diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go index 67176e8b36f859e328da2441c2d8a1d3c2a0d799..1c9ee3a3ede78e7c54625e6e59601b4f4461c174 100644 --- a/cve-vulner-manager/controllers/cve.go +++ b/cve-vulner-manager/controllers/cve.go @@ -283,7 +283,9 @@ func (u *KanbanCveAllIssueController) Get() { irda.OpeneulerScore = issues.OpeneulerScore irda.NvdScore = issues.NvdScore irda.Branch = issues.AffectedVersion - irda.CveLevel = issues.CveLevel + if issues.OpeneulerScore >= 0 { + irda.CveLevel = models.OpenEulerScoreProc(issues.OpeneulerScore) + } irda.CveVtopicPublicTime = issues.FirstPerTime irda.CveVtopicRecTime = issues.FirstGetTime irda.PlanClosedTime = CvePlanCloseTime(issues.CreateTime, issues.CveLevel) diff --git a/cve-vulner-manager/models/common.go b/cve-vulner-manager/models/common.go index 458c935fe8d726d056404336b0efc24a6e2d8d07..586628dfad9ade0a68cd03125311f66066f0267d 100644 --- a/cve-vulner-manager/models/common.go +++ b/cve-vulner-manager/models/common.go @@ -30,7 +30,7 @@ func CheckToken(token string) bool { return true } -func openEulerScoreProc(openEulerScore float64) (CveLevel string) { +func OpenEulerScoreProc(openEulerScore float64) (CveLevel string) { if openEulerScore >= 9.0 { CveLevel = "Critical" } else if openEulerScore >= 7.0 && openEulerScore <= 8.9 { diff --git a/cve-vulner-manager/models/uploadcve.go b/cve-vulner-manager/models/uploadcve.go index a6f72f763c6a0d1607b10a55995553d02375ad4d..8aa2e734bfc6f0d34353cd0dd1db827a5eb28d34 100644 --- a/cve-vulner-manager/models/uploadcve.go +++ b/cve-vulner-manager/models/uploadcve.go @@ -369,7 +369,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv3.Scope = CveData.Impact.BaseMetricV3.CvssV3.Scope lousisv3.ImpactScore = CveData.Impact.BaseMetricV3.ImpactScore lousisv3.ExploitabilityScore = CveData.Impact.BaseMetricV3.ExploitabilityScore - lousisv3.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) + lousisv3.CveLevel = OpenEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) if lousistnumv3, err := o.Insert(&lousisv3); err == nil { logs.Info("CreateOriginCve, insert cve_origin_upstream_impact_score_v3 success, "+ "lousistnumv3:", lousistnumv3, ", cveNum: ", ou.Ids) @@ -415,7 +415,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv2.ObtainOtherPrivilege = CveData.Impact.BaseMetricV2.ObtainOtherPrivilege lousisv2.ImpactScore = CveData.Impact.BaseMetricV2.ImpactScore lousisv2.ExploitabilityScore = CveData.Impact.BaseMetricV2.ExploitabilityScore - lousisv2.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) + lousisv2.CveLevel = OpenEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) if lousistnumv2, err := o.Insert(&lousisv2); err == nil { logs.Info("CreateOriginCve, insert cve_origin_upstream_impact_score_v2 success, "+ "lousistnumv2:", lousistnumv2, ", cveNum: ", ou.Ids) @@ -731,7 +731,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv3.Scope = CveData.Impact.BaseMetricV3.CvssV3.Scope lousisv3.ImpactScore = CveData.Impact.BaseMetricV3.ImpactScore lousisv3.ExploitabilityScore = CveData.Impact.BaseMetricV3.ExploitabilityScore - lousisv3.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) + lousisv3.CveLevel = OpenEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) if lousistnumv3, err := o.Insert(&lousisv3); err == nil { logs.Info("CreateOriginCve, insert cve_origin_upstream_impact_score_v3 success, "+ "lousistnumv3:", lousistnumv3, ", cveNum", ou.Ids) @@ -777,7 +777,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv2.ObtainOtherPrivilege = CveData.Impact.BaseMetricV2.ObtainOtherPrivilege lousisv2.ImpactScore = CveData.Impact.BaseMetricV2.ImpactScore lousisv2.ExploitabilityScore = CveData.Impact.BaseMetricV2.ExploitabilityScore - lousisv2.