From b9c7e51b977f0d7b32a5df4715f8d6e29a6f4af7 Mon Sep 17 00:00:00 2001 From: zhangjianjun Date: Mon, 21 Feb 2022 16:06:43 +0800 Subject: [PATCH 1/2] For cves that are found by both the upstream system and manual work and do not meet the conditions, the manual can create special processing of issues separately --- .../cve-py/config_yaml/deployment.yaml | 44 +++++++++++++++++++ .../cve-py/config_yaml/kustomization.yaml | 17 +++++++ .../cve-py/config_yaml/namespace.yaml | 6 +++ .../cve-py/config_yaml/secrets.yaml | 20 +++++++++ .../cve-py/config_yaml/service.yaml | 14 ++++++ .../cve-py/controller/timertaskcontroller.py | 2 +- cve-vulner-manager/task/issuetask.go | 33 +++++++++----- 7 files changed, 123 insertions(+), 13 deletions(-) create mode 100644 cve-vulner-manager/cve-py/config_yaml/deployment.yaml create mode 100644 cve-vulner-manager/cve-py/config_yaml/kustomization.yaml create mode 100644 cve-vulner-manager/cve-py/config_yaml/namespace.yaml create mode 100644 cve-vulner-manager/cve-py/config_yaml/secrets.yaml create mode 100644 cve-vulner-manager/cve-py/config_yaml/service.yaml diff --git a/cve-vulner-manager/cve-py/config_yaml/deployment.yaml b/cve-vulner-manager/cve-py/config_yaml/deployment.yaml new file mode 100644 index 0000000..646ce9c --- /dev/null +++ b/cve-vulner-manager/cve-py/config_yaml/deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + app: cve-manager-analysis + name: cve-manager-analysis +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: cve-manager-analysis + template: + metadata: + labels: + app: cve-manager-analysis + spec: + containers: + - env: + - name: DB_PWDPY + valueFrom: + secretKeyRef: + name: cve-secrets-py + key: db-pwdpy + - name: DB_URI + valueFrom: + secretKeyRef: + name: cve-secrets-py + key: db-uri + - name: CVE_EMAIL_SENDADDR + valueFrom: + secretKeyRef: + name: cve-secrets-py + key: cve-email-sendaddr + - name: CVE_EMAIL_PASSWORD + valueFrom: + secretKeyRef: + name: cve-secrets-py + key: cve-email-password + - name: TZ + value: Asia/Shanghai + image: swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/cve-manager-analysis:1cb6af4c1d428074cb8e54db23adf1efaab75639 + imagePullPolicy: IfNotPresent + name: cve-manager-analysis diff --git a/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml b/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml new file mode 100644 index 0000000..9684b1e --- /dev/null +++ b/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml @@ -0,0 +1,17 @@ +resources: +- namespace.yaml +- deployment.yaml +- service.yaml +- secrets.yaml +commonLabels: + app: cve-manager-analysis + owner: zhangjianjun +commonAnnotations: + email: 841670711@qq.com + owner: zhangjianjun +namespace: cve-manager +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/cve-manager-analysis + newTag: 89281957eaa42c6a7c8cd048b1374dccdf68fd96 diff --git a/cve-vulner-manager/cve-py/config_yaml/namespace.yaml b/cve-vulner-manager/cve-py/config_yaml/namespace.yaml new file mode 100644 index 0000000..09d5c2b --- /dev/null +++ b/cve-vulner-manager/cve-py/config_yaml/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: cve-manager-analysis + name: cve-manager-analysis diff --git a/cve-vulner-manager/cve-py/config_yaml/secrets.yaml b/cve-vulner-manager/cve-py/config_yaml/secrets.yaml new file mode 100644 index 0000000..eb2c021 --- /dev/null +++ b/cve-vulner-manager/cve-py/config_yaml/secrets.