diff --git a/cve-vulner-manager/Dockerfile b/cve-vulner-manager/Dockerfile
index c7614074f920238f186588dc011c1df77bc0b489..e4dd7871ab9ea986ddd2b6fdef743e80301f6b67 100644
--- a/cve-vulner-manager/Dockerfile
+++ b/cve-vulner-manager/Dockerfile
@@ -20,6 +20,7 @@ COPY --chown=manager --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-
USER manager
WORKDIR /opt/app
-RUN mkdir logs
+RUN mkdir logs && \
+ chmod 550 /opt/app/epoch.sh
ENTRYPOINT ["/opt/app/cve-manager"]
\ No newline at end of file
diff --git a/cve-vulner-manager/cve-ddd/app/bulletin.go b/cve-vulner-manager/cve-ddd/app/bulletin.go
index 569224feeaf3009bca66eda5030f126b08936994..0c5b514526d2a53b024db52ddee32fb24d208a5f 100644
--- a/cve-vulner-manager/cve-ddd/app/bulletin.go
+++ b/cve-vulner-manager/cve-ddd/app/bulletin.go
@@ -20,6 +20,7 @@ import (
"cvevulner/cve-ddd/domain/majun"
"cvevulner/cve-ddd/domain/obs"
"cvevulner/cve-ddd/domain/repository"
+ "cvevulner/cve-ddd/domain/service"
"cvevulner/cve-ddd/domain/testresult"
"cvevulner/cve-ddd/domain/updateinfo"
)
@@ -29,6 +30,8 @@ const (
fileIndex = "index.txt"
fileUpdateFixed = "update_fixed.txt"
+
+ updateinfoRootDir = "earlyupdateinfo/"
)
type BulletinService interface {
@@ -148,7 +151,7 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin
updateFixedFiles = append(updateFixedFiles, v.PathAppendToIndexFile())
- b.uploadUpdateInfoFile(&v)
+ service.UploadUpdateInfoFile(b.obs, b.updateinfo, b.log, &v, date, updateinfoRootDir)
}
b.uploadIndexAndFixed(uploadDir, indexContent, updateFixedFiles)
@@ -156,33 +159,6 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin
return uploadDir, nil
}
-func (b *bulletinService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin) {
- for _, branch := range bulletin.AffectedVersion {
- filePath := domain.UpdateinfoRootDir + branch + "/updateinfo.xml"
- downloadBys, err := b.obs.Download(filePath)
- if err != nil {
- b.log.Error(err)
- continue
- }
-
- data, err := b.updateinfo.UploadUpdateInfoXml(domain.UpdateParam{
- Sb: bulletin,
- Branch: branch,
- DownloadBys: downloadBys,
- })
-
- if err != nil {
- b.log.Error(err)
- continue
- }
-
- if err = b.obs.Upload(filePath, data); err != nil {
- b.log.Error(err)
- continue
- }
- }
-}
-
func (b *bulletinService) uploadIndexAndFixed(uploadDir, indexContent string, updateFixedFiles []string) {
updateFixedContent := strings.TrimSpace(strings.Join(updateFixedFiles, EOF))
newIndexContent := strings.TrimSpace(indexContent) + EOF + updateFixedContent
diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
index 0ca2a85d5b0aca1f737f59688cc97054ccb83c52..fe52ee1b9cfba36a98b159a57e731b30e1a3ae2f 100644
--- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
@@ -13,15 +13,18 @@ import (
"cvevulner/cve-ddd/domain/hotpatch"
"cvevulner/cve-ddd/domain/obs"
"cvevulner/cve-ddd/domain/repository"
+ "cvevulner/cve-ddd/domain/service"
"cvevulner/cve-ddd/domain/updateinfo"
)
const (
fileHotPatch = "update_hot_patch.txt"
+
+ hotPatchUpdateInfoDir = "hotpatch-early-updateinfo/"
)
type RefactorHotPatchService interface {
- GenerateBulletins(string) error
+ GenerateBulletins(uploadDir, date string) error
}
func NewRefactorHotPatchService(
@@ -31,6 +34,7 @@ func NewRefactorHotPatchService(
u updateinfo.UpdateInfo,
h hotpatch.HotPatch,
l *logrus.Entry,
+
) *refactorHotPatchService {
return &refactorHotPatchService{
repository: r,
@@ -52,7 +56,7 @@ type refactorHotPatchService struct {
log *logrus.Entry
}
-func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
+func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) error {
issues, err := h.hotPatch.GetIssueInfo()
if err != nil {
