diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index e4285a2f6389b5ee9460f41e5b355e92c9f1272a..dbc3ec127fb44d6f728e035ff3ee5932569f8dba 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -106,7 +106,7 @@ gensaflag = 1 gensa = 0 1 0 * * * issuestatisticflag = 1 issuestatistic = 0 1 10 * * 1,3,5 -cvecredflag = 1 +cvecredflag = 2 cvecredit = 0 0 5 * * * urgenttaskflag = 1 urgenttask = 0 0 9-20 * * * @@ -184,8 +184,8 @@ sa_re_amount = 4000 cve_statistics_date = 20 # before 3 Month before_month = -3 -# Trusted data query(0-3) -credibility_level = 3 +# Trusted data query(0-6) +credibility_level = 6 # Date before adding the security bulletin link task sec_link_date = -100 # Branch configuration of cve that needs to submit an issue diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index fe9d8a16dba3dc1e15624ef7bc5e91ad9c6c524a..de08d81848ee46ecacd1199c2c384d9d63cb4dc3 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -558,13 +558,15 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { if issueHook.Issue.StateName == "已挂起" { logs.Error("The current issue has been suspended and will not be processed, issueHook: ", issueHook) issueTmp.Status = 5 - models.UpdateIssueTemplate(&issueTmp, "Status") + issueTmp.StatusName = "suspended" + models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") return errors.New("The current issue has been suspended and will not be processed") } if issueHook.Issue.StateName == "已拒绝" { logs.Error("The current issue has been rejected and will not be processed, issueHook: ", issueHook) issueTmp.Status = 4 - models.UpdateIssueTemplate(&issueTmp, "Status") + issueTmp.StatusName = "rejected" + models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") return errors.New("The current issue has been rejected and will not be processed") } owner, token := common.GetOwnerAndToken(cveCenter.OrganizationID) @@ -1616,7 +1618,8 @@ func handleIssueComment(payload models.CommentPayload) { if payload.Issue.StateName == "已挂起" { logs.Error("The current issue has been suspended and will not be processed, payload: ", payload) issueTmp.Status = 5 - models.UpdateIssueTemplate(&issueTmp, "Status") + issueTmp.StatusName = "suspended" + models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), issueTmp.IssueNum, owner, path, accessToken) return @@ -1624,7 +1627,8 @@ func handleIssueComment(payload models.CommentPayload) { if payload.Issue.StateName == "已拒绝" { logs.Error("The current issue has been rejected and will not be processed, payload: ", payload) issueTmp.Status = 4 - models.UpdateIssueTemplate(&issueTmp, "Status") + issueTmp.StatusName = "rejected" + models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), issueTmp.IssueNum, owner, path, accessToken) return diff --git a/cve-vulner-manager/controllers/upload.go b/cve-vulner-manager/controllers/upload.go index 48e9facd7617588302a670fda5548a5892d04dfd..6b78ba0219a1e57555c918d0f1a7fcf612217058 100644 --- a/cve-vulner-manager/controllers/upload.go +++ b/cve-vulner-manager/controllers/upload.go @@ -1,14 +1,18 @@ package controllers import ( + "encoding/json" + "fmt" + "strings" + "cvevulner/common" "cvevulner/errcode" "cvevulner/models" "cvevulner/task" - "encoding/json" + "cvevulner/util" + "github.com/astaxie/beego" "github.com/astaxie/beego/logs" - "strings" ) type UserUploadController struct { @@ -269,6 +273,9 @@ func AddOrgUpstream(CveDataDict common.CveOriginData) (ResDataList []ResultData) orCve.UpdateType = updateType orCve.CvePackName = cvePackName orCve.Credibility = CveDataDict.Credibility + if CveDataDict.Credibility == 7 { + rejectIssue(cveNum) + } if packName != "" { packName = common.DeletePreAndSufSpace(packName) } @@ -439,3 +446,49 @@ func AddOrgUpstreamRecord(CveDataDict common.CveOriginData) { beforeDate := common.GetBeforeDate(1, -90) models.DeleteOriginCveRecord(beforeDate) } + +func rejectIssue(cve string) { + tokenList := models.QueryAuthTokenInfo() + tokenMap := make(map[int8]models.AuthTokenInfo, len(tokenList)) + if len(tokenList) > 0 { + for _, tl := range tokenList { + tokenMap[tl.OrganizationID] = tl + } + } + + res, err := models.GetCveVulnCenter(cve) + if err != nil || len(res) == 0 { + return + } + + for _, vl := range res { + if vl.OrganizationID != 1 { + continue + } + its := models.IssueTemplate{CveId: vl.CveId, CveNum: vl.CveNum} + tmpErr := models.GetIssueTemplateByColName(&its, "CveId", "CveNum") + if its.TemplateId == 0 || tmpErr != nil || its.Status == 4 { + continue + } + authToken := tokenMap[vl.OrganizationID] + err = setReject(authToken.EnId, its.IssueId, authToken.AccessToken) + if err != nil { + logs.Error("UpdateEntIssueDetail, Update issue failed, err: ", err, ", issueId: ", its.IssueId) + continue + } + its.Status = 4 + its.StatusName = "rejected" + _ = models.UpdateIssueTemplate(&its, "Status", "StatusName") + } +} + +func setReject(enterpriseId, issueId int64, token string) error { + url := fmt.Sprintf("https://api.gitee.com/enterprises/%v/issues/%v", + enterpriseId, issueId) + requestBody := fmt.Sprintf(`{"access_token": "%s","issue_state_id": "437578"}`, token) + _, err := util.HTTPPutMap(url, requestBody) + if err != nil { + return err + } + return nil +} diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 66d34ef2ec6a4b8c8fc09fcf6ec3f16a426d06cb..13c06528661fd6faeea6c874b1e9efa47dedde9a 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1320,3 +1320,11 @@ func QueryCveSingleIssueData(communityFlag int, packName, cveNum, issueNum