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: secrets-manager.tuenti.io/v1alpha1 +kind: SecretDefinition +metadata: + name: cve-secrets-py +spec: + name: cve-secrets-py + keysMap: + db-pwdpy: + path: secrets/data/openeuler/cve-manager + key: db-pwdpy + db-uri: + path: secrets/data/openeuler/cve-manager + key: db-uri + cve-email-sendaddr: + path: secrets/data/openeuler/cve-manager + key: cve-email-sendaddr + cve-email-password: + path: secrets/data/openeuler/cve-manager + key: cve-email-password diff --git a/cve-vulner-manager/cve-py/config_yaml/service.yaml b/cve-vulner-manager/cve-py/config_yaml/service.yaml new file mode 100644 index 0000000..5d38198 --- /dev/null +++ b/cve-vulner-manager/cve-py/config_yaml/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: cve-manager-analysis-service + namespace: cve-manager-analysis +spec: + ports: + - name: cve-manager-analysis + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: cve-manager-analysis + type: ClusterIP diff --git a/cve-vulner-manager/cve-py/controller/timertaskcontroller.py b/cve-vulner-manager/cve-py/controller/timertaskcontroller.py index bf23945..429e6e2 100644 --- a/cve-vulner-manager/cve-py/controller/timertaskcontroller.py +++ b/cve-vulner-manager/cve-py/controller/timertaskcontroller.py @@ -44,7 +44,7 @@ def timertask(): # Parse the issue statistics recipient list # scheduler.add_job(taskcontroller.issue_statistics_email_task, 'cron', day_of_week='0-6', hour=5, minute=30) # Complete the template information of the issue with the data on the CVE official website - scheduler.add_job(taskcontroller.supplement_cve_task, 'interval', minutes=27) + scheduler.add_job(taskcontroller.supplement_cve_task, 'interval', minutes=33) scheduler.add_job(taskcontroller.long_supplement_cve_task, 'cron', day_of_week='0-6', hour=1, minute=30) # Parse opengauss yaml file scheduler.add_job(taskcontroller.parse_opengauss_yaml_task, 'cron', day_of_week='0-6', hour=2, minute=30) diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go index cb5fd51..609acf8 100644 --- a/cve-vulner-manager/task/issuetask.go +++ b/cve-vulner-manager/task/issuetask.go @@ -223,6 +223,13 @@ func addUnlimitedIssue(beforeTime string, prcnum, years, toolYears, manYears, fl continue } } + var it models.IssueTemplate + it.CveId = issueValue.CveId + it.CveNum = issueValue.CveNum + templateErr := models.GetIssueTemplateByColName(&it, "CveId", "CveNum") + if templateErr != nil { + logs.Warn("addUnlimitedIssue, templateErr:", templateErr, ", CveNum: ", issueValue.CveNum) + } // Import cve as data after 2018 cveNumList := strings.Split(issueValue.CveNum, "-") if cveNumList != nil && len(cveNumList) > 1 { @@ -234,21 +241,23 @@ func addUnlimitedIssue(beforeTime string, prcnum, years, toolYears, manYears, fl years = manYears } if cveYears <= years { - models.UpdateIssueStatus(issueValue, 4) - logs.Info("addUnlimitedIssue, cve: ", issueValue.CveNum, ",Need to be greater than: ", - years, ",Otherwise, there is no need to submit an issue on git, cveData: ", issueValue) - ErrorCveStatistics("CVE年限受限", issueValue, 2) - continue + yearFlag := false + if it.TemplateId > 0 && len(it.IssueNum) > 0 { + issueErr, issueBody := taskhandler.GetGiteeIssue(accessToken, owner, issueValue.PackName, it.IssueNum) + if issueErr == nil && len(issueBody) > 0 { + yearFlag = true + } + } + if !yearFlag { + models.UpdateIssueStatus(issueValue, 4) + logs.Info("addUnlimitedIssue, cve: ", issueValue.CveNum, ",Need to be greater than: ", + years, ",Otherwise, there is no need to submit an issue on git, cveData: ", issueValue) + ErrorCveStatistics("CVE年限受限", issueValue, 2) + continue + } } } } - var it models.IssueTemplate - it.CveId = issueValue.CveId - it.CveNum = issueValue.CveNum - templateErr := models.GetIssueTemplateByColName(&it, "CveId", "CveNum") - if templateErr != nil { - logs.Warn("addUnlimitedIssue, templateErr:", templateErr, ", CveNum: ", issueValue.CveNum) - } // Process each piece of cve data if issueValue.Status == 0 || len(it.IssueNum) < 2 { issueValue.Status = 2 -- Gitee From 382ac9d5719c707d633c7d9727d9a7cfd118069d Mon Sep 17 00:00:00 2001 From: zhangjianjun Date: Mon, 21 Feb 2022 16:24:05 +0800 Subject: [PATCH 2/2] For cves that are found by both the upstream system and manual work and do not meet the conditions, the manual can create special processing of issues separately --- .../cve-py/config_yaml/deployment.yaml | 44 ------------------- .../cve-py/config_yaml/kustomization.yaml | 17 ------- .../cve-py/config_yaml/namespace.yaml | 6 --- .../cve-py/config_yaml/secrets.yaml | 20 --------- .../cve-py/config_yaml/service.yaml | 14 ------ 5 files changed, 101 deletions(-) delete mode 100644 cve-vulner-manager/cve-py/config_yaml/deployment.yaml delete mode 100644 cve-vulner-manager/cve-py/config_yaml/kustomization.yaml delete mode 100644 cve-vulner-manager/cve-py/config_yaml/namespace.yaml delete mode 100644 cve-vulner-manager/cve-py/config_yaml/secrets.yaml delete mode 100644 cve-vulner-manager/cve-py/config_yaml/service.yaml diff --git a/cve-vulner-manager/cve-py/config_yaml/deployment.yaml b/cve-vulner-manager/cve-py/config_yaml/deployment.yaml deleted file mode 100644 index 646ce9c..0000000 --- a/cve-vulner-manager/cve-py/config_yaml/deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: cve-manager-analysis - name: cve-manager-analysis -spec: - replicas: 1 - revisionHistoryLimit: 10 - selector: - matchLabels: - app: cve-manager-analysis - template: - metadata: - labels: - app: cve-manager-analysis - spec: - containers: - - env: - - name: DB_PWDPY - valueFrom: - secretKeyRef: - name: cve-secrets-py - key: db-pwdpy - - name: DB_URI - valueFrom: - secretKeyRef: - name: cve-secrets-py - key: db-uri - - name: CVE_EMAIL_SENDADDR - valueFrom: - secretKeyRef: - name: cve-secrets-py - key: cve-email-sendaddr - - name: CVE_EMAIL_PASSWORD - valueFrom: - secretKeyRef: - name: cve-secrets-py - key: cve-email-password - - name: TZ - value: Asia/Shanghai - image: swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/cve-manager-analysis:1cb6af4c1d428074cb8e54db23adf1efaab75639 - imagePullPolicy: IfNotPresent - name: cve-manager-analysis diff --git a/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml b/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml deleted file mode 100644 index 9684b1e..0000000 --- a/cve-vulner-manager/cve-py/config_yaml/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -resources: -- namespace.yaml -- deployment.yaml -- service.yaml -- secrets.yaml -commonLabels: - app: cve-manager-analysis - owner: zhangjianjun -commonAnnotations: - email: 841670711@qq.com - owner: zhangjianjun -namespace: cve-manager -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/cve-manager-analysis - newTag: 89281957eaa42c6a7c8cd048b1374dccdf68fd96 diff --git a/cve-vulner-manager/cve-py/config_yaml/namespace.yaml b/cve-vulner-manager/cve-py/config_yaml/namespace.yaml deleted file mode 100644 index 09d5c2b..0000000 --- a/cve-vulner-manager/cve-py/config_yaml/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - name: cve-manager-analysis - name: cve-manager-analysis diff --git a/cve-vulner-manager/cve-py/config_yaml/secrets.yaml b/cve-vulner-manager/cve-py/config_yaml/secrets.yaml deleted file mode 100644 index eb2c021..0000000 --- a/cve-vulner-manager/cve-py/config_yaml/secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: secrets-manager.tuenti.io/v1alpha1 -kind: SecretDefinition -metadata: - name: cve-secrets-py -spec: - name: cve-secrets-py - keysMap: - db-pwdpy: - path: secrets/data/openeuler/cve-manager - key: db-pwdpy - db-uri: - path: secrets/data/openeuler/cve-manager - key: db-uri - cve-email-sendaddr: - path: secrets/data/openeuler/cve-manager - key: cve-email-sendaddr - cve-email-password: - path: secrets/data/openeuler/cve-manager - key: cve-email-password diff --git a/cve-vulner-manager/cve-py/config_yaml/service.yaml b/cve-vulner-manager/cve-py/config_yaml/service.yaml deleted file mode 100644 index 5d38198..0000000 --- a/cve-vulner-manager/cve-py/config_yaml/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: cve-manager-analysis-service - namespace: cve-manager-analysis -spec: - ports: - - name: cve-manager-analysis - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - app: cve-manager-analysis - type: ClusterIP -- Gitee