diff --git a/cve-agency-manager/go.mod b/cve-agency-manager/go.mod index 12b2917018428b570dd195681b65bf9bd11f6f20..6d712001736155a3e6c6810e60676431df4deff1 100644 --- a/cve-agency-manager/go.mod +++ b/cve-agency-manager/go.mod @@ -21,9 +21,9 @@ require ( github.com/prometheus/procfs v0.6.0 // indirect github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 // indirect github.com/smartystreets/assertions v1.2.0 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.15.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/sys v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect google.golang.org/protobuf v1.33.0 // indirect diff --git a/cve-agency-manager/go.sum b/cve-agency-manager/go.sum index caf7d3704ab87f21c065060caec53587daca5e42..6392b9fd5a66f5903c43134915fd68373c491b56 100644 --- a/cve-agency-manager/go.sum +++ b/cve-agency-manager/go.sum @@ -159,6 +159,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -170,6 +171,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -191,6 +194,7 @@ golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 803ae7bae2fd2282a6a11bdf5d8c5ef71549f589..2a60429f2d98201c3600d437d2f0022d2a086862 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -85,11 +85,13 @@ const ( CommentGetNvdCveSuccess = `@%v CVE信息从NVD同步成功, 稍后请重新加载页面.` CommentGetNvdCveFailed = `@%v CVE信息从NVD同步失败, 请稍后重试, 或者数据源不存在.` CommentRepeatIssue = `%v 请检查当前: %v,是否重复创建, issue编号: %v, 重复创建的issue,将不会被再次识别.` + + webhookCommentLogTag = "webhook-comment" ) var comLock sync.Mutex -//HookEventControllers gitee hook callback +// HookEventControllers gitee hook callback type HookEventControllers struct { beego.Controller } @@ -99,10 +101,11 @@ type AgencyPrams struct { PatchUrl string } -//Post handle gitee webhook +// Post handle gitee webhook // @router / [post] func (c *HookEventControllers) Post() { if ok := c.isLegitimateHookEvent(); !ok { + logs.Error(webhookCommentLogTag, "isLegitimateHookEvent", c.Ctx.Input.RequestBody) c.Ctx.ResponseWriter.WriteHeader(406) c.Ctx.WriteString("Illegal incident, discarded") return @@ -124,7 +127,7 @@ func (c *HookEventControllers) Post() { } } -//isLegitimateHookEvent according to gitee doc judge +// isLegitimateHookEvent according to gitee doc judge func (c *HookEventControllers) isLegitimateHookEvent() (ok bool) { ok = true //judge user agent @@ -150,7 +153,7 @@ func (c *HookEventControllers) handleNoteDate() { var hookNote models.CommentPayload err := json.Unmarshal(c.Ctx.Input.RequestBody, &hookNote) if err != nil { - logs.Error(err, "\n, ", string(c.Ctx.Input.RequestBody)) + logs.Error(webhookCommentLogTag, "unmarshal payload failed:", err) return } hookPwd := beego.AppConfig.String("hook::hookpwd") @@ -1445,13 +1448,16 @@ func securityApprove(issueTmp *models.IssueTemplate, cuAccount, owner, token, func handleIssueComment(payload models.CommentPayload) { if payload.Issue == nil || payload.Comment == nil { + logs.Error(webhookCommentLogTag, "issue or comment is nil") return } if payload.Comment.User == nil { + logs.Error(webhookCommentLogTag, "user is nil") return } // The default timeout for receiving hooks logs.Info("payload.Comment: ", payload.Comment, ", Number: ", payload.Issue.Number, "id: ", payload.Issue.Id) + logs.Error(webhookCommentLogTag, "receive hook of issue num: ", payload.Issue.Number) issueNum := payload.Issue.Number //issue number string issueId := payload.Issue.Id // issue id int64 cBody := payload.Comment.Body //Comment subject @@ -1466,7 +1472,7 @@ func handleIssueComment(payload models.CommentPayload) { cmdFeedBack := beego.AppConfig.String("feedBackCmd") verifyCmd := beego.AppConfig.String("verifyCmd") if issueNum == "" || cuAccount == "" || cBody == "" { - logs.Error("Data has null values: issueNum, cuAccount, cBody: ", issueNum, cuAccount, cBody) + logs.Error(webhookCommentLogTag, "Data has null values: issueNum, cuAccount, cBody:") return } cBody = strings.ReplaceAll(cBody, ":", ":") @@ -1476,7 +1482,7 @@ func handleIssueComment(payload models.CommentPayload) { if len(botCuAccountList) > 0 { for _, botCu := range botCuAccountList { if cuAccount == botCu { - logs.Error(cuAccount, ", Ignore this comment") + logs.Error(webhookCommentLogTag, cuAccount, ", Ignore this comment") return } } @@ -1484,7 +1490,7 @@ func handleIssueComment(payload models.CommentPayload) { issueTmp := models.IssueTemplate{IssueNum: issueNum, IssueId: issueId} err := models.GetIssueTemplateByColName(&issueTmp, "issue_num", "issue_id") if err != nil { - logs.Error("GetErr: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "get issue template error", issueNum, err) return } agencyPram := AgencyPrams{} @@ -1494,7 +1500,7 @@ func handleIssueComment(payload models.CommentPayload) { vc := models.VulnCenter{CveId: issueTmp.CveId} vcErr := models.GetVulnCenterByCid(&vc, "CveId") if vcErr != nil { - logs.Error("GetVulnCenterByCid, vcErr: ", vcErr, ",CveId: ", issueTmp.CveId) + logs.Error(webhookCommentLogTag, "get vuln center error", issueTmp.CveId, vcErr) return } owner, accessToken := common.GetOwnerAndToken(vc.CveNum, vc.OrganizationID) @@ -1625,9 +1631,10 @@ func handleIssueComment(payload models.CommentPayload) { VerifyCve(issueTmp) } } else { + logs.Error(webhookCommentLogTag, "analysis comment, number: ", payload.Issue.Number) if payload.Issue.State == "closed" || payload.Issue.State == "rejected" || payload.Issue.State == "已完成" || payload.Issue.State == "已拒绝" { - logs.Error("Cannot edit comment, value: ", payload.Issue) + logs.Error(webhookCommentLogTag, "Cannot edit comment, number: ", payload.Issue.Number) return } cBody = strings.ReplaceAll(cBody, ":", ":") @@ -1728,13 +1735,14 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st payload *models.CommentPayload, issueTmp models.IssueTemplate, v models.VulnCenter) { if issueTmp.Status == 3 { // The issue has been closed and cannot be operated again - logs.Error("The issue has been closed and cannot be operated again,issuetmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "The issue has been closed and cannot be operated again ", issueTmp.IssueNum) return } canVerfy := false issueTmp.MtAuditFlag = 1 //is Analyst comment and content start with '/analysis' vMap := util.ExtractCommentAnalysisAllValue(cBody, v.OrganizationID) + logs.Error(webhookCommentLogTag, "vMap of ", issueTmp.IssueNum, vMap) if len(vMap) > 0 { canVerfy = true cols := make([]string, 0) @@ -1782,29 +1790,30 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st cols = append(cols, k) } } + if len(cols) > 0 { cols = append(cols, "mt_audit_flag") err := models.UpdateIssueTemplate(&issueTmp, cols...) if err != nil { - logs.Error("uperr: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "update issue template failed", issueTmp.IssueNum, err) } else { if _, ok := vMap["openeuler_vector"]; ok { err := saveVectorData(vMap["openeuler_vector"], issueTmp.CveId) if err != nil { - logs.Error("saveVectorData, err: ", err) + logs.Error(webhookCommentLogTag, "saveVectorData, err: ", err) } } if _, ok := vMap["openeuler_score"]; ok { //更新分数到 score score, err := models.QueryIssueScore(issueTmp.CveId) if err != nil { - logs.Error("queryErr: ", err, "cveId: ", issueTmp.CveId) + logs.Error(webhookCommentLogTag, "query score failed", issueTmp.CveId, err) } else { score.OpenEulerScore = issueTmp.OpenEulerScore score.Ostatus = 1 err := models.UpdateScore(&score, "openeuler_score", "o_score_status") if err != nil { - logs.Error("upErr: ", err, ",UpdateScore, score: ", score) + logs.Error(webhookCommentLogTag, "update score failed", err) } } } @@ -1820,6 +1829,8 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st } } } + + logs.Error(webhookCommentLogTag, "canVerfy of ", issueTmp.IssueNum, canVerfy) if canVerfy { //Check whether the data is legal var checkFunc func(template *models.IssueTemplate, v *models.VulnCenter) (string, string, bool) @@ -1834,7 +1845,7 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st