From c5f46af8e01a482fc7e376992fde7a93be00f1f7 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 11 Oct 2023 09:58:33 +0800 Subject: [PATCH 1/5] sync issue date from majun --- cve-vulner-manager/conf/app.conf | 6 +- cve-vulner-manager/conf/product_app.conf | 6 +- cve-vulner-manager/models/modeldb.go | 7 ++ cve-vulner-manager/task/inittask.go | 10 ++ cve-vulner-manager/task/issue.go | 114 +++++++++++++++++++++++ 5 files changed, 139 insertions(+), 4 deletions(-) diff --git a/cve-vulner-manager/conf/app.conf b/cve-vulner-manager/conf/app.conf index d322646..a55be14 100644 --- a/cve-vulner-manager/conf/app.conf +++ b/cve-vulner-manager/conf/app.conf @@ -269,9 +269,9 @@ access_key_id = "${OBS_KEY_ID||xxx}" secret_access_key = "${OBS_SECRET_KEY||xxx}" endpoint = obs.ap-southeast-1.myhuaweicloud.com bucket = openeuler-cve-cvrf -upload_cvrf_dir = "cve-manager-cvrf/" -download_cvrf_dir = "cvrf/" -upload_updateinfo_dir = "cve-manager-updateinfo/" +upload_cvrf_dir = "dev-cve-manager-cvrf/" +download_cvrf_dir = "dev-cvrf/" +upload_updateinfo_dir = "dev-cve-manager-updateinfo/" [cveagency] #url = "http://cve-manager-agent.cve-manager-agent.svc.cluster.local/v1/cve/track" diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 763cb96..36f8c4f 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -128,6 +128,9 @@ getv8token = 0 0 */6 * * * setissueprocdateflag = 1 setissueprocdate = 0 */30 * * * * +syncissuedateflag = 1 +syncissuedate = 0 0 3 * * * + releaseUnaffectedCveflag = 1 releaseUnaffectedCve = 0 0 11 * * * @@ -274,4 +277,5 @@ git_openlookeng_token = "${GITEE_OPENLOOKENG_TOKEN||xxx}" openlookeng_version = "master" [majun] -token = "${GITEE_MAJUN_TOKEN||xxx}" \ No newline at end of file +token = "${GITEE_MAJUN_TOKEN||xxx}" +api_token = "${MAJUN_API_TOKEN||xxx}" \ No newline at end of file diff --git a/cve-vulner-manager/models/modeldb.go b/cve-vulner-manager/models/modeldb.go index db4dde3..18a395a 100644 --- a/cve-vulner-manager/models/modeldb.go +++ b/cve-vulner-manager/models/modeldb.go @@ -9,6 +9,13 @@ import ( "github.com/astaxie/beego/orm" ) +const ( + OrganizationIdOpeneuler = 1 + OrganizationIdOpengauss = 2 + OrganizationIdMindspore = 3 + OrganizationIdOpenLooKeng = 4 +) + type AuthTokenInfo struct { Id int64 `orm:"pk;auto;column(id)"` AccessToken string `orm:"type(text);column(access_token)"` diff --git a/cve-vulner-manager/task/inittask.go b/cve-vulner-manager/task/inittask.go index 441c445..f2c06ff 100644 --- a/cve-vulner-manager/task/inittask.go +++ b/cve-vulner-manager/task/inittask.go @@ -174,6 +174,11 @@ func SetIssueProcDateTask(setissueprocdate string) { toolbox.AddTask("SetIssueProcParams", setIssueDateTask) } +func SyncIssueDateFromMaJunTask(schema string) { + syncIssueDateTask := toolbox.NewTask("SyncIssueDate", schema, SyncPlanDateOfIssueFromMaJun) + toolbox.AddTask("SyncIssueDate", syncIssueDateTask) +} + func ReleaseUnaffetcdCveTask(spec string) { toolbox.AddTask("ReleaseUnaffetcdCveTask", toolbox.NewTask("ReleaseUnaffetcdCveTask", spec, ReleaseUnaffectedCve)) } @@ -332,6 +337,11 @@ func InitTask() bool { SetIssueProcDateTask(setissueprocdate) } + syncissuedateflag, err := BConfig.Int("crontab::syncissuedateflag") + if syncissuedateflag == 1 && err == nil { + SyncIssueDateFromMaJunTask(BConfig.String("crontab::syncissuedate")) + } + releaseUnaffectedCveFlag, sErr := BConfig.Int("crontab::releaseUnaffectedCveflag") if releaseUnaffectedCveFlag == 1 && sErr == nil { ReleaseUnaffetcdCveTask(BConfig.String("crontab::releaseUnaffectedCve")) diff --git a/cve-vulner-manager/task/issue.go b/cve-vulner-manager/task/issue.go index 1685a74..0879025 100644 --- a/cve-vulner-manager/task/issue.go +++ b/cve-vulner-manager/task/issue.go @@ -1,10 +1,15 @@ package task import ( + "bytes" + "encoding/json" + "net/http" "strconv" "strings" "time" + "github.com/opensourceways/server-common-lib/utils" + "cvevulner/common" "cvevulner/models" "cvevulner/taskhandler" @@ -243,6 +248,12 @@ func SetIssueProcParams() error { for _, vl := range vulnCve { cveId = vl.CveId organid := vl.OrganizationID + + // ignore openeuler, handle it in SyncPlanDateOfIssueFromMaJun job + if organid == models.OrganizationIdOpeneuler { + continue + } + if vl.Status > 2 && organid != 3 { continue } @@ -297,3 +308,106 @@ func SetIssueProcParams() error { } return nil } + +func SyncPlanDateOfIssueFromMaJun() error { + at := models.AuthTokenInfo{OrganizationID: models.OrganizationIdOpeneuler} + if err := models.QueryAuthTokenById(&at, "organizate_id"); err != nil { + return err + } + + for _, v := range getPlanData() { + its := models.IssueTemplate{IssueNum: v.IssueNum} + models.GetIssueTemplateByColName(&its, "IssueNum") + if its.TemplateId == 0 || its.NVDScore <= 0 { + continue + } + + var planAt, deadLine string + cveLevel := models.OpenEulerScoreProc(its.NVDScore) + if v.BeginTime == "" || v.EndTime == "" { + if its.PlanStarted != "" && its.Deadline != "" { + continue + } + planAt = common.GetSpecifiedTime(its.CreateTime, 0, false, true) + deadLine = taskhandler.CvePlanCloseTime(its.CreateTime, cveLevel, false, true) + } else { + planAt = strings.Replace(v.BeginTime, " ", "T", -1) + deadLine = strings.Replace(v.EndTime, " ", "T", -1) + + if planAt == its.PlanStarted && deadLine == its.Deadline { + continue + } + } + + its.PlanStarted = planAt + its.Deadline = deadLine + if err := models.UpdateIssueTemplate(&its, "PlanStarted", "Deadline"); err != nil { + logs.Error("sync plan date update error:", err.Error()) + continue + } + + priority := taskhandler.GetIssuePriority(cveLevel) + taskhandler.UpdateEntIssueDetail(at.EnId, its.IssueId, at.AccessToken, planAt, deadLine, priority) + } + + return nil +} + +type PlanDataOfMaJun struct { + IssueNum string `json:"issueId"` + CveNum string `json:"cveNum"` + CvssScore float64 `json:"cvssScore"` + BeginTime string `json:"cveRepairStartTime"` + EndTime string `json:"issuePlanClosedTIme"` +} + +type PlanResponse struct { + Code int `json:"code"` + Message string `json:"message"` + Result struct { + Data []PlanDataOfMaJun `json:"data"` + } +} + +type PlanRequest struct { + Organization string `json:"organization"` + PageNum int `json:"pageNum"` + PageSize int `json:"pageSize"` +} + +func getPlanData() []PlanDataOfMaJun { + url := "https://majun-beta.test.osinfra.cn/api/http/majun-vulnerability-view/admin/ci-portal/ci-admin/cve/getTime/details" + token := beego.AppConfig.String("majun::api_token") + pageNum := 1 + pageSize := 1000 + cli := utils.NewHttpClient(3) + + var data []PlanDataOfMaJun + for { + var ret PlanResponse + param := PlanRequest{ + Organization: "openeuler", + PageNum: pageNum, + PageSize: pageSize, + } + b, _ := json.Marshal(param) + req, _ := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(b)) + + req.Header.Add("access_token", token) + + if _, err := cli.ForwardTo(req, &ret); err != nil { + logs.Error("get plan data error: ", err.Error()) + break + } + + data = append(data, ret.Result.Data...) + + if len(ret.Result.Data) < pageSize { + break + } + + pageNum++ + } + + return data +} -- Gitee From 75c6d9d7b9490699669387b62f4b13a7a7ed2532 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Mon, 16 Oct 2023 10:01:14 +0800 Subject: [PATCH 2/5] fix panic bug --- .../cve-timed-task/tabletask/parselookeng_yaml.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cve-vulner-manager/cve-timed-task/tabletask/parselookeng_yaml.go b/cve-vulner-manager/cve-timed-task/tabletask/parselookeng_yaml.go index 44bb92d..fc5ded2 100644 --- a/cve-vulner-manager/cve-timed-task/tabletask/parselookeng_yaml.go +++ b/cve-vulner-manager/cve-timed-task/tabletask/parselookeng_yaml.go @@ -7,12 +7,13 @@ import ( "os" "time" - "cvevulner/cve-timed-task/db_models" - "cvevulner/cve-timed-task/util" - "cvevulner/models" "github.com/astaxie/beego" "github.com/astaxie/beego/logs" "github.com/astaxie/beego/orm" + + "cvevulner/cve-timed-task/db_models" + "cvevulner/cve-timed-task/util" + "cvevulner/models" ) func DownloadOpenlookengYaml() (string, error) { @@ -25,11 +26,11 @@ func DownloadOpenlookengYaml() (string, error) { //download the yaml file downloadUrl := "https://gitee.com/openlookeng/community/raw/master/security/config/Third_Party_Open_Source_Software_List.yaml" resp, dErr := http.Get(downloadUrl) - defer resp.Body.Close() - if dErr != nil { - logs.Error("get", downloadUrl, "error: ", dErr.Error()) + if dErr != nil || resp == nil { return "", dErr } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { logs.Error("get", downloadUrl, resp.Status) return "", errors.New(resp.Status) -- Gitee From e3a13920c4ed195ad625948d5e1562cd68628c06 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Mon, 16 Oct 2023 11:25:28 +0800 Subject: [PATCH 3/5] use production domain --- cve-vulner-manager/task/issue.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve-vulner-manager/task/issue.go b/cve-vulner-manager/task/issue.go index 0879025..bdf3a03 100644 --- a/cve-vulner-manager/task/issue.go +++ b/cve-vulner-manager/task/issue.go @@ -376,7 +376,7 @@ type PlanRequest struct { } func getPlanData() []PlanDataOfMaJun { - url := "https://majun-beta.test.osinfra.cn/api/http/majun-vulnerability-view/admin/ci-portal/ci-admin/cve/getTime/details" + url := "https://majun.osinfra.cn/api/http/majun-vulnerability-view/admin/ci-portal/ci-admin/cve/getTime/details" token := beego.AppConfig.String("majun::api_token") pageNum := 1 pageSize := 1000 -- Gitee From 8f335e244d6ff96ac48c1b7345b091a76fc67707 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 17 Oct 2023 10:11:03 +0800 Subject: [PATCH 4/5] set ignore status --- cve-vulner-manager/controllers/cve.go | 2 ++ cve-vulner-manager/models/cve.go | 3 ++- cve-vulner-manager/models/modeldb.go | 1 + cve-vulner-manager/taskhandler/excel.go | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go index 8fb9c4b..715314f 100644 --- a/cve-vulner-manager/controllers/cve.go +++ b/cve-vulner-manager/controllers/cve.go @@ -133,6 +133,7 @@ type CveAllIssueoData struct { Create string `json:"create_time,omitempty"` Url string `json:"issue_url,omitempty"` User string `json:"user,omitempty"` + IsIgnore int8 `json:"is_ignore"` } // @Title Obtain all cve data and provide operation kanban for use @@ -205,6 +206,7 @@ func (u *CveAllIssueController) Get() { SaPublicTime: issues.SaReleaseTime, RpmPublicTime: rpmPub, User: issues.IssueCreate, + IsIgnore: issues.IsIgnore, } } resp["body"] = cid diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 1c9c13b..6337714 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1244,13 +1244,14 @@ type CveAllIssueData struct { Owner string `orm:"column(owner)"` OrganizateId int8 `orm:"column(organizate_id)"` IssueCreate string `orm:"column(issue_create)"` + IsIgnore int8 `orm:"column(is_ignore)"` } //QueryIssue query issuewhitelist func QueryCveAllIssueData(currentPage, pageSize, communityFlag int, startTime string) (res []CveAllIssueData, err error) { startSize := (currentPage - 1) * pageSize o := orm.NewOrm() - var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num, t.affected_version,t.owned_version, + var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num, t.affected_version,t.owned_version,t.is_ignore, t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time,s.sa_release_time,s.rpm_release_time,v.first_per_time, v.first_get_time,o.issue_create FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s on t.template_id = s.template_id left join cve_gite_origin_issue o on t.issue_num = o.number and t.issue_id = o.issue_id diff --git a/cve-vulner-manager/models/modeldb.go b/cve-vulner-manager/models/modeldb.go index 18a395a..8588744 100644 --- a/cve-vulner-manager/models/modeldb.go +++ b/cve-vulner-manager/models/modeldb.go @@ -202,6 +202,7 @@ type IssueTemplate struct { AbiVersion string `orm:"size(256);column(abi_version)" description:"修复是否涉及abi变化(是/否)"` PlanStarted string `orm:"size(64);column(plan_started_at);null" description:"开始日期"` Deadline string `orm:"size(64);column(deadline);null" description:"截止日期"` + IsIgnore int8 `orm:"default(0);column(is_ignore)" description:"majun数据统计时是否忽略, 1-忽略,0-不忽略"` CreateTime time.Time `orm:"auto_now_add;type(datetime);column(create_time)"` UpdateTime time.Time `orm:"auto_now;type(datetime);column(update_time)"` DeleteTime time.Time `orm:"auto_now;type(datetime);column(delete_time)"` diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index d130c0d..ab69fbe 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1372,6 +1372,8 @@ func getRepoIssueAllPR(affectBranch, token, owner, repo string, startTime, // Branches that have been fixed before the release no longer publish announcements if releaseTimeOfVersion, ok := releaseDate[affectBranch]; ok { if pt < releaseTimeOfVersion { + isTemp.IsIgnore = 1 + models.UpdateIssueTemplate(&isTemp, "is_ignore") continue } } -- Gitee From dd571e44d9e22642311d70194a98c52f7385ad21 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 17 Oct 2023 10:33:38 +0800 Subject: [PATCH 5/5] change cron plan of sync issue job --- cve-vulner-manager/conf/product_app.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 36f8c4f..82839e6 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -127,9 +127,9 @@ getv8token = 0 0 */6 * * * # Set issue processing date setissueprocdateflag = 1 setissueprocdate = 0 */30 * * * * - +# sync isste plan date form majun syncissuedateflag = 1 -syncissuedate = 0 0 3 * * * +syncissuedate = 0 0 6,12 * * * releaseUnaffectedCveflag = 1 releaseUnaffectedCve = 0 0 11 * * * -- Gitee