From 426838a231a2152383ea1649d92e4a6f0298712c Mon Sep 17 00:00:00 2001 From: zjm <1076115376@qq.com> Date: Fri, 20 May 2022 14:13:15 +0800 Subject: [PATCH] unaffected xml filtering fixed cve --- cve-vulner-manager/controllers/file.go | 15 ++++--- cve-vulner-manager/models/cve.go | 16 ++++--- cve-vulner-manager/taskhandler/excel.go | 59 ++++++++++++++++++++++--- 3 files changed, 71 insertions(+), 19 deletions(-) diff --git a/cve-vulner-manager/controllers/file.go b/cve-vulner-manager/controllers/file.go index 0921b5e..899352f 100644 --- a/cve-vulner-manager/controllers/file.go +++ b/cve-vulner-manager/controllers/file.go @@ -1,13 +1,7 @@ package controllers import ( - "cvevulner/common" - "cvevulner/models" - "cvevulner/taskhandler" - "cvevulner/util" "fmt" - "github.com/astaxie/beego" - "github.com/astaxie/beego/logs" "math/rand" "os" "path/filepath" @@ -16,6 +10,14 @@ import ( "strings" "sync" "time" + + "cvevulner/common" + "cvevulner/models" + "cvevulner/taskhandler" + "cvevulner/util" + + "github.com/astaxie/beego" + "github.com/astaxie/beego/logs" ) //FileController file operation routing processing @@ -194,6 +196,7 @@ func (f *FileController) TriggerCveData() { // Return the result first, continue processing the data UpdateLimitTriggerSa(nameStr, 1) GenUpdateInfoXmlFile(updateInfoSlice, dir) + taskhandler.FilterCveList = make([]string, 0) } // Generate updateinfo xml file diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 7685512..f16d380 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1,13 +1,15 @@ package models import ( - "cvevulner/common" "errors" "fmt" - "github.com/astaxie/beego/logs" - "github.com/astaxie/beego/orm" "strings" "time" + + "cvevulner/common" + + "github.com/astaxie/beego/logs" + "github.com/astaxie/beego/orm" ) type SaNuberCount struct { @@ -38,7 +40,7 @@ func UpdateCveIssueStatusById(status int, issueId int64) (id int64) { return } -func LockUpdateCveIssueStatus(status int, issueId int64) (bool) { +func LockUpdateCveIssueStatus(status int, issueId int64) bool { o := orm.NewOrm() res, err := o.Raw("UPDATE cve_gite_origin_issue SET proc_status = ?, "+ "issue_update_at = ? where id = ? and proc_status = 0", @@ -58,7 +60,7 @@ func LockUpdateCveIssueStatus(status int, issueId int64) (bool) { } } -func UnLockUpdateCveIssueStatus(beforeStatus, afterStatus int8, updateTime, beforeTime string) (bool) { +func UnLockUpdateCveIssueStatus(beforeStatus, afterStatus int8, updateTime, beforeTime string) bool { o := orm.NewOrm() res, err := o.Raw("UPDATE cve_gite_origin_issue SET proc_status = ?, "+ "issue_update_at = ? where proc_status = ? and issue_update_at < ?", @@ -690,7 +692,7 @@ func QueryOpenSaById(cveId int64) (OpenEulerSA, error) { return os, err } -func QueryOriginUpstreamRecord(our *OriginUpstreamRecord, ids, cveNum string) (error) { +func QueryOriginUpstreamRecord(our *OriginUpstreamRecord, ids, cveNum string) error { o := orm.NewOrm() err := o.Raw("select * from cve_origin_upstream_record where cve_un_ids = ? "+ "and cve_num = ? order by cve_record_id desc limit 1", ids, cveNum).QueryRow(our) @@ -1024,7 +1026,7 @@ func GetCanExportExcelData(cveNum, issueNum, repo string, issueId int64) (list [ sql := `SELECT b.num,c.*,a.issue_num,a.owned_component,a.cve_brief, d.sec_id,d.introduction,d.summary,d.theme,d.description,d.influence_component, d.affect_product,d.reference_link,d.affect_status, -e.public_date,e.openeuler_sa_num,a.cve_level,b.organizate_id,a.affected_version +e.public_date,e.openeuler_sa_num,a.cve_level,b.organizate_id,a.affected_version,a.issue_label FROM cve_issue_template a RIGHT JOIN (SELECT (SELECT COUNT(*) FROM cve_vuln_center WHERE cve_num = ? AND is_export in (0,3) AND pack_name = ? AND organizate_id = 1) num, diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index d809e1b..a56cbfe 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1,16 +1,10 @@ package taskhandler import ( - "cvevulner/common" - "cvevulner/models" - "cvevulner/util" "encoding/csv" "encoding/json" "errors" "fmt" - "github.com/360EntSecGroup-Skylar/excelize/v2" - "github.com/astaxie/beego" - "github.com/astaxie/beego/logs" "io" "io/ioutil" "net/http" @@ -22,6 +16,14 @@ import ( "strings" "sync" "time" + + "cvevulner/common" + "cvevulner/models" + "cvevulner/util" + + "github.com/360EntSecGroup-Skylar/excelize/v2" + "github.com/astaxie/beego" + "github.com/astaxie/beego/logs" ) const CVRFFKEY = "cvrfFileKey" @@ -30,6 +32,8 @@ const UNAFFECTCVRFKEY = "unaffectcvrfkey" const FIXEDFLAGE = 1 const UNAFFECTFLAG = 2 +var FilterCveList = make([]string, 0) + //CveExcel Excel export client type CveExcel struct { ExcelName string //excel name @@ -1186,6 +1190,13 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, continue } for _, vx := range el { + if filterCveInSlice(vx.CveNum) { + continue + } else { + if judgeImpactIsFixed(&vx, vx.CveNum) { + continue + } + } affectBool := FindUnaffectBrach(&vx, affectBranch, accessToken, owner) if affectBool { logs.Info("Unaffected version, data: ", vx.CveNum, vx.OwnedComponent, vx.AffectProduct) @@ -1212,6 +1223,42 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, } } +//filter existing cves +func filterCveInSlice(cve string) bool { + for _, v := range FilterCveList { + if v == cve { + return true + } + } + return false +} + +// if cve exist affected and label exist CVE/FIXED return true +func judgeImpactIsFixed(data *models.ExcelExport, cve string) bool { + has := false + if data.AffectedVersion != "" && len(data.AffectedVersion) > 1 { + versions := strings.Split(data.AffectedVersion, ",") + for _, v := range versions { + var branchSlice []string + if strings.Contains(v, ":") { + branchSlice = strings.Split(v, ":") + } else if strings.Contains(v, ":") { + branchSlice = strings.Split(v, ":") + } + if len(branchSlice) == 2 && len(branchSlice[1]) != 0 { + if branchSlice[1] == "受影响" { + if strings.Contains(data.IssueLabel, "CVE/FIXED") { + FilterCveList = append(FilterCveList, cve) + has = true + break + } + } + } + } + } + return has +} + func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, dpdates *Updates, securityNotice map[string][]SecurityNoticeXml, packRpmx map[string][]PackRpm, cvrfFileList map[string][]string, -- Gitee