //issueTmp.Status = 3 - cveCenter.IsExport = 3 - issueTmp.StatusName = issueHook.Issue.StateName - issueTmp.Status = 3 - if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueLabel = unFix + issueTmp.StatusName = "open" + issueTmp.Status = 1 + assignee := "@" + issueTmp.Assignee + issuePrFlag := VerifyIssueAsPr(issueTmp, *cveCenter, false, + assignee, issueHook.Sender.UserName) + if issuePrFlag { + //1. change issue status issueTmp.IssueStatus = 2 + //issueTmp.Status = 3 cveCenter.IsExport = 3 - issueTmp.IssueLabel = fixed + issueTmp.StatusName = issueHook.Issue.StateName + issueTmp.Status = 3 + if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueStatus = 2 + cveCenter.IsExport = 3 + issueTmp.IssueLabel = fixed + } else { + issueTmp.IssueStatus = 6 + cveCenter.IsExport = 2 + issueTmp.IssueLabel = unFix + } } else { - issueTmp.IssueStatus = 6 - cveCenter.IsExport = 2 - issueTmp.IssueLabel = unFix + issueTmp.IssueStatus = 1 + cveCenter.IsExport = 0 } } } @@ -534,12 +545,30 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter return true } affectBranchsxList := make([]string, 0) - affectedBranchs := beego.AppConfig.String("cve::affected_branchs") + affectedBranchs := "" + token := "" + owner := "" + path := "" + prRepoSlice := []string{} + if cveCenter.OrganizationID == 2 { + affectedBranchs = beego.AppConfig.String("opengauss::gauss_version") + token = beego.AppConfig.String("opengauss::git_gauss_token") + owner = beego.AppConfig.String("opengauss::gauss_owner") + issuePath := beego.AppConfig.String("opengauss::gauss_issue_path") + prRepo := beego.AppConfig.String("opengauss::pr_repo") + prRepoSlice = strings.Split(prRepo, ",") + prRepoSlice = append(prRepoSlice, issuePath) + path = issuePath + } else { + affectedBranchs = beego.AppConfig.String("cve::affected_branchs") + token = beego.AppConfig.String("gitee::git_token") + owner = beego.AppConfig.String("gitee::owner") + prRepoSlice = append(prRepoSlice, issueTmp.Repo) + path = issueTmp.Repo + } if affectedBranchs != "" && len(affectedBranchs) > 0 { affectBranchsxList = strings.Split(affectedBranchs, ",") } - token := beego.AppConfig.String("gitee::git_token") - owner := beego.AppConfig.String("gitee::owner") if sn.AffectProduct != "" && len(sn.AffectProduct) > 1 { issueTmp.SaAuditFlag = 0 affectProductList := strings.Split(sn.AffectProduct, "/") @@ -549,9 +578,12 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter for _, affectBranch := range affectBranchsxList { if affectBranch == brands { branchMaps[brands] = false - prList := getRepoIssueAllPR(affectBranch, token, owner, issueTmp.Repo, *issueTmp) - if len(prList) > 0 { - branchMaps[brands] = true + for _, prRepo := range prRepoSlice { + prList := getRepoIssueAllPR(affectBranch, token, owner, prRepo, *issueTmp) + if len(prList) > 0 { + branchMaps[brands] = true + break + } } } } @@ -565,14 +597,14 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter } } if brandStr != "" && len(brandStr) > 1 { - _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, + _, issueErr := taskhandler.UpdateIssueToGit(token, owner, path, cveCenter, *issueTmp) if issueErr == nil { commentBody := assignee + "\n" + "关闭issue前,需要将受影响的分支在合并pr时关联上当前issue编号: #" + issueTmp.IssueNum + "\n" + "受影响分支: " + brandStr[:len(brandStr)-1] + "\n" + "具体操作参考: " + "https://gitee.com/help/articles/4142" + "\n" - taskhandler.AddCommentToIssue(commentBody, issueTmp.IssueNum, owner, issueTmp.Repo, token) + taskhandler.AddCommentToIssue(commentBody, issueTmp.IssueNum, owner, path, token) content := issueTmp.Repo + " 仓库的CVE和安全问题的ISSUE,CVE编号: " + issueTmp.CveNum + ",关闭issue前,需要将受影响的分支在合并pr时关联上当前issue编号: #" + issueTmp.IssueNum + ",受影响分支: " + brandStr[:len(brandStr)-1] + @@ -972,7 +1004,7 @@ func openEulerScoreReview(issueTmp *models.IssueTemplate, cuAccount, owner, toke } func gaussMaintainerApprove(issueTmp *models.IssueTemplate, cuAccount, owner, token, fixed, - path string, cveCenter models.VulnCenter) { + unfixed, path string, cveCenter models.VulnCenter) { if _, tb, ok := checkGaussIssueClosedAnalysisComplete(issueTmp); !ok { //send comment to issue na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" @@ -980,32 +1012,44 @@ func gaussMaintainerApprove(issueTmp *models.IssueTemplate, cuAccount, owner, to taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, path, token) return } else { - issueTmp.IssueLabel = fixed - issueTmp.StatusName = "closed" - taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容, cve-manager 将关闭issue!