diff --git a/conf/app.conf b/conf/app.conf index 5263411f5ebca5877f9f8a0c655c61a1be3829a7..6e2754b61dbdcc1cbcfdc5d1d182f6c4acfc14c9 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -51,7 +51,7 @@ oricveflag = 2 oricvecheck = 00 00 05 * * * getissueflag = 2 getissue = 00 00 05 * * * -issueflag = 1 +issueflag = 2 createissue = * * 05 * * * test = 0/10 * * * * * gittokenflag = 2 diff --git a/conf/product_app.conf b/conf/product_app.conf index 299127a11cf047a59fe561e76758a3f73e13a9c1..1a461b6496a16cc66efe699b25d992279bbeddcf 100644 --- a/conf/product_app.conf +++ b/conf/product_app.conf @@ -52,7 +52,7 @@ oricvecheck = 00 00 05 * * * getissueflag = 1 getissue = 00 00 05 * * * issueflag = 1 -createissue = * * 05 * * * +createissue = * * 06 * * * test = 0/10 * * * * * gittokenflag = 2 issueoath = * * */20 * * * diff --git a/controllers/hook.go b/controllers/hook.go index 9c507f934cef81b6b8fbe5fa871b07a3ae90ec87..ba94e50cb1ae8703af5a96b835f02ee31e5d416e 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -173,6 +173,11 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { if issueErr != nil { return issueErr } + if issueTmp.Status == 3 { + // The issue has been closed and cannot be operated again + logs.Error("The issue has been closed and cannot be operated again,issuetmp: ", issueTmp) + return errors.New("The issue has been closed and cannot be operated again") + } cveCenter := models.VulnCenter{CveId: issueTmp.CveId} cveErr := models.GetVulnCenterByCid(&cveCenter, "cve_id") if cveErr != nil { @@ -274,7 +279,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { } else { //1. change issue status issueTmp.IssueStatus = 2 - issueTmp.Status = 3 + //issueTmp.Status = 3 cveCenter.IsExport = 3 if issueTmp.MtAuditFlag == 0 { issueTmp.IssueStatus = 1 @@ -293,6 +298,7 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { if issueTmp.MtAuditFlag == 1 && issueTmp.SaAuditFlag == 0 { issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) issueTmp.StatusName = "open" + issueTmp.Status = 1 issuePrFlag := VerifyIssueAsPr(&issueTmp, cveCenter, true) if issuePrFlag { issueTmp.StatusName = issueHook.Issue.StateName @@ -719,6 +725,11 @@ func handleIssueComment(payload models.CommentPayload) { logs.Error(err) return } + if issueTmp.Status == 3 { + // The issue has been closed and cannot be operated again + logs.Error("The issue has been closed and cannot be operated again,issuetmp: ", issueTmp) + return + } token := os.Getenv("GITEE_TOKEN") owner := beego.AppConfig.String("gitee::owner") fixed := beego.AppConfig.String("labelFixed") @@ -966,6 +977,11 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m logs.Error(err) return } + if issueTmp.Status == 3 { + // The issue has been closed and cannot be operated again + logs.Error("The issue has been closed and cannot be operated again,issuetmp: ", issueTmp) + return + } canVerfy := false issueTmp.MtAuditFlag = 0 maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) @@ -1081,7 +1097,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m issueTmp.IssueStatus = 3 //2. Are the cvsScore and openEuler score equal .If not equal, notify the auditor to review . var na string - if issueTmp.OpenEulerScore != issueTmp.NVDScore { + if issueTmp.OpenEulerScore != issueTmp.NVDScore && issueTmp.OpenEulerScore > 0 && issueTmp.NVDScore > 0 { na = "\n**因OpenEulerScore与NvdScore不一致,分析内容需审核,请等待安全组审核!**" //Notify the responsible person for review notifyAuditorReview(payload, issueTmp) diff --git a/taskhandler/cve.go b/taskhandler/cve.go index 5b0f6d83acc6ef1b56b3b30cb33fbc269c4e8347..f4c14db6d8ea15bcadd75c6b575f22a0b6952cbb 100644 --- a/taskhandler/cve.go +++ b/taskhandler/cve.go @@ -39,10 +39,10 @@ func UpdateExcelCveGroups(cveData models.OriginExcel, cveRef string, openeulerNu CveRes.PackName = cveData.PackName CveRes.CveUrl = cveRef + cveData.CveNum CveRes.CveLevel = cveData.CveLevel - CveRes.DataSource = 3 - CveRes.IsExport = 0 - if CveRes.Status != 0 && CveRes.Status != 1 { + //CveRes.DataSource = 3 + if CveRes.DataSource != 4 && CveRes.Status != 0 && CveRes.Status != 1 { CveRes.Status = 1 + CveRes.IsExport = 0 } //CveRes.Status = 1 openEusa, operr := models.QueryOpenEulerSAByCveId(CveRes.CveId) @@ -314,10 +314,10 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum CveRes.PackName = pkList[0] CveRes.CveUrl = cveRef + cveData.CveNum CveRes.CveLevel = cveScV3.CveLevel - CveRes.DataSource = 1 - CveRes.IsExport = 0 - if CveRes.Status != 0 && CveRes.Status != 1 { + //CveRes.DataSource = 1 + if CveRes.DataSource != 4 && CveRes.Status != 0 && CveRes.Status != 1 { CveRes.Status = 1 + CveRes.IsExport = 0 } //CveRes.Status = 1 openEusa, operr := models.QueryOpenEulerSAByCveId(CveRes.CveId) @@ -1011,7 +1011,6 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c