From a225c18a3eb332e31018cb47d377e2c714573bc0 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 13 Nov 2024 15:02:48 +0800 Subject: [PATCH 1/9] add under investigation --- cve-vulner-manager/common/analysis.go | 5 +- cve-vulner-manager/controllers/file.go | 3 + cve-vulner-manager/models/cve_web.go | 5 ++ cve-vulner-manager/models/excel.go | 7 +- cve-vulner-manager/taskhandler/assist.go | 2 - cve-vulner-manager/taskhandler/cve.go | 85 +++++++++++++++--------- cve-vulner-manager/taskhandler/excel.go | 35 ++++------ 7 files changed, 81 insertions(+), 61 deletions(-) diff --git a/cve-vulner-manager/common/analysis.go b/cve-vulner-manager/common/analysis.go index 5d36095..07ba5cc 100644 --- a/cve-vulner-manager/common/analysis.go +++ b/cve-vulner-manager/common/analysis.go @@ -15,8 +15,9 @@ const ( AnalysisNotExecute = "不受影响-漏洞代码不在执行路径" AnalysisCodeNotPresent = "不受影响-漏洞代码不存在" - TypeAffected = "Affected" - TypeUnaffected = "Unaffected" + TypeAffected = "Affected" + TypeUnaffected = "Unaffected" + TypeUnderInvestigation = "UnderInvestigation" ) var AnalysisUnaffected = map[string]struct{}{ diff --git a/cve-vulner-manager/controllers/file.go b/cve-vulner-manager/controllers/file.go index 3b977d4..88e1553 100644 --- a/cve-vulner-manager/controllers/file.go +++ b/cve-vulner-manager/controllers/file.go @@ -83,6 +83,9 @@ func (f *FileController) DownLoadExcelByFileCode() { // TriggerCveData touch off generate cve data excel and get cve package // @router /triggerCveData [get] func (f *FileController) TriggerCveData() { + // 停止维护 + f.Ctx.WriteString("Deprecated api") + return // Limit on the number of triggers nameStr, limitCount := LimitTriggerSa() if limitCount != 0 { diff --git a/cve-vulner-manager/models/cve_web.go b/cve-vulner-manager/models/cve_web.go index 2a3a0ab..10648f5 100644 --- a/cve-vulner-manager/models/cve_web.go +++ b/cve-vulner-manager/models/cve_web.go @@ -25,9 +25,14 @@ type RespCveProduct struct { type CveProduct struct { Id int64 `json:"id"` + Status string `json:"status"` ProductName string `json:"productName"` } +func (c CveProduct) IsFixed() bool { + return c.Status == "Fixed" +} + type Cve struct { CveNum string `json:"cveNum"` Pack string `json:"packageName"` diff --git a/cve-vulner-manager/models/excel.go b/cve-vulner-manager/models/excel.go index ec4acb5..cbf9b93 100644 --- a/cve-vulner-manager/models/excel.go +++ b/cve-vulner-manager/models/excel.go @@ -44,9 +44,6 @@ func (e ExcelExport) ParseAnalysisVersion() map[string]string { split := strings.Split(e.AnalysisVersion, ",") for _, v := range split { item := strings.Split(strings.ReplaceAll(v, ":", ":"), ":") - if len(item) != 2 || item[1] == "" { - return nil - } result[item[0]] = item[1] } @@ -106,6 +103,10 @@ func (e ExcelExport) AffectType(v string) string { for version, reason := range e.ParseAnalysisVersion() { if v == version { + if reason == "" { + return common.TypeUnderInvestigation + } + if _, ok := common.AnalysisUnaffected[reason]; ok { return common.TypeUnaffected } diff --git a/cve-vulner-manager/taskhandler/assist.go b/cve-vulner-manager/taskhandler/assist.go index c0d6b62..0d705f9 100644 --- a/cve-vulner-manager/taskhandler/assist.go +++ b/cve-vulner-manager/taskhandler/assist.go @@ -100,8 +100,6 @@ func GetAssignerOfOpeneuler(repo string) string { ret = assigner } - logs.Error("get assigner of ", repo, " ,result is ", ret) - return ret } diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index e6bd3fe..a2070b1 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -16,7 +16,10 @@ import ( "sync" "time" + "k8s.io/apimachinery/pkg/util/sets" + "cvevulner/common" + "cvevulner/cve-ddd/infrastructure/majunimpl" "cvevulner/cve-timed-task/tabletask" "cvevulner/models" "cvevulner/util" @@ -2544,7 +2547,50 @@ func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, model return false, detail } -func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, models.RespCveProduct) { +func