From 4c63d8a765eed0c1c657cfbce2d3be20b311be47 Mon Sep 17 00:00:00 2001
From: Coopermassaki <1277145053@qq.com>
Date: Mon, 11 Nov 2024 10:06:08 +0800
Subject: [PATCH 01/12] early generate hotpatch updateinfo file
---
cve-vulner-manager/Dockerfile | 3 +-
.../cve-ddd/app/refactor_hotpatch.go | 43 +++++-
.../cve-ddd/domain/hotpatch/hotpatch.go | 2 +
.../cve-ddd/domain/updateinfo.go | 24 ++-
.../infrastructure/hotpatchimpl/impl.go | 139 ++++++++++++++++--
.../infrastructure/repositoryimpl/impl.go | 10 +-
.../updateinfoimpl/generate_updateinfoxml.go | 23 +--
7 files changed, 209 insertions(+), 35 deletions(-)
diff --git a/cve-vulner-manager/Dockerfile b/cve-vulner-manager/Dockerfile
index c761407..e4dd787 100644
--- a/cve-vulner-manager/Dockerfile
+++ b/cve-vulner-manager/Dockerfile
@@ -20,6 +20,7 @@ COPY --chown=manager --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-
USER manager
WORKDIR /opt/app
-RUN mkdir logs
+RUN mkdir logs && \
+ chmod 550 /opt/app/epoch.sh
ENTRYPOINT ["/opt/app/cve-manager"]
\ No newline at end of file
diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
index 0ca2a85..bb07724 100644
--- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
@@ -31,6 +31,7 @@ func NewRefactorHotPatchService(
u updateinfo.UpdateInfo,
h hotpatch.HotPatch,
l *logrus.Entry,
+
) *refactorHotPatchService {
return &refactorHotPatchService{
repository: r,
@@ -66,14 +67,19 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
return fmt.Errorf("get %s failed: %w", fileIndex, err)
}
- maxHotPatchId, err := domain.ParseMaxIdFromIndexTxt(indexContent, domain.BulletinTypeHotPatch)
+ maxHotPatchId, err := h.hotPatch.MaxHotPatchID()
if err != nil {
return fmt.Errorf("parse max id failed: %w", err)
}
for _, issue := range issues {
- if exist := h.repository.IssueNumExist(issue.HotIssueNum); exist {
- h.log.Errorf("issue num %s exists", issue.HotIssueNum)
+ isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component)
+ if err1 != nil {
+ h.log.Errorf("check hotpatch is published, occurred error: %s", err1.Error())
+ return err
+ }
+
+ if isPublished {
continue
}
@@ -83,7 +89,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
Component: issue.Component,
})
if err1 != nil {
- h.log.Errorf("find cve %s, error %s", issue.CveNum, err.Error())
+ h.log.Errorf("find cve %s, error %s", issue.CveNum, err1.Error())
return err
}
if len(cves) == 0 {
@@ -120,6 +126,8 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
uploadFileName = append(uploadFileName, b.PathAppendToIndexFile())
cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...)
+
+ h.uploadUpdateInfoFile(&b)
}
if err = h.repository.SaveIssueNum(issue.HotIssueNum); err != nil {
@@ -185,3 +193,30 @@ func (h *refactorHotPatchService) uploadUpdateInfo(cves domain.Cves) error {
return nil
}
+
+func (h *refactorHotPatchService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin) {
+ for _, branch := range bulletin.AffectedVersion {
+ filePath := domain.HotPatchUpdateInfoDir + branch + "/updateinfo.xml"
+ downloadBys, err := h.obs.Download(filePath)
+ if err != nil {
+ h.log.Error(err)
+ continue
+ }
+
+ data, err := h.updateInfo.UploadUpdateInfoXml(domain.UpdateParam{
+ Sb: bulletin,
+ Branch: branch,
+ DownloadBys: downloadBys,
+ })
+
+ if err != nil {
+ h.log.Error(err)
+ continue
+ }
+
+ if err = h.obs.Upload(filePath, data); err != nil {
+ h.log.Error(err)
+ continue
+ }
+ }
+}
diff --git a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
index 1493d8c..962f399 100644
--- a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go
@@ -4,4 +4,6 @@ import "cvevulner/cve-ddd/domain"
type HotPatch interface {
GetIssueInfo() ([]domain.HotPatchIssue, error)
+ MaxHotPatchID() (int, error)
+ IsPublished(cveId, packageName string) (bool, error)
}
diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
index bf5dfea..3128451 100644
--- a/cve-vulner-manager/cve-ddd/domain/updateinfo.go
+++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
@@ -5,12 +5,26 @@ import (
)
const (
+ // UpdateinfoRootDir is the root directory for early update info files
UpdateinfoRootDir = "earlyupdateinfo/"
- NoticeTypeCVE = "cve"
- NoticeTypeBug = "bug"
- CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
- PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
- ScriptPath = "/opt/app/epoch.sh"
+