return err
@@ -66,14 +70,19 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
return fmt.Errorf("get %s failed: %w", fileIndex, err)
}
- maxHotPatchId, err := domain.ParseMaxIdFromIndexTxt(indexContent, domain.BulletinTypeHotPatch)
+ maxHotPatchId, err := h.hotPatch.MaxHotPatchID()
if err != nil {
return fmt.Errorf("parse max id failed: %w", err)
}
for _, issue := range issues {
- if exist := h.repository.IssueNumExist(issue.HotIssueNum); exist {
- h.log.Errorf("issue num %s exists", issue.HotIssueNum)
+ isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component)
+ if err1 != nil {
+ h.log.Errorf("check hotpatch is published, occurred error: %s", err1.Error())
+ return err
+ }
+
+ if isPublished {
continue
}
@@ -83,7 +92,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
Component: issue.Component,
})
if err1 != nil {
- h.log.Errorf("find cve %s, error %s", issue.CveNum, err.Error())
+ h.log.Errorf("find cve %s, error %s", issue.CveNum, err1.Error())
return err
}
if len(cves) == 0 {
@@ -106,13 +115,13 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
xmlData, err2 := h.bulletin.GenerateHotPatch(&b)
if err2 != nil {
- h.log.Errorf("component: %s, to xml error: %s", b.Component, err.Error())
+ h.log.Errorf("component: %s, to xml error: %s", b.Component, err2.Error())
continue
}
path := uploadDir + b.CvrfFileName()
if err2 = h.obs.Upload(path, xmlData); err2 != nil {
- h.log.Errorf("component: %s, upload to obs error: %s", b.Component, err.Error())
+ h.log.Errorf("component: %s, upload to obs error: %s", b.Component, err2.Error())
continue
}
@@ -120,10 +129,8 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
uploadFileName = append(uploadFileName, b.PathAppendToIndexFile())
cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...)
- }
- if err = h.repository.SaveIssueNum(issue.HotIssueNum); err != nil {
- h.log.Errorf("save issue num %s error %s", issue.HotIssueNum, err.Error())
+ service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, date, hotPatchUpdateInfoDir)
}
}
diff --git a/cve-vulner-manager/cve-ddd/controller/cve.go b/cve-vulner-manager/cve-ddd/controller/cve.go
index 6a19efd2361c2c7303ff2e397334d4d744a455ae..f48a68a98e13f6ef13fd3c8d2b149cf8b42d0b6b 100644
--- a/cve-vulner-manager/cve-ddd/controller/cve.go
+++ b/cve-vulner-manager/cve-ddd/controller/cve.go
@@ -98,7 +98,7 @@ func (c *CveController) Generate() {
if err1 != nil {
c.BulletinLog.Errorf("generate security bulletins failed: %s", err1.Error())
} else {
- err1 = c.HotPatchService.GenerateBulletins(uploadDir)
+ err1 = c.HotPatchService.GenerateBulletins(uploadDir, request.Date)
if err1 != nil {
c.HotPatchBulletinLog.Errorf("generate hot patch security bulletins failed: %s", err1.Error())
}
diff --git a/cve-vulner-manager/cve-ddd/domain/bulletins.go b/cve-vulner-manager/cve-ddd/domain/bulletins.go
index 291ffcbe267a0c2715e604f516707b49b40dc90c..ddf93e6a458eff7af70371567d12cfe5d1394ca3 100644
--- a/cve-vulner-manager/cve-ddd/domain/bulletins.go
+++ b/cve-vulner-manager/cve-ddd/domain/bulletins.go
@@ -11,8 +11,14 @@ import (
const (
BulletinTypeSA = "SA"
- BulletinTypeBa = "BA"
+ BulletinTypeBA = "BA"
BulletinTypeHotPatch = "HotPatchSA"
+
+ // NoticeTypeCVE is the type for CVE notices
+ NoticeTypeCVE = "cve"
+
+ // NoticeTypeBug is the type for bug notices
+ NoticeTypeBug = "bug"
)
var (
@@ -38,6 +44,28 @@ type Product struct {
IsEpol bool
}
+// IsCveNotice returns whether the security bulletin is a CVE notice.
+func (s *SecurityBulletin) IsCveNotice() bool {
+ return s.GenNoticeType() == NoticeTypeCVE
+}
+
+// GenNoticeType returns the type of the security bulletin.