strin } return } + +func GetCveVulnCenter(cve string) ([]VulnCenter, error) { + sql := "select * from cve_vuln_center where cve_num = ?" + var res []VulnCenter + o := orm.NewOrm() + _, err := o.Raw(sql, cve).QueryRows(&res) + return res, err +} diff --git a/cve-vulner-manager/models/uploadcve.go b/cve-vulner-manager/models/uploadcve.go index 0deeb2f2288dfe30f0021020ff432d1f113200de..e5d0aa889dcfbed2686414c4ffefc58348fd1a99 100644 --- a/cve-vulner-manager/models/uploadcve.go +++ b/cve-vulner-manager/models/uploadcve.go @@ -1,12 +1,14 @@ package models import ( - "cvevulner/common" "errors" "fmt" + "strings" + + "cvevulner/common" + "github.com/astaxie/beego/logs" "github.com/astaxie/beego/orm" - "strings" ) type OpenSaId struct { @@ -1010,6 +1012,17 @@ func QueryCveOriginPatchInfo(cveNum string) ([]OriginUpstreamPatch, error) { return res, nil } +func QueryCveOrigin(cveNum, typ string) bool { + sql := "select * from cve_origin_upstream where (cve_num = ? or cve_un_ids = ?) and update_type = ?" + o := orm.NewOrm() + var res []OriginUpstream + _, err := o.Raw(sql, cveNum, cveNum, typ).QueryRows(&res) + if err != nil || len(res) == 0 { + return false + } + return true +} + func QueryCveErrorInfo(issueStatus int8, startDate, endDate string) ([]IssueTemplate, bool) { o := orm.NewOrm() var it []IssueTemplate diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index 58d64829e0610ffac7e4dc1b7acc9e8d2baf0e05..83c1fbe8eb93c00b1e2667a255479ab4c6179be8 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -1005,13 +1005,16 @@ func CreateIssueBody(accessToken, owner, path, assignee string, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion) } - if cve.OrganizationID == 3 && assignee != "fangzhou0329"{ + if cve.OrganizationID == 3 && assignee != "fangzhou0329" { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false","collaborators":"fangzhou0329"}`, accessToken, path, cve.CveNum, StatusName, body, assignee, labels) } else { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false"}`, accessToken, path, cve.CveNum, StatusName, body, assignee, labels) } } } else if flag == 2 { + if cve.OrganizationID == 1 && models.QueryCveOrigin(cve.CveNum, "update") { + return "" + } nveScore := score + " " + cve.CveLevel nveVector := scoreType + "/" + sc.NvectorVule openEulerScore = " " @@ -1025,7 +1028,7 @@ func CreateIssueBody(accessToken, owner, path, assignee string, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion) } - if cve.OrganizationID == 3 && assignee != "fangzhou0329"{ + if cve.OrganizationID == 3 && assignee != "fangzhou0329" { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","issue_type": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false","collaborators":"fangzhou0329"}`, accessToken, path, cve.CveNum, issueType, body, assignee, labels) } else { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","issue_type": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false"}`, accessToken, path, cve.CveNum, issueType, body, assignee, labels) @@ -1051,7 +1054,7 @@ func CreateIssueBody(accessToken, owner, path, assignee string, genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion) } } - if cve.OrganizationID == 3 && its.Assignee != "fangzhou0329"{ + if cve.OrganizationID == 3 && its.Assignee != "fangzhou0329" { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false","collaborators":"fangzhou0329"}`, accessToken, path, cve.CveNum, StatusName, body, its.Assignee, labels) } else { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false"}`, accessToken, path, cve.CveNum, StatusName, body, its.Assignee, labels) @@ -1070,7 +1073,7 @@ func CreateIssueBody(accessToken, owner, path, assignee string, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl, commentCmd, holeSource(cve.DataSource), genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion) } - if cve.OrganizationID == 3 && its.Assignee != "fangzhou0329"{ + if cve.OrganizationID == 3 && its.Assignee != "fangzhou0329" { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false","collaborators":"fangzhou0329"}`, accessToken, path, cve.CveNum, StatusName, body, its.Assignee, labels) } else { requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","state": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false"}`, accessToken, path, cve.CveNum, StatusName, body, its.Assignee, labels) diff --git a/cve-vulner-manager/taskhandler/issue.go b/cve-vulner-manager/taskhandler/issue.go index 9330b46b07319e1ae3ab0c8b5c54b617fa45bd1f..134702993e264f5b6d7e5153be0bdc2d479eb544 100644 --- a/cve-vulner-manager/taskhandler/issue.go +++ b/cve-vulner-manager/taskhandler/issue.go @@ -1,14 +1,16 @@ package taskhandler import ( + "fmt" + "strings" + "time" + "cvevulner/common" "cvevulner/models" "cvevulner/util" - "fmt" + "github.com/astaxie/beego" "github.com/astaxie/beego/logs" - "strings" - "time" ) type GiteeTokenInfo struct { @@ -83,6 +85,13 @@ func ProcIssueIsExists(prnum int) error { } else { issueTmp.StatusName = state } + if issueData["issue_state"] != nil && issueData["issue_state"].(string) != "" { + issueState := issueData["issue_state"].(string) + if issueState == "已挂起" || strings.ToLower(issueState) == "suspended" { + issueTmp.StatusName = "suspended" + issueTmp.Status = 5 + } + } logs.Info("UpdateIssueTemplate2, issueNum: ", issueTmp.IssueNum, issueTmp.StatusName) updateErr := models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName", "IssueLabel") if updateErr != nil {