diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 27995428124910b1af0f8b19082ec4d4fefb2d18..03a9ef65aaf1af50bf677196124df30002a5e1da 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -85,7 +85,7 @@ getissue = 0 20 1,12 * * * issueflag = 1 createissue = 0 0 6 * * * emergissueflag = 1 -emergcreateissue = 0 */10 * * * * +emergcreateissue = 0 */20 * * * * test = 0/10 * * * * * gittokenflag = 2 issueoath = * * */20 * * * diff --git a/cve-vulner-manager/controllers/upload.go b/cve-vulner-manager/controllers/upload.go index 69306dd9114870ba2007edeb14d7e0430938ddce..3774fe9942af47ded7202535b334ff69c30e14e7 100644 --- a/cve-vulner-manager/controllers/upload.go +++ b/cve-vulner-manager/controllers/upload.go @@ -29,12 +29,15 @@ func (c *UserUploadController) RetData(resp map[string]interface{}, list []strin c.ServeJSON() // sysnc cve and create issue if list != nil && len(list) > 0 { - synErr := task.SyncCveAndIssue(list) - if synErr != nil { - logs.Error("SyncCveAndIssue, Sync cve data error, err: ", synErr) - } else { - logs.Info("SyncCveAndIssue, cve data has been synchronized") - } + go func() { + synErr := task.SyncCveAndIssue(list) + if synErr != nil { + logs.Error("SyncCveAndIssue, Sync cve data error, err: ", synErr) + } else { + logs.Info("SyncCveAndIssue, cve data has been synchronized") + } + return + }() } } @@ -216,11 +219,11 @@ func (u *UserUploadController) Post() { return } -func AddOrgUpstream(source int,CveDataDict common.CveOriginData) (ResDataList []ResultData) { +func AddOrgUpstream(source int, CveDataDict common.CveOriginData) (ResDataList []ResultData) { defer common.Catchs() logs.Info("Each request parameter: ", CveDataDict) // Record data flow - AddOrgUpstreamRecord(source,CveDataDict) + AddOrgUpstreamRecord(source, CveDataDict) var ResData ResultData ids := CveDataDict.Ids if len(ids) < 1 { @@ -392,7 +395,7 @@ func checkPackageAndVersion(packName string, orCve *models.OriginUpstream) { } } -func AddOrgUpstreamRecord(source int,CveDataDict common.CveOriginData) { +func AddOrgUpstreamRecord(source int, CveDataDict common.CveOriginData) { orCve := models.OriginUpstreamRecord{} ids := CveDataDict.Ids cveNum := CveDataDict.CveNum diff --git a/cve-vulner-manager/doc/md/manual.md b/cve-vulner-manager/doc/md/manual.md index 2c4209eadfed234df8459e6d80914323244f302d..3f487a0aaee8564fab8e46ba6c2c4ad2fe67655d 100644 --- a/cve-vulner-manager/doc/md/manual.md +++ b/cve-vulner-manager/doc/md/manual.md @@ -21,6 +21,21 @@ issue分析注意事项 1.openEuler-20.03-LTS(1.16.1): 2.openEuler-20.03-LTS-SP1(1.16.1): ``` +- 影响性分析填写: + ```batch + 1>填写漏洞影响性分析描述 + 2>填写方式: + 影响新分析说明: + 漏洞描述... + ``` +- openEuler评分: (评分和向量)填写: + ```batch + 1>填写漏洞打分和CVSS评分向量(评分和向量同步填写,少填漏填会出现错误提示) + 2>填写方式: + openEuler评分: (评分和向量): + 6.5 + Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H + ``` - 受影响版本排查(受影响/不受影响)填写说明(未引入分支不需要填写): ```batch 1>issue模板或第一条评论中不包含 如:1.openEuler-20.03-LTS:之类的填写项则不需要填写, @@ -37,13 +52,24 @@ issue分析注意事项 1.openEuler-20.03-LTS(1.16.1):是 2.openEuler-20.03-LTS-SP1(1.16.1):否 ``` - - 分析内容可一次性填写完整也可分条填写 - - 重复分析内容可覆盖上一次分析的内容(只要包含键值的评论不管内容是否为空都会覆盖) - - cve-manage 在每次分析评论提交后根据内容进行解析并根据解析后的内容进行回复,Maintainer在评论后没得到回复可主动刷新页面或有延迟 - - 当内容填写完整会触发两种回复中的一种: +- 分析内容可一次性填写完整也可分条填写 +- 重复分析内容可覆盖上一次分析的内容(只要包含键值的评论不管内容是否为空都会覆盖) +- cve-manage 在每次分析评论提交后根据内容进行解析并根据解析后的内容进行回复,Maintainer在评论后没得到回复可主动刷新页面或有延迟 +- 当内容填写完整会触发两种回复中的一种: - 1.评分不一致需要审核 + 1.评分不一致需要审核 + | 状态 | 需分析 | 内容 | + |-----|----------------|------------------------| + | 已分析 | openEulerScore | 6.0 | + | 已分析 | 影响性分析说明 | 您分析的内容 | + | 已分析 | openEulerVector | AV:A/AC:C... | + | 已分析 | 受影响的版本 | openEuler-20.03-LTS:受影响 | + | 已分析 | 修复是否涉及abi变化 | openEuler-20.03-LTS:是 | + **因openEulerScore与NvdScore不一致,分析内容需审核,请等待审核** + + 2.评分一致 + | 状态 | 需分析 | 内容 | |-----|----------------|------------------------| | 已分析 | openEulerScore | 6.0 | @@ -51,20 +77,9 @@ issue分析注意事项 | 已分析 | openEulerVector | AV:A/AC:C... | | 已分析 | 受影响的版本 | openEuler-20.03-LTS:受影响 | | 已分析 | 修复是否涉及abi变化 | openEuler-20.03-LTS:是 | - **因openEulerScore与NvdScore不一致,分析内容需审核,请等待审核** - - 2.