+func (s *SecurityBulletin) GenNoticeType() string {
+ if strings.Contains(s.Identification, BulletinTypeBA) {
+ return NoticeTypeBug
+ }
+
+ if strings.Contains(s.Identification, BulletinTypeHotPatch) {
+ return NoticeTypeCVE
+ }
+
+ if strings.Contains(s.Identification, BulletinTypeSA) {
+ return NoticeTypeCVE
+ }
+
+ return ""
+}
+
func (s *SecurityBulletin) SetIdentificationOfColdPatch(id int) {
s.Identification = fmt.Sprintf("openEuler-SA-%d-%d", util.Year(), id)
}
diff --git a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
index 1493d8c55fb666c200fb4394e1195db2dd315290..962f399083409a7c99bf25bc904df9300692913a 100644
--- a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
@@ -4,4 +4,6 @@ import "cvevulner/cve-ddd/domain"
type HotPatch interface {
GetIssueInfo() ([]domain.HotPatchIssue, error)
+ MaxHotPatchID() (int, error)
+ IsPublished(cveId, packageName string) (bool, error)
}
diff --git a/cve-vulner-manager/cve-ddd/domain/repository/cve.go b/cve-vulner-manager/cve-ddd/domain/repository/cve.go
index dea77434876128689a1215a496dc9e0fc493849f..fc38100e27a74194a1e714f45de6624a9d06cd5c 100644
--- a/cve-vulner-manager/cve-ddd/domain/repository/cve.go
+++ b/cve-vulner-manager/cve-ddd/domain/repository/cve.go
@@ -10,8 +10,6 @@ type Option struct {
type CveRepository interface {
FindCves(option Option) (domain.Cves, error)
MaxBulletinID() (string, error)
- IssueNumExist(num string) bool
- SaveIssueNum(num string) error
GetAllIssue() (data domain.CollectedDataSlice, err error)
SetIgnoreStatus(id int64) error
GetAllPackage() (list []string, err error)
diff --git a/cve-vulner-manager/cve-ddd/domain/service/service.go b/cve-vulner-manager/cve-ddd/domain/service/service.go
new file mode 100644
index 0000000000000000000000000000000000000000..341950cb2c320d1aede2d71d1134237163c96890
--- /dev/null
+++ b/cve-vulner-manager/cve-ddd/domain/service/service.go
@@ -0,0 +1,42 @@
+// Package service provides the security bulletin service
+package service
+
+import (
+ "github.com/sirupsen/logrus"
+
+ "cvevulner/cve-ddd/domain"
+ "cvevulner/cve-ddd/domain/obs"
+ "cvevulner/cve-ddd/domain/updateinfo"
+)
+
+// UploadUpdateInfoFile upload updateinfo file
+func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
+ log *logrus.Entry, bulletin *domain.SecurityBulletin, date, UpdateInfoDir string,
+) {
+ for _, branch := range bulletin.AffectedVersion {
+ filePath := UpdateInfoDir + branch + "/updateinfo.xml"
+ downloadBys, err := obs.Download(filePath)
+ if err != nil {
+ log.Error(err)
+ continue
+ }
+
+ data, err := updateinfo.UploadUpdateInfoXml(domain.UpdateParam{
+ Sb: bulletin,
+ Date: date,
+ Branch: branch,
+ DownloadBys: downloadBys,
+ })
+
+ if err != nil {
+ log.Error(err)
+ continue
+ }
+
+ if err = obs.Upload(filePath, data); err != nil {
+ log.Error(err)
+ continue
+ }
+ }
+
+}
diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
index bf5dfea84fe7f3da161c0c6562f9bac2c808f214..3f6b880a91bde538dd87172edb887f8c56ca465f 100644
--- a/cve-vulner-manager/cve-ddd/domain/updateinfo.go
+++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
@@ -1,31 +1,8 @@
package domain
-import (
- "regexp"
-)
-
-const (
- UpdateinfoRootDir = "earlyupdateinfo/"
- NoticeTypeCVE = "cve"
- NoticeTypeBug = "bug"
- CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
- PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
- ScriptPath = "/opt/app/epoch.sh"
-)
-
-var (
- Severity = map[string]string{
- "critical": "Critical",
- "high": "Important",
- "medium": "Moderate",
- "low": "Low",
- }
-
- Num = regexp.MustCompile(`\d+`)
-)
-
type UpdateParam struct {
Sb *SecurityBulletin
+ Date string
Branch string
DownloadBys []byte
}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
