diff --git a/cve-vulner-manager/common/common.go b/cve-vulner-manager/common/common.go index d79eee605e79ae8cf5a164d0aaeaec9ee054f0fb..a6ea90f8a950345085be20500f0071e6d28932ac 100644 --- a/cve-vulner-manager/common/common.go +++ b/cve-vulner-manager/common/common.go @@ -584,6 +584,22 @@ func GetCveSource(cve string) (source int) { return } +func ValidateMajunPack(cve, pack string) (source int) { + source = 0 + if len(cve) == 0 { + return + } + o := orm.NewOrm() + var res Source + err := o.Raw("select source from cve_origin_upstream_record where cve_num = ? and git_packname like ? ORDER BY cve_record_id DESC", cve, "%"+pack+"%").QueryRow(&res) + if err != nil { + logs.Error(err) + return + } + source = res.Source + return +} + func GetCveSourceRecord(cve string) (source int) { source = 0 if len(cve) == 0 { diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 806a0c11bf400a532529c5adf06cb8b3bca1f14a..da4450b33b51cc58563ab9bc26916ec66460895a 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -77,7 +77,7 @@ getymal = 0 40 1 * * * eulerymalflag = 1 eulergetymal = 0 0 1 * * * cveflag = 1 -getcve = 0 */10 * * * * +getcve = 0 */40 * * * * oricveflag = 1 oricvecheck = 0 0 2 * * * getissueflag = 1 @@ -85,12 +85,12 @@ getissue = 0 20 1,12 * * * issueflag = 1 createissue = 0 0 6 * * * emergissueflag = 1 -emergcreateissue = 0 */20 * * * * +emergcreateissue = 0 */30 * * * * test = 0/10 * * * * * gittokenflag = 2 issueoath = * * */20 * * * genexcelflag = 1 -genexcel = 0 30 7 * * * +genexcel = 0 15 15 * * * days = -30 prcnum = 50 printlogflag = 1 diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go index 41617f0526930aedc97f7630061eb15f1067e188..cd42fc7990801ae7373bd87cbc038918a24ab745 100644 --- a/cve-vulner-manager/task/issuetask.go +++ b/cve-vulner-manager/task/issuetask.go @@ -782,6 +782,9 @@ func OpenLooKengIssue(issueValue models.VulnCenter, accessToken, owner, path, as //ProcIssue Deal with issue func ProcIssue(issueValue models.VulnCenter, accessToken, owner string) error { owner, accessToken = common.GetOwnerAndToken(issueValue.CveNum, issueValue.OrganizationID, 1) + if accessToken == beego.AppConfig.String("majun::token") && common.ValidateMajunPack(issueValue.CveNum, issueValue.RepoName) != 1 { + return nil + } assignee := "" path := issueValue.PackName // According to the requirements, the missing cve of nvd needs to submit an issue diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index f62bb4f169621a3284346c64ab3515f67bd8531a..423fc23a3bae664c01957cbe5b5759bbddd7e9a9 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -1377,6 +1377,10 @@ func GetCveOriginData(prcnum, days, openeulernum, credibilityLevel int, cveRef s for i, cveOrg := range osx { count = count + 1 // Add mutex + if cveOrg.Credibility > 3 && cveOrg.CveId <= 20557 { + ch <- i + continue + } lockOk := models.LockUpdateOriginStatus(common.GetCurTime(), cveOrg.PackName, cveOrg.Version, cveOrg.CveId, cveOrg.Status, 15) if !lockOk { @@ -2550,6 +2554,23 @@ func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, model if err != nil { return false, detail } + affectedBranchs := beego.AppConfig.String("cve::affected_branchs") + if len(detail.Result) >= 3 { + var p string + var f = true + for _, product := range detail.Result { + p += strings.ToLower(product.ProductName) + "," + } + for _, s := range strings.Split(strings.ToLower(affectedBranchs), ",") { + if !strings.Contains(p, s) { + f = false + break + } + } + if f { + return true, detail + } + } if len(branch) > 0 { for _, v := range detail.Result { if strings.EqualFold(v.ProductName, branch[0]) { @@ -2558,7 +2579,7 @@ func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, model } return false, detail } - return len(detail.Result) > 4, detail + return len(detail.Result) >= 4, detail } //FilterCveExported Filter exportable data