diff --git a/conf/app.conf b/conf/app.conf index 5f20d736c41131b2de2451d9d8967c74af9bf6f1..47531d5399ef0792fa6175266b8b378a91929c69 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -21,9 +21,10 @@ closeCmd = "/close" labelFixed = "CVE/FIXED" labelUnFix = "CVE/UNFIXED" fileDir = "download" -#release package download url +# release package download url rpUrl = "http://119.3.219.20:88/mkb/obs_update_info/openEuler-20.03-LTS.csv" + [mysql] dbhost = "${DB_URI||127.0.0.1}" dbport = 3306 diff --git a/conf/product_app.conf b/conf/product_app.conf index 2602427408bb33c09d7f505c2150b2248bd676ab..20e56f15af3062cc5fe8bcfe5c97a8056639db3a 100644 --- a/conf/product_app.conf +++ b/conf/product_app.conf @@ -21,9 +21,11 @@ closeCmd = "/close" labelFixed = "CVE/FIXED" labelUnFix = "CVE/UNFIXED" fileDir = "download" -#release package download url +# release package download url rpUrl = "http://119.3.219.20:88/mkb/obs_update_info/openEuler-20.03-LTS.csv" + + [mysql] dbhost = "${DB_URI||***}" dbport = 3306 @@ -61,7 +63,7 @@ genexcel = 00 00 04 * * * days = -30 prcnum = 50 printlogflag = 1 -printlog = 0 */10 * * * * +printlog = 00 00 01 * * 1 [gitee] diff --git a/controllers/cvedetail.go b/controllers/cvedetail.go index cf14c2b6fbaf1f6dfbc2eb42a60061f8a40d09e9..a8446551dbb2ea64b12ef928970ee24d5e01e723 100644 --- a/controllers/cvedetail.go +++ b/controllers/cvedetail.go @@ -42,7 +42,7 @@ func (u *CveDetailController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeParamErr) return } - cveType, typeError := u.GetInt("cveType") + cveType, typeError := u.GetInt64("cveType") if typeError != nil || cveType == 0 { logs.Error("cveType, 参数错误") resp["errno"] = errcode.RecodeParamErr @@ -215,5 +215,4 @@ func (u *CveDetailController) Get() { resp["errmsg"] = errcode.RecodeText(errcode.RecodeNodata) return } - } diff --git a/controllers/hook.go b/controllers/hook.go index da15979088fe68585a006c5a094e130e5f666c0b..af79746f99533c66db04e54867da5ef8cdbde96f 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -2,7 +2,6 @@ package controllers import ( "bytes" - "cvevulner/common" "cvevulner/models" "cvevulner/taskhandler" "cvevulner/util" @@ -67,6 +66,8 @@ const ( CommentPrivateReview = "%v 仓库的CVE和安全问题的ISSUE,需要您进行审核,CVE编号: %v" // Rating review failed CommentPrivateOpenEuler = "%v 仓库的CVE和安全问题的ISSUE, CVE编号: %v, 填写openEuler评分未通过安全组审核需要再次在评论区提交评分,通过审核后才能关闭issue." + // Review reminder + CommentReviewRemindMaintainer = "%v 经过 cve-manager 解析 openEuler评分 已改变 需要等待安全组审核通过以后, 才能进行后续操作." ) //HookEventControllers gitee hook callback @@ -448,32 +449,7 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter if effectFlag { unaffectedBranchList := []string{} if issueTmp.AffectedVersion != "" && len(issueTmp.AffectedVersion) > 1 { - brandsGroup := strings.Split(issueTmp.AffectedVersion, ",") - if len(brandsGroup) > 0 { - for _, brand := range brandsGroup { - if brand == "" || len(brand) < 2 { - continue - } - brandList := strings.Split(brand, ":") - if len(brandList) > 1 { - prams := strings.Replace(brandList[1], " ", "", -1) - if prams != "受影响" { - unaffectedBranchList = append(unaffectedBranchList, brandList[0]) - } - } else { - brandList = strings.Split(brand, ":") - if len(brandList) > 1 { - prams := strings.Replace(brandList[1], " ", "", -1) - if prams != "受影响" { - unaffectedBranchList = append(unaffectedBranchList, brandList[0]) - } - } - } - if len(brandList) == 1 { - unaffectedBranchList = append(unaffectedBranchList, brandList[0]) - } - } - } + unaffectedBranchList = paraAffectBrands(issueTmp.AffectedVersion) } branchStrs := "" if len(unaffectedBranchList) > 0 { @@ -526,6 +502,67 @@ func VerifyIssueAsPr(issueTmp *models.IssueTemplate, cveCenter models.VulnCenter return true } +func paraAffectBrands(affectedVersion string) (unaffectedBranchList []string) { + brandsGroup := strings.Split(affectedVersion, ",") + if len(brandsGroup) > 0 { + for _, brand := range brandsGroup { + if brand == "" || len(brand) < 2 { + continue + } + brandList := strings.Split(brand, ":") + if len(brandList) > 1 { + prams := strings.Replace(brandList[1], " ", "", -1) + if prams != "受影响" { + unaffectedBranchList = append(unaffectedBranchList, brandList[0]) + } + } else { + brandList = strings.Split(brand, ":") + if len(brandList) > 1 { + prams := strings.Replace(brandList[1], " ", "", -1) + if prams != "受影响" { + unaffectedBranchList = append(unaffectedBranchList, brandList[0]) + } + } + } + if len(brandList) == 1 { + unaffectedBranchList = append(unaffectedBranchList, brandList[0]) + } + } + } + return unaffectedBranchList +} + +func paraAffectBrandBool(affectedVersion string) bool { + unaffectedBranchList := []string{} + brandsGroup := strings.Split(affectedVersion, ",") + if len(brandsGroup) > 0 { + for _, brand := range brandsGroup { + if brand == "" || len(brand) < 2 { + continue + } + brandList := strings.Split(brand, ":") + if len(brandList) > 1 { + prams := strings.Replace(brandList[1], " ", "", -1) + if prams == "受影响" || prams == "不受影响"{ + unaffectedBranchList = append(unaffectedBranchList, brandList[0]) + } + } else { + brandList = strings.Split(brand, ":") + if len(brandList) > 1 { + prams := strings.Replace(brandList[1], " ", "", -1) + if prams == "受影响" || prams == "不受影响" { + unaffectedBranchList = append(unaffectedBranchList, brandList[0]) + } + } + } + } + } + if len(unaffectedBranchList) > 0 { + return true + } + return false +} + func getPRRelatedBrandsAllIssue(token, owner, repo string, num int, issueNum string) bool { issueFlag := false url := fmt.Sprintf(`https://gitee.com/api/v5/repos/%s/%s/pulls/%v/issues`, owner, repo, num) @@ -683,22 +720,6 @@ func handleIssueComment(payload models.CommentPayload) { } // The default timeout for receiving hooks logs.Info("payload.Comment: ", payload.Comment) - hookTimeout, hookoutOk := beego.AppConfig.Int64("hook::hook_timeout") - if hookoutOk != nil { - hookTimeout = 3600 - } - unixTime := common.PraseTimeInt(payload.Comment.CreateAt) - timeStamp := common.CurTimestamp() - logs.Info("unixTime: ", unixTime, ", timeStamp: ", timeStamp, - ", hookTimeout: ", hookTimeout) - if unixTime > 0 && timeStamp > 0 { - if timeStamp - unixTime > hookTimeout { - logs.Error("The time that the hook receives is timed out, " + - "discarded, and not processed, unixTime: ", unixTime, ", timeStamp: ", timeStamp, - ", hookTimeout: ", hookTimeout, ",created_at: ", payload.Comment.CreateAt) - return - } - } issueNum := payload.Issue.Number //issue number cBody := payload.Comment.Body //Comment subject cuAccount := payload.Comment.User.UserName //gitee domain address @@ -708,7 +729,7 @@ func handleIssueComment(payload models.CommentPayload) { if issueNum == "" || cuAccount == "" || cBody == "" { return } - if strings.HasPrefix(cBody, cmdRej) { + if strings.HasPrefix(cBody, cmdRej) || strings.Contains(cBody, cmdRej) { //Review rejected Add comment @Analyst if !isReviewer(cuAccount) { return @@ -736,7 +757,7 @@ func handleIssueComment(payload models.CommentPayload) { issueTmp.IssueNum, owner, path, accessToken) // update gitee issue //commentUpdateIssue(issueTmp) - } else if strings.HasPrefix(cBody, cmdApe) { + } else if strings.HasPrefix(cBody, cmdApe) || strings.Contains(cBody, cmdApe) { issueTmp := models.IssueTemplate{IssueNum: issueNum} err := models.GetIssueTemplateByColName(&issueTmp, "issue_num") if err != nil { @@ -766,23 +787,26 @@ func handleIssueComment(payload models.CommentPayload) { if err != nil { logs.Error(err) } - path := issueTmp.Repo taskhandler.AddCommentToIssue(fmt.Sprintf(ReviewApproveScore, issueTmp.Assignee, cuAccount), - issueTmp.IssueNum, owner, path, token) + issueTmp.IssueNum, owner, issueTmp.Repo, token) } + } else { + taskhandler.AddCommentToIssue(fmt.Sprintf(CommentReviewRemindMaintainer, cuAccount), + issueTmp.IssueNum, owner, issueTmp.Repo, token) } } if approveFlag { mtAuditFlag := false // Analysis