IsAllProductReleased(cveNumber, packageName string) bool { + products := GetCveProduct(cveNumber, packageName) + + fixedProduct := sets.NewString() + for _, v := range products { + if v.IsFixed() { + fixedProduct.Insert(v.ProductName) + } + } + + majun := majunimpl.NewMajunImpl() + releasedBranch, err := majun.GetReleasedBranch() + if err != nil { + logs.Error("get released branch from majun failed: ", err.Error()) + return false + } + releasedBranchSets := sets.NewString(releasedBranch...) + + return releasedBranchSets.Equal(fixedProduct) +} + +func IsProductReleased(cveNumber, packageName, branch string) (bool, string) { + products := GetCveProduct(cveNumber, packageName) + for _, v := range products { + if v.ProductName == branch { + return true, v.Status + } + } + + return false, "" +} + +func IsProductFixed(cveNumber, packageName, branch string) bool { + products := GetCveProduct(cveNumber, packageName) + for _, v := range products { + if v.IsFixed() && v.ProductName == branch { + return true + } + } + + return false +} + +func GetCveProduct(cveNumber, packageName string) []models.CveProduct { var detail models.RespCveProduct var urlS url.URL q := urlS.Query() @@ -2564,44 +2610,19 @@ func GetCveProduct(cveNumber, packageName string, branch ...string) (bool, model resp, err := http.Get(req.URL.String()) if err != nil { logs.Error("GetCveSecurityNotice, url: ", req.URL.String(), err) - return false, detail + return nil } defer resp.Body.Close() body, err := ioutil.ReadAll(resp.Body) if err != nil || body == nil { - return false, detail + return nil } err = json.Unmarshal(body, &detail) if err != nil { - return false, detail - } - affectedBranchs := beego.AppConfig.String("cve::affected_branchs") - splitAffectedBranches := strings.Split(strings.ToLower(affectedBranchs), ",") - if len(detail.Result) >= len(splitAffectedBranches)-1 { - var p string - var f = true - for _, product := range detail.Result { - p += strings.ToLower(product.ProductName) + "," - } - for _, s := range splitAffectedBranches { - if !strings.Contains(p, s) { - f = false - break - } - } - if f { - return true, detail - } - } - if len(branch) > 0 { - for _, v := range detail.Result { - if strings.EqualFold(v.ProductName, branch[0]) { - return true, detail - } - } - return false, detail + return nil } - return len(detail.Result) >= len(splitAffectedBranches), detail + + return detail.Result } // FilterCveExported Filter exportable data @@ -2624,7 +2645,7 @@ func FilterCveExported() { center.IsExport = 1 models.UpdateVulnCenter(¢er, "is_export") dbLock.Unlock() - } else if productExist, _ := GetCveProduct(center.CveNum, center.PackName); productExist { + } else if b := IsAllProductReleased(center.CveNum, center.PackName); b { dbLock.Lock() center.IsExport = 1 models.UpdateVulnCenter(¢er, "is_export") diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index 1c2d399..364a353 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1182,19 +1182,12 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, data, err := getDataUnaffect(startTime, cves) if len(data) > 0 { for _, v := range data { + var status string issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, true) if issueExist { - if productExist, _ := GetCveProduct(v.CveNum, v.Repo); productExist { - var center models.VulnCenter - center.CveId = v.CveId - centErr := models.GetVulnCenterByCid(¢er, "cve_id") - if centErr == nil { - center.IsExport = 1 - models.UpdateVulnCenter(¢er, "is_export") - } - continue - } - if ok, _ := GetCveProduct(v.CveNum, v.Repo, affectBranch); ok { + // 没发布过的分支都要发布 + released, status := IsProductReleased(v.CveNum, v.Repo, affectBranch) + if released && status != common.TypeUnderInvestigation { continue } } @@ -1211,6 +1204,14 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, if filterFixBranch(&vx, vx.CveNum, affectBranch) { continue } + + //发布过的分支状态如果是调查中,要被其他状态覆盖;覆盖时,如果该分支还是调查中,则忽略,不生成 + if vx.IsIssueWithAnalysisVersion() && + status == common.TypeUnderInvestigation && + vx.GetReasonByVersion(affectBranch) == "" { + continue + } + affectBool := FindUnaffectBrach(&vx, affectBranch, accessToken, owner) if affectBool { logs.Info("Unaffected version, data: ", vx.CveNum, vx.OwnedComponent, vx.AffectProduct) @@ -1299,17 +1300,7 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml, // Check whether the cve data has been released sa issueExist, _ := GetCveSecurityNotice(tpl.CveNum, tpl.Repo, true) if issueExist { - if productExist, _ := GetCveProduct(tpl.CveNum, tpl.Repo); productExist { - var center models.VulnCenter - center.CveId = tpl.CveId - centErr := models.GetVulnCenterByCid(¢er, "cve_id") - if centErr == nil { - center.IsExport = 1 - models.UpdateVulnCenter(¢er, "is_export") - } - continue - } - if ok, _ := GetCveProduct(tpl.CveNum, v.Repo, affectBranch); ok { + if IsProductFixed(tpl.CveNum, v.Repo, affectBranch) { continue } } -- Gitee From 74a389c7a021184fb68e1c318d19ce485d063916 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 13 Nov 2024 16:38:56 +0800 Subject: [PATCH 2/9] no init in main --- cve-vulner-manager/main.go | 3 --- cve-vulner-manager/taskhandler/assist.go | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/cve-vulner-manager/main.go b/cve-vulner-manager/main.go index 9bff947..0c6a1b5 100644 --- a/cve-vulner-manager/main.go +++ b/cve-vulner-manager/main.go @@ -1,8 +1,6 @@ package main import ( - "time" - "github.com/astaxie/beego" "cvevulner/common" @@ -37,7 +35,6 @@ func main() { } taskhandler.InitReleaseDate() - taskhandler.InitAssignerCache(time.Now().Format("20060102")) // Initialize a scheduled task taskOk := task.InitTask() diff --git a/cve-vulner-manager/taskhandler/assist.go b/cve-vulner-manager/taskhandler/assist.go index 0d705f9..03e1bf2 100644 --- a/cve-vulner-manager/taskhandler/assist.go +++ b/cve-vulner-manager/taskhandler/assist.go @@ -88,6 +88,10 @@ func GetAssignerOfOpeneuler(repo string) string { defer mutex.Unlock() today := time.Now().Format("20060102") + if len(assignerOfOpeneulerRepoCache) == 0 { + InitAssignerCache(today) + } + date, ok := assignerOfOpeneulerRepoCache[keyOfDate] if !ok || date != today { InitAssignerCache(today) -- Gitee From 5eef55f57e8e0e58bce8085b4d10b241b32286ac Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 13 Nov 2024 17:21:54 +0800 Subject: [PATCH 3/9] fix bug --- cve-vulner-manager/models/excel.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cve-vulner-manager/models/excel.go b/cve-vulner-manager/models/excel.go index cbf9b93..50916d8 100644 --- a/cve-vulner-manager/models/excel.go +++ b/cve-vulner-manager/models/excel.go @@ -44,6 +44,9 @@ func (e ExcelExport) ParseAnalysisVersion() map[string]string { split := strings.Split(e.AnalysisVersion, ",") for _, v := range split { item := strings.Split(strings.ReplaceAll(v, ":", ":"), ":") + if len(item) != 2 || item[1] == "" { + continue + } result[item[0]] = item[1] } -- Gitee From db6a47d8b2f408f4cf0970b9294f9fc53d0ac7d3 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Thu, 14 Nov 2024 15:17:06 +0800 Subject: [PATCH 4/9] fix and optimize --- cve-vulner-manager/models/cve.go | 4 ++-- cve-vulner-manager/models/excel.go | 4 +++- cve-vulner-manager/task/cve.go | 20 ++++++++++++-------- cve-vulner-manager/taskhandler/excel.go | 3 ++- 4 files changed, 19 insertions(+), 12 deletions(-) diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 53ba282..a07de6e 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1110,7 +1110,7 @@ is_export in (0,3) and pack_name in ('%s') and organizate_id = 1) and status < 4 func GetUnffectIssueNumber(startTime string, cves []string) (issueTemp []IssueTemplate, err error) { var sql string if len(cves) == 0 { - sql = `SELECT * FROM cve_issue_template WHERE STATUS = 3 AND issue_status in (2,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND + sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s'` } else { var s string @@ -1120,7 +1120,7 @@ is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s'` if len(s) > 1 { s = s[:len(s)-1] } - sql = `SELECT * FROM cve_issue_template WHERE STATUS = 3 AND issue_status in (2,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND + sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s' ` + ` AND cve_num in (` + s + `)` } diff --git a/cve-vulner-manager/models/excel.go b/cve-vulner-manager/models/excel.go index 50916d8..8113b73 100644 --- a/cve-vulner-manager/models/excel.go +++ b/cve-vulner-manager/models/excel.go @@ -44,7 +44,7 @@ func (e ExcelExport) ParseAnalysisVersion() map[string]string { split := strings.Split(e.AnalysisVersion, ",") for _, v := range split { item := strings.Split(strings.ReplaceAll(v, ":", ":"), ":") - if len(item) != 2 || item[1] == "" { + if len(item) != 2 { continue } @@ -113,6 +113,8 @@ func (e ExcelExport) AffectType(v string) string { if _, ok := common.AnalysisUnaffected[reason]; ok { return common.TypeUnaffected } + + break } } diff --git a/cve-vulner-manager/task/cve.go b/cve-vulner-manager/task/cve.go index 6cc8237..cd66960 100644 --- a/cve-vulner-manager/task/cve.go +++ b/cve-vulner-manager/task/cve.go @@ -15,6 +15,7 @@ import ( "github.com/opensourceways/server-common-lib/utils" "cvevulner/common" + "cvevulner/cve-ddd/infrastructure/majunimpl" "cvevulner/cve-ddd/infrastructure/obsimpl" "cvevulner/taskhandler" @@ -99,14 +100,17 @@ func ReleaseUnaffectedCve() error { var unaffectcvrf = taskhandler.UnaffectCvrfSa{Xmlns: "http://www.icasi.org/CVRF/schema/cvrf/1.1", XmlnsCvrf: "http://www.icasi.org/CVRF/schema/cvrf/1.1"} cvrffileName := filepath.Join(dir, "cvrf-unaffected-cve-"+common.GetCurDate()+".xml") - du := beego.AppConfig.DefaultString("excel::v_pack_20_03_url", "") - csvPathList := strings.Split(du, ";") - for _, branch := range csvPathList { - branchs := strings.Split(branch, "@") - if len(branchs) > 0 && branchs[0] != "" { - taskhandler.UnaffectIssueProc(branchs[0], nil, nil, startTime, - accessToken, owner, &unaffectcvrf, unaffectYear, nil) - } + + majun := majunimpl.NewMajunImpl() + releasedBranch, err2 := majun.GetReleasedBranch() + if err2 != nil { + logs.Error("get released branch from majun failed:", err2.Error()) + return fmt.Errorf("get released branch from majun failed: %s", err2.Error()) + } + + for _, branch := range releasedBranch { + taskhandler.UnaffectIssueProc(branch, nil, nil, startTime, + accessToken, owner, &unaffectcvrf, unaffectYear, nil) } if len(unaffectcvrf.Vulnerability) == 0 { diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index 364a353..5c39d9f 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1183,10 +1183,11 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, if len(data) > 0 { for _, v := range data { var status string + var released bool issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, true) if issueExist { // 没发布过的分支都要发布 - released, status := IsProductReleased(v.CveNum, v.Repo, affectBranch) + released, status = IsProductReleased(v.CveNum, v.Repo, affectBranch) if released && status != common.TypeUnderInvestigation { continue } -- Gitee From 48a8ec221b8cf6727167ffd9a89f40deded8af47 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 19 Nov 2024 09:49:59 +0800 Subject: [PATCH 5/9] filter old logic and optimize --- cve-vulner-manager/models/excel.go | 32 ------------------------- cve-vulner-manager/models/issue.go | 8 +++++++ cve-vulner-manager/taskhandler/excel.go | 11 +++++++-- 3 files changed, 17 insertions(+), 34 deletions(-) diff --git a/cve-vulner-manager/models/excel.go b/cve-vulner-manager/models/excel.go index 8113b73..4e3497e 100644 --- a/cve-vulner-manager/models/excel.go +++ b/cve-vulner-manager/models/excel.go @@ -67,38 +67,6 @@ func (e ExcelExport) GetReasonByVersion(v string) string { return "" } -func (e ExcelExport) WillFixVersion() []string { - var version []string - - for v, reason := range e.ParseAnalysisVersion() { - if reason == common.AnalysisWillFix { - version = append(version, v) - } - } - - return version -} - -func (e ExcelExport) IsWillFixVersion(v string) bool { - for _, version := range e.WillFixVersion() { - if version == v { - return true - } - } - - return false -} - -func (e ExcelExport) IsNotWillFixVersion(v string) bool { - for version, reason := range e.ParseAnalysisVersion() { - if v == version && reason != common.AnalysisWillFix { - return true - } - } - - return false -} - func (e ExcelExport) AffectType(v string) string { if !e.IsIssueWithAnalysisVersion() { return common.TypeUnaffected diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go index d023b42..f451ace 100644 --- a/cve-vulner-manager/models/issue.go +++ b/cve-vulner-manager/models/issue.go @@ -778,3 +778,11 @@ func QueryAuthTokenById(ati *AuthTokenInfo, colName ...string) error { err := o.Read(ati, colName...) return err } + +func (t *IssueTemplate) IsIssueWithAnalysisVersion() bool { + return t.AnalysisVersion != "" +} + +func (t *IssueTemplate) IsIssueComplete() bool { + return t.Status == 3 +} diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index 5c39d9f..874c5a0 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -632,8 +632,9 @@ func affectBrachRep(xmlp *models.ExcelExport, affectBranch string) bool { func FindUnaffectBrach(xmlp *models.ExcelExport, affectBranch, accessToken, owner string) bool { branchArry, _ := GetBranchesInfo(accessToken, owner, xmlp.OwnedComponent, 1) + // 包含原因分析字段的新issue,所有分支都要发布 if xmlp.IsIssueWithAnalysisVersion() { - return xmlp.IsNotWillFixVersion(affectBranch) + return true } affectBool := false @@ -1182,6 +1183,11 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, data, err := getDataUnaffect(startTime, cves) if len(data) > 0 { for _, v := range data { + // 对于旧数据,仍然按照未完成就不发布的逻辑 + if !v.IsIssueWithAnalysisVersion() && !v.IsIssueComplete() { + continue + } + var status string var released bool issueExist, _ := GetCveSecurityNotice(v.CveNum, v.Repo, true) @@ -1252,7 +1258,8 @@ func filterDataInSlice(data string, filterList []string) bool { // if cve exist affected and label exist CVE/FIXED return true func filterFixBranch(data *models.ExcelExport, cve, branch string) (has bool) { if data.IsIssueWithAnalysisVersion() { - return data.IsWillFixVersion(branch) + // 包含原因分析字段的新issue,所有分支都要发布 + return false } has = false -- Gitee From e0eb53214786758c9709642d1049b63abd4841c0 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 19 Nov 2024 10:31:24 +0800 Subject: [PATCH 6/9] put generate bulletin in goroutine --- cve-vulner-manager/cve-ddd/controller/cve.go | 44 ++++++++++++-------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/controller/cve.go b/cve-vulner-manager/cve-ddd/controller/cve.go index 3fcc57a..6a19efd 100644 --- a/cve-vulner-manager/cve-ddd/controller/cve.go +++ b/cve-vulner-manager/cve-ddd/controller/cve.go @@ -62,16 +62,6 @@ func (c *CveController) CollectCveData() { } func (c *CveController) Generate() { - concurrency.Add(1) - defer concurrency.Add(-1) - - // 公告接口不允许并发访问 - if concurrency.Load() > allowConcurrency { - c.fail("job is running") - - return - } - var request GenerateRequest if err := json.Unmarshal(c.Ctx.Input.RequestBody, &request); err != nil { c.fail(err.Error()) @@ -87,15 +77,33 @@ func (c *CveController) Generate() { return } - uploadDir, err := c.BulletinService.GenerateBulletins(request.CveNum, request.Date) - if err != nil { - c.BulletinLog.Errorf("generate security bulletins failed: %s", err.Error()) - } else { - err = c.HotPatchService.GenerateBulletins(uploadDir) - if err != nil { - c.HotPatchBulletinLog.Errorf("generate hot patch security bulletins failed: %s", err.Error()) + go func() { + defer func() { + if r := recover(); r != nil { + c.BulletinLog.Errorf("handle collect panic: %v", r) + } + }() + + concurrency.Add(1) + defer concurrency.Add(-1) + + // 公告接口不允许并发访问 + if concurrency.Load() > allowConcurrency { + c.BulletinLog.Errorf("job is