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) + lousisv2.CveLevel = OpenEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) if lousistnumv2, err := o.Insert(&lousisv2); err == nil { logs.Info("CreateOriginCve, insert cve_origin_upstream_impact_score_v2 success, "+ "lousistnumv2:", lousistnumv2, ", cveNum: ", ou.Ids) diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index 5057b4692af3eb86ee9eae23fe64bcfc4bf0c1ab..b7d5e5415a4c4ff5d2c3872bb0e845c39d93b5ae 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -1007,19 +1007,6 @@ func deleteTailBlank(str string) string { return str[:len(str)-spaceNum] } -func openEulerScoreProc(openEulerScore float64) (CveLevel string) { - if openEulerScore >= 9.0 { - CveLevel = "Critical" - } else if openEulerScore >= 7.0 && openEulerScore <= 8.9 { - CveLevel = "High" - } else if openEulerScore > 4.0 && openEulerScore <= 6.9 { - CveLevel = "Medium" - } else if openEulerScore <= 4.0 { - CveLevel = "Low" - } - return CveLevel -} - func IssueStateConversion(status int8) string { var retName string switch status { @@ -1121,4 +1108,4 @@ func UpdateIssueLabels(token, repo, issueNum, owner, label string) bool { return false } return true -} \ No newline at end of file +} diff --git a/cve-vulner-manager/taskhandler/createissue.go b/cve-vulner-manager/taskhandler/createissue.go index f5767591660fa82c7f5496494c2a4d12370afef8..be7034cc6ac7099b34d46dff47cb8d90ecc80cbd 100644 --- a/cve-vulner-manager/taskhandler/createissue.go +++ b/cve-vulner-manager/taskhandler/createissue.go @@ -769,7 +769,7 @@ func CreateSecNoticeData(sec *models.SecurityNotice, iss models.VulnCenter, branchs := AddAffectBrands(branchVersion) sec.CveId = iss.CveId sec.CveNum = iss.CveNum - opScoreLeve := openEulerScoreProc(opScore) + opScoreLeve := models.OpenEulerScoreProc(opScore) sec.Introduction = "An update for " + iss.PackName + " is now available for " + branchs + "." if iss.OrganizationID == 3 { sec.Theme = sec.Introduction[:len(sec.Introduction)-1] + ".\n\n" + "MindSpore Security has rated this" + diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index 26541d603c77438e48418543f0a1ae2679c77549..83ef87af124ba056128292660c31bd107fe3abe7 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -1155,7 +1155,7 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if cvsError != nil { vul.CveLevel = "Critical" } - vul.CveLevel = openEulerScoreProc(v2) + vul.CveLevel = models.OpenEulerScoreProc(v2) var sec models.SecurityNotice sec.CveNum = cveData.CveNumber sec.InfluenceComponent = cveData.RepoPath @@ -1174,7 +1174,7 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if opError != nil { opScoreLeve = "Critical" } else { - opScoreLeve = openEulerScoreProc(opScore) + opScoreLeve = models.OpenEulerScoreProc(opScore) } sec.ReferenceLink = cveRef + cveData.CveNumber affectBrands := "" @@ -1415,13 +1415,13 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c opScore := float64(0) if issueTemps.OpenEulerScore > 0 { opScore = issueTemps.OpenEulerScore - opScoreLeve = openEulerScoreProc(opScore) + opScoreLeve = models.OpenEulerScoreProc(opScore) } else { opScore, opError := strconv.ParseFloat(lop.OpScore, 64) if opError != nil { opScoreLeve = "Critical" } else { - opScoreLeve = openEulerScoreProc(opScore) + opScoreLeve = models.OpenEulerScoreProc(opScore) } } if issueTemps.NVDVector != "" && len(issueTemps.NVDVector) > 1 { @@ -1530,7 +1530,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } else { v2 := score.NVDScore - vul.CveLevel = openEulerScoreProc(v2) + vul.CveLevel = models.OpenEulerScoreProc(v2) score.CveNum = vul.CveNum score.Nstatus = 2 var nvdError error diff --git a/cve-vulner-manager/taskhandler/cvrf.go b/cve-vulner-manager/taskhandler/cvrf.go index 808bdef412f435351ae10b0d0581e951006cd2c9..0fd18a2e807cc7c284643463ff77b8cac19be5f6 