diff --git a/cve-vulner-manager/controllers/file.go b/cve-vulner-manager/controllers/file.go index dce6f9739e7ebe3c107ae6f11bd52cdf5d6d113e..25d059e946ca5a7db26f1e53e0ece9749d8eb27e 100644 --- a/cve-vulner-manager/controllers/file.go +++ b/cve-vulner-manager/controllers/file.go @@ -1,7 +1,9 @@ package controllers import ( + "encoding/xml" "fmt" + "io/ioutil" "math/rand" "os" "path/filepath" @@ -575,3 +577,73 @@ func ReplaceFileSa(oldPath, newPath, oldText, newText string) { fmt.Println("error:", err.Error()) } } + +func (f *FileController) TriggerUnaffectedCve() { + startTime := f.GetString("startTime") + if startTime == "" { + f.Ctx.WriteString("Error: startTime cannot be empty") + return + } + accessToken := os.Getenv("GITEE_TOKEN") + + if accessToken == "" || len(accessToken) < 1 { + logs.Error("TriggerUnaffectedCve, Issue token acquisition failed, current time: ", common.GetCurTime()) + f.Ctx.WriteString("Error: Service internal error, try again later") + return + } + owner := beego.AppConfig.String("gitee::owner") + + unaffectYear, yerr := beego.AppConfig.Int("excel::unaffect_year") + if yerr != nil { + unaffectYear = 2018 + } + dir := beego.AppConfig.DefaultString("fileDir", "download") + _ = common.CreateDir(dir) + var unaffectcvrf taskhandler.UnaffectCvrfSa + cvrffileName := filepath.Join(dir, "cvrf-unaffected-cve-"+common.GetCurDate()+".xml") + unaffectcvrf.Xmlns = "http://www.icasi.org/CVRF/schema/cvrf/1.1" + unaffectcvrf.XmlnsCvrf = "http://www.icasi.org/CVRF/schema/cvrf/1.1" + du := beego.AppConfig.DefaultString("excel::v_pack_20_03_url", "") + csvPathList := strings.Split(du, ";") + if len(csvPathList) > 0 { + for _, csvP := range csvPathList { + openBranchx := strings.Split(csvP, "@") + if len(openBranchx) == 2 { + affectBranch := openBranchx[0] + taskhandler.UnaffectIssueProc(affectBranch, nil, nil, startTime, accessToken, owner, &unaffectcvrf, unaffectYear) + } + } + } + writeXml(cvrffileName, unaffectcvrf) + uploadUnaffected(cvrffileName) + taskhandler.DelFile([]string{cvrffileName}) + taskhandler.FilterCveList = make([]string, 0) +} + +func writeXml(path string, unaffectcvrf taskhandler.UnaffectCvrfSa) { + _ = os.Remove(path) + xmlOutPut, outPutErr := xml.MarshalIndent(unaffectcvrf, "", " ") + if outPutErr == nil { + headerBytes := []byte(xml.Header) + xmlOutPutData := append(headerBytes, xmlOutPut...) + _ = ioutil.WriteFile(path, xmlOutPutData, os.ModeAppend) + } else { + logs.Error(outPutErr) + } +} + +func uploadUnaffected(path string) { + uploadCvrfDir := beego.AppConfig.String("obs::upload_cvrf_dir") + obsDir := uploadCvrfDir + common.GetCurDate() + "-unaffected/" + dirErr, objectDir := taskhandler.ObsCreateDir(obsDir) + if dirErr != nil { + logs.Error("dirErr: ", dirErr) + } + + _, localFileName := filepath.Split(path) + obsFilePath := objectDir + localFileName + obsErr := taskhandler.PostFile(path, obsFilePath) + if obsErr != nil { + logs.Error("obsErr: ", obsErr) + } +} diff --git a/cve-vulner-manager/routers/commentsRouter_controllers.go b/cve-vulner-manager/routers/commentsRouter_controllers.go index dcfa01a0d5230c42f4b65d8bafb28b78b01842a3..ff2fdd65288e751524540da464cf2da1d83cf912 100644 --- a/cve-vulner-manager/routers/commentsRouter_controllers.go +++ b/cve-vulner-manager/routers/commentsRouter_controllers.go @@ -78,6 +78,14 @@ func init() { MethodParams: param.Make(), Filters: nil, Params: nil}) + beego.GlobalControllerRouter["cvevulner/controllers:FileController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:FileController"], + beego.ControllerComments{ + Method: "TriggerUnaffectedCve", + Router: "/triggerUnaffectedCve", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) beego.GlobalControllerRouter["cvevulner/controllers:GaussCveController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:GaussCveController"], beego.ControllerComments{ diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go index a8f28345637243c5d767cef8433cf7375ba9f857..b649416666862802d2bc3e658e8b26b20c17c867 100644 --- a/cve-vulner-manager/task/issuetask.go +++ b/cve-vulner-manager/task/issuetask.go @@ -1,18 +1,20 @@ package task import ( - "cvevulner/common" - "cvevulner/models" - "cvevulner/taskhandler" "errors" "fmt" - "github.com/astaxie/beego" - "github.com/astaxie/beego/config" - "github.com/astaxie/beego/logs" "strconv" "strings" "sync" "time" + + "cvevulner/common" + "cvevulner/models" + "cvevulner/taskhandler" + + "github.com/astaxie/beego" + "github.com/astaxie/beego/config" + "github.com/astaxie/beego/logs" ) var mutex sync.Mutex @@ -193,7 +195,7 @@ func addUnlimitedIssue(beforeTime