running") + + return } - } + + uploadDir, err1 := c.BulletinService.GenerateBulletins(request.CveNum, request.Date) + if err1 != nil { + c.BulletinLog.Errorf("generate security bulletins failed: %s", err1.Error()) + } else { + err1 = c.HotPatchService.GenerateBulletins(uploadDir) + if err1 != nil { + c.HotPatchBulletinLog.Errorf("generate hot patch security bulletins failed: %s", err1.Error()) + } + } + }() c.success(nil) } -- Gitee From 368f1324eaac7171be029a8214a4e395bc82d6fe Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 19 Nov 2024 16:29:44 +0800 Subject: [PATCH 7/9] modify exec time --- cve-vulner-manager/conf/product_app.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 6e6767a..c446f9a 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -132,7 +132,7 @@ syncissuedateflag = 1 syncissuedate = 0 0 7,13 * * * releaseUnaffectedCveflag = 1 -releaseUnaffectedCve = 0 0 11 * * 5 +releaseUnaffectedCve = 0 0 11 * * * [gitee] -- Gitee From f3905cea191533cfe76a1c9c44ae0b8601694666 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 19 Nov 2024 16:56:01 +0800 Subject: [PATCH 8/9] fix ci --- cve-vulner-manager/models/cve.go | 6 ++++-- cve-vulner-manager/models/cve_web.go | 1 + cve-vulner-manager/models/excel.go | 4 +++- cve-vulner-manager/models/issue.go | 5 ++++- cve-vulner-manager/taskhandler/cve.go | 5 +++++ cve-vulner-manager/taskhandler/excel.go | 2 +- 6 files changed, 18 insertions(+), 5 deletions(-) diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index a07de6e..1bee1d7 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1110,7 +1110,8 @@ is_export in (0,3) and pack_name in ('%s') and organizate_id = 1) and status < 4 func GetUnffectIssueNumber(startTime string, cves []string) (issueTemp []IssueTemplate, err error) { var sql string if len(cves) == 0 { - sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND + sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN ( +SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s'` } else { var s string @@ -1120,7 +1121,8 @@ is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s'` if len(s) > 1 { s = s[:len(s)-1] } - sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN (SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND + sql = `SELECT * FROM cve_issue_template WHERE STATUS <= 3 AND issue_status in (1,2,3,6) AND cve_id IN ( +SELECT DISTINCT cve_id FROM cve_vuln_center WHERE cve_status = 2 AND is_export IN (0,3) and organizate_id = 1) AND create_time >= '%s' ` + ` AND cve_num in (` + s + `)` } diff --git a/cve-vulner-manager/models/cve_web.go b/cve-vulner-manager/models/cve_web.go index 10648f5..abffa3b 100644 --- a/cve-vulner-manager/models/cve_web.go +++ b/cve-vulner-manager/models/cve_web.go @@ -29,6 +29,7 @@ type CveProduct struct { ProductName string `json:"productName"` } +// CveProductIsFixed checks if the status of the CveProduct is "Fixed". func (c CveProduct) IsFixed() bool { return c.Status == "Fixed" } diff --git a/cve-vulner-manager/models/excel.go b/cve-vulner-manager/models/excel.go index 4e3497e..34e8f9c 100644 --- a/cve-vulner-manager/models/excel.go +++ b/cve-vulner-manager/models/excel.go @@ -10,6 +10,8 @@ import ( "cvevulner/common" ) +const splitLen = 2 + // ExcelExport the export excel row content model type ExcelExport struct { Num int64 @@ -44,7 +46,7 @@ func (e ExcelExport) ParseAnalysisVersion() map[string]string { split := strings.Split(e.AnalysisVersion, ",") for _, v := range split { item := strings.Split(strings.ReplaceAll(v, ":", ":"), ":") - if len(item) != 2 { + if len(item) != splitLen { continue } diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go index f451ace..5cafefd 100644 --- a/cve-vulner-manager/models/issue.go +++ b/cve-vulner-manager/models/issue.go @@ -780,9 +780,12 @@ func QueryAuthTokenById(ati *AuthTokenInfo, colName ...string) error { } func (t *IssueTemplate) IsIssueWithAnalysisVersion() bool { + // 返回issue是否具有分析版本,如果issue的AnalysisVersion字段不为空,则表示该issue具有分析版本 