diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 03a9ef65aaf1af50bf677196124df30002a5e1da..806a0c11bf400a532529c5adf06cb8b3bca1f14a 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -173,7 +173,7 @@ cve_number_t = 2018 # Create an issue's repo whitelist;1: open; 2: close issue_whitelist = 2 # List of affected branches: openEuler-20.03-LTS,openEuler-20.03-LTS-SP1 -affected_branchs = "openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.09" +affected_branchs = "openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS" abandoned_branchs = "openEuler-20.03-LTS,openEuler-21.03,openEuler-21.09,openEuler-20.09" # Close the highest privilege of issue:1:open;2:close close_issue_privilege = 2 @@ -190,12 +190,12 @@ credibility_level = 6 # Date before adding the security bulletin link task sec_link_date = -100 # Branch configuration of cve that needs to submit an issue -submit_issue_branch = "openEuler-22.03-LTS,openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-Next,openEuler-21.03,master,openEuler-22.09" +submit_issue_branch = "openEuler-22.03-LTS,openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-Next,openEuler-21.03,master" # De-duplication de_duplication_date = -100 # table num yaml_config_table = "cve_open_euler_repo_origin:1,cve_open_guss_yaml:2,cve_mind_spore_yaml:3,cve_open_lookeng_yaml:4" -bot_cu_account = "openeuler-ci-bot,opengauss-bot,mindspore-ci-bot,mindspore_ci,i-robot,CVE,I-am-a-robot" +bot_cu_account = "openeuler-ci-bot,opengauss-bot,mindspore-ci-bot,mindspore_ci,i-robot,CVE,I-am-a-robot,openMajun_admin" out_of_sync_branch = "openEuler1.0-base,openEuler1.0" [reflink] diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 23eac3dc8f55d1b52d9dcb452e42020253c1edd2..955f6eb9a5ee60d9c5f0adf3aead80ff68d6310b 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -672,7 +672,7 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter affectedBranchs = beego.AppConfig.String("cve::affected_branchs") path = issueTmp.Repo if affectedBranchs != "" && len(affectedBranchs) > 0 { - affectBranchsxList = strings.Split(affectedBranchs[:strings.Index(affectedBranchs, ",openEuler-22.09")], ",") + affectBranchsxList = strings.Split(affectedBranchs, ",") } } diff --git a/cve-vulner-manager/controllers/object.go b/cve-vulner-manager/controllers/object.go index bde796f65b5b48733e912f6948c640ac5f356737..2f841201659961290bc761a968cdca90d85f12d6 100644 --- a/cve-vulner-manager/controllers/object.go +++ b/cve-vulner-manager/controllers/object.go @@ -1,8 +1,12 @@ package controllers import ( - "cvevulner/models" "encoding/json" + "strings" + + "cvevulner/models" + "cvevulner/task" + "github.com/astaxie/beego" "github.com/astaxie/beego/logs" ) @@ -38,6 +42,7 @@ func (o *ObjectController) Post() { // @router /:objectId [get] func (o *ObjectController) Get() { objectId := o.Ctx.Input.Param(":objectId") + task.SyncCreateIssue(strings.Split(objectId, ",")) if objectId != "" { ob, err := models.GetOne(objectId) if err != nil { diff --git a/cve-vulner-manager/cve-timed-task/db_models/db_operations.go b/cve-vulner-manager/cve-timed-task/db_models/db_operations.go index 54afaceb6738e2a013e37b89b9412a7a6cc724fd..32fc427361c91a8c896b35ab0ab6a87c3d88cb6d 100644 --- a/cve-vulner-manager/cve-timed-task/db_models/db_operations.go +++ b/cve-vulner-manager/cve-timed-task/db_models/db_operations.go @@ -322,10 +322,10 @@ func SelectOpenlookengYamlOriginData(packageName, version, repokey string, ORM o // InsertMindYamlOriginData insert origin data func