string, prcnum, years, toolYears, manYears, fl continue } // Determine whether cve has been processed - issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName) + issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true) if issueExist { models.UpdateIssueStatus(issueValue, 2) logs.Info("addUnlimitedIssue, The cve data has been displayed on the official website, "+ @@ -342,7 +344,7 @@ func addLimitedIssue(beforeTime string, prcnum int, years, toolYears, manYears i continue } // Determine whether cve has been processed - issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName) + issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true) if issueExist { models.UpdateIssueStatus(issueValue, 2) logs.Info("addLimitedIssue, The cve data has been displayed on the official website, "+ diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index 234b38b8627e5195176a75f36c37494b0004ef74..071dc108fcab99e277a1f238570e223dd2fe75c3 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -2456,12 +2456,18 @@ func GetCveIssueData(prcnum, days, openeulernum int, cveRef, owner string, openF //GetSecurityNotice Go to the CVE official website to obtain the cve data to determine //whether the cve issue needs to be exported. -func GetCveSecurityNotice(cveNumber, packageName string) (bool, models.RespCveDetail) { +func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, models.RespCveDetail) { var detail models.RespCveDetail var urlS url.URL q := urlS.Query() + path := "" q.Add("cveId", cveNumber) - q.Add("packageName", packageName) + if flag { + q.Add("packageName", packageName) + path = "/api-cve/cve-security-notice-server/cvedatabase/getByCveIdAndPackageName" + } else { + path = "/api-cve/cve-security-notice-server/cvedatabase/getByCveId" + } params := q.Encode() secLinkConfig := beego.AppConfig.String("reflink::openeuler_web") req, _ := http.NewRequest("GET", secLinkConfig, nil) @@ -2470,7 +2476,7 @@ func GetCveSecurityNotice(cveNumber, packageName string) (bool, models.RespCveDe Host: req.URL.Host, RawQuery: params, //Path: "/api-cve/cve-security-notice-server/cvedatabase/getByCveId", - Path: "/api-cve/cve-security-notice-server/cvedatabase/getByCveIdAndPackageName", + Path: path, } req.URL.EscapedPath() resp, err := http.Get(req.URL.String()) @@ -2508,7 +2514,7 @@ func FilterCveExported() { go func(center models.VulnCenter) { ewg.Add(1) defer ewg.Done() - issueExist, _ := GetCveSecurityNotice(center.CveNum, center.PackName) + issueExist, _ := GetCveSecurityNotice(center.CveNum, center.PackName, true) if issueExist { dbLock.Lock() center.IsExport = 1 diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index a56cbfe991b792d2d2fd07c53488b0de54fd7b35..de8bf1ba507966d0d9c139470a1ebf6f92babe11 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1172,7 +1172,7 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, data, err := getDataUnaffect(startTime) if len(data) > 0 { for _, v := range data { - issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo) + issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, false) if issueExist { var center models.VulnCenter center.CveId = v.CveId @@ -1279,7 +1279,7 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, continue } // Check whether the cve data has been released sa - issueExist, _ := GetCveSecurityNotice(tpl.CveNum, tpl.Repo) + issueExist, _ := GetCveSecurityNotice(tpl.CveNum, tpl.Repo, true) if issueExist { var center models.VulnCenter center.CveId = tpl.CveId diff --git a/cve-vulner-manager/taskhandler/issuestatistics.go b/cve-vulner-manager/taskhandler/issuestatistics.go index e94360ac023345e9ec5598cd59657c1d275e6a6d..1ce3e1d2622a57190ba6994808a6ed5396bc03d4 100644 --- a/cve-vulner-manager/taskhandler/issuestatistics.go +++ b/cve-vulner-manager/taskhandler/issuestatistics.go @@ -1,15 +1,17 @@ package taskhandler import ( - "cvevulner/common" - "cvevulner/models" "errors" "fmt" + "path/filepath" + "strconv" + + "cvevulner/common" + "cvevulner/models" + "github.com/360EntSecGroup-Skylar/excelize/v2" "github.com/astaxie/beego" "github.com/astaxie/beego/logs" - "path/filepath" - "strconv" ) const sheetName = "CVE_list" @@ -323,7 +325,7 @@ func ProcSecLinkTemplate(beforeDate, prcnum int, owner, accessToken string) erro continue } // Determine whether cve has been processed - issueExist, saData := GetCveSecurityNotice(temp.CveNum, temp.Repo) + issueExist, saData := GetCveSecurityNotice(temp.CveNum, temp.Repo, true) if issueExist && len(saData.Result.AffectedProduct) > 2 { // Update sa release time UpdateSAReleaseTime(saData.Result.AffectedProduct, saData.Result.CreateTime, temp.TemplateId)