From 3e367fdbbef0a64c3cb5dd7c08c93beb63a02299 Mon Sep 17 00:00:00 2001 From: zjm <1076115376@qq.com> Date: Tue, 31 Jan 2023 17:04:58 +0800 Subject: [PATCH] add unaffected cve task --- cve-vulner-manager/conf/app.conf | 6 ++ cve-vulner-manager/conf/product_app.conf | 6 ++ cve-vulner-manager/task/cve.go | 83 ++++++++++++++++++++++++ cve-vulner-manager/task/inittask.go | 10 +++ 4 files changed, 105 insertions(+) diff --git a/cve-vulner-manager/conf/app.conf b/cve-vulner-manager/conf/app.conf index 9c850a1..0cbed05 100644 --- a/cve-vulner-manager/conf/app.conf +++ b/cve-vulner-manager/conf/app.conf @@ -128,6 +128,9 @@ getv8token = 0/10 * * * * * setissueprocdateflag = 2 setissueprocdate = */10 * * * * * +releaseUnaffectedCveflag = 2 +releaseUnaffectedCve = 0 0 11 * * 1 + [gitee] #owner = cve-test #owner = src-openeuler @@ -204,6 +207,9 @@ yaml_config_table = "cve_open_euler_repo_origin:1,cve_open_guss_yaml:2,cve_mind_ bot_cu_account = "openeuler-ci-bot,opengauss-bot,mindspore-ci-bot,mindspore_ci,i-robot,CVE,I-am-a-robot" out_of_sync_branch = "openEuler1.0-base,openEuler1.0" +user = "${UPLOAD_USERNAME||xxx}" +pwd = "${UPLOAD_PASSWORD||xxx}" + [reflink] comment_cmd = https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md gauss_comment_cmd = https://gitee.com/opengauss/security/blob/master/cve/manual.md diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index dbfc8dc..6d5b01a 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -128,6 +128,9 @@ getv8token = 0 0 */6 * * * setissueprocdateflag = 1 setissueprocdate = 0 */30 * * * * +releaseUnaffectedCveflag = 1 +releaseUnaffectedCve = 0 0 11 * * 1 + [gitee] owner = src-openeuler @@ -198,6 +201,9 @@ yaml_config_table = "cve_open_euler_repo_origin:1,cve_open_guss_yaml:2,cve_mind_ bot_cu_account = "openeuler-ci-bot,opengauss-bot,mindspore-ci-bot,mindspore_ci,i-robot,CVE,I-am-a-robot,openMajun_admin" out_of_sync_branch = "openEuler1.0-base,openEuler1.0" +user = "${UPLOAD_USERNAME||xxx}" +pwd = "${UPLOAD_PASSWORD||xxx}" + [reflink] comment_cmd = https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md gauss_comment_cmd = https://gitee.com/opengauss/security/blob/master/cve/manual.md diff --git a/cve-vulner-manager/task/cve.go b/cve-vulner-manager/task/cve.go index faeda5c..97f3158 100644 --- a/cve-vulner-manager/task/cve.go +++ b/cve-vulner-manager/task/cve.go @@ -1,7 +1,18 @@ package task import ( + "bytes" + "encoding/xml" "errors" + "fmt" + "io/ioutil" + "mime/multipart" + "net/http" + "os" + "path/filepath" + "strings" + + "github.com/astaxie/beego" "cvevulner/common" "cvevulner/taskhandler" @@ -66,3 +77,75 @@ func ParamsCveOriginData() error { logs.Info("The task of generating cve original data into cve library is over.") return errx } + +func ReleaseUnaffectedCve() error { + startTime := common.TimeStrSub(common.GetCurDate(), -30) + + accessToken := os.Getenv("GITEE_TOKEN") + if len(accessToken) == 0 { + return fmt.Errorf("triggerUnaffectedCve, issue token acquisition failed") + } + + owner := beego.AppConfig.String("gitee::owner") + unaffectYear := beego.AppConfig.DefaultInt("excel::unaffect_year", 