From 227243f5db658f843303d25168ee7f3e5953d0c3 Mon Sep 17 00:00:00 2001 From: zhangjianjun_code <7844966+zhangjianjun_code@user.noreply.gitee.com> Date: Fri, 13 Nov 2020 15:48:23 +0800 Subject: [PATCH] 1. Add issue handling precautions to issue comments; 2. Optimize the display format of issue comments; --- conf/app.conf | 2 +- controllers/hook.go | 55 +++++++++++++++++++++----------------- taskhandler/common.go | 34 ++++++++++++++++++----- taskhandler/createissue.go | 5 +++- 4 files changed, 63 insertions(+), 33 deletions(-) diff --git a/conf/app.conf b/conf/app.conf index 6e2754b..5263411 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -51,7 +51,7 @@ oricveflag = 2 oricvecheck = 00 00 05 * * * getissueflag = 2 getissue = 00 00 05 * * * -issueflag = 2 +issueflag = 1 createissue = * * 05 * * * test = 0/10 * * * * * gittokenflag = 2 diff --git a/controllers/hook.go b/controllers/hook.go index 2772c76..9c507f9 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -63,9 +63,9 @@ const ( // Remind the security group to review CommentReviewRemind = "%v 经过 cve-manager 解析 openEuler评分 已改变 需要您及时进行审核,以便maintainer进行后续操作." // Review private messages - CommentPrivateReview = "%v 仓库的CVE和安全的ISSUE,需要您进行审核,CVE编号: %v" + CommentPrivateReview = "%v 仓库的CVE和安全问题的ISSUE,需要您进行审核,CVE编号: %v" // Rating review failed - CommentPrivateOpenEuler = "%v 仓库的CVE和安全的ISSUE, CVE编号: %v, 填写openEuler评分未通过安全组审核需要再次在评论区提交评分,通过审核后才能关闭issue." + CommentPrivateOpenEuler = "%v 仓库的CVE和安全问题的ISSUE, CVE编号: %v, 填写openEuler评分未通过安全组审核需要再次在评论区提交评分,通过审核后才能关闭issue." ) //HookEventControllers gitee hook callback @@ -169,14 +169,14 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { unFix := beego.AppConfig.String("labelUnFix") fixed := beego.AppConfig.String("labelFixed") issueTmp := models.IssueTemplate{IssueNum: issueHook.Iid} - err := models.GetIssueTemplateByColName(&issueTmp, "issue_num") - if err != nil { - return err + issueErr := models.GetIssueTemplateByColName(&issueTmp, "issue_num") + if issueErr != nil { + return issueErr } cveCenter := models.VulnCenter{CveId: issueTmp.CveId} - err = models.GetVulnCenterByCid(&cveCenter, "cve_id") - if err != nil { - return err + cveErr := models.GetVulnCenterByCid(&cveCenter, "cve_id") + if cveErr != nil { + return cveErr } token := beego.AppConfig.String("gitee::git_token") owner := beego.AppConfig.String("gitee::owner") @@ -237,8 +237,8 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { content := fmt.Sprintf(CommentPrivateOpenEuler, issueTmp.Repo, issueTmp.CveNum) taskhandler.SendPrivateLetters(token, content, issueHook.Issue.Assignee.Login) } else if issueTmp.OpAuditFlag == 0 { - list, err := models.GetSecurityReviewerList() - if err == nil && len(list) > 0 { + list, revErr := models.GetSecurityReviewerList() + if revErr == nil && len(list) > 0 { content := fmt.Sprintf(CommentPrivateReview, issueTmp.Repo, issueTmp.CveNum) ns := make([]string, len(list)) for k, v := range list { @@ -250,7 +250,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) } } else { - logs.Error(err) + logs.Error(revErr) } } } @@ -268,7 +268,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" cc := fmt.Sprintf(ContentReview, assignee) + tb + na taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) - content := fmt.Sprintf("%v 仓库的CVE和安全的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) + content := fmt.Sprintf("%v 仓库的CVE和安全问题的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) taskhandler.SendPrivateLetters(token, content+msg, issueHook.Issue.Assignee.Login) } } else { @@ -334,10 +334,10 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) } appearErr := 0 - err = models.UpdateIssueTemplate(&issueTmp, "status", "issue_status", + tempErr := models.UpdateIssueTemplate(&issueTmp, "status", "issue_status", "status_name", "issue_label", "mt_audit_flag", "sa_audit_flag") - if err != nil { - logs.Error(err) + if tempErr != nil { + logs.Error(tempErr) appearErr += 1 } update := models.UpdateVulnCenter(&cveCenter, "is_export") @@ -351,9 +351,9 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { appearErr++ } sn := models.SecurityNotice{CveId: issueTmp.CveId} - err = sn.Read("cve_id") - if err != nil { - return err + secErr := sn.Read("cve_id") + if secErr != nil { + return secErr } switch issueTmp.IssueStatus { case 2: @@ -363,7 +363,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { default: sn.AffectStatus = "UnFixed" } - err = sn.Update("affect_status") + err := sn.Update("affect_status") if err != nil { appearErr++ logs.Error(err) @@ -427,7 +427,7 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter "受影响分支: " + brandStr[:len(brandStr)-1] + "\n" + "具体操作参考: " + "https://gitee.com/help/articles/4142" + "\n" taskhandler.AddCommentToIssue(commentBody, issueTmp.IssueNum, owner, issueTmp.Repo, token) - content := issueTmp.Repo + " 仓库的CVE和安全的ISSUE,CVE编号: " + issueTmp.CveNum + + content := issueTmp.Repo + " 仓库的CVE和安全问题的ISSUE,CVE编号: " + issueTmp.CveNum + ",关闭issue前,需要将受影响的分支在合并pr时关联上当前issue编号: #" + issueTmp.IssueNum + ",受影响分支: " + brandStr[:len(brandStr)-1] + ",具体操作参考: " + "https://gitee.com/help/articles/4142." @@ -977,6 +977,11 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m } } } + if issueTmp.MtAuditFlag == 0 { + if cuAccount == issueTmp.Assignee { + issueTmp.MtAuditFlag = 1 + } + } accessToken := os.Getenv("GITEE_TOKEN") owner := beego.AppConfig.String("gitee::owner") path := issueTmp.Repo @@ -1088,7 +1093,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m if mainOk && len(maintainerList) > 0 { for _, v := range maintainerList { assList = append(assList, "@"+v.MemberName+" ") - content := fmt.Sprintf("%v 仓库的CVE和安全的ISSUE,CVE编号: %v, "+ + content := fmt.Sprintf("%v 仓库的CVE和安全问题的ISSUE,CVE编号: %v, "+ "已经完成了模板填写,需要您对填写的内容进行审核,审核通过才能进行后续操作.", issueTmp.Repo, issueTmp.CveNum) taskhandler.SendPrivateLetters(accessToken, content, v.MemberName) } @@ -1160,8 +1165,8 @@ func changeOpenEulerScoreStatus(cveID int64, status int8) error { func checkIssueAnalysisComplete(i *models.IssueTemplate) (msg, tbStr string, ok bool) { tb := - `| 状态 | 需分析 | 内容 | -|-----|-----------------|---------| + `| 状态 | 需分析 | 内容 | +|:--:|:--:|---------| |%v|%v|%v| |%v|%v|%v| |%v|%v|%v| @@ -1243,8 +1248,8 @@ func checkIssueAnalysisComplete(i *models.IssueTemplate) (msg, tbStr string, ok func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr string, ok bool) { tb := - `| 状态 | 需分析 | 内容 | -|-----|-----------------|---------| + `| 状态 | 需分析 | 内容 | +|:--:|:--:|---------| |%v|%v|%v| |%v|%v|%v| |%v|%v|%v| diff --git a/taskhandler/common.go b/taskhandler/common.go index 7647649..f754313 100644 --- a/taskhandler/common.go +++ b/taskhandler/common.go @@ -71,6 +71,12 @@ const bodyUpTpl = `一、漏洞信息 ` const commentCopyValue = ` +%v +**issue处理注意事项:** +**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;** +**2. 模板内容需要填写完整, 如果是非maintainer填写, 需要maintainer审核通过, 否则无法关闭当前issue;** +**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响))不能省略,省略后cve-manager将无法正常解析填写内容.** +************************************************************************ 影响性分析说明: @@ -79,14 +85,30 @@ openEuler评分: (评分和向量) 受影响版本排查(受影响/不受影响): %v - +----------------------------------------------------------------------- +issue处理具体操作请参考: +%v +pr关联issue具体操作请参考: +%v ` +const PrIssueLink = "https://gitee.com/help/articles/4142" -func CommentTemplate(assignee, commentCmd, affectedVersion string) string { - commentTemplate := "Hey @" + assignee + "\n" + - "**以下内容需要您填写, 请复制到评论区回复: 内容的标题名称(影响性分析说明,openEuler评分,受影响版本排查(受影响/不受影响))不能省略,省略可能无法正常解析喔**\n" + - fmt.Sprintf(commentCopyValue, affectedVersion) + - "\n详细说明文档请参考: " + commentCmd + "\n" +// Create first comment +func CommentTemplate(assignee, commentCmd, affectedVersion, path string) string { + maintainerList, mainOk := models.QueryRepoAllMaintainer(path) + assList := []string{} + if mainOk && len(maintainerList) > 0 { + for _, v := range maintainerList { + assList = append(assList, "@"+v.MemberName+" ") + } + } + assigneeStr := "" + if len(assList) > 0 { + assigneeStr = strings.Join(assList, ",") + } else { + assigneeStr = "@" + assignee + } + commentTemplate := fmt.Sprintf(commentCopyValue, assigneeStr, affectedVersion, commentCmd, PrIssueLink) return commentTemplate } diff --git a/taskhandler/createissue.go b/taskhandler/createissue.go index a7641af..c196ea1 100644 --- a/taskhandler/createissue.go +++ b/taskhandler/createissue.go @@ -204,6 +204,9 @@ func CreateIssueToGit(accessToken string, owner string, path string, assignee st } errx := CreateIssueComment(accessToken, owner, path, assignee, cve, resp, affectedVersion) logs.Info("issue评论创建结果, err: ", errx) + // Send gitee private message + content := fmt.Sprintf("%v 仓库有新的CVE和安全问题的ISSUE被 cve-manager 创建,CVE编号: %v, 请及时处理.", path, cve.CveNum) + SendPrivateLetters(accessToken, content, assignee) issueNum := resp["number"].(string) issueID := int64(resp["id"].(float64)) err = CreateDepositHooks(accessToken, owner, path, cve, issueNum, issueID) @@ -507,7 +510,7 @@ func CreateIssueComment(accessToken, owner, path, assignee string, return err } commentCmd := BConfig.String("reflink::comment_cmd") - commentBody := CommentTemplate(assignee, commentCmd, affectedVersion) + commentBody := CommentTemplate(assignee, commentCmd, affectedVersion, path) requestBody := fmt.Sprintf(`{ "access_token": "%s", "body": "%s" -- Gitee