issueTmp.IssueStatus = 1 err := models.UpdateIssueTemplate(&issueTmp, "issue_status") if err != nil { - logs.Error("UpdateIssueTemplate, upErr: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "UpdateIssueTemplate, upErr: ", err, ",issueTmp: ", issueTmp.IssueNum) } assignee := "" if cuAccount != "" && len(cuAccount) > 1 { @@ -1884,7 +1895,7 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st // change score status err := changeOpenEulerScoreStatus(issueTmp.CveId, 3) if err != nil { - logs.Error("changeOpenEulerScoreStatus, err: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "changeOpenEulerScoreStatus, err: ", err, ",issueTmp: ", issueTmp.IssueNum) } } } else { @@ -1894,13 +1905,13 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st // change score status err := changeOpenEulerScoreStatus(issueTmp.CveId, 3) if err != nil { - logs.Error("changeOpenEulerScoreStatus, err: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "changeOpenEulerScoreStatus, err: ", err, ",issueTmp: ", issueTmp.IssueNum) } } } err := models.UpdateIssueTemplate(&issueTmp, "issue_status", "mt_audit_flag") if err != nil { - logs.Error("UpdateIssueTemplate, updErr: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "UpdateIssueTemplate, updErr: ", err, ",issueTmp: ", issueTmp.IssueNum) } } } @@ -1946,11 +1957,11 @@ func commentUpdateIssue(issueTmp models.IssueTemplate, owner, accessToken, path cvlnCenter := models.VulnCenter{} err := models.GetVulnCenterByCVEID(&cvlnCenter, issueTmp.CveId) if err != nil { - logs.Error("GetVulnCenterByCVEID, err: ", err, ",cvlnCenter: ", cvlnCenter) + logs.Error(webhookCommentLogTag, "get vuln center failed", issueTmp.CveId, err) } else { _, err := taskhandler.UpdateIssueToGit(accessToken, owner, path, cvlnCenter, issueTmp) if err != nil { - logs.Error("UpdateIssueToGit, upErr: ", err, ",issueTmp: ", issueTmp) + logs.Error(webhookCommentLogTag, "UpdateIssueToGit, upErr: ", err, ",num: ", issueTmp.IssueNum) } } } @@ -2069,7 +2080,7 @@ func handleCommentPackage(packageStr string, cveID int64) error { return nil } -//CloseIssue close gitee issue +// CloseIssue close gitee issue func CloseIssue(token, repo, issueNum, owner string) bool { url := fmt.Sprintf("https://gitee.com/api/v5/repos/%s/issues/%s", owner, issueNum) param := struct { @@ -2085,7 +2096,7 @@ func CloseIssue(token, repo, issueNum, owner string) bool { return UpdateGiteIssue(url, pj) } -//UpdateGiteIssue update gitee issue +// UpdateGiteIssue update gitee issue func UpdateGiteIssue(url string, param []byte) bool { read := bytes.NewReader(param) req, err := http.NewRequest(http.MethodPatch, url, read) diff --git a/cve-vulner-manager/go.mod b/cve-vulner-manager/go.mod index 5130a629698e668da20597781e03a693065db2a5..4fada9d5e64b2ac278ace7c7aa09204eef9f51f0 100644 --- a/cve-vulner-manager/go.mod +++ b/cve-vulner-manager/go.mod @@ -17,7 +17,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/smartystreets/goconvey v1.6.4 github.com/xuri/excelize/v2 v2.7.1 - golang.org/x/net v0.19.0 + golang.org/x/net v0.23.0 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df gopkg.in/yaml.v2 v2.4.0 k8s.io/apimachinery v0.26.1 @@ -47,11 +47,11 @@ require ( github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/image v0.10.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/image v0.18.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/text v0.16.