2018) + dir := beego.AppConfig.DefaultString("fileDir", "download") + _ = common.CreateDir(dir) + + var unaffectcvrf = taskhandler.UnaffectCvrfSa{Xmlns: "http://www.icasi.org/CVRF/schema/cvrf/1.1", + XmlnsCvrf: "http://www.icasi.org/CVRF/schema/cvrf/1.1"} + cvrffileName := filepath.Join(dir, "cvrf-unaffected-cve-"+common.GetCurDate()+".xml") + du := beego.AppConfig.DefaultString("excel::v_pack_20_03_url", "") + csvPathList := strings.Split(du, ";") + for _, branch := range csvPathList { + branchs := strings.Split(branch, "@") + if len(branchs) > 0 && branchs[0] != "" { + taskhandler.UnaffectIssueProc(branchs[0], nil, nil, startTime, + accessToken, owner, &unaffectcvrf, unaffectYear, nil) + } + } + + if len(unaffectcvrf.Vulnerability) == 0 { + logs.Error("unaffected cve is empty, time:", startTime) + return fmt.Errorf("unaffected cve is empty, time:%s", startTime) + } + + _ = os.Remove(cvrffileName) + xmlOutPut, outPutErr := xml.MarshalIndent(unaffectcvrf, "", " ") + if outPutErr != nil { + return outPutErr + } + + xmlOutPutData := append([]byte(xml.Header), xmlOutPut...) + _ = ioutil.WriteFile(cvrffileName, xmlOutPutData, os.ModeAppend) + + uploadCvrfDir := beego.AppConfig.String("obs::download_cvrf_dir") + + _, localFileName := filepath.Split(cvrffileName) + obsErr := taskhandler.PostFile(cvrffileName, uploadCvrfDir+localFileName) + if obsErr != nil { + logs.Error("upload file fail, obsErr: ", obsErr) + return obsErr + } + + url := beego.AppConfig.String("reflink::openeuler_web") + "/api-cve/cve-security-notice-server/syncUnCVE" + var buf = new(bytes.Buffer) + form := multipart.NewWriter(buf) + _ = form.WriteField("username", beego.AppConfig.String("cve::user")) + _ = form.WriteField("password", beego.AppConfig.String("cve::pwd")) + _ = form.WriteField("cveNo", localFileName) + err := form.Close() + if err != nil { + logs.Error("multipart close failed, err:", err.Error()) + return err + } + + _, err = http.Post(url, form.FormDataContentType(), buf) + if err != nil { + logs.Error("release unaffected cve failed, err:", err.Error()) + return err + } + + taskhandler.DelFile([]string{cvrffileName}) + + return nil +} diff --git a/cve-vulner-manager/task/inittask.go b/cve-vulner-manager/task/inittask.go index 56b5814..42e192f 100644 --- a/cve-vulner-manager/task/inittask.go +++ b/cve-vulner-manager/task/inittask.go @@ -190,6 +190,10 @@ func SetIssueProcDateTask(setissueprocdate string) { toolbox.AddTask("SetIssueProcParams", setIssueDateTask) } +func ReleaseUnaffetcdCveTask(spec string) { + toolbox.AddTask("ReleaseUnaffetcdCveTask", toolbox.NewTask("ReleaseUnaffetcdCveTask", spec, ReleaseUnaffectedCve)) +} + // start task func StartTask() { toolbox.StartTask() @@ -353,5 +357,11 @@ func InitTask() bool { setissueprocdate := BConfig.String("crontab::setissueprocdate") SetIssueProcDateTask(setissueprocdate) } + + releaseUnaffectedCveFlag, sErr := BConfig.Int("crontab::releaseUnaffectedCveflag") + if releaseUnaffectedCveFlag == 1 && sErr == nil { + ReleaseUnaffetcdCveTask(BConfig.String("crontab::releaseUnaffectedCve")) + } + return true } -- Gitee