command belongs to the time period - if issueTmp.MtAuditFlag == 0 { - maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) - if mainOk && len(maintainerList) > 0 { - for _, v := range maintainerList { - if v.MemberName == cuAccount { - mtAuditFlag = true - break - } + //if issueTmp.MtAuditFlag == 0 { + // + //} + maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) + if mainOk && len(maintainerList) > 0 { + for _, v := range maintainerList { + if v.MemberName == cuAccount { + mtAuditFlag = true + break } } } @@ -979,6 +1003,22 @@ func handleIssueComment(payload models.CommentPayload) { } } else { cBody = strings.ReplaceAll(cBody, ":", ":") + //hookTimeout, hookoutOk := beego.AppConfig.Int64("hook::hook_timeout") + //if hookoutOk != nil { + // hookTimeout = 3600 + //} + //unixTime := common.PraseTimeInt(payload.Comment.UpdateAt) + //timeStamp := common.CurTimestamp() + //logs.Info("unixTime: ", unixTime, ", timeStamp: ", timeStamp, + // ", hookTimeout: ", hookTimeout) + //if unixTime > 0 && timeStamp > 0 { + // if timeStamp-unixTime > hookTimeout { + // logs.Error("The time that the hook receives is timed out, "+ + // "discarded, and not processed, unixTime: ", unixTime, ", timeStamp: ", timeStamp, + // ", hookTimeout: ", hookTimeout, ",created_at: ", payload.Comment.UpdateAt) + // return + // } + //} analysisComment(issueNum, cuAccount, cBody, &payload) } } @@ -1001,17 +1041,19 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m return } canVerfy := false - issueTmp.MtAuditFlag = 0 - maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) - if mainOk && len(maintainerList) > 0 { - for _, v := range maintainerList { - if cuAccount == v.MemberName { - issueTmp.MtAuditFlag = 1 - break + if issueTmp.MtAuditFlag != 1 { + maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) + if mainOk && len(maintainerList) > 0 { + for _, v := range maintainerList { + if cuAccount == v.MemberName { + issueTmp.MtAuditFlag = 1 + break + } } } } - if issueTmp.MtAuditFlag == 0 { + + if issueTmp.MtAuditFlag != 1 { if cuAccount == issueTmp.Assignee { issueTmp.MtAuditFlag = 1 } @@ -1027,7 +1069,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m for k, v := range vMap { switch k { case "cve_analysis": - if v != "" && len(v) > 0 { + if v != "" && len(v) > 1 { issueTmp.CveAnalysis = v } cols = append(cols, k) @@ -1036,18 +1078,20 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m cols = append(cols, k) case "openeuler_score": fv, err := strconv.ParseFloat(v, 64) - if err == nil { + if err == nil && fv > 0 { issueTmp.OpenEulerScore = fv cols = append(cols, k) } case "openeuler_vector": - if v != "" && len(v) > 0 { + if v != "" && len(v) > 1 { issueTmp.OpenEulerVector = v } cols = append(cols, k) case "affected_version": if v != "" && len(v) > 1 { - issueTmp.AffectedVersion = v + if paraAffectBrandBool(v) { + issueTmp.AffectedVersion = v + } } cols = append(cols, k) case "solution": @@ -1213,8 +1257,8 @@ func checkIssueAnalysisComplete(i *models.IssueTemplate) (msg, tbStr string, ok } ok = true tbContent := make([]interface{}, 12) - if util.TrimString(i.CveAnalysis) == "" { - msg = fmt.Sprintf("影响性分析说明没有填写:%v", i.CveAnalysis) + if util.TrimString(i.CveAnalysis) == "" || len(util.TrimString(i.CveAnalysis)) < 1 { + msg = fmt.Sprintf("影响性分析说明没有填写或按正确格式填写") ok = false return } @@ -1230,8 +1274,8 @@ func checkIssueAnalysisComplete(i *models.IssueTemplate) (msg, tbStr string, ok tbContent[4] = "openEulerScore" tbContent[5] = i.OpenEulerScore - if i.OpenEulerVector == "" { - msg = fmt.Sprintf("openEulerVector没有填写:%v", i.OpenEulerVector) + if i.OpenEulerVector == "" || len(i.OpenEulerVector) < 1 { + msg = fmt.Sprintf("openEulerVector没有正确填写") ok = false return } @@ -1296,11 +1340,11 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin } ok = true tbContent := make([]interface{}, 12) - if util.TrimString(i.CveAnalysis) == "" { + if