From 52f29d43a70bd0f1e322924f0dba26922a798f26 Mon Sep 17 00:00:00 2001 From: Coopermassaki <1277145053@qq.com> Date: Fri, 2 Aug 2024 16:37:40 +0800 Subject: [PATCH 1/4] generate the updateinfo.xml --- cve-vulner-manager/Dockerfile | 1 + cve-vulner-manager/cve-ddd/app/bulletin.go | 34 +++ .../cve-ddd/domain/updateinfo.go | 92 ++++++++ .../cve-ddd/domain/updateinfo/updateinfo.go | 5 +- .../updateinfoimpl/generate_updateinfoxml.go | 223 ++++++++++++++++++ cve-vulner-manager/routers/new_router.go | 1 + cve-vulner-manager/sh/epoch.sh | 24 ++ 7 files changed, 379 insertions(+), 1 deletion(-) create mode 100644 cve-vulner-manager/cve-ddd/domain/updateinfo.go create mode 100644 cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go create mode 100644 cve-vulner-manager/sh/epoch.sh diff --git a/cve-vulner-manager/Dockerfile b/cve-vulner-manager/Dockerfile index ba1d7bc..c761407 100644 --- a/cve-vulner-manager/Dockerfile +++ b/cve-vulner-manager/Dockerfile @@ -15,6 +15,7 @@ RUN dnf -y update && \ useradd -u 1000 -g manager -s /bin/bash -m manager COPY --chown=manager ./conf/product_app.conf /opt/app/conf/app.conf +COPY --chown=manager ./sh/epoch.sh /opt/app/epoch.sh COPY --chown=manager --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-manager /opt/app/cve-manager USER manager diff --git a/cve-vulner-manager/cve-ddd/app/bulletin.go b/cve-vulner-manager/cve-ddd/app/bulletin.go index d9bcc10..831292d 100644 --- a/cve-vulner-manager/cve-ddd/app/bulletin.go +++ b/cve-vulner-manager/cve-ddd/app/bulletin.go @@ -21,6 +21,7 @@ import ( "cvevulner/cve-ddd/domain/obs" "cvevulner/cve-ddd/domain/repository" "cvevulner/cve-ddd/domain/testresult" + "cvevulner/cve-ddd/domain/updateinfo" ) const ( @@ -42,6 +43,7 @@ func NewBulletinService( t testresult.Result, bd backend.Backend, l *logrus.Entry, + u updateinfo.UpdateInfo, ) *bulletinService { service := &bulletinService{ obs: o, @@ -50,6 +52,7 @@ func NewBulletinService( bulletin: b, testResult: t, backend: bd, + updateinfo: u, log: l, giteeToken: beego.AppConfig.String("gitee::git_token"), } @@ -66,6 +69,7 @@ type bulletinService struct { bulletin bulletin.Bulletin testResult testresult.Result backend backend.Backend + updateinfo updateinfo.UpdateInfo releaseDate sync.Map giteeToken string @@ -143,6 +147,8 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin } updateFixedFiles = append(updateFixedFiles, v.PathAppendToIndexFile()) + + b.uploadUpdateInfoFile(&v) } b.uploadIndexAndFixed(uploadDir, indexContent, updateFixedFiles) @@ -150,6 +156,34 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin return uploadDir, nil } +func (b *bulletinService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin) { + for _, branch := range bulletin.AffectedVersion { + filePath := domain.UpdateinfoRootDir + branch + "/updateinfo.xml" + downloadBys, err := b.obs.Download(filePath) + if err != nil { + b.log.Error(err) + continue + } + + data, err := b.updateinfo.UploadUpdateInfoXml(domain.UpdateParam{ + Sb: bulletin, + Branch: branch, + DownloadBys: downloadBys, + FilePath: filePath, + }) + + if err != nil { + b.log.Error(err) + continue + } + + if err = b.obs.Upload(filePath, data); err != nil { + b.log.Error(err) + continue + } + } +} + func (b *bulletinService) uploadIndexAndFixed(uploadDir, indexContent string, updateFixedFiles []string) { updateFixedContent := strings.TrimSpace(strings.Join(updateFixedFiles, EOF)) newIndexContent := strings.TrimSpace(indexContent) + EOF + updateFixedContent diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go new file mode 100644 index 