评分一致 - - | 状态 | 需分析 | 内容 | - |-----|----------------|------------------------| - | 已分析 | openEulerScore | 6.0 | - | 已分析 | 影响性分析说明 | 您分析的内容 | - | 已分析 | openEulerVector | AV:A/AC:C... | - | 已分析 | 受影响的版本 | openEuler-20.03-LTS:受影响 | - | 已分析 | 修复是否涉及abi变化 | openEuler-20.03-LTS:是 | - **请确认分析内容的准确性,确认无误后,您可以进行后续步骤或您可以继续分析。** - - 评分不一致则需等待审核员审核后进行下一步 **否则将视为无效分析将不可导出** - - issue 已完成(关闭)且已分析完结、评分不一致需审核通过后的issue才具备发布安全公告到官网 + **请确认分析内容的准确性,确认无误后,您可以进行后续步骤或您可以继续分析。** +- 评分不一致则需等待审核员审核后进行下一步 **否则将视为无效分析将不可导出** +- issue 已完成(关闭)且已分析完结、评分不一致需审核通过后的issue才具备发布安全公告到官网 ### 审核员操作说明 - 安全委员会成员对填写的评分在当前issue的评论区回复如下指令 diff --git a/cve-vulner-manager/task/issue.go b/cve-vulner-manager/task/issue.go index 645af753c8e9c53f5249574c6101dccc7c410596..29d0560d89778a5eedf28faef97927afee29b622 100644 --- a/cve-vulner-manager/task/issue.go +++ b/cve-vulner-manager/task/issue.go @@ -248,7 +248,7 @@ func SetIssueProcParams() error { its := models.IssueTemplate{CveId: vl.CveId, CveNum: vl.CveNum} tmpErr := models.GetIssueTemplateByColName(&its, "CveId", "CveNum") if its.TemplateId == 0 { - logs.Error("tmpErr:", tmpErr) + logs.Info("tmpErr:", tmpErr) continue } if its.Status > 2 || (len(its.PlanStarted) > 1 && len(its.Deadline) > 1) { @@ -263,7 +263,7 @@ func SetIssueProcParams() error { } if its.NVDScore > 0 { cveLevel := models.OpenEulerScoreProc(its.NVDScore) - deadLine := taskhandler.CvePlanCloseTime(its.CreateTime, cveLevel, false,true) + deadLine := taskhandler.CvePlanCloseTime(its.CreateTime, cveLevel, false, true) planAt := common.GetSpecifiedTime(its.CreateTime, 0, false, true) priority := taskhandler.GetIssuePriority(cveLevel) owner, accessToken := common.GetOwnerAndToken(vl.CveNum, vl.OrganizationID) @@ -272,7 +272,7 @@ func SetIssueProcParams() error { if s, ok := issueBody["created_at"].(string); ok { if t, err := time.Parse("2006-01-02T15:04:05+08:00", s); err == nil { planAt = common.GetSpecifiedTime(t, 0, true, true) - deadLine = taskhandler.CvePlanCloseTime(t, cveLevel, true,true) + deadLine = taskhandler.CvePlanCloseTime(t, cveLevel, true, true) } } } diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index 125066f98c86f1295e896d142e515799e623d718..dd331804770a3fdb95450ade44291a1b0fc4bead 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -29,8 +29,9 @@ const ( RepoInfoURL = "https://api.openeuler.org/pkgmanage/packages/packageInfo?table_name=openEuler_LTS_20.03&pkg_name=%s" perPage = 50 //IssueType Types of issues crawled - CIssueType = "CVE和安全问题" - BranchRep = `(\(.*\))|((.*))` + CIssueType = "CVE和安全问题" + GaussIssueType = "缺陷" + BranchRep = `(\(.*\))|((.*))` ) type GiteeToken struct { diff --git a/cve-vulner-manager/taskhandler/createissue.go b/cve-vulner-manager/taskhandler/createissue.go index ffaaed7a1f35e2847443089eae40b60f8b516cce..26bc3509d291313ee41a86d196840053dcf4342d 100644 --- a/cve-vulner-manager/taskhandler/createissue.go +++ b/cve-vulner-manager/taskhandler/createissue.go @@ -326,7 +326,11 @@ func CreateIssueToGit(accessToken, owner, path, assignee string, if it.TemplateId > 0 { models.DeleteIssueTemplate(it.TemplateId) } - issueType := CIssueType + var issueType string + issueType = CIssueType + if cve.OrganizationID == 2 { + issueType = GaussIssueType + } labels := beego.AppConfig.String("labelUnFix") if accessToken != "" && owner != "" && path != "" { if models.FilterOldData(cve.CveNum) { diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index f487198fb98fddebb38369ec18d6b73e4efd0499..d8f2eb8aca692428a1d59281cc626ce4beab2ea7 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -369,7 +369,7 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum CveRes.Description = cveDesc.EnDescription } CveRes.CveVersion = pkList[1] - if len(cveData.PublishedDate) > 2 && CveRes.RepairTime != cveData.PublishedDate { + if len(cveData.PublishedDate) > 2 && CveRes.RepairTime != cveData.PublishedDate && len(cveData.PublishedDate) > 10 { CveRes.RepairTime = cveData.PublishedDate } //CveRes.PackName = pkList[0]