InsertMindYamlOriginData(mindSporeYaml *models.MindSporeYaml, ORM orm.Ormer) error { sqlString := "insert into cve_mind_spore_yaml(package_name,version,origin_url, status, " + - "cpe_name,create_time,update_time, mark_bit, repo_name, owner) values(?,?,?,?,?,?,?,?,?,?)" + "cpe_name,create_time,update_time, mark_bit, repo_name, owner, milestone) values(?,?,?,?,?,?,?,?,?,?,?)" _, err := ORM.Raw(sqlString, mindSporeYaml.PackageName, mindSporeYaml.Version, mindSporeYaml.OriginUrl, mindSporeYaml.Status, mindSporeYaml.CpeName, mindSporeYaml.CreateTime, - mindSporeYaml.UpdateTime, mindSporeYaml.MarkBit, mindSporeYaml.Repo, mindSporeYaml.Owner).Exec() + mindSporeYaml.UpdateTime, mindSporeYaml.MarkBit, mindSporeYaml.Repo, mindSporeYaml.Owner, mindSporeYaml.Milestone).Exec() return err } @@ -341,7 +341,7 @@ func InsertOpenlookengYamlOriginData(openLookengYaml *models.OpenLookengYaml, OR // UpdateMindYamlOriginData Update origin data func UpdateMindYamlOriginData(mindSporeYaml *models.MindSporeYaml, ORM orm.Ormer) (int64, error) { - id, err := ORM.Update(mindSporeYaml, "OriginUrl", "Status", "CpeName", "UpdateTime", "MarkBit", "Owner") + id, err := ORM.Update(mindSporeYaml, "OriginUrl", "Status", "CpeName", "UpdateTime", "MarkBit", "Owner", "Milestone") return id, err } diff --git a/cve-vulner-manager/cve-timed-task/tabletask/mindspore_yaml.go b/cve-vulner-manager/cve-timed-task/tabletask/mindspore_yaml.go index b6b744109528a71aa56d072bcd8593913f9bdcb1..eb9f27acd002514c3619fec51ca1143abd6763f4 100644 --- a/cve-vulner-manager/cve-timed-task/tabletask/mindspore_yaml.go +++ b/cve-vulner-manager/cve-timed-task/tabletask/mindspore_yaml.go @@ -1,17 +1,23 @@ package tabletask import ( + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "os" + "strings" + "time" + + "cvevulner/common" "cvevulner/cve-timed-task/db_models" "cvevulner/cve-timed-task/util" "cvevulner/models" - "errors" + "github.com/astaxie/beego" "github.com/astaxie/beego/logs" "github.com/astaxie/beego/orm" - "io" - "net/http" - "os" - "time" ) // DownloadGuessYaml Download the yaml file of openGauss on Gitee @@ -57,14 +63,26 @@ func StoreMindSporeYaml(yamlData map[string]map[string]map[string]string, ormMod logs.Error("db_models.UpdateYamlOriginMarkLookeng:", err.Error()) return } + owner, token := common.GetOwnerAndToken("", 3) for RepoKey, RepoValue := range yamlData { for k, v := range RepoValue { + milestones, _ := getMilestone(owner, token, RepoKey) + mile := 0 if _, ok := v["version"]; !ok || v["version"] == "" { v["version"] = "" } if _, ok := v["handler"]; !ok || v["handler"] == "" { v["handler"] = "" } + if _, ok := v["milestone"]; !ok || v["milestone"] == "" { + v["milestone"] = "" + } + for _, milestone := range milestones { + if strings.EqualFold(milestone.Title, v["milestone"]) { + mile = milestone.Id + break + } + } //open transaction logs.Info("open transaction") tranErr := ormModel.Begin() @@ -103,6 +121,7 @@ func StoreMindSporeYaml(yamlData map[string]map[string]map[string]string, ormMod MarkBit: 1, Repo: RepoKey, Owner: v["handler"], + Milestone: mile, } sErr = db_models.InsertMindYamlOriginData(mindSporeYaml, ormModel) if sErr != nil { @@ -132,6 +151,7 @@ func StoreMindSporeYaml(yamlData map[string]map[string]map[string]string, ormMod UpdateTime: now.Format("2006-01-02 15:04:05"), MarkBit: 1, Owner: v["handler"], + Milestone: mile, } _, sErr = db_models.UpdateMindYamlOriginData(mindSporeYaml, ormModel) if sErr != nil { @@ -309,3 +329,24 @@ func ProcMindSporeYaml() { DeleteYamlData(ormModel) } + +type