0000000..6964f31 --- /dev/null +++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go @@ -0,0 +1,92 @@ +package domain + +import ( + "encoding/xml" + "regexp" +) + +const ( + UpdateinfoRootDir = "earlyupdateinfo/" + NoticeTypeCVE = "cve" + NoticeTypeBug = "bug" + CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/" + PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s" + ScriptPath = "/opt/app/epoch.sh" +) + +var ( + Severity = map[string]string{ + "critical": "Critical", + "high": "Important", + "medium": "Moderate", + "low": "Low", + } + + Num = regexp.MustCompile(`\d+`) +) + +type UpdateParam struct { + Sb *SecurityBulletin + Branch string + DownloadBys []byte + FilePath string +} + +type Updates struct { + XMLName xml.Name `xml:"updates,omitempty"` + Updatex []Update `xml:"update,omitempty"` +} + +type Update struct { + XMLName xml.Name `xml:"update,omitempty"` + From string `xml:"from,attr"` + Type string `xml:"type,attr"` + Status string `xml:"status,attr"` + Id string `xml:"id"` + Title string `xml:"title"` + Severity string `xml:"severity"` + Release string `xml:"release"` + Issued *Issued `xml:"issued,omitempty"` + References *References `xml:"references,omitempty"` + Description string `xml:"description"` + Pkglist *Pkglist `xml:"pkglist,omitempty"` +} + +type Issued struct { + XMLName xml.Name `xml:"issued,omitempty"` + Date string `xml:"date,attr"` +} + +type References struct { + XMLName xml.Name `xml:"references,omitempty"` + Reference []Reference `xml:"reference,omitempty"` +} + +type Reference struct { + XMLName xml.Name `xml:"reference,omitempty"` + Href string `xml:"href,attr"` + Id string `xml:"id,attr"` + Title string `xml:"title,attr"` + Type string `xml:"type,attr"` +} + +type Pkglist struct { + XMLName xml.Name `xml:"pkglist,omitempty"` + Collection *Collection `xml:"collection,omitempty"` +} + +type Collection struct { + XMLName xml.Name `xml:"collection,omitempty"` + Name string `xml:"name"` + Package []Package `xml:"package,omitempty"` +} + +type Package struct { + XMLName xml.Name `xml:"package,omitempty"` + Epoch string `xml:"epoch,attr,omitempty"` + Arch string `xml:"arch,attr"` + Name string `xml:"name,attr"` + Release string `xml:"release,attr"` + Version string `xml:"version,attr"` + Filename string `xml:"filename"` +} diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo/updateinfo.go index 27c1ff7..bf5ed26 100644 --- a/cve-vulner-manager/cve-ddd/domain/updateinfo/updateinfo.go +++ b/cve-vulner-manager/cve-ddd/domain/updateinfo/updateinfo.go @@ -1,8 +1,11 @@ package updateinfo -import "cvevulner/cve-ddd/domain" +import ( + "cvevulner/cve-ddd/domain" +) type UpdateInfo interface { Generate(cves domain.CvesByVersion) ([]byte, error) GenerateCollectExcel(map[string]domain.CollectedDataSlice) ([]byte, error) + UploadUpdateInfoXml(up domain.UpdateParam) (data []byte, err error) } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go new file mode 100644 index 0000000..6d696fe --- /dev/null +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go @@ -0,0 +1,223 @@ +package updateinfoimpl + +import ( + "bytes" + "encoding/xml" + "fmt" + "path/filepath" + "sort" + "strconv" + "strings" + "time" + + libutils "github.com/opensourceways/server-common-lib/utils" + + "cvevulner/cve-ddd/domain" + "cvevulner/cve-ddd/domain/dp" + "cvevulner/taskhandler" + "cvevulner/util" +) + +func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) { + var u domain.Updates + + err = xml.Unmarshal(param.DownloadBys, &u) + if err != nil { + return nil, err + } + + up := impl.updateXml(param.Sb, param.Branch) + + i := impl.numberIndex(&u, param.Sb.Identification) + if i == -1 { + u.Updatex = append(u.Updatex, up) + } else { + if up.Description == "" { + up.Description = u.Updatex[i].Description + } + if up.Title == "" { + up.Title = u.Updatex[i].Title + } + u.Updatex[i] = up + } + + sort.Slice(u.Updatex, func(i, j int) bool { + return u.Updatex[i].Id < u.Updatex[j].Id + }) + + uploadBys, err := xml.MarshalIndent(u, "", " ") + if err != nil { + return nil, err + } + + headerBytes := []byte(xml.Header) + headerBytes = append(headerBytes, uploadBys...) + + return headerBytes, nil +} + +func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) domain.Update { + var cveNums []string + var description string + var highestLevelIndex int + for _, cve := range sb.Cves { + cveNums = append(cveNums, cve.CveNum) + + subDescription := strings.ReplaceAll(cve.Description, "\n\n", "\r\n\r\n") + subDescription = taskhandler.XmlSpecCharHand(subDescription) + dSplit := strings.Split(subDescription, "Security Fix(es):") + if len(dSplit) > 1 { + if !strings.Contains(description, dSplit[0]) { + description = dSplit[0] + "Security Fix(es):" + description + } + if !strings.Contains(description, dSplit[1]) { + description += dSplit[1] + } + } + + // Choose the highest security level in cves, as security level in bulletin + for k, v := range dp.SequenceSeverityLevel { + if v == cve.SeverityLevel && k > highestLevelIndex { + highestLevelIndex = k + } + } + } + introduction := fmt.Sprintf("An update for %s is now available for", sb.Component) + + var descr string + + title := introduction + branch + + if impl.IsCveNotice(sb.Identification) { + if i := strings.Index(description, "Security Fix(es):"); i > 0 { + descr = util.TrimStringNR(description[i+17:]) + } + } else { + descr = description + } + + var up = domain.Update{ + From: "openeuler.org", + Type: "security", + Status: "stable", + Id: sb.Identification, + Title: title, + Severity: domain.Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])], + Release: "openEuler", + Issued: &domain.Issued{Date: sb.Date}, + Description: descr, + } + + var ref []domain.Reference + for _, s := range cveNums { + ref = append(ref, domain.Reference{ + Href: domain.CveUrlPrefix + s, + Id: s, + Title: s, + Type: "cve", + }) + } + + up.References = &domain.References{Reference: ref} + + var pack []domain.Package + for arch, pl := range sb.ProductTree { + if arch == "src" { + continue + } + + for _, productPackage := range pl { + var pe domain.Package + pe.Filename = productPackage.FullName + packVersionList := strings.Split(productPackage.FullName, "-") + if len(packVersionList) >= 3 { + pe.Version = packVersionList[len(packVersionList)-2] + rpmName := packVersionList[len(packVersionList)-1][:len(packVersionList[len(packVersionList)-1])-4] + lastIndex := strings.LastIndexAny(rpmName, ".") + if lastIndex != -1 { + pe.Release = rpmName[:lastIndex] + pe.Arch = rpmName[lastIndex+1:] + } + pe.Name = strings.Join(packVersionList[0:len(packVersionList)-2], "-") + } + + if !strings.Contains(pe.Filename, "kernel") { + epoch, err := impl.findEpoch(domain.ScriptPath, branch, pe.Filename, pe.Arch, 1) + if err == nil && len(epoch) > 0 { + pe.Epoch = string(epoch) + } + } + + pack = append(pack, pe) + } + } + + up.Pkglist = &domain.Pkglist{Collection: &domain.Collection{Name: "openEuler", Package: pack}} + + return up +} + +func (impl updateInfoImpl) numberIndex(u *domain.Updates, securityNumber string) (index int) { + index = -1 + for k, v := range u.Updatex { + if strings.EqualFold(v.Id, securityNumber) { + index = k + return + } + } + + return +} + +func (impl updateInfoImpl) IsCveNotice(securityNoticeNo string) bool { + return impl.GenNoticeType(securityNoticeNo) == domain.NoticeTypeCVE +} + +func (impl updateInfoImpl) GenNoticeType(securityNoticeNo string) string { + if strings.Contains(securityNoticeNo, "BA") { + return domain.NoticeTypeBug + } + + if strings.Contains(securityNoticeNo, "HotPatchSA") { + return domain.NoticeTypeCVE + } + + if strings.Contains(securityNoticeNo, "SA") { + return domain.NoticeTypeCVE + } + + return "" +} + +func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i int) ([]byte, error) { + var archs = []string{arch} + if arch == "noarch" { + archs = []string{"aarch64", "x86_64"} + } + for _, a := range archs { + epoch, err, _ := libutils.RunCmd( + script, + filepath.Join("/opt/app/", branch, strconv.Itoa(i), time.Now().Format("150405.999")), + fmt.Sprintf(domain.PkgUrl, branch, a, filename), + ) + + if err != nil { + return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(domain.PkgUrl, branch, a, filename)) + } + + if err == nil { + if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") { + continue + } + if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 { + epoch = bytes.TrimSpace(epoch[ix+5:]) + } else { + epoch = bytes.TrimSpace(epoch) + } + + return domain.Num.Find(epoch), nil + } + } + + return nil, nil +} diff --git a/cve-vulner-manager/routers/new_router.go b/cve-vulner-manager/routers/new_router.go index ab6e86d..0861a95 100644 --- a/cve-vulner-manager/routers/new_router.go +++ b/cve-vulner-manager/routers/new_router.go @@ -61,6 +61,7 @@ func InitNewRouter() { testresultimpl.NewTestResultImpl(logBulletin), backendimpl.NewBackendImpl(), logBulletin, + updateinfoimpl.NewUpdateInfoImpl(), ) hotPatchService := app.NewRefactorHotPatchService( diff --git a/cve-vulner-manager/sh/epoch.sh b/cve-vulner-manager/sh/epoch.sh new file mode 100644 index 0000000..2c796ca --- /dev/null +++ b/cve-vulner-manager/sh/epoch.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +repo=$1 +url=$2 + +if [ ! -d "$repo" ]; then + mkdir -p "$repo" +fi + +cd "$repo" + +curl -LO -s "$url" + +v=$(rpm -qpi *.rpm | grep Epoch | awk {'print $3'}) + +i=$? + +cd .. && rm -rf "$repo" + +if [ "$i" != 0 ]; then +exit 1 +fi + +echo "$v" \ No newline at end of file -- Gitee From d97a5b84570386ebc94844e6434708c5806b27c4 Mon Sep 17 00:00:00 2001 From: Coopermassaki <1277145053@qq.com> Date: Wed, 7 Aug 2024 17:12:18 +0800 Subject: [PATCH 2/4] fix --- cve-vulner-manager/cve-ddd/app/bulletin.go | 1 - .../cve-ddd/domain/updateinfo.go | 61 ------------------ .../updateinfoimpl/generate_updateinfoxml.go | 22 +++---- .../updateinfoimpl/updateinfoxml.go | 62 +++++++++++++++++++ 4 files changed, 73 insertions(+), 73 deletions(-) create mode 100644 cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/updateinfoxml.go diff --git a/cve-vulner-manager/cve-ddd/app/bulletin.go b/cve-vulner-manager/cve-ddd/app/bulletin.go index 831292d..569224f 100644 --- a/cve-vulner-manager/cve-ddd/app/bulletin.go +++ b/cve-vulner-manager/cve-ddd/app/bulletin.go @@ -169,7 +169,6 @@ func (b *bulletinService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin Sb: bulletin, Branch: branch, DownloadBys: downloadBys, - FilePath: filePath, }) if err != nil { diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go index 6964f31..bf5dfea 100644 --- a/cve-vulner-manager/cve-ddd/domain/updateinfo.go +++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go @@ -1,7 +1,6 @@ package domain import ( - "encoding/xml" "regexp" ) @@ -29,64 +28,4 @@ type UpdateParam struct { Sb *SecurityBulletin Branch string DownloadBys []byte - FilePath string -} - -type Updates struct { - XMLName xml.Name `xml:"updates,omitempty"` - Updatex []Update `xml:"update,omitempty"` -} - -type Update struct { - XMLName xml.Name `xml:"update,omitempty"` - From string `xml:"from,attr"` - Type string `xml:"type,attr"` - Status string `xml:"status,attr"` - Id string `xml:"id"` - Title string `xml:"title"` - Severity string `xml:"severity"` - Release string `xml:"release"` - Issued *Issued `xml:"issued,omitempty"` - References *References `xml:"references,omitempty"` - Description string `xml:"description"` - Pkglist *Pkglist `xml:"pkglist,omitempty"` -} - -type Issued struct { - XMLName xml.Name `xml:"issued,omitempty"` - Date string `xml:"date,attr"` -} - -type References struct { - XMLName xml.Name `xml:"references,omitempty"` - Reference []Reference `xml:"reference,omitempty"` -} - -type Reference struct { - XMLName xml.Name `xml:"reference,omitempty"` - Href string `xml:"href,attr"` - Id string `xml:"id,attr"` - Title string `xml:"title,attr"` - Type string `xml:"type,attr"` -} - -type Pkglist struct { - XMLName xml.Name `xml:"pkglist,omitempty"` - Collection *Collection `xml:"collection,omitempty"` -} - -type Collection struct { - XMLName xml.Name `xml:"collection,omitempty"` - Name string `xml:"name"` - Package []Package `xml:"package,omitempty"` -} - -type Package struct { - XMLName xml.Name `xml:"package,omitempty"` - Epoch string `xml:"epoch,attr,omitempty"` - Arch string `xml:"arch,attr"` - Name string `xml:"name,attr"` - Release string `xml:"release,attr"` - Version string `xml:"version,attr"` - Filename string `xml:"filename"` } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go index 6d696fe..10c5576 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go @@ -19,7 +19,7 @@ import ( ) func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) { - var u domain.Updates + var u Updates err = xml.Unmarshal(param.DownloadBys, &u) if err != nil { @@ -56,7 +56,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [ return headerBytes, nil } -func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) domain.Update { +func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) Update { var cveNums []string var description string var highestLevelIndex int @@ -96,7 +96,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) descr = description } - var up = domain.Update{ + var up = Update{ From: "openeuler.org", Type: "security", Status: "stable", @@ -104,13 +104,13 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) Title: title, Severity: domain.Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])], Release: "openEuler", - Issued: &domain.Issued{Date: sb.Date}, + Issued: &Issued{Date: sb.Date}, Description: descr, } - var ref []domain.Reference + var ref []Reference for _, s := range cveNums { - ref = append(ref, domain.Reference{ + ref = append(ref, Reference{ Href: domain.CveUrlPrefix + s, Id: s, Title: s, @@ -118,16 +118,16 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) }) } - up.References = &domain.References{Reference: ref} + up.References = &References{Reference: ref} - var pack []domain.Package + var pack []Package for arch, pl := range sb.ProductTree { if arch == "src" { continue } for _, productPackage := range pl { - var pe domain.Package + var pe Package pe.Filename = productPackage.FullName packVersionList := strings.Split(productPackage.FullName, "-") if len(packVersionList) >= 3 { @@ -152,12 +152,12 