From 54d0e7b12113f638b490e4e6205c5da77d9cf1b3 Mon Sep 17 00:00:00 2001
From: zjm <1076115376@qq.com>
Date: Sat, 28 Jan 2023 16:43:42 +0800
Subject: [PATCH 1/2] unify robot token

---
 cve-vulner-manager/taskhandler/createissue.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cve-vulner-manager/taskhandler/createissue.go b/cve-vulner-manager/taskhandler/createissue.go
index 1be42d9..ad5606c 100644
--- a/cve-vulner-manager/taskhandler/createissue.go
+++ b/cve-vulner-manager/taskhandler/createissue.go
@@ -367,6 +367,7 @@ func CreateIssueToGit(accessToken, owner, path, assignee string,
 						models.DeleteIssueTemplate(issTempID)
 						return "", errors.New("调用gitee的创建issue接口失败")
 					}
+					owner, accessToken = common.GetOwnerAndToken(cve.CveNum, cve.OrganizationID)
 					//var issueTemps models.IssueTemplate
 					issueTemp.TemplateId = issTempID
 					CreateIssueData(&issueTemp, cve, sc, resp, path, assignee, issueType, labels, owner)
-- 
Gitee


From 14f6190c4d427ffe25933dd102534eb7b82655bd Mon Sep 17 00:00:00 2001
From: zjm <1076115376@qq.com>
Date: Sun, 29 Jan 2023 09:15:34 +0800
Subject: [PATCH 2/2] openeuler score sync nvd score

---
 cve-vulner-manager/controllers/cve.go         | 36 +++++++++++++
 .../cve-timed-task/tabletask/crawltask.go     |  4 ++
 cve-vulner-manager/models/issue.go            |  2 +-
 .../routers/commentsRouter_controllers.go     |  8 +++
 cve-vulner-manager/taskhandler/cve.go         | 51 +++++++++++++++++++
 5 files changed, 100 insertions(+), 1 deletion(-)

diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go
index f6881fb..01e5cd4 100644
--- a/cve-vulner-manager/controllers/cve.go
+++ b/cve-vulner-manager/controllers/cve.go
@@ -32,6 +32,11 @@ type CveIssueInfoData struct {
 	Branch         string  `json:"milestone"`
 }
 
+type CveIssueUpdate struct {
+	CveId       string `json:"cve_id"`
+	PackageName string `json:"package_name"`
+}
+
 const url = "https://gitee.com/%s/%s/issues/%s"
 
 // @Title Get cveissueinfo
@@ -98,6 +103,37 @@ func (u *CveIssueInfoController) Get() {
 	}
 }
 
+func (u *CveIssueInfoController) Post() {
+	var req []CveIssueUpdate
+
+	err := json.Unmarshal(u.Ctx.Input.RequestBody, &req)
+	if err != nil {
+		logs.Error("update cve issue score fail, err: ", err)
+		return
+	}
+
+	if len(req) == 0 {
+		return
+	}
+
+	logs.Info("updates cve issue :", req)
+
+	for _, c := range req {
+		cve := models.VulnCenter{CveNum: c.CveId, RepoName: c.PackageName}
+		err = models.GetVulnCenterByCid(&cve, "CveNum", "RepoName")
+		if err != nil {
+			logs.Error(err)
+			continue
+		}
+
+		err = taskhandler.UpdateCveIssueScore(cve)
+		if err != nil {
+			logs.Error("update cve score failed, err:", err)
+		}
+	}
+
+}
+
 type CveAllIssueController struct {
 	beego.Controller
 }
diff --git a/cve-vulner-manager/cve-timed-task/tabletask/crawltask.go b/cve-vulner-manager/cve-timed-task/tabletask/crawltask.go
index d6c5dbb..eabf877 100644
--- a/cve-vulner-manager/cve-timed-task/tabletask/crawltask.go
+++ b/cve-vulner-manager/cve-timed-task/tabletask/crawltask.go
@@ -311,5 +311,9 @@ func Crawling(url string) (XpathList, error) {
 		}
 	}
 