util.TrimString(i.CveAnalysis) == "" || len(util.TrimString(i.CveAnalysis)) < 1 { tbContent[0] = "待分析" tbContent[1] = "影响性分析说明" - tbContent[2] = fmt.Sprintf("影响性分析说明没有填写:%v", i.CveAnalysis) - msg = fmt.Sprintf("影响性分析说明没有填写:%v", i.CveAnalysis) + tbContent[2] = fmt.Sprintf("影响性分析说明没有填写或按正确格式填写") + msg = fmt.Sprintf("影响性分析说明没有填写或按正确格式填写") ok = false } else { tbContent[0] = "已分析" @@ -1318,11 +1362,11 @@ func checkIssueClosedAnalysisComplete(i *models.IssueTemplate) (msg, tbStr strin tbContent[4] = "openEulerScore" tbContent[5] = i.OpenEulerScore } - if util.TrimString(i.OpenEulerVector) == "" { + if util.TrimString(i.OpenEulerVector) == "" || len(util.TrimString(i.OpenEulerVector)) < 1 { tbContent[6] = "待分析" tbContent[7] = "openEulerVector" - tbContent[8] = fmt.Sprintf("openEulerVector没有填写:%v", i.OpenEulerVector) - msg = fmt.Sprintf("openEulerVector没有填写:%v", i.OpenEulerVector) + tbContent[8] = fmt.Sprintf("openEulerVector没有正确填写") + msg = fmt.Sprintf("openEulerVector没有正确填写") ok = false } else { tbContent[6] = "已分析" diff --git a/go.mod b/go.mod index e6dd2106246b642740a80c0a58c9adf2349e88dc..4cea6a27bd7be24c01221198223bf66ee9360b73 100644 --- a/go.mod +++ b/go.mod @@ -4,14 +4,31 @@ go 1.14 require ( github.com/360EntSecGroup-Skylar/excelize/v2 v2.3.0 - github.com/astaxie/beego v1.12.2 + github.com/astaxie/beego v1.12.3 + github.com/beego/bee v1.12.3 // indirect github.com/dgrijalva/jwt-go v3.2.0+incompatible + github.com/flosch/pongo2 v0.0.0-20200805083417-63c99409991d // indirect github.com/go-sql-driver/mysql v1.5.0 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect - github.com/lib/pq v1.2.0 // indirect + github.com/lib/pq v1.8.0 // indirect + github.com/magiconair/properties v1.8.4 // indirect + github.com/mattn/go-colorable v0.1.8 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/mitchellh/mapstructure v1.3.3 // indirect + github.com/pelletier/go-toml v1.8.1 // indirect + github.com/peterh/liner v1.2.0 // indirect + github.com/sirupsen/logrus v1.7.0 // indirect github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect - github.com/smartystreets/goconvey v0.0.0-20190731233626-505e41936337 - golang.org/x/sys v0.0.0-20200819091447-39769834ee22 // indirect - golang.org/x/text v0.3.2 // indirect + github.com/smartystreets/goconvey v1.6.4 + github.com/spf13/afero v1.4.1 // indirect + github.com/spf13/cast v1.3.1 // indirect + github.com/spf13/jwalterweatherman v1.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/spf13/viper v1.7.1 // indirect + go.starlark.net v0.0.0-20201113214410-e292e66a28cd // indirect + golang.org/x/arch v0.0.0-20201008161808-52c3e6f60cff // indirect + golang.org/x/sys v0.0.0-20201116194326-cc9327a14d48 // indirect + golang.org/x/text v0.3.4 // indirect + gopkg.in/ini.v1 v1.62.0 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect ) diff --git a/routers/commentsRouter___________________GoPject_src_cvevulner_controllers.go b/routers/commentsRouter___________________GoPject_src_cvevulner_controllers.go new file mode 100644 index 0000000000000000000000000000000000000000..e2a939601e78e632e68ce78d36da56c67f4f5348 --- /dev/null +++ b/routers/commentsRouter___________________GoPject_src_cvevulner_controllers.go @@ -0,0 +1,226 @@ +package routers + +import ( + "github.com/astaxie/beego" + "github.com/astaxie/beego/context/param" +) + +func init() { + + beego.GlobalControllerRouter["cvevulner/controllers:CveDetailController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveDetailController"], + beego.ControllerComments{ + Method: "Get", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:CveErrorFeedBackController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveErrorFeedBackController"], + beego.ControllerComments{ + Method: "Get", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:CveIssueWhiteListController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveIssueWhiteListController"], + beego.ControllerComments{ + Method: "Get", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:FileController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:FileController"], + beego.ControllerComments{ + Method: "DownLoadExcelByFileCode", + Router: "/downloadExcel", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:FileController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:FileController"], + beego.ControllerComments{ + Method: "DownloadLastExcel", + Router: "/lastExcel", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:FileController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:FileController"], + beego.ControllerComments{ + Method: "TriggerCveData", + Router: "/triggerCveData", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:HookEventControllers"] = append(beego.GlobalControllerRouter["cvevulner/controllers:HookEventControllers"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:IssueOathCallbackController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:IssueOathCallbackController"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"], + beego.ControllerComments{ + Method: "GetAll", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"], + beego.ControllerComments{ + Method: "Get", + Router: "/:objectId", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"], + beego.ControllerComments{ + Method: "Put", + Router: "/:objectId", + AllowHTTPMethods: []string{"put"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:ObjectController"], + beego.ControllerComments{ + Method: "Delete", + Router: "/:objectId", + AllowHTTPMethods: []string{"delete"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:PackagesController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:PackagesController"], + beego.ControllerComments{ + Method: "Get", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:PackagesInfoController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:PackagesInfoController"], + beego.ControllerComments{ + Method: "Get", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "GetAll", + Router: "/", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Get", + Router: "/:uid", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Put", + Router: "/:uid", + AllowHTTPMethods: []string{"put"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Delete", + Router: "/:uid", + AllowHTTPMethods: []string{"delete"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Login", + Router: "/login", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserController"], + beego.ControllerComments{ + Method: "Logout", + Router: "/logout", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserLoginController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserLoginController"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + + beego.GlobalControllerRouter["cvevulner/controllers:UserUploadController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:UserUploadController"], + beego.ControllerComments{ + Method: "Post", + Router: "/", + AllowHTTPMethods: []string{"post"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + +} diff --git a/task/issuetask.go b/task/issuetask.go index 033d9850d3181445c9b511c60b47425d5cde6b80..a374c404d8cd72a71df770fb39360df6e0e26987 100644 --- a/task/issuetask.go +++ b/task/issuetask.go @@ -307,7 +307,7 @@ func ProcUpdateIssue(issueValue models.VulnCenter, accessToken, owner, path stri var it models.IssueTemplate it.CveId = issueValue.CveId lit, bools := models.GetIssueTemplet(&it) - if bools { + if bools && lit.TemplateId > 0 { lit.NVDScore = sr.NVDScore lit.NVDVector = sr.NvectorVule lit.CveBrief = issueValue.Description diff --git a/taskhandler/createissue.go b/taskhandler/createissue.go index c196ea11ca6c54c6ba85ec2ea17f1060e7f3d55c..5fcc8dc05844d2fb499452b122687c740129577d 100644 --- a/taskhandler/createissue.go +++ b/taskhandler/createissue.go @@ -20,12 +20,20 @@ func CreateIssueData(issueTemp *models.IssueTemplate, cve