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) } } - up.Pkglist = &domain.Pkglist{Collection: &domain.Collection{Name: "openEuler", Package: pack}} + up.Pkglist = &Pkglist{Collection: &Collection{Name: "openEuler", Package: pack}} return up } -func (impl updateInfoImpl) numberIndex(u *domain.Updates, securityNumber string) (index int) { +func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index int) { index = -1 for k, v := range u.Updatex { if strings.EqualFold(v.Id, securityNumber) { diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/updateinfoxml.go new file mode 100644 index 0000000..465f38b --- /dev/null +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/updateinfoxml.go @@ -0,0 +1,62 @@ +package updateinfoimpl + +import "encoding/xml" + +type Updates struct { + XMLName xml.Name `xml:"updates,omitempty"` + Updatex []Update `xml:"update,omitempty"` +} + +type Update struct { + XMLName xml.Name `xml:"update,omitempty"` + From string `xml:"from,attr"` + Type string `xml:"type,attr"` + Status string `xml:"status,attr"` + Id string `xml:"id"` + Title string `xml:"title"` + Severity string `xml:"severity"` + Release string `xml:"release"` + Issued *Issued `xml:"issued,omitempty"` + References *References `xml:"references,omitempty"` + Description string `xml:"description"` + Pkglist *Pkglist `xml:"pkglist,omitempty"` +} + +type Issued struct { + XMLName xml.Name `xml:"issued,omitempty"` + Date string `xml:"date,attr"` +} + +type References struct { + XMLName xml.Name `xml:"references,omitempty"` + Reference []Reference `xml:"reference,omitempty"` +} + +type Reference struct { + XMLName xml.Name `xml:"reference,omitempty"` + Href string `xml:"href,attr"` + Id string `xml:"id,attr"` + Title string `xml:"title,attr"` + Type string `xml:"type,attr"` +} + +type Pkglist struct { + XMLName xml.Name `xml:"pkglist,omitempty"` + Collection *Collection `xml:"collection,omitempty"` +} + +type Collection struct { + XMLName xml.Name `xml:"collection,omitempty"` + Name string `xml:"name"` + Package []Package `xml:"package,omitempty"` +} + +type Package struct { + XMLName xml.Name `xml:"package,omitempty"` + Epoch string `xml:"epoch,attr,omitempty"` + Arch string `xml:"arch,attr"` + Name string `xml:"name,attr"` + Release string `xml:"release,attr"` + Version string `xml:"version,attr"` + Filename string `xml:"filename"` +} -- Gitee From db63c1ffc88518d3cf08e29f660b9eeead9f25be Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Thu, 8 Aug 2024 09:56:31 +0800 Subject: [PATCH 3/4] get epol for all branch --- .../cve-ddd/infrastructure/testresultimpl/impl.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go index 8436835..b8fc242 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go @@ -15,7 +15,7 @@ import ( ) const ( - epolBranch = "openEuler-22.03-LTS-SP1" + testRepoBaseUrl = "http://121.36.84.172" ) func NewTestResultImpl(log *logrus.Entry) *testResultImpl { @@ -39,7 +39,7 @@ type rpm struct { } func (impl *testResultImpl) getCsvOfRpmByBranch(branch, date string) []byte { - url := fmt.Sprintf("http://121.36.84.172/repo.openeuler.org/%s/%s/%s.csv", branch, date, branch) + url := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s.csv", testRepoBaseUrl, branch, date, branch) req, _ := http.NewRequest(http.MethodGet, url, nil) @@ -53,7 +53,7 @@ func (impl *testResultImpl) getCsvOfRpmByBranch(branch, date string) []byte { } func (impl *testResultImpl) getCsvOfRpmInEpolByBranch(branch, date string) []byte { - epolUrl := fmt.Sprintf("http://121.36.84.172/repo.openeuler.org/%s/EPOL/%s/main/%s.csv", branch, date, branch) + epolUrl := fmt.Sprintf("%s/repo.openeuler.org/%s/EPOL/%s/main/%s.csv", testRepoBaseUrl, branch, date, branch) req, _ := http.NewRequest(http.MethodGet, epolUrl, nil) @@ -74,11 +74,8 @@ func (impl *testResultImpl) Init(handleBranch []string, date string) { content := impl.getCsvOfRpmByBranch(b, date) cacheNormal = impl.parseContent(content, false) - // 该分支特殊,csv分别在两处目录,需要额外处理,将两处的内容合并 - if b == epolBranch { - epolContent := impl.getCsvOfRpmInEpolByBranch(b, date) - cacheEpol = impl.parseContent(epolContent, true) - } + epolContent := impl.getCsvOfRpmInEpolByBranch(b, date) + cacheEpol = impl.parseContent(epolContent, true) cacheMerged := impl.mergeCache(cacheNormal, cacheEpol) if len(cacheMerged) == 0 { -- Gitee From 3a3064efc0b4addeca9461dfade399945a7fd1fe Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Mon, 12 Aug 2024 11:49:02 +0800 Subject: [PATCH 4/4] not update cve_level from vuln to template --- cve-vulner-manager/task/issuetask.go | 1 - cve-vulner-manager/taskhandler/cve.go | 10 ++++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go index f45d9ad..64244ec 100644 --- a/cve-vulner-manager/task/issuetask.go +++ b/cve-vulner-manager/task/issuetask.go @@ -557,7 +557,6 @@ func ProcUpdateIssue(issueValue models.VulnCenter, accessToken, owner string) er it.NVDVector = sr.NvectorVule } it.CveBrief = issueValue.Description - it.CveLevel = issueValue.CveLevel if it.Assignee == "" && issueValue.OrganizationID == 1 { it.Assignee = taskhandler.GetAssignerOfOpeneuler(path) } diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index 6abc2d6..8f44985 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -2050,7 +2050,6 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.Title = cveData.Title } issueTemp.IssueType = CIssueType - issueTemp.CveLevel = vul.CveLevel } else { issueTemp.CveNum = cveData.CveNumber issueTemp.OwnedComponent = lop.Components @@ -2089,7 +2088,6 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.Title = cveData.Title } issueTemp.IssueType = CIssueType - issueTemp.CveLevel = vul.CveLevel } if issueTemp.Status == 3 { cveCenter.IsExport = 3 @@ -2491,8 +2489,8 @@ func GetCveIssueData(prcnum, days, openeulernum int, cveRef, owner string, openF return true, nil } -//GetSecurityNotice Go to the CVE official website to obtain the cve data to determine -//whether the cve issue needs to be exported. +// GetSecurityNotice Go to the CVE official website to obtain the cve data to determine +// whether the cve issue needs to be exported. func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, models.RespCveDetail) { var detail models.RespCveDetail var urlS url.URL @@ -2598,7 +2596,7 @@ func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, model return len(detail.Result) >= len(splitAffectedBranches), detail } -//FilterCveExported Filter exportable data +// FilterCveExported Filter exportable data func FilterCveExported() { logs.Info("Start by removing cve data that has already released SA...") data, err := models.GetCanExportVulnCenterData() @@ -2643,7 +2641,7 @@ func GenerateExcelTask() error { return nil } -//GenerateExcelTrigger generate cve&security notice excel file by pr merge and influence package release. +// GenerateExcelTrigger generate cve&security notice excel file by pr merge and influence package release. func GenerateExcelTrigger(wgCrvf *sync.WaitGroup, fileName, startTime, fileCode, affectBranch, csvDownPath, dir string, cvrfFileList map[string][]string, componentMap map[string]ComponentInfo, cvfrFileMap map[string]CvrfSa, cves []string) UpdateInfoXml { -- Gitee