`, - cuAccount), issueTmp.IssueNum, owner, path, token) - _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, - cveCenter, *issueTmp) - if issueErr == nil { - logs.Info("Initiate an issue to close,issuetmp: ", issueTmp) - } else { - logs.Error("Issue closing operation failed, issuetmp: ", issueTmp, ",issueErr: ", issueErr) + if !isGaussReviewer(cuAccount) { + logs.Error("Invalid user review, cuAccount: ", cuAccount) return } - //issueTmp.SaAuditFlag = 1 - issueTmp.Status = 3 - if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { - issueTmp.IssueStatus = 2 - cveCenter.IsExport = 3 - } else { - issueTmp.IssueStatus = 6 - cveCenter.IsExport = 2 - } - gaussIssuePath := beego.AppConfig.String("opengauss::gauss_issue_path") - issueTmp.Repo = gaussIssuePath - updateBool := updateTempAndCenter(*issueTmp, cveCenter, token, owner) - if !updateBool { - return + issueTmp.IssueLabel = unfixed + issueTmp.StatusName = "open" + issueTmp.Status = 1 + assignee := "@" + issueTmp.Assignee + issuePrFlag := VerifyIssueAsPr(issueTmp, cveCenter, false, + assignee, cuAccount) + if issuePrFlag { + issueTmp.IssueLabel = fixed + issueTmp.StatusName = "closed" + taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容, cve-manager 将关闭issue!`, + cuAccount), issueTmp.IssueNum, owner, path, token) + _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, + cveCenter, *issueTmp) + if issueErr == nil { + logs.Info("Initiate an issue to close,issuetmp: ", issueTmp) + } else { + logs.Error("Issue closing operation failed, issuetmp: ", issueTmp, ",issueErr: ", issueErr) + return + } + //issueTmp.SaAuditFlag = 1 + issueTmp.Status = 3 + if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueStatus = 2 + cveCenter.IsExport = 3 + } else { + issueTmp.IssueStatus = 6 + cveCenter.IsExport = 2 + } + gaussIssuePath := beego.AppConfig.String("opengauss::gauss_issue_path") + issueTmp.Repo = gaussIssuePath + updateBool := updateTempAndCenter(*issueTmp, cveCenter, token, owner) + if !updateBool { + return + } } } } @@ -1188,7 +1232,7 @@ func handleIssueComment(payload models.CommentPayload) { } if vc.OrganizationID == 2 { comLock.Lock() - gaussMaintainerApprove(&issueTmp, cuAccount, owner, accessToken, fixed, path, vc) + gaussMaintainerApprove(&issueTmp, cuAccount, owner, accessToken, fixed, unfixed, path, vc) comLock.Unlock() } else { approveFlag := true @@ -1271,6 +1315,11 @@ func isReviewer(path string) bool { return sr.Read("name_space") } +func isGaussReviewer(path string) bool { + sr := models.OpenGaussSecurityReviewer{NameSpace: path} + return sr.Read("name_space") +} + func analysisComment(owner, accessToken, path string, cuAccount string, cBody string, payload *models.CommentPayload, issueTmp models.IssueTemplate, OrganizationID int8) { if issueTmp.Status == 3 { diff --git a/models/modeldb.go b/models/modeldb.go index ffc4b7f..76aa4de 100644 --- a/models/modeldb.go +++ b/models/modeldb.go @@ -871,6 +871,12 @@ type OpenEulerRepoOrigin struct { DeleteTime string `orm:"size(32);column(delete_time);null"` } +type OpenGaussSecurityReviewer struct { + Id int64 `orm:"pk;auto"` + NameSpace string `orm:"unique" description:"码云空间地址"` + Status int8 `orm:"default(0);column(status)" description:"0: 全部;1:审核人"` +} + func CreateDb() bool { BConfig, err := config.NewConfig("ini", "conf/app.conf") if err != nil { @@ -906,7 +912,7 @@ func CreateDb() bool { new(IssueTemplateAssociation), new(OpenGaussDownloadFile), new(OpenGaussVersion), new(OpenGaussPlatform), new(OpenGaussListTemp), - new(OpenEulerRepoOrigin), + new(OpenEulerRepoOrigin), new(OpenGaussSecurityReviewer), ) logs.Info("table create success!") errosyn := orm.RunSyncdb("default", false, true) diff --git a/models/reviewer.go b/models/reviewer.go index f26d447..6b6f62b 100644 --- a/models/reviewer.go +++ b/models/reviewer.go @@ -15,9 +15,26 @@ func (s *SecurityReviewer) Read(filed ...string) (ok bool) { return true } -func GetSecurityReviewerList()(sr []SecurityReviewer,err error) { +func (s *OpenGaussSecurityReviewer) Read(filed ...string) (ok bool) { + o := orm.NewOrm() + err := o.Read(s, filed...) + if err != nil { + logs.Error(err) + return false + } + return true +} + +func GetSecurityReviewerList() (sr []SecurityReviewer, err