return t.AnalysisVersion != "" } func (t *IssueTemplate) IsIssueComplete() bool { - return t.Status == 3 + const StatusCompleted = 3 + // 返回issue是否完成,如果issue的状态为3,则表示该issue已完成 + return t.Status == StatusCompleted } diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go index a2070b1..05b3d71 100644 --- a/cve-vulner-manager/taskhandler/cve.go +++ b/cve-vulner-manager/taskhandler/cve.go @@ -2547,6 +2547,8 @@ func GetCveSecurityNotice(cveNumber, packageName string, flag bool) (bool, model return false, detail } +// IsAllProductReleased checks if all products associated with a given CVE number and package name are released. +// It returns true if all products are released, otherwise it returns false. func IsAllProductReleased(cveNumber, packageName string) bool { products := GetCveProduct(cveNumber, packageName) @@ -2568,6 +2570,7 @@ func IsAllProductReleased(cveNumber, packageName string) bool { return releasedBranchSets.Equal(fixedProduct) } +// IsProductReleased checks if a product is released based on the CVE number, package name, and branch. func IsProductReleased(cveNumber, packageName, branch string) (bool, string) { products := GetCveProduct(cveNumber, packageName) for _, v := range products { @@ -2579,6 +2582,7 @@ func IsProductReleased(cveNumber, packageName, branch string) (bool, string) { return false, "" } +// IsProductFixed checks if a product (branch) is fixed for a given CVE number and package name. func IsProductFixed(cveNumber, packageName, branch string) bool { products := GetCveProduct(cveNumber, packageName) for _, v := range products { @@ -2590,6 +2594,7 @@ func IsProductFixed(cveNumber, packageName, branch string) bool { return false } +// GetCveProduct retrieves a list of CVE products based on the provided CVE number and package name. func GetCveProduct(cveNumber, packageName string) []models.CveProduct { var detail models.RespCveProduct var urlS url.URL diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go index 874c5a0..e768c22 100644 --- a/cve-vulner-manager/taskhandler/excel.go +++ b/cve-vulner-manager/taskhandler/excel.go @@ -1212,7 +1212,7 @@ func UnaffectIssueProc(affectBranch string, cvrfFileList map[string][]string, continue } - //发布过的分支状态如果是调查中,要被其他状态覆盖;覆盖时,如果该分支还是调查中,则忽略,不生成 + // 发布过的分支状态如果是调查中,要被其他状态覆盖;覆盖时,如果该分支还是调查中,则忽略,不生成 if vx.IsIssueWithAnalysisVersion() && status == common.TypeUnderInvestigation && vx.GetReasonByVersion(affectBranch) == "" { -- Gitee From 1185ef8ce92ea48430bbf45a466a0484257e5ee3 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 19 Nov 2024 17:05:38 +0800 Subject: [PATCH 9/9] fix ci 2 --- cve-vulner-manager/models/cve_web.go | 2 +- cve-vulner-manager/models/issue.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cve-vulner-manager/models/cve_web.go b/cve-vulner-manager/models/cve_web.go index abffa3b..f873f29 100644 --- a/cve-vulner-manager/models/cve_web.go +++ b/cve-vulner-manager/models/cve_web.go @@ -29,7 +29,7 @@ type CveProduct struct { ProductName string `json:"productName"` } -// CveProductIsFixed checks if the status of the CveProduct is "Fixed". +// IsFixed checks if the status of the CveProduct is "Fixed". func (c CveProduct) IsFixed() bool { return c.Status == "Fixed" } diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go index 5cafefd..c9f0a1a 100644 --- a/cve-vulner-manager/models/issue.go +++ b/cve-vulner-manager/models/issue.go @@ -779,13 +779,13 @@ func QueryAuthTokenById(ati *AuthTokenInfo, colName ...string) error { return err } +// IsIssueWithAnalysisVersion returns whether the issue has an analysis version. func (t *IssueTemplate) IsIssueWithAnalysisVersion() bool { - // 返回issue是否具有分析版本,如果issue的AnalysisVersion字段不为空,则表示该issue具有分析版本 return t.AnalysisVersion != "" } +// IsIssueComplete returns whether the issue is completed. func (t *IssueTemplate) IsIssueComplete() bool { const StatusCompleted = 3 - // 返回issue是否完成,如果issue的状态为3,则表示该issue已完成 return t.Status == StatusCompleted } -- Gitee