100644 --- a/cve-vulner-manager/taskhandler/cvrf.go +++ b/cve-vulner-manager/taskhandler/cvrf.go @@ -553,7 +553,7 @@ func BuilddocumentNotes(cvrfsa *CvrfSa, v models.ExcelExport, noteSeverity.Type = "General" noteSeverity.Ordinal = "5" noteSeverity.XmlLang = "en" - cveLevel := openEulerScoreProc(v.OpenEulerScore) + cveLevel := models.OpenEulerScoreProc(v.OpenEulerScore) noteSeverity.Note = cveLevel note = append(note, noteSeverity) var noteComponent Note @@ -645,7 +645,7 @@ func BuilddocumentNotes(cvrfsa *CvrfSa, v models.ExcelExport, sort.Float64s(openEulerScoreSlice) } if len(openEulerScoreSlice) > 0 { - cveLevel := openEulerScoreProc(openEulerScoreSlice[len(openEulerScoreSlice)-1]) + cveLevel := models.OpenEulerScoreProc(openEulerScoreSlice[len(openEulerScoreSlice)-1]) te.Note = cveLevel } } @@ -1073,7 +1073,7 @@ func BuildVulnerability(vlLenth int, v models.ExcelExport, var threats Threats var threat Threat threat.Type = "Impact" - threat.Description = openEulerScoreProc(v.OpenEulerScore) + threat.Description = models.OpenEulerScoreProc(v.OpenEulerScore) threats.Threat = &threat vulnerability.Threats = &threats var cVSSScoreSets CVSSScoreSets diff --git a/cve-vulner-manager/taskhandler/issuestatistics.go b/cve-vulner-manager/taskhandler/issuestatistics.go index 1564ca9d3d1f862d5b714e6f90ce688589481f8c..2908b279847d7af8f856d654336470130ac79ab3 100644 --- a/cve-vulner-manager/taskhandler/issuestatistics.go +++ b/cve-vulner-manager/taskhandler/issuestatistics.go @@ -32,11 +32,17 @@ func GetNoLinkIssueData(beforeDate, prcnum int, templateId int64) ([]models.Issu return it, err } -func createExcel() (string, string) { +func createExcel(beforeMonth int) (string, string) { + beforeTime := common.GetBeforeDate(2, beforeMonth) // File storage directory dir := beego.AppConfig.String("fileDir") common.CreateDir(dir) - excelName := "CVE_ISSUE_" + common.GetCurDate() + ".xlsx" + excelName := "" + if len(beforeTime) > 10 { + excelName = "CVE_ISSUE_" + beforeTime[:10] + "_" + common.GetCurDate() + ".xlsx" + } else { + excelName = "CVE_ISSUE_" + beforeTime + "_" + common.GetCurDate() + ".xlsx" + } excelPath := filepath.Join(dir, excelName) xlsx := excelize.NewFile() index := xlsx.NewSheet(sheetName) @@ -143,7 +149,7 @@ func procIssueData(its models.IssueTemplate, is *IssueStr, owner string) []inter cveData = append(cveData, common.TimeConverStr(its.CreateTime.String()[:19])) cveData = append(cveData, its.Owner+"/"+its.OwnedComponent) cveData = append(cveData, its.NVDScore) - cveData = append(cveData, openEulerScoreProc(its.NVDScore)) + cveData = append(cveData, models.OpenEulerScoreProc(its.NVDScore)) if its.NVDScore >= 7 { is.HighCveCount += 1 } @@ -205,7 +211,7 @@ func pressFileZip(excelPath, dir string) string { } func IssueStatistics(beforeMonth, prcnum int, owner string) error { - excelPath, _ := createExcel() + excelPath, _ := createExcel(beforeMonth) if excelPath == "" { logs.Error("Failed to create file") return errors.New("Failed to create file") diff --git a/cve-vulner-manager/taskhandler/xml.go b/cve-vulner-manager/taskhandler/xml.go index 2860e9f803557a41c210638dea21aaa47d3f3cb5..15f52224994f51d83c70483c54d90566fda8192c 100644 --- a/cve-vulner-manager/taskhandler/xml.go +++ b/cve-vulner-manager/taskhandler/xml.go @@ -298,7 +298,7 @@ func WriteXml(filePath, excelName, affectBranch string, cveXmlList []CveXml, dpd if len(openEulerScoreSlice) > 1 { sort.Float64s(openEulerScoreSlice) } - cveLevel := openEulerScoreProc(openEulerScoreSlice[len(openEulerScoreSlice)-1]) + cveLevel := models.OpenEulerScoreProc(openEulerScoreSlice[len(openEulerScoreSlice)-1]) if strings.ToLower(cveLevel) == "low" { upDatex.Severity = "Low" } else if strings.ToLower(cveLevel) == "medium" {