models.VulnCenter, sc issueTemp.CveNum = cve.CveNum issueTemp.OwnedComponent = path issueTemp.OwnedVersion = cve.CveVersion + //err := models.GetIssueTemplateByColName(issueTemp, "cve_id", "cve_num", "owned_component") + //if err != nil || issueTemp.TemplateId == 0{ + // logs.Info(err) + // issueTemp.MtAuditFlag = 0 + // issueTemp.SaAuditFlag = 0 + //} + if issueTemp.TemplateId == 0 { + issueTemp.MtAuditFlag = 0 + issueTemp.SaAuditFlag = 0 + } issueTemp.NVDScore = sc.NVDScore issueTemp.NVDVector = sc.NvectorVule issueTemp.CveBrief = cve.Description issueTemp.CveLevel = cve.CveLevel - issueTemp.MtAuditFlag = 0 - issueTemp.SaAuditFlag = 0 if resp != nil && len(resp) > 0 { issueTemp.IssueId = int64(resp["id"].(float64)) issueTemp.IssueNum = resp["number"].(string) @@ -115,18 +123,18 @@ func CreateIssueToGit(accessToken string, owner string, path string, assignee st } logs.Info("issue 创建成功,cveNum: ", cve.CveNum, "issueNum: ", resp["number"].(string)) // Structure data - var issueTemp models.IssueTemplate - CreateIssueData(&issueTemp, cve, sc, resp, path, its.Assignee, issueType, labels, owner) + //var issueTemp models.IssueTemplate + CreateIssueData(&its, cve, sc, resp, path, its.Assignee, issueType, labels, owner) if len(brandArray) > 0 { var brandArryTmp []string for _, brand := range brandArray { brandArryTmp = append(brandArryTmp, brand+":") } brandStr := strings.Join(brandArryTmp, ",") - issueTemp.AffectedVersion = brandStr + its.AffectedVersion = brandStr } // Store issue data - issTempID, err := models.CreateIssueTemplate(&issueTemp) + issTempID, err := models.CreateIssueTemplate(&its) if err != nil { logs.Error("创建issue 模板的数据失败, cveNum: ", cve.CveNum, "err: ", err) return "", err @@ -168,9 +176,9 @@ func CreateIssueToGit(accessToken string, owner string, path string, assignee st models.DeleteIssueTemplate(issTempID) return "", errors.New("创建issue失败") } - var issueTemps models.IssueTemplate - issueTemps.TemplateId = issTempID - CreateIssueData(&issueTemps, cve, sc, resp, path, assignee, issueType, labels, owner) + //var issueTemps models.IssueTemplate + issueTemp.TemplateId = issTempID + CreateIssueData(&issueTemp, cve, sc, resp, path, assignee, issueType, labels, owner) if len(brandArray) > 0 { var brandArrayTmp []string for _, brand := range brandArray { @@ -183,7 +191,7 @@ func CreateIssueToGit(accessToken string, owner string, path string, assignee st issueTemp.SaAuditFlag = 1 } // Store issue data - issTempIDx, idxErr := models.UpdateIssueTemplateAll(&issueTemps) + issTempIDx, idxErr := models.UpdateIssueTemplateAll(&issueTemp) if idxErr != nil { logs.Error("创建issue 模板的数据失败, cveNum: ", cve, ",err: ", err) //models.DeleteIssueTemplate(issTempID) diff --git a/taskhandler/cve.go b/taskhandler/cve.go index f4c14db6d8ea15bcadd75c6b575f22a0b6952cbb..372f6424068f59d0d7746dfde3566aa4150e7724 100644 --- a/taskhandler/cve.go +++ b/taskhandler/cve.go @@ -41,7 +41,7 @@ func UpdateExcelCveGroups(cveData models.OriginExcel, cveRef string, openeulerNu CveRes.CveLevel = cveData.CveLevel //CveRes.DataSource = 3 if CveRes.DataSource != 4 && CveRes.Status != 0 && CveRes.Status != 1 { - CveRes.Status = 1 + //CveRes.Status = 1 CveRes.IsExport = 0 } //CveRes.Status = 1 @@ -316,7 +316,7 @@ func UpdateCveGroups(cveData models.OriginUpstream, cveRef string, openeulerNum CveRes.CveLevel = cveScV3.CveLevel //CveRes.DataSource = 1 if CveRes.DataSource != 4 && CveRes.Status != 0 && CveRes.Status != 1 { - CveRes.Status = 1 + //CveRes.Status = 1 CveRes.IsExport = 0 } //CveRes.Status = 1 @@ -1041,6 +1041,10 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c } var issueTemp models.IssueTemplate issueTemp.CveId = cveid + err := models.GetIssueTemplateByColName(&issueTemp, "cve_id") + if err != nil { + logs.Info("no issueTemp: ",err) + } issueTemp.CveNum = cveData.CveNumber issueTemp.OwnedComponent = lop.Components issueTemp.OwnedVersion = RemoveSubstring(lop.Version, specCharList)