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect diff --git a/cve-vulner-manager/go.sum b/cve-vulner-manager/go.sum index 6270c4e9026014dd164a726808009d7cce47d104..ab0ad0155a0b9f0825f6ee65f681e1dd2a609598 100644 --- a/cve-vulner-manager/go.sum +++ b/cve-vulner-manager/go.sum @@ -1096,8 +1096,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1127,8 +1127,8 @@ golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeap golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/image v0.5.0/go.mod h1:FVC7BI/5Ym8R25iw5OLsgshdUBbT1h5jZTpA+mvAdZ4= -golang.org/x/image v0.10.0 h1:gXjUUtwtx5yOE0VKWq1CH4IJAClq4UGgUA3i+rpON9M= -golang.org/x/image v0.10.0/go.mod h1:jtrku+n79PfroUbvDdeUWMAI+heR786BofxrbiSF+J0= +golang.org/x/image v0.18.0 h1:jGzIakQa/ZXI1I0Fxvaa9W7yP25TqT6cHIHn+6CqvSQ= +golang.org/x/image v0.18.0/go.mod h1:4yyo5vMFQjVjUcVk4jEQcU9MGy/rulF5WvUILseCM2E= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1227,8 +1227,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1374,8 +1374,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1403,10 +1403,9 @@ golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/cve-vulner-manager/taskhandler/comment.go b/cve-vulner-manager/taskhandler/comment.go index 83f40166df8b2dc8d974e4707377656234551511..0da61d2ac80890b6b5919ec042889842dc0ba044 100644 --- a/cve-vulner-manager/taskhandler/comment.go +++ b/cve-vulner-manager/taskhandler/comment.go @@ -1,23 +1,35 @@ package taskhandler import ( - "cvevulner/util" + "encoding/json" "fmt" + "github.com/astaxie/beego/logs" + + "cvevulner/util" ) -//AddCommentToIssue Add a comment to the issue +type CommentParam struct { + AccessToken string `json:"access_token"` + Body string `json:"body"` +} + +// AddCommentToIssue Add a comment to the issue func AddCommentToIssue(msg, issueNum, owner, repo, access string) { url := fmt.Sprintf(`https://gitee.com/api/v5/repos/%v/%v/issues/%v/comments`, owner, repo, issueNum) - param := fmt.Sprintf(`{"access_token": "%s","body":"%s"}`, access, msg) - res, err := util.HTTPPost(url, param) + param := CommentParam{ + AccessToken: access, + Body: msg, + } + + body, _ := json.Marshal(param) + _, err := util.HTTPPost(url, string(body)) if err != nil { - logs.Error(err, msg) + logs.Error("add comment to issue num failed ", issueNum, err) } - logs.Info("Add comment back:", res, msg) } -//SendPrivateLetters Send a private message to a gitee user +// SendPrivateLetters Send a private message to a gitee user func SendPrivateLetters(access, content, useName string) { url := "https://gitee.com/api/v5/notifications/messages" param := fmt.Sprintf(`{"access_token":"%s","username":"%s","content":"%s"}`, access, useName, content) diff --git a/cve-vulner-manager/taskhandler/createissue.go b/cve-vulner-manager/taskhandler/createissue.go index ff8497564a8405a50bdce7788cefff8ca84ee9a2..b761ae2170311efda867cb75e64e55bd7f30dd0e 100644 --- a/cve-vulner-manager/taskhandler/createissue.go +++ b/cve-vulner-manager/taskhandler/createissue.go @@ -483,7 +483,7 @@ func UpdateIssueToGit(accessToken, owner, path string, ",its: ", its, ", owner: ", owner, ",path: ", path) if its.Status == 4 || its.Status == 5 { logs.Error("UpdateIssueToGit, "+ - "The current issue has been suspended/rejected and will not be processed, its: ", its) + "The current issue has been suspended/rejected and will not be processed, its: ", its.IssueNum) models.UpdateIssueStatus(cve, 2) return "", errors.New("The current issue has been suspended/rejected and will not be processed") } @@ -502,7 +502,7 @@ func UpdateIssueToGit(accessToken, owner, path string, if issueErr != nil { models.DeleteIssueTemplate(its.TemplateId) models.UpdateIssueStatus(cve, 0) - return "", errors.New("Recreate issue") + return "", errors.New("unknown issue") } else { if issueBody != nil { if issueBody != nil && issueBody["assignee"] != nil { @@ -516,7 +516,7 @@ func UpdateIssueToGit(accessToken, owner, path string, } else { models.DeleteIssueTemplate(its.TemplateId) models.UpdateIssueStatus(cve, 0) - return "", errors.New("Recreate issue") + return "", errors.New("invalid issue") } } //labels := its.IssueLabel @@ -548,7 +548,7 @@ func UpdateIssueToGit(accessToken, owner, path string, var sc models.Score sc, scok := models.QueryScoreByCveId(cve.CveId) if !scok { - logs.Error("UpdateIssueToGit, Score does not exist, cve: ", cve, cve.CveNum) + logs.Error("UpdateIssueToGit, Score does not exist, cve: ", cve.CveNum) } if len(assigneeGite) > 1 { its.Assignee = assigneeGite