From bb07073664ed131ccffba3994dceb15d790d84e3 Mon Sep 17 00:00:00 2001 From: zhangjianjun_code <7844966+zhangjianjun_code@user.noreply.gitee.com> Date: Thu, 29 Oct 2020 14:54:58 +0800 Subject: [PATCH] 1. Modify the ip whitelist; 2. Fix bugs including: issue template, security notification information --- models/common.go | 13 ++++++++++ models/packages.go | 4 +++- models/uploadcve.go | 40 ++++--------------------------- task/issuetask.go | 22 ----------------- taskhandler/common.go | 15 +++++++++++- taskhandler/createissue.go | 27 ++++++++++++++++++--- taskhandler/cve.go | 49 ++++++++++++++++---------------------- 7 files changed, 78 insertions(+), 92 deletions(-) diff --git a/models/common.go b/models/common.go index 138951d..7554f72 100644 --- a/models/common.go +++ b/models/common.go @@ -28,3 +28,16 @@ func CheckToken(token string) bool { } return true } + +func openEulerScoreProc(openEulerScore float64) (CveLevel string){ + if openEulerScore >= 9.0 { + CveLevel = "Critical" + } else if openEulerScore >= 7.0 && openEulerScore <= 8.9 { + CveLevel = "High" + } else if openEulerScore > 4.0 && openEulerScore <= 6.9 { + CveLevel = "Medium" + } else if openEulerScore <= 4.0 { + CveLevel = "Low" + } + return CveLevel +} diff --git a/models/packages.go b/models/packages.go index a7be4cb..01607f8 100644 --- a/models/packages.go +++ b/models/packages.go @@ -13,8 +13,10 @@ func GetIpWhite(ip string, iw *IpWhite) (err error) { return nil } else { logs.Error("ip:", ip, " 访问受限") + // 不处理黑名单 + return nil } - return err + //return err } func GetPackageInfo(packageName string, gi *GitPackageInfo) (err error) { diff --git a/models/uploadcve.go b/models/uploadcve.go index 25ce827..12dd07f 100644 --- a/models/uploadcve.go +++ b/models/uploadcve.go @@ -278,15 +278,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv3.Scope = CveData.Impact.BaseMetricV3.CvssV3.Scope lousisv3.ImpactScore = CveData.Impact.BaseMetricV3.ImpactScore lousisv3.ExploitabilityScore = CveData.Impact.BaseMetricV3.ExploitabilityScore - if CveData.Impact.BaseMetricV3.CvssV3.BaseScore >= 9.0 { - lousisv3.CveLevel = "Critical" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore >= 7.0 && CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 8.9 { - lousisv3.CveLevel = "High" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore > 4.0 && CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 6.9 { - lousisv3.CveLevel = "Medium" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 4.0 { - lousisv3.CveLevel = "Low" - } + lousisv3.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) if lousistnumv3, err := o.Insert(&lousisv3); err == nil { logs.Info("insert cve_origin_upstream_impact_score_v3 success, lousistnumv3:", lousistnumv3, ", cveNum", ou.Ids) } else { @@ -328,15 +320,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv2.ObtainOtherPrivilege = CveData.Impact.BaseMetricV2.ObtainOtherPrivilege lousisv2.ImpactScore = CveData.Impact.BaseMetricV2.ImpactScore lousisv2.ExploitabilityScore = CveData.Impact.BaseMetricV2.ExploitabilityScore - if CveData.Impact.BaseMetricV2.CvssV2.BaseScore >= 9.0 { - lousisv2.CveLevel = "Critical" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore >= 7.0 && CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 8.9 { - lousisv2.CveLevel = "High" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore > 4.0 && CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 6.9 { - lousisv2.CveLevel = "Medium" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 4.0 { - lousisv2.CveLevel = "Low" - } + lousisv2.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) if lousistnumv2, err := o.Insert(&lousisv2); err == nil { logs.Info("insert cve_origin_upstream_impact_score_v2 success, lousistnumv2:", lousistnumv2, ", cveNum", ou.Ids) } else { @@ -621,15 +605,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv3.Scope = CveData.Impact.BaseMetricV3.CvssV3.Scope lousisv3.ImpactScore = CveData.Impact.BaseMetricV3.ImpactScore lousisv3.ExploitabilityScore = CveData.Impact.BaseMetricV3.ExploitabilityScore - if CveData.Impact.BaseMetricV3.CvssV3.BaseScore >= 9.0 { - lousisv3.CveLevel = "Critical" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore >= 7.0 && CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 8.9 { - lousisv3.CveLevel = "High" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore > 4.0 && CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 6.9 { - lousisv3.CveLevel = "Medium" - } else if CveData.Impact.BaseMetricV3.CvssV3.BaseScore <= 4.0 { - lousisv3.CveLevel = "Low" - } + lousisv3.