miles struct { + Id int + Title string +} + +func getMilestone(owner, token, repo string) (data []miles, _ error) { + url := fmt.Sprintf("https://gitee.com/api/v5/repos/%s/%s/milestones?access_token=%s&state=open&sort=due_on&page=1&per_page=100", owner, repo, token) + + do, err := http.Get(url) + if err != nil { + return nil, err + } + + if do.StatusCode > 300 { + return nil, nil + } + + err = json.NewDecoder(do.Body).Decode(&data) + return +} diff --git a/cve-vulner-manager/models/modeldb.go b/cve-vulner-manager/models/modeldb.go index 81f84c39d67f79ba5a3bc9557506990608dc19e0..2586d212e72499d8cb63170c2f0d5e54ffb24f94 100644 --- a/cve-vulner-manager/models/modeldb.go +++ b/cve-vulner-manager/models/modeldb.go @@ -927,7 +927,8 @@ type MindSporeYaml struct { Status int8 `orm:"default(1);column(status)" description:"1:正常;2:已删除"` CpeName string `orm:"type(text);column(cpe_name)" description:"cpe的名称"` MarkBit int8 `orm:"default(1);column(mark_bit)" description:"1:正常;2:已删除"` - Owner string `orm:"size(512);column(owner);index" description:""` + Owner string `orm:"size(128);column(owner);index" description:"负责人"` + Milestone int `orm:"size(128);column(milestone)" description:"里程碑"` CreateTime string `orm:"size(32);column(create_time)"` UpdateTime string `orm:"size(32);column(update_time);null"` DeleteTime string `orm:"size(32);column(delete_time);null"` diff --git a/cve-vulner-manager/task/issue.go b/cve-vulner-manager/task/issue.go index 49f81ba73fcb181f5bec468e504b0c89578c2008..1685a74a7dd3c037a9d8b02bb3641b9fb85f6820 100644 --- a/cve-vulner-manager/task/issue.go +++ b/cve-vulner-manager/task/issue.go @@ -242,33 +242,31 @@ func SetIssueProcParams() error { if len(vulnCve) > 0 { for _, vl := range vulnCve { cveId = vl.CveId - if vl.Status > 2 { - if vl.OrganizationID == 3 && vl.Status == 6 { - } else { - continue - } + organid := vl.OrganizationID + if vl.Status > 2 && organid != 3 { + continue } its := models.IssueTemplate{CveId: vl.CveId, CveNum: vl.CveNum} _ = models.GetIssueTemplateByColName(&its, "CveId", "CveNum") if its.TemplateId == 0 || its.Status > 2 { continue } - if len(its.PlanStarted) > 1 && len(its.Deadline) > 1 && vl.OrganizationID != 3 { + if len(its.PlanStarted) > 1 && len(its.Deadline) > 1 && organid != 3 { continue } - authToken := tokenMap[vl.OrganizationID] + authToken := tokenMap[organid] var priorityOld int = -1 taskhandler.GetEntIssueDetail(vl, &its, &priorityOld) if len(its.PlanStarted) > 1 && len(its.Deadline) > 1 { its.UpdateTime = time.Now() models.UpdateIssueTemplate(&its, "PlanStarted", "Deadline", "UpdateTime") - if vl.OrganizationID != 3 { + if organid != 3 { continue } } - if its.NVDScore > 0 || (its.NVDScore >= 0 && vl.OrganizationID == 3) { + if its.NVDScore > 0 || organid == 3 { var cveLevel string - if vl.OrganizationID == 3 { + if organid == 3 { cveLevel = models.MindSporeScoreProc(its.NVDScore) } else { cveLevel = models.OpenEulerScoreProc(its.NVDScore) @@ -279,7 +277,7 @@ func SetIssueProcParams() error { if priority <= priorityOld { continue } - owner, accessToken := common.GetOwnerAndToken(vl.CveNum, vl.OrganizationID) + owner, accessToken := common.GetOwnerAndToken(vl.CveNum, organid) issueErr, issueBody := taskhandler.GetGiteeIssue(accessToken, owner, its.Repo, its.IssueNum) if issueErr == nil && issueBody != nil { if s, ok := issueBody["created_at"].