diff --git a/cve-vulner-manager/main.go b/cve-vulner-manager/main.go index a2e7588738effff8fea662190f360d2769f9ee40..a7bb8a16500793cdd42f1f117d1beab2c6420b3c 100644 --- a/cve-vulner-manager/main.go +++ b/cve-vulner-manager/main.go @@ -1,13 +1,14 @@ package main import ( + "github.com/astaxie/beego" + "cvevulner/common" cve_timed_task "cvevulner/cve-timed-task" "cvevulner/models" _ "cvevulner/models" _ "cvevulner/routers" "cvevulner/task" - "github.com/astaxie/beego" ) func init() { diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index afaf11c0cd21f19d0feef95dda43f5a881a42641..3e58143eb729f38580a1889e6d79c123ce369e9b 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -10,6 +10,7 @@ import ( "net/url" "os" "path/filepath" + "regexp" "strconv" "strings" "sync" @@ -572,6 +573,14 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum SecNOtice.OpenId = OpenEulId SecNOtice.Summary = pkList[0] + " security update" SecNOtice.ReferenceLink = cveRef + cveData.CveNum + + split := strings.Split(SecNOtice.Description, "Security Fix(es):") + if len(split) >= 2 { + match := regexp.MustCompile(`\S+`).FindAllStringSubmatch(split[0], 1) + if len(match) == 0 { + SecNOtice.Description = genSecurityNoticeDescription(goe, cveDesc, CveRes) + } + } } else { var sec models.SecurityNotice sec.CveNum = cveData.CveNum @@ -585,11 +594,7 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum if len(goe.Decription) < 1 { goe.Decription = goe.Summary } - if goe.Decription != "" && len(goe.Decription) > 0 { - sec.Description = goe.Decription + "\n\n" + "Security Fix(es):" + "\n\n" + cveDesc.EnDescription + "(" + CveRes.CveNum + ")" - } else { - sec.Description = "Security Fix(es):" + "\n\n" + cveDesc.EnDescription + "(" + CveRes.CveNum + ")" - } + sec.Description = genSecurityNoticeDescription(goe, cveDesc, CveRes) secid, secerr := models.CreateSecurityNotice(&sec) if secerr != nil { logs.Error("InsertCveExcelGroups, CreateSecurityNotice, "+ @@ -624,6 +629,14 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum return true, nil } +func genSecurityNoticeDescription(goe models.GitPackageInfo, cveDesc models.OriginUpstreamDesc, CveRes models.VulnCenter) string { + if goe.Decription != "" && len(goe.Decription) > 0 { + return goe.Decription + "\n\n" + "Security Fix(es):" + "\n\n" + cveDesc.EnDescription + "(" + CveRes.CveNum + ")" + } + + return "Security Fix(es):" + "\n\n" + cveDesc.EnDescription + "(" + CveRes.CveNum + ")" +} + func InsertCveGroups(cveData models.OriginUpstream, cveRef, repoNme string, openeulerNum int, cveDesc models.OriginUpstreamDesc, cveScV3 models.OriginUpstreamImpactScoreV3, goe models.GitPackageInfo, diff --git a/cve-vulner-manager/taskhandler/cvrf.go b/cve-vulner-manager/taskhandler/cvrf.go index 04e65a50fb8651c96e0bd5942184d420e1c331ef..fb12f4cd6a2c6626aa9833b6fbbdc90413d35658 100644 --- a/cve-vulner-manager/taskhandler/cvrf.go +++ b/cve-vulner-manager/taskhandler/cvrf.go @@ -1076,21 +1076,15 @@ func BuildProductTree(cvrfsa *CvrfSa, v models.ExcelExport, pkg []models.Package } } -func checkRpm(rpm string) (s string, ok bool) { - index := strings.LastIndex(rpm, ".oe1.") - if index > 0 { - s = rpm[:index] - ok = true - } else { - if index = strings.LastIndex(rpm, ".oe2203."); index > 0 { - s = rpm[:index] - ok = true - } else if index = strings.LastIndex(rpm, ".oe2203sp1."); index > 0 { - s = rpm[:index] - ok = true - } +func checkRpm(rpm string) (string, bool) { + // rmp: zopfli-debugsource-1.0.3-1.oe2203sp1.aarch64.rpm + t := strings.Split(rpm, ".") + if len(t) > 3 { + // return: zopfli-debugsource-1.0.3-1 + return strings.Join(t[:len(t)-3], "."), true } - return + + return "", false } func BuildVulnerability(vlLenth int, v models.ExcelExport,