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV3.CvssV3.BaseScore) if lousistnumv3, err := o.Insert(&lousisv3); err == nil { logs.Info("insert cve_origin_upstream_impact_score_v3 success, lousistnumv3:", lousistnumv3, ", cveNum", ou.Ids) } else { @@ -671,15 +647,7 @@ func CreateOriginCve(CveData common.CveOriginData, ou *OriginUpstream, od *Origi lousisv2.ObtainOtherPrivilege = CveData.Impact.BaseMetricV2.ObtainOtherPrivilege lousisv2.ImpactScore = CveData.Impact.BaseMetricV2.ImpactScore lousisv2.ExploitabilityScore = CveData.Impact.BaseMetricV2.ExploitabilityScore - if CveData.Impact.BaseMetricV2.CvssV2.BaseScore >= 9.0 { - lousisv2.CveLevel = "Critical" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore >= 7.0 && CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 8.9 { - lousisv2.CveLevel = "High" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore > 4.0 && CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 6.9 { - lousisv2.CveLevel = "Medium" - } else if CveData.Impact.BaseMetricV2.CvssV2.BaseScore <= 4.0 { - lousisv2.CveLevel = "Low" - } + lousisv2.CveLevel = openEulerScoreProc(CveData.Impact.BaseMetricV2.CvssV2.BaseScore) if lousistnumv2, err := o.Insert(&lousisv2); err == nil { logs.Info("insert cve_origin_upstream_impact_score_v2 success, lousistnumv2:", lousistnumv2, ", cveNum", ou.Ids) } else { diff --git a/task/issuetask.go b/task/issuetask.go index 3832a61..bd3c7b7 100644 --- a/task/issuetask.go +++ b/task/issuetask.go @@ -222,19 +222,6 @@ func ProcIssue(issueValue models.VulnCenter, accessToken, owner, path string) er brandArry = append(brandArry, branch) } - } - branchs := "" - if len(brandArry) > 0 { - for _, b := range brandArry { - if b != "" && len(b) > 1 { - branchs = branchs + b + "/" - } - } - if branchs != "" && len(branchs) > 1 { - branchs = branchs[:len(branchs)-1] - } - } else { - } resp, err := taskhandler.CreateIssueToGit(accessToken, owner, path, assignee, issueValue, sc, brandArry) if err != nil { @@ -243,14 +230,5 @@ func ProcIssue(issueValue models.VulnCenter, accessToken, owner, path string) er models.UpdateIssueStatus(issueValue, 3) return err } - // Store security bulletin related information - var sec models.SecurityNotice - taskhandler.CreateSecNoticeData(&sec, issueValue, path, branchs) - secID, err := models.UpdateSecNotice(&sec) - if err != nil { - logs.Error("更新安全信息失败,CveNum: ", issueValue.CveNum, "path: ", path, "err: ", err) - return err - } - logs.Info("更新安全信息成功, secID: ", secID, "cveNum: ", issueValue.CveNum) return nil } diff --git a/taskhandler/common.go b/taskhandler/common.go index a6a1a1b..f731e29 100644 --- a/taskhandler/common.go +++ b/taskhandler/common.go @@ -551,4 +551,17 @@ func deleteTailBlank(str string) string { } } return str[:len(str)-spaceNum] -} \ No newline at end of file +} + +func openEulerScoreProc(openEulerScore float64) (CveLevel string){ + if openEulerScore >= 9.0 { + CveLevel = "Critical" + } else if openEulerScore >= 7.0 && openEulerScore <= 8.9 { + CveLevel = "High" + } else if openEulerScore > 4.0 && openEulerScore <= 6.9 { + CveLevel = "Medium" + } else if openEulerScore <= 4.0 { + CveLevel = "Low" + } + return CveLevel +} diff --git a/taskhandler/createissue.go b/taskhandler/createissue.go index 6b492e5..e6358af 100644 --- a/taskhandler/createissue.go +++ b/taskhandler/createissue.go @@ -178,6 +178,26 @@ func CreateIssueToGit(accessToken string, owner string, path string, assignee st models.UpdateIssueScoreRe(cve, 1) } } + branchs := "" + if len(brandArray) > 0 { + for _, b := range brandArray { + if b != "" && len(b) > 1 { + branchs = branchs + b + "/" + } + } + if branchs != "" && len(branchs) > 1 { + branchs = branchs[:len(branchs)-1] + } + } + // Store security bulletin related information + var sec models.SecurityNotice + CreateSecNoticeData(&sec, cve, path, branchs, sc.NVDScore) + secID, noticeErr := models.UpdateSecNotice(&sec) + if noticeErr != nil { + logs.Error("更新安全信息失败,CveNum: ", cve.CveNum, "path: ", path, "err: ", noticeErr) + return "", nil + } + logs.Info("更新安全信息成功, secID: ", secID, "cveNum: ", cve.CveNum) return "", nil } @@ -216,7 +236,7 @@ func UpdateIssueToGit(accessToken string, owner string, path string, } // Store security bulletin related information var sec models.SecurityNotice - CreateSecNoticeData(&sec, cve, path, its.AffectedVersion) + CreateSecNoticeData(&sec, cve, path, its.AffectedVersion, its.OpenEulerScore) secId, err := models.UpdateSecNotice(&sec) if err != nil { logs.Error("更新安全信息失败,CveNum: ", cve.CveNum, ",path: ", path, ",err: ", err) @@ -451,7 +471,7 @@ func CreateIssueComment(accessToken, owner, path, Assignee string, return nil } -func CreateSecNoticeData(sec *models.SecurityNotice, iss models.VulnCenter, path, branchVersion string) { +func CreateSecNoticeData(sec *models.SecurityNotice, iss models.VulnCenter, path, branchVersion string, opScore float64) { branchs := "" if branchVersion != "" && len(branchVersion) > 0 { brandsGroup := strings.Split(branchVersion, ",") @@ -483,9 +503,10 @@ func CreateSecNoticeData(sec *models.SecurityNotice, iss models.VulnCenter, path } sec.CveId = iss.CveId sec.CveNum = iss.CveNum + opScoreLeve := openEulerScoreProc(opScore) sec.Introduction = "An update for " + path + " is now available for " + branchs + "." sec.Theme = sec.Introduction + ";\n\n" + "openEuler Security has rated this" + - " update as having a security impact of medium. A Common Vunlnerability" + + " update as having a security impact of " + opScoreLeve + ". A Common Vunlnerability" + " Scoring System(CVSS)base score,which gives a detailed severity rating," + " is available for each vulnerability from the CVElink(s) in the References section." sec.AffectProduct = branchs diff --git a/taskhandler/cve.go b/taskhandler/cve.go index 48df328..65853ca 100644 --- a/taskhandler/cve.go +++ b/taskhandler/cve.go @@ -922,15 +922,7 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if cvsError != nil { vul.CveLevel = "Critical" } - if v2 >= 9.0 { - vul.CveLevel = "Critical" - } else if v2 >= 7.0 && v2 <= 8.9 { - vul.CveLevel = "High" - } else if v2 > 4.0 && v2 <= 6.9 { - vul.CveLevel = "Medium" - } else if v2 <= 4.0 { - vul.CveLevel = "Low" - } + vul.CveLevel = openEulerScoreProc(v2) var sec models.SecurityNotice sec.CveNum = cveData.CveNumber sec.InfluenceComponent = lop.Components @@ -944,10 +936,17 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } else { sec.Description += "(" + vul.CveNum + ")" } + opScoreLeve := "" + opScore, opError := strconv.ParseFloat(lop.OpScore, 64) + if opError != nil { + opScoreLeve = "Critical" + } else { + opScoreLeve = openEulerScoreProc(opScore) + } sec.ReferenceLink = cveRef + cveData.CveNumber sec.Introduction = "An update for " + lop.Components + " is now available for " + lop.InfProduct + "." sec.Theme = sec.Introduction + ";\n\n" + "openEuler Security has rated this" + - " update as having a security impact of medium. A Common Vunlnerability" + + " update as having a security impact of " + opScoreLeve + ". A Common Vunlnerability" + " Scoring System(CVSS)base score,which gives a detailed severity rating," + " is available for each vulnerability from the CVElink(s) in the References section." sec.AffectProduct = lop.InfProduct @@ -1100,9 +1099,16 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c sec.Description += "(" + vul.CveNum + ")" } sec.ReferenceLink = cveRef + cveData.CveNumber + opScoreLeve := "" + opScore, opError := strconv.ParseFloat(lop.OpScore, 64) + if opError != nil { + opScoreLeve = "Critical" + } else { + opScoreLeve = openEulerScoreProc(opScore) + } sec.Introduction = "An update for " + lop.Components + " is now available for " + lop.InfProduct + "." sec.Theme = sec.Introduction + ";\n\n" + "openEuler Security has rated this" + - " update as having a security impact of medium. A Common Vunlnerability" + + " update as having a security impact of "+ opScoreLeve + ". A Common Vunlnerability" + " Scoring System(CVSS)base score,which gives a detailed severity rating," + " is available for each vulnerability from the CVElink(s) in the References section." sec.AffectProduct = lop.InfProduct @@ -1118,15 +1124,8 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c v2, cvsError := strconv.ParseFloat(lop.CvsScore, 64) if cvsError != nil { vul.CveLevel = "Critical" - } - if v2 >= 9.0 { - vul.CveLevel = "Critical" - } else if v2 >= 7.0 && v2 <= 8.9 { - vul.CveLevel = "High" - } else if v2 > 4.0 && v2 <= 6.9 { - vul.CveLevel = "Medium" - } else if v2 <= 4.0 { - vul.CveLevel = "Low" + } else { + vul.CveLevel = openEulerScoreProc(v2) } score.CveNum = cveData.CveNumber var nvdError error @@ -1169,15 +1168,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } } else { v2 := score.NVDScore - if v2 >= 9.0 { - vul.CveLevel = "Critical" - } else if v2 >= 7.0 && v2 <= 8.9 { - vul.CveLevel = "High" - } else if v2 > 4.0 && v2 <= 6.9 { - vul.CveLevel = "Medium" - } else if v2 <= 4.0 { - vul.CveLevel = "Low" - } + vul.CveLevel = openEulerScoreProc(v2) score.CveNum = cveData.CveNumber score.Nstatus = 2 var nvdError error -- Gitee