index d7d0838d89dc2e5479fdfff4e819c7fba275fb8d..46893738137300eb9d2b3ed3d4a9c0c8885d42db 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
@@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"regexp"
+ "strconv"
"strings"
"time"
@@ -17,15 +18,21 @@ import (
"cvevulner/util"
)
-const hotPatchIssue = "https://gitee.com/api/v5/repos/openeuler/hotpatch_meta/issues?" +
- "access_token=%s&state=closed&labels=%s&sort=created&direction=desc&page=%d&per_page=20&created_at=%s"
+const (
+ hotPatchIssue = "https://gitee.com/api/v5/repos/openeuler/hotpatch_meta/issues?" +
+ "access_token=%s&state=closed&labels=%s&sort=created&direction=desc&page=%d&per_page=20&created_at=%s"
+ endpoint = "https://api-cve.openeuler.org"
+ defaultClientTimeout = 3
+ defaultMaxId = 1000
+)
var (
- RegexpCve = regexp.MustCompile(`(?s:(.*?))`)
- RegexpRPM = regexp.MustCompile(`热补丁路径[::](?s:(.*?))热补丁信息[::]`)
- RegexpMeta = regexp.MustCompile(`热补丁元数据[::](?s:(.*?))热补丁路径[::]`)
- RegexpType = regexp.MustCompile(`问题类别[::](?s:(.*?))热补丁元数据[::]`)
- RegexpInfo = regexp.MustCompile(`热补丁信息[::](?s:(.*?))$`)
+ regexpCve = regexp.MustCompile(`(?s:(.*?))`)
+ regexpRPM = regexp.MustCompile(`热补丁路径[::](?s:(.*?))热补丁信息[::]`)
+ regexpMeta = regexp.MustCompile(`热补丁元数据[::](?s:(.*?))热补丁路径[::]`)
+ regexpType = regexp.MustCompile(`问题类别[::](?s:(.*?))热补丁元数据[::]`)
+ regexpInfo = regexp.MustCompile(`热补丁信息[::](?s:(.*?))$`)
+ regepHotPatch = regexp.MustCompile(`openEuler-HotPatchSA-(\d{4})-(\d{4,5})`)
)
func NewHotPatchImpl(log *logrus.Entry) *hotPatchImpl {
@@ -104,13 +111,13 @@ func (impl hotPatchImpl) getIssues() ([]Issue, error) {
}
func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err error) {
- t := RegexpType.FindAllStringSubmatch(body, -1)
+ t := regexpType.FindAllStringSubmatch(body, -1)
if len(t) == 0 {
return v, errors.New("parse type failed")
}
v.Type = strings.TrimSpace(t[0][1])
- meta := RegexpMeta.FindAllStringSubmatch(body, -1)
+ meta := regexpMeta.FindAllStringSubmatch(body, -1)
if len(meta) == 0 {
return v, errors.New("parse metadata failed")
}
@@ -118,13 +125,13 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
v.Branch = split[len(split)-4]
v.Component = split[len(split)-3]
- p := RegexpRPM.FindAllStringSubmatch(body, -1)
+ p := regexpRPM.FindAllStringSubmatch(body, -1)
if len(p) == 0 {
return v, errors.New("parse rpm failed")
}
v.PatchUrl = strings.Split(strings.TrimSpace(p[0][1]), "\n")
- info := RegexpInfo.FindAllStringSubmatch(body, -1)
+ info := regexpInfo.FindAllStringSubmatch(body, -1)
if len(info) == 0 {
return v, errors.New("parse info failed")
}
@@ -135,7 +142,7 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
continue
}
- if cve := RegexpCve.FindAllStringSubmatch(string(bys), -1); len(cve) > 0 {
+ if cve := regexpCve.FindAllStringSubmatch(string(bys), -1); len(cve) > 0 {
v.CveNum = strings.Split(cve[0][1], ",")
break
}
@@ -147,3 +154,110 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
return
}
+
+type maxIdResult struct {
+ Code int `json:"code"`
+ Result string `json:"result"`
+ Msg string `json:"msg"`
+}
+
+func (impl hotPatchImpl) MaxHotPatchID() (maxId int, err error) {
+ cli := utils.NewHttpClient(defaultClientTimeout)
+
+ url := fmt.Sprintf("%s/cve-security-notice-server/securitynotice/getMaxHotPatchId", endpoint)
+
+ request, err := http.NewRequest(http.MethodGet, url, nil)
+ if err != nil {
+ return
+ }
+
+ r, _, err := cli.Download(request)
+ if err != nil {
+ return
+ }
+
+ var res maxIdResult
+ if err = json.Unmarshal(r, &res); err != nil {
+ return
+ }
+
+ if res.Code != 0 {
+ err = errors.New(res.Msg)
+
+ return
+ }
+
+ // init id
+ if res.Result == "" {
+ return defaultMaxId, nil
+ }
+
+ match := regepHotPatch.FindAllStringSubmatch(res.Result, -1)
+ if len(match) == 0 {
