diff --git a/controllers/hook.go b/controllers/hook.go index 7fa2388ddc084e0c58e4c88f21c7313c811f62de..2772c765e74a7d90c097b7f3960f19ce34903a36 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -39,11 +39,11 @@ const ( //CommentAnalysisCplTpl complete comment analysis reply template CommentAnalysisCplTpl = "@%v %v" //ReviewPrivateLettersTpl send private review letters template - ReviewPrivateLettersTpl = `%s(%s)analysis is over,CVEScore:%v;OpenEulerScore:%v。Please review!` + ReviewPrivateLettersTpl = `%s(%s)analysis is over,CVEScore:%v;OpenEulerScore:%v.Please review!` //ReviewRejectScore reply the review reject template - ReviewRejectScore = `@%v you submit issue score audit failed(reject by %v),Please re-analyze and submit!` + ReviewRejectScore = `@%v you submit issue score audit failed(reject by %v),Please re-analyze and submit!` //ReviewApproveScore replay the review approve template - ReviewApproveScore = `@%v you submit issue score audit success(approved by %v),You can proceed to the next step!` + ReviewApproveScore = `@%v you submit issue score audit success(approved by %v),You can proceed to the next step!` //CommentReviewTpl comment review template CommentReviewTpl = `%v The CVE score needs to be reviewed (the review instruction /approve&/reject means agreement and rejection).` //IssueRejectState issue state rejected @@ -60,6 +60,12 @@ const ( ContentReview = "%v 请完成以下操作:\n" // Not filling in the correct format IssueErroFormat = "@%v 经过 cve-manager 解析, 填写openEuler评分未通过安全组审核需要再次在评论区提交评分,通过审核后才能关闭issue." + // Remind the security group to review + CommentReviewRemind = "%v 经过 cve-manager 解析 openEuler评分 已改变 需要您及时进行审核,以便maintainer进行后续操作." + // Review private messages + CommentPrivateReview = "%v 仓库的CVE和安全的ISSUE,需要您进行审核,CVE编号: %v" + // Rating review failed + CommentPrivateOpenEuler = "%v 仓库的CVE和安全的ISSUE, CVE编号: %v, 填写openEuler评分未通过安全组审核需要再次在评论区提交评分,通过审核后才能关闭issue." ) //HookEventControllers gitee hook callback @@ -225,12 +231,32 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, issueTmp) if issueErr == nil { - cc := fmt.Sprintf(IssueErroFormat, assignee) - taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + if issueTmp.OpAuditFlag == 2 { + cc := fmt.Sprintf(IssueErroFormat, assignee) + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := fmt.Sprintf(CommentPrivateOpenEuler, issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(token, content, issueHook.Issue.Assignee.Login) + } else if issueTmp.OpAuditFlag == 0 { + list, err := models.GetSecurityReviewerList() + if err == nil && len(list) > 0 { + content := fmt.Sprintf(CommentPrivateReview, issueTmp.Repo, issueTmp.CveNum) + ns := make([]string, len(list)) + for k, v := range list { + ns[k] = "@" + v.NameSpace + " " + taskhandler.SendPrivateLetters(token, content, v.NameSpace) + } + if len(ns) > 0 { + cc := fmt.Sprintf(CommentReviewRemind, strings.Join(ns, ",")) + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + } + } else { + logs.Error(err) + } + } } } if openScoreFlag { - if _, tb, ok := checkIssueClosedAnalysisComplete(&issueTmp); !ok { + if msg, tb, ok := checkIssueClosedAnalysisComplete(&issueTmp); !ok { //send comment to issue issueTmp.IssueStatus = 1 issueTmp.MtAuditFlag = 0 @@ -242,6 +268,8 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" cc := fmt.Sprintf(ContentReview, assignee) + tb + na taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := fmt.Sprintf("%v 仓库的CVE和安全的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(token, content+msg, issueHook.Issue.Assignee.Login) } } else { //1. change issue status @@ -284,6 +312,18 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { issueTmp.Status = 1 cveCenter.IsExport = 0 } + } else { + issueTmp.StatusName = issueHook.Issue.StateName + issueTmp.Status = 3 + if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueStatus = 2 + cveCenter.IsExport = 3 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(unFix, fixed) + } else { + issueTmp.IssueStatus = 6 + cveCenter.IsExport = 2 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + } } } } @@ -382,11 +422,16 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, *issueTmp) if issueErr == nil { - commentBody := "Hey @" + issueTmp.Assignee + "\n" + + commentBody := "@" + issueTmp.Assignee + "\n" + "关闭issue前,需要将受影响的分支在合并pr时关联上当前issue编号: #" + issueTmp.IssueNum + "\n" + "受影响分支: " + brandStr[:len(brandStr)-1] + "\n" + "具体操作参考: " + "https://gitee.com/help/articles/4142" + "\n" taskhandler.AddCommentToIssue(commentBody, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := issueTmp.Repo + " 仓库的CVE和安全的ISSUE,CVE编号: " + issueTmp.CveNum + + ",关闭issue前,需要将受影响的分支在合并pr时关联上当前issue编号: #" + issueTmp.IssueNum + + ",受影响分支: " + brandStr[:len(brandStr)-1] + + ",具体操作参考: " + "https://gitee.com/help/articles/4142." + taskhandler.SendPrivateLetters(token, content, issueTmp.Assignee) } issueTmp.SaAuditFlag = 0 return false @@ -448,14 +493,16 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter return true } anName := []string{} + content := fmt.Sprintf(CommentPrivateReview, issueTmp.Repo, issueTmp.CveNum) for _, v := range list { anName = append(anName, "@"+v.NameSpace+" ") + taskhandler.SendPrivateLetters(token, content, v.NameSpace) } if len(anName) > 0 { _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, *issueTmp) if issueErr == nil { - assignee := "Hey " + strings.Join(anName, ",") + assignee := strings.Join(anName, ",") commentBody := assignee + "\n" + "关闭issue前,请确认分支: " + branchStrs + ": 受影响/不受影响, 如受影响,请联系maintainer: " + issueTmp.Assignee + ",**进行处理后,或者按照模板格式在评论区填写内容,最后记得在评论区回复: /approve ,才能正常关闭issue.**" @@ -719,8 +766,11 @@ func handleIssueComment(payload models.CommentPayload) { return } else { issueTmp.MtAuditFlag = 1 - taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容,cve-manager将关闭issue!`, - cuAccount), issueTmp.IssueNum, owner, issueTmp.Repo, token) + err = models.UpdateIssueTemplate(&issueTmp, "mt_audit_flag") + if err != nil { + logs.Error(err) + return + } cveCenter := models.VulnCenter{CveId: issueTmp.CveId} err = models.GetVulnCenterByCid(&cveCenter, "cve_id") if err != nil { @@ -730,6 +780,8 @@ func handleIssueComment(payload models.CommentPayload) { issueTmp.StatusName = "closed" issuePrFlag := VerifyIssueAsPr(&issueTmp, cveCenter, true) if issuePrFlag { + taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容,cve-manager 将关闭issue!`, + cuAccount), issueTmp.IssueNum, owner, issueTmp.Repo, token) _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, issueTmp) if issueErr == nil { @@ -795,8 +847,6 @@ func handleIssueComment(payload models.CommentPayload) { if !isReviewer(cuAccount) { return } - taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容,cve-manager将关闭issue!`, - cuAccount), issueTmp.IssueNum, owner, issueTmp.Repo, token) cveCenter := models.VulnCenter{CveId: issueTmp.CveId} err = models.GetVulnCenterByCid(&cveCenter, "cve_id") if err != nil { @@ -806,6 +856,8 @@ func handleIssueComment(payload models.CommentPayload) { issueTmp.StatusName = "closed" issuePrFlag := VerifyIssueAsPr(&issueTmp, cveCenter, false) if issuePrFlag { + taskhandler.AddCommentToIssue(fmt.Sprintf(`@%v 你已审核模板内容,cve-manager 将关闭issue!`, + cuAccount), issueTmp.IssueNum, owner, issueTmp.Repo, token) _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, issueTmp) if issueErr == nil { @@ -1028,7 +1080,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m na = "\n**因OpenEulerScore与NvdScore不一致,分析内容需审核,请等待安全组审核!**" //Notify the responsible person for review notifyAuditorReview(payload, issueTmp) - issueTmp.MtAuditFlag = 0 + //issueTmp.MtAuditFlag = 0 } else { if issueTmp.MtAuditFlag == 0 { maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) @@ -1036,6 +1088,9 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m if mainOk && len(maintainerList) > 0 { for _, v := range maintainerList { assList = append(assList, "@"+v.MemberName+" ") + content := fmt.Sprintf("%v 仓库的CVE和安全的ISSUE,CVE编号: %v, "+ + "已经完成了模板填写,需要您对填写的内容进行审核,审核通过才能进行后续操作.", issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(accessToken, content, v.MemberName) } } assignee := "" @@ -1206,6 +1261,7 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin tbContent[0] = "待分析" tbContent[1] = "影响性分析说明" tbContent[2] = fmt.Sprintf("影响性分析说明没有填写:%v", i.CveAnalysis) + msg = fmt.Sprintf("影响性分析说明没有填写:%v", i.CveAnalysis) ok = false } else { tbContent[0] = "已分析" @@ -1216,6 +1272,7 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin tbContent[3] = "待分析" tbContent[4] = "openEulerScore" tbContent[5] = fmt.Sprintf("openEulerScore没有填写或正确填写(0-10)") + msg = fmt.Sprintf("openEulerScore没有填写或正确填写(0-10)") ok = false } else { tbContent[3] = "已分析" @@ -1226,6 +1283,7 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin tbContent[6] = "待分析" tbContent[7] = "openEulerVector" tbContent[8] = fmt.Sprintf("openEulerVector没有填写:%v", i.OpenEulerVector) + msg = fmt.Sprintf("openEulerVector没有填写:%v", i.OpenEulerVector) ok = false } else { tbContent[6] = "已分析" @@ -1255,6 +1313,7 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin tbContent[9] = "待分析" tbContent[10] = "受影响版本排查" tbContent[11] = fmt.Sprintf("受影响版本排查 没有分析或未按正确格式填写:%v", i.AffectedVersion) + msg = fmt.Sprintf("受影响版本排查 没有分析或未按正确格式填写:%v", i.AffectedVersion) ok = false } else { tbContent[9] = "已分析" diff --git a/cve-py/emailtask/issue_record_email.py b/cve-py/emailtask/issue_record_email.py index 7468f1e9f4099a834db899f4bad16a724a749507..51d904560622469c7be6ee8e57f40baabda5d656 100644 --- a/cve-py/emailtask/issue_record_email.py +++ b/cve-py/emailtask/issue_record_email.py @@ -33,4 +33,3 @@ def sending(): os.getenv("CVE_EMAIL_SENDADDR"), os.getenv("CVE_EMAIL_PASSWORD"), str(i['email_name']), './export_excels', subject, content) - diff --git a/cve-py/main.py b/cve-py/main.py index 9c2213bc27db7292fef5cb4fd8d9955c58b80194..f988f87b7beae364ba70a7f312d389af54cf89b5 100644 --- a/cve-py/main.py +++ b/cve-py/main.py @@ -17,7 +17,6 @@ Date: 10/22/2020 11:01 AM """ from controller import timertaskcontroller - if __name__ == '__main__': print("The program starts, waiting for the timing task to execute") timertaskcontroller.timertask() diff --git a/cve-py/tabletask/export_excel_task.py b/cve-py/tabletask/export_excel_task.py index 6fc6d0fe9d6a626a5af234a78a4abcd0a8ba5a51..63cf08c09b9bcb2410a03026c86e9397bc78718e 100644 --- a/cve-py/tabletask/export_excel_task.py +++ b/cve-py/tabletask/export_excel_task.py @@ -50,8 +50,8 @@ def update_status(status): :return: list """ mysql = Mysql() - sql = 'update cve_issue_create_record set status = %s where status = %s' - val = (4, status) + sql = 'update cve_issue_create_record set status = %s,update_time = %s where status = %s' + val = (4, time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), status) mysql.update(sql, val) mysql.dispose() mysql.close() diff --git a/models/issue.go b/models/issue.go index cac7b8998053d59d6b652b657e02de7e5fb6370d..0010b6d3556dae7a94cf7343a3e6d7eb3bd78498 100644 --- a/models/issue.go +++ b/models/issue.go @@ -54,16 +54,16 @@ func QueryIssueWhitelist(status int8) ([]IssueRepoWhitelist, error) { } //QueryIssue query center -func QueryIssueByPackName(packName, version, days string, prcnum int) ([]VulnCenter, error) { +func QueryIssueByPackName(packName, days string, prcnum int) ([]VulnCenter, error) { o := orm.NewOrm() var vc []VulnCenter num, err := o.Raw("select cve_id,cve_num,cve_desc,cve_version,repair_time,"+ "pack_name,cve_url,cve_level,data_source,update_time,is_export,cve_detail_url"+ - " from cve_vuln_center where pack_name = ? and cve_version = ? and " + + " from cve_vuln_center where pack_name = ? and " + "update_time >= ? and cve_status in (?, ?) "+ - "order by cve_id asc limit ?", packName, version, days, 0, 1, prcnum).QueryRows(&vc) + "order by cve_id asc limit ?", packName, days, 0, 1, prcnum).QueryRows(&vc) if err == nil && num > 0 { - logs.Info("cve_vuln_center 查询结果:", vc, "查询条件: packName: ", packName, ", version: ", version) + logs.Info("cve_vuln_center 查询结果:", vc, "查询条件: packName: ", packName) } else { logs.Info("当前无cve,需要提交issue, cur_time:", common.GetCurTime(), "err: ", err) } diff --git a/task/issuetask.go b/task/issuetask.go index 2e6cf7f28e3df9d94f501f7522a50fa5ace3488f..033d9850d3181445c9b511c60b47425d5cde6b80 100644 --- a/task/issuetask.go +++ b/task/issuetask.go @@ -109,7 +109,7 @@ func CreateIssue() error { if issueErr == nil && len(issueWhiteData) > 0 { for _, issues := range issueWhiteData { for ; ; { - cveData, err := models.QueryIssueByPackName(issues.PackageName, issues.Version, beforeTime, prcnum) + cveData, err := models.QueryIssueByPackName(issues.PackageName, beforeTime, prcnum) if err == nil && len(cveData) > 0 { logs.Info(cveData) } else {