sc.Ointegrity = vectorO.Integrity sc.Oavailability = vectorO.Availability } - var opensa models.OpenEulerSA var OpenNumData int //var os models.OpenSaId @@ -1034,6 +1033,7 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c scorecode.NVDScore = nVDScore scorecode.NvectorVule = lop.CvsVector scorecode.Status = 0 + vul.Status = 2 cveid, cveError := models.CreateCveRelat(&vul, &sec, &sc, &opensa, &scorecode) if cveError != nil || cveid <= 0 { logs.Error("insert (&CveRes, &scoreRes, &sec) failed CveNum:", cveData.CveNumber) @@ -1066,6 +1066,7 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } else if strings.ToLower(cveData.State) == "closed" || cveData.State == "已完成" { issueTemp.Status = 3 issueTemp.IssueStatus = 2 + vul.IsExport = 3 } else if strings.ToLower(cveData.State) == "rejected" || cveData.State == "已拒绝" { issueTemp.Status = 4 issueTemp.IssueStatus = 6 @@ -1113,7 +1114,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c vul.RepairTime = "" vul.PackName = cveData.RepoPath vul.CveUrl = cveRef + cveData.CveNumber - vul.IsExport = 0 + //vul.IsExport = 0 //vul.DataSource = 4 var sec models.SecurityNotice sec.CveId = vul.CveId @@ -1161,11 +1162,11 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c score.CveNum = cveData.CveNumber var nvdError error nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil { + if nvdError == nil && nVDScore > 0 { score.NVDScore = nVDScore } openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil { + if openError == nil && openEulerScore > 0{ score.OpenEulerScore = openEulerScore } score.NvectorVule = lop.CvsVector @@ -1204,14 +1205,15 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c score.Nstatus = 2 var nvdError error nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil { + if nvdError == nil && nVDScore > 0 { if score.NVDScore != nVDScore { - score.Nstatus = 1 - vul.Status = 1 + score.Nstatus = 3 + //vul.Status = 1 + score.NVDScore = nVDScore } } openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil { + if openError == nil && openEulerScore > 0 { score.OpenEulerScore = openEulerScore } score.OvectorVule = lop.OpVector @@ -1266,7 +1268,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c sec.OpenId = openId score.OpenId = openId } - + vul.Status = 2 cveError := models.UpdateCveRelat(&vul, &sec, &score) if cveError != nil || vul.CveId == 0 { logs.Error("UpdateCveRelat(&vul, &sec, &sc) failed CveNum:", cveData.CveNumber, ",err:", cveError) @@ -1291,12 +1293,12 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.OwnedComponent = lop.Components issueTemp.OwnedVersion = RemoveSubstring(lop.Version, specCharList) openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil { + if openError == nil && openEulerScore > 0 { issueTemp.OpenEulerScore = openEulerScore } issueTemp.NVDVector = lop.CvsVector nvdScore, nvdError := strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil { + if nvdError == nil && nvdScore > 0 { issueTemp.NVDScore = nvdScore } issueTemp.OpenEulerVector = lop.OpVector @@ -1359,6 +1361,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.Solution = lop.AvoidScheme issueTemp.IssueId = cveData.IssueId issueTemp.IssueNum = cveData.Number + issueTemp.IssueLabel = beego.AppConfig.String("labelUnFix") issueTemp.Assignee = cveData.IssueAssignee if strings.ToLower(cveData.State) == "open" || cveData.State == "待办的" || cveData.State == "开启的" { issueTemp.Status = 1 @@ -1370,9 +1373,15 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } else if strings.ToLower(cveData.State) == "closed" || cveData.State == "已完成" { issueTemp.Status = 3 issueTemp.IssueStatus = 2 + issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") + issueTemp.MtAuditFlag = 1 + issueTemp.SaAuditFlag = 1 } else if strings.ToLower(cveData.State) == "rejected" || cveData.State == "已拒绝" { issueTemp.Status = 4 issueTemp.IssueStatus = 6 + issueTemp.IssueLabel = beego.AppConfig.String("labelFixed") + issueTemp.MtAuditFlag = 1 + issueTemp.SaAuditFlag = 1 } else if strings.ToLower(cveData.State) == "suspended" || cveData.State == "已挂起" { issueTemp.Status = 5 issueTemp.IssueStatus = 6 @@ -1381,7 +1390,6 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.IssueStatus = 6 } issueTemp.StatusName = cveData.State - issueTemp.IssueLabel = beego.AppConfig.String("labelUnFix") issueTemp.Owner = owner issueTemp.Repo = lop.Repo if cveData.Title != "" { @@ -1390,8 +1398,8 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.IssueType = cveData.IssueType issueTemp.CveLevel = vul.CveLevel } - issueTemp.MtAuditFlag = 1 - issueTemp.SaAuditFlag = 1 + //issueTemp.MtAuditFlag = 1 + //issueTemp.SaAuditFlag = 1 // Store issue data issTempId, issError := models.CreateIssueTemplate(&issueTemp) if issError != nil {