+ err = errors.New("invalid bulletin id")
+
+ return
+ }
+
+ // reset id to 1000 at new year
+ if match[0][1] != strconv.Itoa(time.Now().Year()) {
+ return defaultMaxId, nil
+ }
+
+ return strconv.Atoi(match[0][2])
+}
+
+type cveProductPackageResult struct {
+ Code int `json:"code"`
+ Result []cveProductPackage `json:"result"`
+ Msg string `json:"msg"`
+}
+
+type cveProductPackage struct {
+ Id int64 `json:"id"`
+ CveId string `json:"cveId"`
+ PackageName string `json:"packageName"`
+ ProductName string `json:"productName"`
+ Status string `json:"status"`
+ Reason string `json:"reason"`
+ SecurityNoticeNo string `json:"securityNoticeNo"`
+ ReleaseTime string `json:"releaseTime"`
+ Updateime string `json:"updateTime"`
+ CreateTime time.Time `json:"createTime"`
+}
+
+func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) {
+ cli := utils.NewHttpClient(defaultClientTimeout)
+
+ url := fmt.Sprintf("%s/cve-security-notice-server/cvedatabase/getCVEProductPackageList?cveId=%s&packageName=%s",
+ endpoint, cveId, packageName)
+
+ request, err := http.NewRequest(http.MethodGet, url, nil)
+ if err != nil {
+ return false, err
+ }
+
+ r, _, err := cli.Download(request)
+ if err != nil {
+ return false, err
+ }
+
+ var res cveProductPackageResult
+ if err = json.Unmarshal(r, &res); err != nil {
+ return false, err
+ }
+
+ if res.Code != 0 {
+ err = errors.New(res.Msg)
+
+ return false, err
+ }
+
+ for _, v := range res.Result {
+ if strings.Contains(v.SecurityNoticeNo, domain.BulletinTypeHotPatch) {
+ return true, nil
+ }
+ }
+
+ return false, nil
+}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
index 995717b352b46ce056dd7b925f92ebc0b40eeea8..5aeebb3b76b6f2d4599104032b97089b208b5f15 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
@@ -4,7 +4,6 @@ import (
"errors"
"fmt"
"strings"
- "time"
"github.com/astaxie/beego/orm"
@@ -31,7 +30,6 @@ join cve_issue_template b on a.cve_id=b.cve_id
join cve_security_notice c on a.cve_id=c.cve_id
where a.cve_num in (%s)
and a.cve_status = 2
-and a.is_export in (0,3)
and a.organizate_id = 1
and b.status < 4
`
@@ -92,34 +90,6 @@ func (impl repositoryImpl) MaxBulletinID() (string, error) {
return saFileRecord.FileName, nil
}
-func (impl repositoryImpl) IssueNumExist(num string) bool {
- hotPatch := models.HotPatch{
- IssueNum: num,
- }
-
- o := orm.NewOrm()
- if err := o.Read(&hotPatch, "issue_num"); err != nil {
- return false
- }
-
- return true
-}
-
-func (impl repositoryImpl) SaveIssueNum(num string) error {
- now := time.Now().Format(time.RFC3339)
-
- hotPatch := models.HotPatch{
- IssueNum: num,
- CreateTime: now,
- UpdateTime: now,
- }
-
- o := orm.NewOrm()
- _, err := o.Insert(&hotPatch)
-
- return err
-}
-
type list struct {
models.IssueTemplate
AffectProduct string `orm:"column(affect_product)"`
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 10c55765c5ad912eb60edbbd104b371cd30e9c0d..513d44b70b37c05cab27b83db0d90c7c09dfb156 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -5,6 +5,7 @@ import (
"encoding/xml"
"fmt"
"path/filepath"
+ "regexp"
"sort"
"strconv"
"strings"
@@ -18,6 +19,30 @@ import (
"cvevulner/util"
)
+const (
+ nokeyOffset = 5
+
+ // CveUrlPrefix is the prefix for CVE URLs
+ CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
+
+ // PkgUrl is the URL format for package updates
+ PkgUrl = "https://dailybuild.openeuler.openatom.cn/repo.openeuler.org/%s/%s/%s/Packages/%s"
+
+ // ScriptPath is the path to the epoch.sh script
+ ScriptPath = "/opt/app/epoch.sh"
+)
+
+var (
+ severity = map[string]string{
+ "critical": "Critical",
+ "high": "Important",
+ "medium": "Moderate",
+ "low": "Low",
+ }
+
+ num = regexp.MustCompile(`\d+`)
+)
+
func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) {
