From c16052d6d20a3999da8963f0b6191f1fb32dcc71 Mon Sep 17 00:00:00 2001 From: xwzQmxx <1499273991@qq.com> Date: Fri, 8 Apr 2022 15:10:21 +0800 Subject: [PATCH 1/2] add hole source desc --- cve-vulner-manager/taskhandler/common.go | 50 ++++++++++++++++++------ 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index 70079e1..67ef07e 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -64,6 +64,8 @@ const bodyTpl = `一、漏洞信息 %v 修复是否涉及abi变化(是/否): %v +三、漏洞数据来源 + %v ` const bodyUpTpl = `一、漏洞信息 @@ -91,6 +93,8 @@ const bodyUpTpl = `一、漏洞信息 %v 修复是否涉及abi变化(是/否): %v +三、漏洞数据来源 + %v ` const bodySecLinkTpl = `一、漏洞信息 漏洞编号:%v @@ -119,6 +123,8 @@ const bodySecLinkTpl = `一、漏洞信息 %v 三、漏洞修复 安全公告链接:%v +四、漏洞数据来源 + %v ` const commentCopyValue = ` @@ -167,6 +173,8 @@ const gaussBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const SporeBodyTpl = `一、漏洞信息 @@ -191,6 +199,8 @@ const SporeBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const gaussBodyUpTpl = `一、漏洞信息 @@ -216,6 +226,8 @@ const gaussBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const SporeBodyUpTpl = `一、漏洞信息 @@ -241,6 +253,8 @@ const SporeBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const LooKengBodyTpl = `一、漏洞信息 漏洞编号:%v @@ -264,6 +278,8 @@ const LooKengBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const LooKengBodyUpTpl = `一、漏洞信息 漏洞编号:%v @@ -288,6 +304,8 @@ const LooKengBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v +三、漏洞数据来源 + %v ` const gaussCommentCopyValue = ` @@ -925,16 +943,16 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 { body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink) + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink, holeSource(cve.DataSource)) } else { if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion) + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, holeSource(cve.DataSource)) } else { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion) + cveAnalysis, openEulerScore, oVector, affectedVersion, holeSource(cve.DataSource)) } } requestBody = fmt.Sprintf(`{ @@ -955,11 +973,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion) + cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion) + cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) } requestBody = fmt.Sprintf(`{ "access_token": "%s", @@ -980,11 +998,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion) + cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion) + cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) } requestBody = fmt.Sprintf(`{ "access_token": "%s", @@ -1005,16 +1023,16 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 { body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink) + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink, holeSource(cve.DataSource)) } else { if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion) + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, holeSource(cve.DataSource)) } else { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion) + cveAnalysis, openEulerScore, oVector, affectedVersion, holeSource(cve.DataSource)) } } requestBody = fmt.Sprintf(`{ @@ -1035,11 +1053,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion) + cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion) + cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) } requestBody = fmt.Sprintf(`{ "access_token": "%s", @@ -1056,6 +1074,14 @@ func CreateIssueBody(accessToken, owner, path, assignee string, return requestBody } +func holeSource(sourceCode int8) string { + if sourceCode == 1 { + return "openBrain开源漏洞感知系统" + } + + return "其它" +} + func AffectVersion(affectedVersion string) int { affectBranchsxList := make([]string, 0) affectValue := make([]string, 0) -- Gitee From 326f93987c8243ca7ebd56a5ef96f84aa3ca474b Mon Sep 17 00:00:00 2001 From: xwzQmxx <1499273991@qq.com> Date: Fri, 8 Apr 2022 16:49:01 +0800 Subject: [PATCH 2/2] modify hole source location --- cve-vulner-manager/taskhandler/common.go | 84 ++++++++++++------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index 67ef07e..369a5f3 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -55,6 +55,8 @@ const bodyTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -64,8 +66,6 @@ const bodyTpl = `一、漏洞信息 %v 修复是否涉及abi变化(是/否): %v -三、漏洞数据来源 - %v ` const bodyUpTpl = `一、漏洞信息 @@ -83,6 +83,8 @@ const bodyUpTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -93,8 +95,6 @@ const bodyUpTpl = `一、漏洞信息 %v 修复是否涉及abi变化(是/否): %v -三、漏洞数据来源 - %v ` const bodySecLinkTpl = `一、漏洞信息 漏洞编号:%v @@ -111,6 +111,8 @@ const bodySecLinkTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -123,8 +125,6 @@ const bodySecLinkTpl = `一、漏洞信息 %v 三、漏洞修复 安全公告链接:%v -四、漏洞数据来源 - %v ` const commentCopyValue = ` @@ -166,6 +166,8 @@ const gaussBodyTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -173,8 +175,6 @@ const gaussBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const SporeBodyTpl = `一、漏洞信息 @@ -192,6 +192,8 @@ const SporeBodyTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -199,8 +201,6 @@ const SporeBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const gaussBodyUpTpl = `一、漏洞信息 @@ -218,6 +218,8 @@ const gaussBodyUpTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -226,8 +228,6 @@ const gaussBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const SporeBodyUpTpl = `一、漏洞信息 @@ -245,6 +245,8 @@ const SporeBodyUpTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -253,8 +255,6 @@ const SporeBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const LooKengBodyTpl = `一、漏洞信息 漏洞编号:%v @@ -271,6 +271,8 @@ const LooKengBodyTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -278,8 +280,6 @@ const LooKengBodyTpl = `一、漏洞信息 %v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const LooKengBodyUpTpl = `一、漏洞信息 漏洞编号:%v @@ -296,6 +296,8 @@ const LooKengBodyUpTpl = `一、漏洞信息 %v 漏洞分析指导链接: %v + 漏洞数据来源: + %v 二、漏洞分析结构反馈 影响性分析说明: %v @@ -304,8 +306,6 @@ const LooKengBodyUpTpl = `一、漏洞信息 Vector:CVSS:%v 受影响版本排查(受影响/不受影响): %v -三、漏洞数据来源 - %v ` const gaussCommentCopyValue = ` @@ -942,17 +942,17 @@ func CreateIssueBody(accessToken, owner, path, assignee string, body := "" if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 { body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink) } else { if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion) } else { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion) } } requestBody = fmt.Sprintf(`{ @@ -972,12 +972,12 @@ func CreateIssueBody(accessToken, owner, path, assignee string, body := "" if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion, abiVersion) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion) } requestBody = fmt.Sprintf(`{ "access_token": "%s", @@ -997,12 +997,12 @@ func CreateIssueBody(accessToken, owner, path, assignee string, body := "" if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion, abiVersion) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion) } requestBody = fmt.Sprintf(`{ "access_token": "%s", @@ -1022,17 +1022,17 @@ func CreateIssueBody(accessToken, owner, path, assignee string, body := "" if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 { body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, its.SecLink) } else { if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion) } else { body = fmt.Sprintf(bodyUpTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, oVector, affectedVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, oVector, affectedVersion) } } requestBody = fmt.Sprintf(`{ @@ -1052,12 +1052,12 @@ func CreateIssueBody(accessToken, owner, path, assignee string, body := "" if cve.OrganizationID == 1 { body = fmt.Sprintf(bodyTplx, cveNumber, cve.PackName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, abiVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion, abiVersion) } else { body = fmt.Sprintf(bodyTplx, cveNumber, cve.RepoName, cve.CveVersion, scoreType, nveScore, nveVector, - cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, - cveAnalysis, openEulerScore, affectedVersion, holeSource(cve.DataSource)) + cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), + cveAnalysis, openEulerScore, affectedVersion) } requestBody = fmt.Sprintf(`{ "access_token": "%s", -- Gitee