From bd8403c845589992c383a231561146103744592f Mon Sep 17 00:00:00 2001 From: zhangjianjun Date: Fri, 17 Sep 2021 15:11:03 +0800 Subject: [PATCH] Deal with the issue status as suspended or rejected, do not monitor the issue, modify the risk of the defer keyword --- cve-vulner-manager/controllers/cve.go | 18 ++- cve-vulner-manager/controllers/cvedetail.go | 9 +- cve-vulner-manager/controllers/gauss.go | 22 ++- cve-vulner-manager/controllers/hook.go | 32 +++- cve-vulner-manager/controllers/issue.go | 5 +- cve-vulner-manager/controllers/login.go | 7 +- cve-vulner-manager/controllers/packages.go | 20 ++- cve-vulner-manager/controllers/upload.go | 16 +- cve-vulner-manager/models/cve.go | 50 ++++-- cve-vulner-manager/models/issue.go | 13 -- cve-vulner-manager/task/issuetask.go | 20 ++- cve-vulner-manager/taskhandler/createissue.go | 6 + cve-vulner-manager/taskhandler/cve.go | 150 ++++++++---------- 13 files changed, 236 insertions(+), 132 deletions(-) diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go index 1c9ee3a..524ba59 100644 --- a/cve-vulner-manager/controllers/cve.go +++ b/cve-vulner-manager/controllers/cve.go @@ -43,7 +43,7 @@ func (u *CveIssueInfoController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) resp["body"] = []CveIssueInfoData{} resp["total"] = 0 - defer u.RetData(resp) + //defer u.RetData(resp) milestone := u.GetString("milestone", "") count := models.QueryIssueCount(milestone) if count > 0 { @@ -55,6 +55,7 @@ func (u *CveIssueInfoController) Get() { logs.Error("err: ", err, ", currentPage: ", currentPage) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } pageSize, err := u.GetInt("pageSize", 100) @@ -62,6 +63,7 @@ func (u *CveIssueInfoController) Get() { logs.Error("err: ", err, ", pageSize: ", pageSize) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } issueData, issueErr := models.QueryCveIssueByBranch(currentPage, pageSize, milestone) @@ -78,9 +80,11 @@ func (u *CveIssueInfoController) Get() { resp["body"] = ird resp["code"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetData(resp) } else { resp["code"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } } @@ -127,7 +131,7 @@ func (u *CveAllIssueController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) resp["body"] = []CveAllIssueoData{} resp["total"] = 0 - defer u.RetCveData(resp) + //defer u.RetCveData(resp) communityFlag, flagErr := u.GetInt("communityFlag", 0) if flagErr != nil { communityFlag = 0 @@ -143,6 +147,7 @@ func (u *CveAllIssueController) Get() { logs.Error("err: ", err, ", currentPage: ", currentPage) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetCveData(resp) return } pageSize, err := u.GetInt("pageSize", 100) @@ -150,6 +155,7 @@ func (u *CveAllIssueController) Get() { logs.Error("err: ", err, ", pageSize: ", pageSize) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetCveData(resp) return } issueData, issueErr := models.QueryCveAllIssueData(currentPage, pageSize, communityFlag, startTime) @@ -181,9 +187,11 @@ func (u *CveAllIssueController) Get() { resp["body"] = cid resp["code"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetCveData(resp) } else { resp["code"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetCveData(resp) return } } @@ -246,7 +254,7 @@ func (u *KanbanCveAllIssueController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) resp["body"] = []CveAllIssueoData{} resp["total"] = 0 - defer u.RetCveData(resp) + //defer u.RetCveData(resp) communityFlag, flagErr := u.GetInt("communityFlag", 0) if flagErr != nil { communityFlag = 0 @@ -261,6 +269,7 @@ func (u *KanbanCveAllIssueController) Get() { logs.Error("err: ", err, ", currentPage: ", currentPage) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetCveData(resp) return } pageSize, err := u.GetInt("pageSize", 100) @@ -268,6 +277,7 @@ func (u *KanbanCveAllIssueController) Get() { logs.Error("err: ", err, ", pageSize: ", pageSize) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetCveData(resp) return } issueData := models.QueryCveOrgIssueData(currentPage, pageSize, communityFlag) @@ -306,9 +316,11 @@ func (u *KanbanCveAllIssueController) Get() { resp["body"] = cid resp["code"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetCveData(resp) } else { resp["code"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetCveData(resp) return } } diff --git a/cve-vulner-manager/controllers/cvedetail.go b/cve-vulner-manager/controllers/cvedetail.go index f8d6514..c7012f9 100644 --- a/cve-vulner-manager/controllers/cvedetail.go +++ b/cve-vulner-manager/controllers/cvedetail.go @@ -35,7 +35,7 @@ func (u *CveDetailController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = cod - defer u.RetData(resp) + //defer u.RetData(resp) //Judge whether it is legal token := u.GetString("token") if token == "" { @@ -43,6 +43,7 @@ func (u *CveDetailController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) resp["body"] = []ResultData{} logs.Error("token acquisition failed") + u.RetData(resp) return } else { // Check token @@ -52,6 +53,7 @@ func (u *CveDetailController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) resp["body"] = []ResultData{} logs.Error("token verification failed") + u.RetData(resp) return } } @@ -60,6 +62,7 @@ func (u *CveDetailController) Get() { logs.Error("cveNum, Parameter error") resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } cveType, typeError := u.GetInt64("cveType") @@ -67,6 +70,7 @@ func (u *CveDetailController) Get() { logs.Error("cveType, Parameter error") resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } // The original data comes from the display of the Chinese Academy of Sciences @@ -76,6 +80,7 @@ func (u *CveDetailController) Get() { if ouErr != nil || ou.CveId == 0 { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } cod.CveNum = ou.CveNum @@ -229,10 +234,12 @@ func (u *CveDetailController) Get() { resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) resp["body"] = cod + u.RetData(resp) return } else { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } } diff --git a/cve-vulner-manager/controllers/gauss.go b/cve-vulner-manager/controllers/gauss.go index 7ef481b..83c4bbb 100644 --- a/cve-vulner-manager/controllers/gauss.go +++ b/cve-vulner-manager/controllers/gauss.go @@ -209,7 +209,7 @@ func (u *GaussSaController) Get() { resp["body"] = []GaussSaData{} resp["totalCount"] = 0 resp["totalPage"] = 0 - defer u.RetSaData(resp) + //defer u.RetSaData(resp) cveLevel, cErr := u.GetInt("cveLevel", 0) if cErr != nil { cveLevel = 0 @@ -233,6 +233,7 @@ func (u *GaussSaController) Get() { logs.Error("err: ", err, ", pageNum: ", pageNum) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetSaData(resp) return } pageSize, err := u.GetInt("pageSize", 100) @@ -240,6 +241,7 @@ func (u *GaussSaController) Get() { logs.Error("err: ", err, ", pageSize: ", pageSize) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetSaData(resp) return } if int(count) % pageSize == 0 { @@ -269,10 +271,12 @@ func (u *GaussSaController) Get() { resp["body"] = gs resp["code"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetSaData(resp) } else { logs.Error("QueryOpenGaussSiteList, saErr: ", saErr) resp["code"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetSaData(resp) return } } @@ -331,11 +335,12 @@ func (u *GaussSaDetailController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = GaussSaDetailData{} - defer u.RetSaDetailData(resp) + //defer u.RetSaDetailData(resp) gaussSaNum := u.GetString("gaussSaNum", "") if gaussSaNum == "" { resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetSaDetailData(resp) return } osl := models.OpenGaussSiteList{GaussSaNum: gaussSaNum} @@ -345,10 +350,12 @@ func (u *GaussSaDetailController) Get() { resp["body"] = ird resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetSaDetailData(resp) } else { logs.Error("QueryOpenGaussSaByNum, oslErr: ", oslErr) resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetSaDetailData(resp) return } } @@ -500,7 +507,7 @@ func (u *GaussCveController) Get() { resp["body"] = []GaussCveData{} resp["totalCount"] = 0 resp["totalPage"] = 0 - defer u.RetGaussCveData(resp) + //defer u.RetGaussCveData(resp) releaseFlag, rErr := u.GetInt("releaseFlag", 1) if rErr != nil { releaseFlag = 1 @@ -520,6 +527,7 @@ func (u *GaussCveController) Get() { logs.Error("err: ", err, ", pageNum: ", pageNum) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetGaussCveData(resp) return } pageSize, err := u.GetInt("pageSize", 100) @@ -527,6 +535,7 @@ func (u *GaussCveController) Get() { logs.Error("err: ", err, ", pageSize: ", pageSize) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetGaussCveData(resp) return } if int(count) % pageSize == 0 { @@ -553,10 +562,12 @@ func (u *GaussCveController) Get() { resp["body"] = gs resp["code"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetGaussCveData(resp) } else { logs.Error("QueryOpenGaussCveList, saErr: ", saErr) resp["code"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetGaussCveData(resp) return } } @@ -631,11 +642,12 @@ func (u *GaussCveDetailController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = GaussCveDetailData{} - defer u.RetCveDetailData(resp) + //defer u.RetCveDetailData(resp) cveNum := u.GetString("cveNum", "") if cveNum == "" { resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetCveDetailData(resp) return } osl := models.OpenGaussCveList{CveNum: cveNum} @@ -645,10 +657,12 @@ func (u *GaussCveDetailController) Get() { resp["body"] = ird resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetCveDetailData(resp) } else { logs.Error("QueryOpenGaussCveByNum, oslErr: ", oslErr) resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetCveDetailData(resp) return } } diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 4bd5ba1..ce1f54a 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -75,6 +75,8 @@ const ( CIssueType = "CVE和安全问题" HasCreateIssue = "@%v 当前CVE:%v 已经创建过对应的ISSUE, 请不要重复创建ISSUE, cve-manager 只会识别之前的ISSUE,不会对当前ISSUE进行处理." CommentCheckVersion = "@%v 请确认分支: %v 受影响/不受影响." + // rejected or upend + CommentRejectedState = `@%v 当前issue状态为: %v,请先修改issue状态, 否则评论无法被识别.` ) var comLock sync.Mutex @@ -562,7 +564,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { issueTmp.IssueNum = issueHook.Iid repoPath := "" if issueHook.Issue.Repository.Path != "" && - len(issueHook.Issue.Repository.Path) > 1 { + len(issueHook.Issue.Repository.Path) > 1 { repoPath = issueHook.Issue.Repository.Path } issueErr := models.GetIssueTemplateByColName(&issueTmp, "issue_num", "issue_id") @@ -583,6 +585,18 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { models.UpdateIssueTemplate(&issueTmp, "Repo") path = repoPath } + if issueHook.Issue.StateName == "已挂起" { + logs.Error("The current issue has been suspended and will not be processed, issueHook: ", issueHook) + issueTmp.Status = 5 + models.UpdateIssueTemplate(&issueTmp, "Status") + return errors.New("The current issue has been suspended and will not be processed") + } + if issueHook.Issue.StateName == "已拒绝" { + logs.Error("The current issue has been rejected and will not be processed, issueHook: ", issueHook) + issueTmp.Status = 4 + models.UpdateIssueTemplate(&issueTmp, "Status") + return errors.New("The current issue has been rejected and will not be processed") + } token := beego.AppConfig.String("gitee::git_token") owner := beego.AppConfig.String("gitee::owner") if cveCenter.OrganizationID == 2 { @@ -1559,6 +1573,22 @@ func handleIssueComment(payload models.CommentPayload) { models.UpdateIssueTemplate(&issueTmp, "Repo") path = repoPath } + if payload.Issue.StateName == "已挂起" { + logs.Error("The current issue has been suspended and will not be processed, payload: ", payload) + issueTmp.Status = 5 + models.UpdateIssueTemplate(&issueTmp, "Status") + taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), + issueTmp.IssueNum, owner, path, accessToken) + return + } + if payload.Issue.StateName == "已拒绝" { + logs.Error("The current issue has been rejected and will not be processed, payload: ", payload) + issueTmp.Status = 4 + models.UpdateIssueTemplate(&issueTmp, "Status") + taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), + issueTmp.IssueNum, owner, path, accessToken) + return + } if strings.HasPrefix(cBody, cmdRej) { //Review rejected Add comment @Analyst if !isReviewer(cuAccount) { diff --git a/cve-vulner-manager/controllers/issue.go b/cve-vulner-manager/controllers/issue.go index 83c9850..abb34a7 100644 --- a/cve-vulner-manager/controllers/issue.go +++ b/cve-vulner-manager/controllers/issue.go @@ -72,12 +72,13 @@ func (u *CveIssueWhiteListController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = []IssueRepoWhiteData{} - defer u.RetData(resp) + //defer u.RetData(resp) status, err := u.GetInt8("status", 0) if err != nil { logs.Error("status, err: ", err, ", status: ", status) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } issueWhiteData, issueErr := models.QueryIssueWhitelist(status) @@ -97,9 +98,11 @@ func (u *CveIssueWhiteListController) Get() { resp["body"] = ird resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetData(resp) } else { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } } diff --git a/cve-vulner-manager/controllers/login.go b/cve-vulner-manager/controllers/login.go index 4231230..3b91a92 100644 --- a/cve-vulner-manager/controllers/login.go +++ b/cve-vulner-manager/controllers/login.go @@ -37,10 +37,11 @@ func (u *UserLoginController) Post() { resp["errno"] = errcode.RecodeLoginErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeLoginErr) resp["body"] = Result{} - defer u.RetData(resp) + //defer u.RetData(resp) err := json.Unmarshal(u.Ctx.Input.RequestBody, &req) if err != nil { logs.Error(err) + u.RetData(resp) return } //Judge whether it is legal @@ -49,6 +50,7 @@ func (u *UserLoginController) Post() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeDataErr) resp["body"] = Result{} logs.Error("Data error: username or password") + u.RetData(resp) return } password := fmt.Sprintf("%s", req["passWord"]) @@ -59,6 +61,7 @@ func (u *UserLoginController) Post() { resp["errmsg"] = errcode.RecodeText(errcode.RecodePwdErr) logs.Error("Password parsing error.") resp["body"] = Result{} + u.RetData(resp) return } var strc Result @@ -78,8 +81,10 @@ func (u *UserLoginController) Post() { expirTime := common.GetTokenExpirTime() newTime := time.Now().AddDate(0, 0, expirTime) models.UpdateToken(resp_model[0]["user_id"], token, newTime) + u.RetData(resp) return } } + u.RetData(resp) return } diff --git a/cve-vulner-manager/controllers/packages.go b/cve-vulner-manager/controllers/packages.go index a8d2ceb..c712e37 100644 --- a/cve-vulner-manager/controllers/packages.go +++ b/cve-vulner-manager/controllers/packages.go @@ -85,7 +85,7 @@ func (u *PackagesController) Get() { resp["body"] = []PackageData{} resp["totalCount"] = 0 resp["totalPage"] = 0 - defer u.RetData(resp) + //defer u.RetData(resp) var iw models.IpWhite if addr != "" { addrIp := strings.Split(addr, ":") @@ -93,23 +93,27 @@ func (u *PackagesController) Get() { if err != nil { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } } else { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } token := u.GetString("token") if token == "" { resp["errno"] = errcode.RecodeSessionErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) + u.RetData(resp) return } else { ok := models.CheckToken(token) if !ok { resp["errno"] = errcode.RecodeRoleErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeRoleErr) + u.RetData(resp) return } } @@ -118,6 +122,7 @@ func (u *PackagesController) Get() { logs.Error("pageNum, err: ", err) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } PageSize, err := u.GetInt64("pageSize") @@ -125,6 +130,7 @@ func (u *PackagesController) Get() { logs.Error("PageSize, err: ", err) resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } QueryPkgName := u.GetString("queryPkgName") @@ -164,10 +170,12 @@ func (u *PackagesController) Get() { resp["body"] = pd resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetData(resp) } } else { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } } @@ -188,7 +196,7 @@ func (u *PackagesInfoController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = PackageInfoData{} - defer u.RetData(resp) + //defer u.RetData(resp) var iw models.IpWhite if addr != "" { addrIp := strings.Split(addr, ":") @@ -196,23 +204,27 @@ func (u *PackagesInfoController) Get() { if err != nil { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } } else { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } token := u.GetString("token") if token == "" { resp["errno"] = errcode.RecodeSessionErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) + u.RetData(resp) return } else { ok := models.CheckToken(token) if !ok { resp["errno"] = errcode.RecodeRoleErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeRoleErr) + u.RetData(resp) return } } @@ -221,6 +233,7 @@ func (u *PackagesInfoController) Get() { logs.Error("pkgName, Parameter error") resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } version := u.GetString("version") @@ -228,6 +241,7 @@ func (u *PackagesInfoController) Get() { logs.Error("version, Parameter error") resp["errno"] = errcode.RecodeParamErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) + u.RetData(resp) return } var gi models.GitPackageInfo @@ -235,6 +249,7 @@ func (u *PackagesInfoController) Get() { if err != nil { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } pd.OriginUrl = gi.OriginUrl @@ -297,5 +312,6 @@ func (u *PackagesInfoController) Get() { resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) resp["body"] = pd + u.RetData(resp) return } diff --git a/cve-vulner-manager/controllers/upload.go b/cve-vulner-manager/controllers/upload.go index 11f6844..8fecb53 100644 --- a/cve-vulner-manager/controllers/upload.go +++ b/cve-vulner-manager/controllers/upload.go @@ -63,7 +63,7 @@ func (u *CveErrorFeedBackController) Get() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = []CveErrorData{} - defer u.RetData(resp) + //defer u.RetData(resp) var iw models.IpWhite if addr != "" { addrIp := strings.Split(addr, ":") @@ -71,23 +71,27 @@ func (u *CveErrorFeedBackController) Get() { if err != nil { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } } else { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } token := u.GetString("token") if token == "" { resp["errno"] = errcode.RecodeSessionErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) + u.RetData(resp) return } else { ok := models.CheckToken(token) if !ok { resp["errno"] = errcode.RecodeRoleErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeRoleErr) + u.RetData(resp) return } } @@ -116,9 +120,11 @@ func (u *CveErrorFeedBackController) Get() { resp["body"] = ced resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) + u.RetData(resp) } else { resp["errno"] = errcode.RecodeNodata resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) + u.RetData(resp) return } } @@ -139,7 +145,7 @@ func (u *UserUploadController) Post() { resp["errno"] = errcode.RecodeUnknowErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeUnknowErr) resp["body"] = []ResultData{} - defer u.RetData(resp) + //defer u.RetData(resp) json.Unmarshal(u.Ctx.Input.RequestBody, &uploaddata) logs.Info("Cve upload request parameters: ", string(u.Ctx.Input.RequestBody)) var iw models.IpWhite @@ -149,11 +155,13 @@ func (u *UserUploadController) Post() { if err != nil { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } } else { resp["errno"] = errcode.RecodeIpErr resp["errmsg"] = errcode.RecodeText(errcode.RecodeIpErr) + u.RetData(resp) return } //Judge whether it is legal @@ -162,6 +170,7 @@ func (u *UserUploadController) Post() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) resp["body"] = []ResultData{} logs.Error("token request parameter is empty!") + u.RetData(resp) return } else { // Check token @@ -171,6 +180,7 @@ func (u *UserUploadController) Post() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeSessionErr) resp["body"] = []ResultData{} logs.Error("token verification failed!") + u.RetData(resp) return } } @@ -179,6 +189,7 @@ func (u *UserUploadController) Post() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) resp["body"] = []ResultData{} logs.Error("cve data is empty") + u.RetData(resp) return } for _, CveDataDict := range uploaddata.CveData { @@ -350,6 +361,7 @@ func (u *UserUploadController) Post() { resp["errno"] = errcode.RecodeOk resp["errmsg"] = errcode.RecodeText(errcode.RecodeOk) resp["body"] = ResDataList + u.RetData(resp) return } diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 0a7e1da..3d5d7b7 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -341,44 +341,60 @@ func CreateOpenEulerSA(op *OpenEulerSA) (OpenId int64, err error) { return OpenId, nil } -func CreateScoreRecord(sc *ScoreRecord) (scoreId int64, err error) { +func QueryIssueScoreRecord(cveId int64, status int8) (ScoreRecord, error) { + o := orm.NewOrm() + var sr ScoreRecord + err := o.Raw("select id, cve_id, nvd_score, n_vector_value"+ + " from cve_score_record where cve_id = ? and status = ? order by id desc limit 1", + cveId, status).QueryRow(&sr) + if err == nil { + logs.Info("QueryIssueScoreRecord, cve_score_record, search result: ", sr) + } else { + logs.Info("QueryIssueScoreRecord, cve_score_record, cveId: ", cveId, ", err: ", err) + } + return sr, err +} + +func InsertScoreRecord(sc *ScoreRecord) (scoreId int64, err error) { o := orm.NewOrm() errs := o.Begin() + scoreId = 0 if errs == nil { - var num int64 - if num, err = o.Insert(sc); err == nil { - logs.Info("CreateScoreRecord, insert cve_score_record success, num: ", num, ", CveId: ", sc.CveId) + if num, err := o.Insert(sc); err == nil { + logs.Info("InsertScoreRecord, insert cve_score_record, num:", num, ", CveId:", sc.CveId) + scoreId = num } else { - logs.Error("CreateScoreRecord, insert cve_score_record failed, CveId:", sc.CveId, ", err:", err) + logs.Error("InsertScoreRecord, insert cve_score_record failed, CveId:", sc.CveId, ",err: ", err) o.Rollback() - return 0, err + return scoreId, err } - scoreId = sc.Id o.Commit() } else { - logs.Error("CreateScoreRecord, Transaction creation failed, cveId: ", sc.CveId, ",errs: ", errs) - return 0, errs + logs.Error("InsertScoreRecord, Transaction creation failed, cveId:", sc.CveId, ",errs: ", errs) + return scoreId, errs } return scoreId, nil } -func InsertScoreRecord(sc *ScoreRecord) (int64, error) { +func UpdateScoreRecord(sc *ScoreRecord, cols ...string) (resultNum int64, err error) { o := orm.NewOrm() errs := o.Begin() + resultNum = 0 if errs == nil { - if num, err := o.Insert(sc); err == nil { - logs.Info("InsertScoreRecord, insert cve_score_record, num:", num, ", CveId:", sc.CveId) + if num, err := o.Update(sc, cols...); err == nil { + logs.Info("UpdateScoreRecord, update cve_score_record, num:", num, ", CveId:", sc.CveId) + resultNum = num } else { - logs.Error("InsertScoreRecord, insert cve_score_record failed, CveId:", sc.CveId, ",err: ", err) + logs.Error("UpdateScoreRecord, update cve_score_record failed, CveId:", sc.CveId, ",err: ", err) o.Rollback() - return 0, err + return resultNum, err } o.Commit() } else { logs.Error("InsertScoreRecord, Transaction creation failed, cveId:", sc.CveId, ",errs: ", errs) - return 0, errs + return resultNum, errs } - return 0, nil + return resultNum, nil } func CreateCveRelat(cve *VulnCenter, sec *SecurityNotice, score *Score, @@ -1248,4 +1264,4 @@ func QueryCveSingleIssueData(communityFlag int, packName, cveNum, issueNum strin "and v.pack_name=? and v.cve_num=? limit 1", communityFlag, packName, cveNum).QueryRow(&cai) } return -} \ No newline at end of file +} diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go index 9251a64..f4984c7 100644 --- a/cve-vulner-manager/models/issue.go +++ b/cve-vulner-manager/models/issue.go @@ -130,19 +130,6 @@ func QueryIssueScore(cveId int64) (Score, error) { return sc, err } -func QueryIssueScoreRecord(cveId int64, status int8) (ScoreRecord, error) { - o := orm.NewOrm() - var sr ScoreRecord - err := o.Raw("select id, cve_id, nvd_score, n_vector_value"+ - " from cve_score_record where cve_id = ? and status = ? order by id desc limit 1", - cveId, status).QueryRow(&sr) - if err == nil { - logs.Info("QueryIssueScoreRecord, cve_score_record, search result: ", sr) - } else { - logs.Info("QueryIssueScoreRecord, cve_score_record, cveId: ", cveId, ", err: ", err) - } - return sr, err -} func GetIssueTemplateByColName(it *IssueTemplate, colName ...string) error { o := orm.NewOrm() diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go index 70a8af6..24f83a7 100644 --- a/cve-vulner-manager/task/issuetask.go +++ b/cve-vulner-manager/task/issuetask.go @@ -495,6 +495,8 @@ func ProcUpdateIssue(issueValue models.VulnCenter, accessToken, owner string) er if err != nil { logs.Error("ProcUpdateIssue, Failed to query score records, CveNum: ", issueValue.CveNum, ", err: ", err) + } + if sr.NVDScore == 0 { sc, err := models.QueryIssueScore(issueValue.CveId) if err != nil { logs.Error("ProcUpdateIssue, Failed to get Score, err: ", @@ -503,6 +505,18 @@ func ProcUpdateIssue(issueValue models.VulnCenter, accessToken, owner string) er } sr.NVDScore = sc.NVDScore sr.NvectorVule = sc.NvectorVule + sr.CveId = issueValue.CveId + if sr.Id > 0 { + resultNum, upErr := models.UpdateScoreRecord(&sr, "NVDScore", "NvectorVule") + if upErr !=nil { + logs.Error("UpdateScoreRecord, upErr: ", upErr, resultNum) + } + } else { + sr.Status = 0 + sr.CreateTime = time.Now() + scoreId, inErr := models.InsertScoreRecord(&sr) + logs.Error("InsertScoreRecord, upErr: ", inErr, scoreId) + } } if issueValue.OrganizationID == 3 { // Get branch information @@ -517,8 +531,10 @@ func ProcUpdateIssue(issueValue models.VulnCenter, accessToken, owner string) er it.CveId = issueValue.CveId templateErr := models.GetIssueTemplateByColName(&it, "CveNum", "OwnedVersion", "Repo", "CveId") if templateErr == nil && it.TemplateId > 0 { - it.NVDScore = sr.NVDScore - it.NVDVector = sr.NvectorVule + if it.NVDScore == 0 && sr.NVDScore > 0 { + it.NVDScore = sr.NVDScore + it.NVDVector = sr.NvectorVule + } it.CveBrief = issueValue.Description it.CveLevel = issueValue.CveLevel if (it.Assignee == "" || len(it.Assignee) < 2) && issueValue.OrganizationID == 1 { diff --git a/cve-vulner-manager/taskhandler/createissue.go b/cve-vulner-manager/taskhandler/createissue.go index eef118c..62f23ad 100644 --- a/cve-vulner-manager/taskhandler/createissue.go +++ b/cve-vulner-manager/taskhandler/createissue.go @@ -405,6 +405,12 @@ func UpdateIssueToGit(accessToken string, owner string, path string, cve models.VulnCenter, its models.IssueTemplate) (string, error) { logs.Info("UpdateIssueToGit, Update template request parameters: cve: ", cve, ",its: ", its, ", owner: ", owner, ",path: ", path) + if its.Status == 4 || its.Status == 5 { + logs.Error("UpdateIssueToGit, "+ + "The current issue has been suspended/rejected and will not be processed, its: ", its) + models.UpdateIssueStatus(cve, 2) + return "", errors.New("The current issue has been suspended/rejected and will not be processed") + } if cve.OrganizationID == 2 { owner = beego.AppConfig.String("opengauss::gauss_owner") accessToken = beego.AppConfig.String("opengauss::git_gauss_token") diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index a653fe5..dd71f76 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -118,7 +118,7 @@ func UpdateExcelCveGroups(cveData models.OriginExcel, scorecode.NvectorVule = cveData.NVDVector scorecode.Status = 0 scorecode.CveId = CveRes.CveId - scoreid, err := models.CreateScoreRecord(&scorecode) + scoreid, err := models.InsertScoreRecord(&scorecode) if scoreid > 0 && err == nil { logs.Info("insert score_record success, id:", scoreid) } else { @@ -420,7 +420,7 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum scorecode.NvectorVule = vectorString scorecode.Status = 0 scorecode.CveId = CveRes.CveId - scoreid, err := models.CreateScoreRecord(&scorecode) + scoreid, err := models.InsertScoreRecord(&scorecode) if scoreid > 0 && err == nil { logs.Info("insert score_record success, id:", scoreid) } else { @@ -454,7 +454,7 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum scorecode.NvectorVule = vectorString scorecode.Status = 0 scorecode.CveId = CveRes.CveId - scoreid, err := models.CreateScoreRecord(&scorecode) + scoreid, err := models.InsertScoreRecord(&scorecode) if scoreid > 0 && err == nil { logs.Info("insert score_record success, id:", scoreid) } else { @@ -1290,7 +1290,8 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if cvsError != nil { vul.CveLevel = "Critical" } - if len(briefIntroduction) < 2 || v2 <= 0 || len(lop.CvsVector) < 1 { + if len(briefIntroduction) < 2 || v2 <= 0 || len(lop.CvsVector) < 1 && + cveData.IssueState != "已拒绝" && cveData.IssueState != "已挂起" { vul.Status = 1 } vul.CveLevel = models.OpenEulerScoreProc(v2) @@ -1444,32 +1445,10 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.IssueLabel = beego.AppConfig.String("labelUnFix") issueTemp.StatusName = cveData.State issueTemp.Assignee = cveData.IssueAssignee - if strings.ToLower(cveData.State) == "open" || cveData.State == "待办的" || cveData.State == "开启的" { - issueTemp.Status = 1 - issueTemp.IssueStatus = 1 - issueTemp.StatusName = "open" - } else if strings.ToLower(cveData.State) == "progressing" || - strings.ToLower(cveData.State) == "started" || cveData.State == "进行中" { - issueTemp.Status = 2 - issueTemp.IssueStatus = 3 - issueTemp.StatusName = "progressing" - } else if strings.ToLower(cveData.State) == "closed" || cveData.State == "已完成" { - issueTemp.Status = 3 - issueTemp.IssueStatus = 2 + UpdateIssueState(cveData.State, cveData.IssueState, &issueTemp, 3) + if issueTemp.Status == 3 { vul.IsExport = 3 cveCenter.IsExport = 3 - issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") - } else if strings.ToLower(cveData.State) == "rejected" || cveData.State == "已拒绝" { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 - issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") - } else if strings.ToLower(cveData.State) == "suspended" || cveData.State == "已挂起" { - issueTemp.Status = 5 - issueTemp.IssueStatus = 6 - issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") - } else { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 } issueTemp.Owner = owner issueTemp.Repo = cveData.RepoPath @@ -1805,7 +1784,8 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if len(issueTemp.OwnedComponent) < 2 { issueTemp.OwnedComponent = lop.Components } - if (len(briefIntroduction) < 2 || tmpNVDScore <= 0 || len(lop.CvsVector) < 1) && issueTemp.Status < 3 { + if (len(briefIntroduction) < 2 || tmpNVDScore <= 0 || len(lop.CvsVector) < 1) && issueTemp.Status < 3 && + cveData.IssueState != "已拒绝" && cveData.IssueState != "已挂起" { cveCenter.Status = 1 } //issueTemp.OwnedVersion = RemoveSubstring(lop.Version, specCharList) @@ -1864,30 +1844,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.StatusName = cveData.State statusName = cveData.State } - if strings.ToLower(statusName) == "open" || statusName == "待办的" || statusName == "开启的" { - issueTemp.Status = 1 - issueTemp.IssueStatus = 1 - issueTemp.StatusName = "open" - } else if strings.ToLower(statusName) == "progressing" || - strings.ToLower(statusName) == "started" || statusName == "进行中" { - issueTemp.Status = 2 - issueTemp.IssueStatus = 3 - issueTemp.StatusName = "progressing" - } else if strings.ToLower(statusName) == "closed" || statusName == "已完成" { - issueTemp.Status = 3 - issueTemp.IssueStatus = 2 - issueTemp.MtAuditFlag = 1 - cveCenter.IsExport = 3 - } else if strings.ToLower(statusName) == "rejected" || statusName == "已拒绝" { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 - } else if strings.ToLower(statusName) == "suspended" || statusName == "已挂起" { - issueTemp.Status = 5 - issueTemp.IssueStatus = 6 - } else { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 - } + UpdateIssueState(statusName, cveData.IssueState, &issueTemp, 1) issueTemp.Owner = owner if cveData.Title != "" { issueTemp.Title = cveData.Title @@ -1910,7 +1867,8 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if nvdError == nil { issueTemp.NVDScore = nvdScore } - if len(briefIntroduction) < 2 || tmpNVDScore <= 0 || len(lop.CvsVector) < 1 { + if len(briefIntroduction) < 2 || tmpNVDScore <= 0 || len(lop.CvsVector) < 1 && + cveData.IssueState != "已拒绝" && cveData.IssueState != "已挂起" { cveCenter.Status = 1 } issueTemp.NVDVector = lop.CvsVector @@ -1926,42 +1884,16 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.StatusName = cveData.State issueTemp.IssueLabel = beego.AppConfig.String("labelUnFix") issueTemp.Assignee = cveData.IssueAssignee - if strings.ToLower(cveData.State) == "open" || cveData.State == "待办的" || cveData.State == "开启的" { - issueTemp.Status = 1 - issueTemp.IssueStatus = 1 - issueTemp.StatusName = "open" - } else if strings.ToLower(cveData.State) == "progressing" || - strings.ToLower(cveData.State) == "started" || cveData.State == "进行中" { - issueTemp.Status = 2 - issueTemp.IssueStatus = 3 - issueTemp.StatusName = "progressing" - } else if strings.ToLower(cveData.State) == "closed" || cveData.State == "已完成" { - issueTemp.Status = 3 - issueTemp.IssueStatus = 2 - cveCenter.IsExport = 3 - issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") - issueTemp.MtAuditFlag = 1 - issueTemp.SaAuditFlag = 1 - } else if strings.ToLower(cveData.State) == "rejected" || cveData.State == "已拒绝" { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 - issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") - issueTemp.MtAuditFlag = 1 - issueTemp.SaAuditFlag = 1 - } else if strings.ToLower(cveData.State) == "suspended" || cveData.State == "已挂起" { - issueTemp.Status = 5 - issueTemp.IssueStatus = 6 - issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") - } else { - issueTemp.Status = 4 - issueTemp.IssueStatus = 6 - } + UpdateIssueState(cveData.State, cveData.IssueState, &issueTemp, 2) if cveData.Title != "" { issueTemp.Title = cveData.Title } issueTemp.IssueType = CIssueType issueTemp.CveLevel = vul.CveLevel } + if issueTemp.Status == 3 { + cveCenter.IsExport = 3 + } update := models.UpdateVulnCenter(&cveCenter, "is_export", "cve_status") if !update { logs.Error("update vulnCenter fail ") @@ -1979,6 +1911,53 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c return true, nil } +func UpdateIssueState(statusName, issueState string, issueTemp *models.IssueTemplate, flag int) { + if (strings.ToLower(statusName) == "open" || statusName == "待办的" || statusName == "开启的" || + issueState == "待办的" || issueState == "新建") && issueState != "已挂起" { + issueTemp.Status = 1 + issueTemp.IssueStatus = 1 + issueTemp.StatusName = "open" + } else if strings.ToLower(statusName) == "progressing" || + strings.ToLower(statusName) == "started" || statusName == "进行中" || issueState == "进行中" { + issueTemp.Status = 2 + issueTemp.IssueStatus = 3 + issueTemp.StatusName = "progressing" + } else if strings.ToLower(statusName) == "closed" || statusName == "已完成" || issueState == "已完成" { + issueTemp.Status = 3 + issueTemp.IssueStatus = 2 + issueTemp.MtAuditFlag = 1 + if flag == 2 { + issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") + issueTemp.MtAuditFlag = 1 + issueTemp.SaAuditFlag = 1 + } + if flag == 3{ + issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") + } + } else if strings.ToLower(statusName) == "rejected" || statusName == "已拒绝" || + issueState == "已拒绝" || issueState == "已取消" { + issueTemp.Status = 4 + issueTemp.IssueStatus = 6 + if flag == 2 { + issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") + issueTemp.MtAuditFlag = 1 + issueTemp.SaAuditFlag = 1 + } + if flag == 3{ + issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") + } + } else if strings.ToLower(statusName) == "suspended" || statusName == "已挂起" || issueState == "已挂起" { + issueTemp.Status = 5 + issueTemp.IssueStatus = 6 + if flag == 2 || flag == 3{ + issueTemp.IssueLabel = beego.AppConfig.String("labeUnaffected") + } + } else { + issueTemp.Status = 4 + issueTemp.IssueStatus = 6 + } +} + func paraAffectBrandBool(affectedVersion string) bool { unaffectedBranchList := []string{} brandsGroup := strings.Split(affectedVersion, ",") @@ -2069,7 +2048,8 @@ func GenCveVulerByIssue(cveData models.GiteOriginIssue, cveRef string, openeuler if len(goe.Version) > 0 { hole.Version = goe.Version } - if cveData.State != "" && (strings.ToLower(cveData.State) == "rejected" || cveData.State == "已拒绝") { + if cveData.State != "" && (strings.ToLower(cveData.State) == "rejected" || + cveData.State == "已拒绝" || cveData.IssueState == "已拒绝" || cveData.IssueState == "已挂起") { logs.Info("Process data whose issue status is rejected:", cveData) cvd, ok := models.QueryCveByNum(cveData.CveNumber, cveData.RepoPath, hole.Version, organizationID) if ok && cvd.CveNum != "" { -- Gitee