diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index 7ce5853bb3f11da1249f075e26c792cf908240b4..f487198fb98fddebb38369ec18d6b73e4efd0499 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -2485,8 +2485,7 @@ func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, model Scheme: req.URL.Scheme, Host: req.URL.Host, RawQuery: params, - //Path: "/api-cve/cve-security-notice-server/cvedatabase/getByCveId", - Path: path, + Path: path, } req.URL.EscapedPath() resp, err := http.Get(req.URL.String()) @@ -2500,7 +2499,7 @@ func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, model logs.Error("ReadAll, url: ", req.URL.String(), err) return false, detail } - logs.Info("GetCveSecurityNotice, body: ", string(body)) + //logs.Info("GetCveSecurityNotice, body: ", string(body)) err = json.Unmarshal(body, &detail) if err != nil { logs.Error("Unmarshal, url: ", req.URL.String(), err) @@ -2512,7 +2511,7 @@ func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, model return false, detail } -func GetCveProduct(cveNumber, packageName string, branch string) (bool, models.RespCveProduct) { +func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, models.RespCveProduct) { var detail models.RespCveProduct var urlS url.URL q := urlS.Query() @@ -2543,12 +2542,15 @@ func GetCveProduct(cveNumber, packageName string, branch string) (bool, models.R if err != nil { return false, detail } - for _, v := range detail.Result { - if strings.EqualFold(v.ProductName, branch) { - return true, detail + if len(branch) > 0 { + for _, v := range detail.Result { + if strings.EqualFold(v.ProductName, branch[0]) { + return true, detail + } } + return false, detail } - return false, detail + return len(detail.Result) >= 3, detail } //FilterCveExported Filter exportable data @@ -2565,10 +2567,12 @@ func FilterCveExported() { defer ewg.Done() issueExist, _ := GetCveSecurityNotice(center.CveNum, center.PackName, true) if issueExist { - dbLock.Lock() - center.IsExport = 1 - models.UpdateVulnCenter(¢er, "is_export") - dbLock.Unlock() + if productExist, _ := GetCveProduct(center.CveNum, center.PackName); productExist { + dbLock.Lock() + center.IsExport = 1 + models.UpdateVulnCenter(¢er, "is_export") + dbLock.Unlock() + } } else { if center.IsExport == 2 { dbLock.Lock() diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index 1e17a88c7dce1b72ebca12e17f8a6f8c865828ab..1e86c46c62428b4e2fe2c5ecd366b5f0d20b7ef4 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1175,16 +1175,21 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, data, err := getDataUnaffect(startTime) if len(data) > 0 { for _, v := range data { - issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, false) + issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, true) if issueExist { - var center models.VulnCenter - center.CveId = v.CveId - centErr := models.GetVulnCenterByCid(¢er, "cve_id") - if centErr == nil { - center.IsExport = 1 - models.UpdateVulnCenter(¢er, "is_export") + if productExist, _ := GetCveProduct(v.CveNum, v.Repo); productExist { + var center models.VulnCenter + center.CveId = v.CveId + centErr := models.GetVulnCenterByCid(¢er, "cve_id") + if centErr == nil { + center.IsExport = 1 + models.UpdateVulnCenter(¢er, "is_export") + } + continue + } + if ok, _ := GetCveProduct(v.CveNum, v.Repo, affectBranch); ok { + continue } - continue } if len(cves) != 0 && !filterCveInSlice(v.CveNum, cves) { continue @@ -1196,12 +1201,8 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, continue } for _, vx := range el { - if filterCveInSlice(vx.CveNum, FilterCveList) { + if filterFixBranch(&vx, vx.CveNum, affectBranch) { continue - } else { - if judgeImpactIsFixed(&vx, vx.CveNum) { - continue - } } affectBool := FindUnaffectBrach(&vx, affectBranch, accessToken, owner) if affectBool { @@ -1240,8 +1241,11 @@ func filterCveInSlice(cve string, filterCveList []string) bool { } // if cve exist affected and label exist CVE/FIXED return true -func judgeImpactIsFixed(data *models.ExcelExport, cve string) bool { - has := false +func filterFixBranch(data *models.ExcelExport, cve, branch string) (has bool) { + has = false + if !strings.Contains(data.IssueLabel, "CVE/FIXED") { + return + } if data.AffectedVersion != "" && len(data.AffectedVersion) > 1 { versions := strings.Split(data.AffectedVersion, ",") for _, v := range versions { @@ -1252,17 +1256,14 @@ func judgeImpactIsFixed(data *models.ExcelExport, cve string) bool { branchSlice = strings.Split(v, ":") } if len(branchSlice) == 2 && len(branchSlice[1]) != 0 { - if branchSlice[1] == "受影响" { - if strings.Contains(data.IssueLabel, "CVE/FIXED") { - FilterCveList = append(FilterCveList, cve) - has = true - break - } + if strings.EqualFold(branchSlice[0], branch) && branchSlice[1] == "受影响" { + has = true + break } } } } - return has + return } func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, @@ -1287,8 +1288,7 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, // Check whether the cve data has been released sa issueExist, _ := GetCveSecurityNotice(tpl.CveNum, tpl.Repo, true) if issueExist { - productExist, _ := GetCveProduct(tpl.CveNum, tpl.Repo, affectBranch) - if productExist { + if productExist, _ := GetCveProduct(tpl.CveNum, tpl.Repo); productExist { var center models.VulnCenter center.CveId = tpl.CveId centErr := models.GetVulnCenterByCid(¢er, "cve_id") @@ -1298,6 +1298,9 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, } continue } + if ok, _ := GetCveProduct(tpl.CveNum, v.Repo, affectBranch); ok { + continue + } } err = models.ReplacePackageByCveId(pkgList, tpl.CveId, affectBranch) if err != nil {