(string); ok { diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go index df9214db0b1dee55772f77cfbdc4596fd8427ffb..952e03b869097233c3d48b6c305bf9f526585e60 100644 --- a/cve-vulner-manager/taskhandler/common.go +++ b/cve-vulner-manager/taskhandler/common.go @@ -2,6 +2,7 @@ package taskhandler import ( "encoding/base64" + "encoding/json" "fmt" "os" "strconv" @@ -44,6 +45,20 @@ type GiteeToken struct { Scope string } +type IssueOptions struct { + Token string `json:"access_token"` + Repo string `json:"repo"` + Title string `json:"title"` + IssueType string `json:"issue_type"` + Body string `json:"body"` + Assignee string `json:"assignee"` + Labels string `json:"labels"` + SecurityHole bool `json:"security_hole"` + Collaborators string `json:"collaborators,omitempty"` + Program string `json:"program,omitempty"` + Milestone int64 `json:"milestone,omitempty"` +} + const bodyTpl = `一、漏洞信息 漏洞编号:%v 漏洞归属组件:%v @@ -967,6 +982,21 @@ func CreateIssueBody(accessToken, owner, path, assignee string, if len(cve.CveVersion) > 0 && cve.CveVersion[0] == ',' { cve.CveVersion = cve.CveVersion[1:] } + mile := 0 + if cve.OrganizationID == 3 { + cveList := strings.Split(cve.CveVersion, ",") + if len(cveList) > 0 { + for _, vl := range cveList { + ms := models.MindSporeYaml{PackageName: cve.RepoName, Version: vl, Repo: cve.PackName} + _ = models.GetMindSporeYaml(&ms, "PackageName", "Version", "Repo") + if ms.Id > 0 && ms.Milestone > 0 { + mile = ms.Milestone + break + } + } + } + } + if flag == 1 { if floatOpenEulerScore > 0.0 || (its.OpenEulerVector != "" && len(its.OpenEulerVector) > 1) { nveScore := score + " " + cve.CveLevel @@ -1019,11 +1049,20 @@ func CreateIssueBody(accessToken, owner, path, assignee string, cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource), genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion) } - if cve.OrganizationID == 3 && assignee != "fangzhou0329" { - requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","issue_type": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false","collaborators":"fangzhou0329","program":"67813"}`, accessToken, path, cve.CveNum, issueType, body, assignee, labels) - } else { - requestBody = fmt.Sprintf(`{"access_token": "%s","repo": "%s","title": "%s","issue_type": "%s","body": "%s","assignee": "%s","labels": "%s","security_hole": "false"}`, accessToken, path, cve.CveNum, issueType, body, assignee, labels) + + issue := IssueOptions{Token: accessToken, Repo: path, Title: cve.CveNum, IssueType: issueType, Body: body, Assignee: assignee, Labels: labels, SecurityHole: false} + if cve.OrganizationID == 3 { + issue.Program = "67813" + if assignee != "fangzhou0329" { + issue.Collaborators = "fangzhou0329" + } + if mile != 0 { + issue.Milestone = int64(mile) + } } + + bys, _ := json.Marshal(&issue) + requestBody = string(bys) } else { if floatOpenEulerScore > 0.0 || (its.OpenEulerVector != "" && len(its.OpenEulerVector) > 1) { nveScore := score + " " + cve.CveLevel diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index 954867d18d54f17ca675891ea4f4345d6c6eee48..c8b83f626427c2dcc0cc251be55ca13f60385de7 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -1082,6 +1082,9 @@ func AddOrDataToCenter(repoNme, packageName, cveRef, scopeType, value string, cv versionList, pkList []string, openeulerNum int, cveDesc models.OriginUpstreamDesc, cveScV3 models.OriginUpstreamImpactScoreV3, goe models.GitPackageInfo, cveScV2 models.OriginUpstreamImpactScoreV2, organizationID int8) (bool, error) { + if repoNme == "OpenSSL" && organizationID == 1 { + return true, nil + } CveRes, err := models.QueryCveByNum(cveData.CveNum, repoNme, organizationID) if err { CveRes.RepoName = packageName