var u Updates
@@ -26,7 +51,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [
return nil, err
}
- up := impl.updateXml(param.Sb, param.Branch)
+ up := impl.updateXml(param.Sb, param.Branch, param.Date)
i := impl.numberIndex(&u, param.Sb.Identification)
if i == -1 {
@@ -56,7 +81,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [
return headerBytes, nil
}
-func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) Update {
+func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date string) Update {
var cveNums []string
var description string
var highestLevelIndex int
@@ -88,7 +113,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
title := introduction + branch
- if impl.IsCveNotice(sb.Identification) {
+ if sb.IsCveNotice() {
if i := strings.Index(description, "Security Fix(es):"); i > 0 {
descr = util.TrimStringNR(description[i+17:])
}
@@ -102,7 +127,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
Status: "stable",
Id: sb.Identification,
Title: title,
- Severity: domain.Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
+ Severity: severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
Release: "openEuler",
Issued: &Issued{Date: sb.Date},
Description: descr,
@@ -111,7 +136,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
var ref []Reference
for _, s := range cveNums {
ref = append(ref, Reference{
- Href: domain.CveUrlPrefix + s,
+ Href: CveUrlPrefix + s,
Id: s,
Title: s,
Type: "cve",
@@ -142,7 +167,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
}
if !strings.Contains(pe.Filename, "kernel") {
- epoch, err := impl.findEpoch(domain.ScriptPath, branch, pe.Filename, pe.Arch, 1)
+ epoch, err := impl.findEpoch(ScriptPath, branch, pe.Filename, pe.Arch, date, 1)
if err == nil && len(epoch) > 0 {
pe.Epoch = string(epoch)
}
@@ -169,27 +194,7 @@ func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index
return
}
-func (impl updateInfoImpl) IsCveNotice(securityNoticeNo string) bool {
- return impl.GenNoticeType(securityNoticeNo) == domain.NoticeTypeCVE
-}
-
-func (impl updateInfoImpl) GenNoticeType(securityNoticeNo string) string {
- if strings.Contains(securityNoticeNo, "BA") {
- return domain.NoticeTypeBug
- }
-
- if strings.Contains(securityNoticeNo, "HotPatchSA") {
- return domain.NoticeTypeCVE
- }
-
- if strings.Contains(securityNoticeNo, "SA") {
- return domain.NoticeTypeCVE
- }
-
- return ""
-}
-
-func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i int) ([]byte, error) {
+func (impl updateInfoImpl) findEpoch(script, branch, filename, arch, date string, i int) ([]byte, error) {
var archs = []string{arch}
if arch == "noarch" {
archs = []string{"aarch64", "x86_64"}
@@ -198,25 +203,24 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
epoch, err, _ := libutils.RunCmd(
script,
filepath.Join("/opt/app/", branch, strconv.Itoa(i), time.Now().Format("150405.999")),
- fmt.Sprintf(domain.PkgUrl, branch, a, filename),
+ fmt.Sprintf(PkgUrl, branch, date, a, filename),
)
if err != nil {
- return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(domain.PkgUrl, branch, a, filename))
+ return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(PkgUrl, date, branch, a, filename))
}
- if err == nil {
- if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
- continue
- }
- if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 {
- epoch = bytes.TrimSpace(epoch[ix+5:])
- } else {
- epoch = bytes.TrimSpace(epoch)
- }
-
- return domain.Num.Find(epoch), nil
+ if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
+ continue
}
+ if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 {
+ epoch = bytes.TrimSpace(epoch[ix+nokeyOffset:])
+ } else {
+ epoch = bytes.TrimSpace(epoch)
+ }
+
+ return num.Find(epoch), nil
+
}
return nil, nil