error) { var list []SecurityReviewer o := orm.NewOrm() _, err = o.QueryTable("cve_security_reviewer").All(&list) - return list,err + return list, err +} + +func GetGuassSecurityReviewerList() (sr []OpenGaussSecurityReviewer, err error) { + var list []OpenGaussSecurityReviewer + o := orm.NewOrm() + _, err = o.QueryTable("cve_open_gauss_security_reviewer").All(&list) + return list, err } diff --git a/task/issuetask.go b/task/issuetask.go index 7edff8b..643603e 100644 --- a/task/issuetask.go +++ b/task/issuetask.go @@ -559,12 +559,22 @@ func ProcIssue(issueValue models.VulnCenter, return err } } else { + reviewerList, rlerr := models.GetGuassSecurityReviewerList() + if len(reviewerList) > 0 { + for _, v := range reviewerList { + assignee = v.NameSpace + break + } + } else { + logs.Error("GetGuassSecurityReviewerList, rlerr: ", rlerr) + } branchList := make([]string, 0) errBrands := errors.New("") gaussIssuePath := beego.AppConfig.String("opengauss::gauss_issue_path") path = gaussIssuePath + gaussBranchPath := beego.AppConfig.String("opengauss::gauss_branch_path") // Get branch information - branchList, errBrands = taskhandler.GetGaussBranchesInfo(gitGaussToken, gaussOwner, path) + branchList, errBrands = taskhandler.GetGaussBranchesInfo(gitGaussToken, gaussOwner, gaussBranchPath) if branchList == nil || len(branchList) == 0 { logs.Error("ProcIssue, Failed to obtain branch information,CveNum: ", issueValue.CveNum, ", path: ", path, ", err: ", errBrands) diff --git a/taskhandler/common.go b/taskhandler/common.go index 95a92e2..f377d73 100644 --- a/taskhandler/common.go +++ b/taskhandler/common.go @@ -228,8 +228,7 @@ func CommentTemplate(assignee, commentCmd, affectedVersion, path string) string } func GaussCommentTemplate(assignee, commentCmd, affectedVersion string) string { - assigneeStr := "@" + assignee - commentTemplate := fmt.Sprintf(gaussCommentCopyValue, assigneeStr, affectedVersion, commentCmd, PrIssueLink) + commentTemplate := fmt.Sprintf(gaussCommentCopyValue, assignee, affectedVersion, commentCmd, PrIssueLink) return commentTemplate } diff --git a/taskhandler/createissue.go b/taskhandler/createissue.go index 3cccab7..763b858 100644 --- a/taskhandler/createissue.go +++ b/taskhandler/createissue.go @@ -156,7 +156,9 @@ func CreateIssueToGit(accessToken, owner, path, assignee string, if len(it.AffectedVersion) > 1 { brandArryTmp := strings.Split(it.AffectedVersion, ",") for _, brand := range brandArray { - if !strings.Contains(it.AffectedVersion, brand+":") && !strings.Contains(it.AffectedVersion, brand+":") { + if !strings.Contains(it.AffectedVersion, brand+":") && + !strings.Contains(it.AffectedVersion, brand+":") && + it.Status != 3 { brandArryTmp = append(brandArryTmp, brand+":") } } @@ -583,8 +585,8 @@ func CreateDepositHooks(accessToken string, owner string, path string, if ok != nil { createFlag = 1 } - openGaussOwner := beego.AppConfig.String("opengauss::gauss_owner") - if createFlag == 1 || openGaussOwner == owner { + //openGaussOwner := beego.AppConfig.String("opengauss::gauss_owner") + if createFlag == 1 { var ih models.IssueHooks ih.CveId = cve.CveId ih.IssueNum = issueNum @@ -647,6 +649,18 @@ func CreateIssueComment(accessToken, owner, path, assignee string, commentBody := "" if cve.OrganizationID == 2 { commentCmd = " " + anName := []string{} + reviewerList, rlerr := models.GetGuassSecurityReviewerList() + if len(reviewerList) > 0 { + for _, v := range reviewerList { + anName = append(anName, "@"+v.NameSpace+" ") + } + } else { + logs.Error("GetGuassSecurityReviewerList, rlerr: ", rlerr) + } + if len(assignee) < 2 { + assignee = strings.Join(anName, ",") + } commentBody = GaussCommentTemplate(assignee, commentCmd, affectedVersion) } else { commentBody = CommentTemplate(assignee, commentCmd, affectedVersion, path) diff --git a/taskhandler/hook.go b/taskhandler/hook.go index 9b86244..1b0eb7d 100644 --- a/taskhandler/hook.go +++ b/taskhandler/hook.go @@ -97,7 +97,7 @@ func PrcMutDepositHooks(accessToken, pwd string, ihk models.IssueHooks, hd []HookData, deleteHook int, gaussOwner string) { for _, hdk := range hd { if ihk.HookUrl == hdk.HookUrl && hdk.Password == pwd { - if deleteHook == 2 && ihk.Owner != gaussOwner { + if deleteHook == 2 { go DeleteRepoHooks(accessToken, ihk.Owner, ihk.Repo, hdk.Id, ihk.Id) } else { if hdk.Id != ihk.HookId && ihk.HookId > 0 { -- Gitee