+	if strings.Contains(xpathList.CveDesc, "No description is available") {
+		xpathList.CveDesc = ""
+	}
+
 	return xpathList, nil
 }
diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go
index 6a574fb..1b29d02 100644
--- a/cve-vulner-manager/models/issue.go
+++ b/cve-vulner-manager/models/issue.go
@@ -607,7 +607,7 @@ func QueryIssueTemplateByLink(beforeTime string, prcnum int,
 	o := orm.NewOrm()
 	var it []IssueTemplate
 	num, err := o.Raw("select *"+
-		" from cve_issue_template where sec_link = '' and status = ? "+
+		" from cve_issue_template where status = ? "+
 		"and template_id > ? "+
 		"order by template_id asc limit ?", status, templateId, prcnum).QueryRows(&it)
 	if err == nil && num > 0 {
diff --git a/cve-vulner-manager/routers/commentsRouter_controllers.go b/cve-vulner-manager/routers/commentsRouter_controllers.go
index 3bf9a43..050ccb0 100644
--- a/cve-vulner-manager/routers/commentsRouter_controllers.go
+++ b/cve-vulner-manager/routers/commentsRouter_controllers.go
@@ -50,6 +50,14 @@ func init() {
 			MethodParams:     param.Make(),
 			Filters:          nil,
 			Params:           nil})
+	beego.GlobalControllerRouter["cvevulner/controllers:CveIssueInfoController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveIssueInfoController"],
+		beego.ControllerComments{
+			Method:           "Post",
+			Router:           "/",
+			AllowHTTPMethods: []string{"post"},
+			MethodParams:     param.Make(),
+			Filters:          nil,
+			Params:           nil})
 
 	beego.GlobalControllerRouter["cvevulner/controllers:CveIssueWhiteListController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveIssueWhiteListController"],
 		beego.ControllerComments{
diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go
index 785244e..00c6350 100644
--- a/cve-vulner-manager/taskhandler/cve.go
+++ b/cve-vulner-manager/taskhandler/cve.go
@@ -2787,3 +2787,54 @@ func JudgeVersion(ver1, ver2, sourceVer string) bool {
 	}
 	return false
 }
+
+func UpdateCveIssueScore(cveCenter models.VulnCenter) error {
+	score, sErr := models.QueryIssueScore(cveCenter.CveId)
+	if sErr != nil {
+		return sErr
+	}
+
+	score.OpenEulerScore = score.NVDScore
+	score.OattackVector = score.NattackVector
+	score.OattackComplexity = score.NattackComplexity
+	score.OprivilegeRequired = score.NprivilegeRequired
+	score.OuserInteraction = score.NuserInteraction
+	score.Oscope = score.Nscope
+	score.Oconfidentiality = score.Nconfidentiality
+	score.Ointegrity = score.Nintegrity
+	score.Oavailability = score.Navailability
+
+	issueTmp := models.IssueTemplate{CveId: cveCenter.CveId}
+	err := models.GetIssueTemplateByColName(&issueTmp, "CveId")
+	if err != nil {
+		return err
+	}
+
+	if score.OpenEulerScore != 0.0 && issueTmp.OpenEulerScore != 0.0 {
+		return nil
+	}
+
+	err = models.UpdateScore(&score,
+		"OpenEulerScore", "OattackVector", "OattackComplexity", "OprivilegeRequired", "OuserInteraction",
+		"Oscope", "Oconfidentiality", "Ointegrity", "Oavailability")
+	if err != nil {
+		return err
+	}
+
+	issueTmp.OpenEulerScore = issueTmp.NVDScore
+	issueTmp.OpenEulerVector = issueTmp.NVDVector
+
+	err = models.UpdateIssueTemplate(&issueTmp, "OpenEulerScore", "OpenEulerVector")
+	if err != nil {
+		return err
+	}
+
+	owner, accessToken := common.GetOwnerAndToken(cveCenter.CveNum, cveCenter.OrganizationID)
+
+	_, err = UpdateIssueToGit(accessToken, owner, issueTmp.Repo, cveCenter, issueTmp)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
-- 
Gitee