+ // HotPatchUpdateInfoDir is the directory for hotpatch early update info files
+ HotPatchUpdateInfoDir = "hotpatch-early-updateinfo/"
+
+ // NoticeTypeCVE is the type for CVE notices
+ NoticeTypeCVE = "cve"
+
+ // NoticeTypeBug is the type for bug notices
+ NoticeTypeBug = "bug"
+
+ // CveUrlPrefix is the prefix for CVE URLs
+ CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
+
+ // PkgUrl is the URL format for package updates
+ PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
+
+ // ScriptPath is the path to the epoch.sh script
+ ScriptPath = "/opt/app/epoch.sh"
)
var (
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
index d7d0838..1eb16a7 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
@@ -6,6 +6,7 @@ import (
"fmt"
"net/http"
"regexp"
+ "strconv"
"strings"
"time"
@@ -17,15 +18,22 @@ import (
"cvevulner/util"
)
-const hotPatchIssue = "https://gitee.com/api/v5/repos/openeuler/hotpatch_meta/issues?" +
- "access_token=%s&state=closed&labels=%s&sort=created&direction=desc&page=%d&per_page=20&created_at=%s"
+const (
+ hotPatchIssue = "https://gitee.com/api/v5/repos/openeuler/hotpatch_meta/issues?" +
+ "access_token=%s&state=closed&labels=%s&sort=created&direction=desc&page=%d&per_page=20&created_at=%s"
+ endpoint = "https://api-cve.openeuler.org"
+ hotPatchSA = "HotPatchSA"
+ defaultClientTimeout = 3
+ defaultMaxId = 1000
+)
var (
- RegexpCve = regexp.MustCompile(`(?s:(.*?))`)
- RegexpRPM = regexp.MustCompile(`热补丁路径[::](?s:(.*?))热补丁信息[::]`)
- RegexpMeta = regexp.MustCompile(`热补丁元数据[::](?s:(.*?))热补丁路径[::]`)
- RegexpType = regexp.MustCompile(`问题类别[::](?s:(.*?))热补丁元数据[::]`)
- RegexpInfo = regexp.MustCompile(`热补丁信息[::](?s:(.*?))$`)
+ regexpCve = regexp.MustCompile(`(?s:(.*?))`)
+ regexpRPM = regexp.MustCompile(`热补丁路径[::](?s:(.*?))热补丁信息[::]`)
+ regexpMeta = regexp.MustCompile(`热补丁元数据[::](?s:(.*?))热补丁路径[::]`)
+ regexpType = regexp.MustCompile(`问题类别[::](?s:(.*?))热补丁元数据[::]`)
+ regexpInfo = regexp.MustCompile(`热补丁信息[::](?s:(.*?))$`)
+ regepHotPatch = regexp.MustCompile(`openEuler-HotPatchSA-(\d{4})-(\d{4,5})`)
)
func NewHotPatchImpl(log *logrus.Entry) *hotPatchImpl {
@@ -104,13 +112,13 @@ func (impl hotPatchImpl) getIssues() ([]Issue, error) {
}
func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err error) {
- t := RegexpType.FindAllStringSubmatch(body, -1)
+ t := regexpType.FindAllStringSubmatch(body, -1)
if len(t) == 0 {
return v, errors.New("parse type failed")
}
v.Type = strings.TrimSpace(t[0][1])
- meta := RegexpMeta.FindAllStringSubmatch(body, -1)
+ meta := regexpMeta.FindAllStringSubmatch(body, -1)
if len(meta) == 0 {
return v, errors.New("parse metadata failed")
}
@@ -118,13 +126,13 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
v.Branch = split[len(split)-4]
v.Component = split[len(split)-3]
- p := RegexpRPM.FindAllStringSubmatch(body, -1)
+ p := regexpRPM.FindAllStringSubmatch(body, -1)
if len(p) == 0 {
return v, errors.New("parse rpm failed")
}
v.PatchUrl = strings.Split(strings.TrimSpace(p[0][1]), "\n")
- info := RegexpInfo.FindAllStringSubmatch(body, -1)
+ info := regexpInfo.FindAllStringSubmatch(body, -1)
if len(info) == 0 {
return v, errors.New("parse info failed")
}
@@ -135,7 +143,7 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
continue
}
- if cve := RegexpCve.FindAllStringSubmatch(string(bys), -1); len(cve) > 0 {
+ if cve := regexpCve.FindAllStringSubmatch(string(bys), -1); len(cve) > 0 {
v.CveNum = strings.Split(cve[0][1], ",")
break
}
@@ -147,3 +155,110 @@ func (impl hotPatchImpl) toPatchIssue(body string) (v domain.HotPatchIssue, err
return
}
+
+type maxIdResult struct {
+ Code int `json:"code"`
+ Result string `json:"result"`
+ Msg string `json:"msg"`
+}
+
+func (impl hotPatchImpl) MaxHotPatchID() (maxId int, err error) {
+ cli := utils.NewHttpClient(defaultClientTimeout)
+
+ url := fmt.Sprintf("%s/cve-security-notice-server/securitynotice/getMaxHotPatchId", endpoint)
+
+ request, err := http.NewRequest(http.MethodGet, url, nil)
+ if err != nil {
+ return
+ }
+
+ r, _, err := cli.Download(request)
+ if err != nil {
+ return
+ }
+
+ var res maxIdResult
+ if err = json.Unmarshal(r, &res); err != nil {
+ return
+ }
+
+ if res.Code != 0 {
+ err = errors.New(res.Msg)
+
+ return
+ }
+
+ // init id
+ if res.Result == "" {
+ return defaultMaxId, nil
+ }
+
+ match := regepHotPatch.FindAllStringSubmatch(res.Result, -1)
+ if len(match) == 0 {
+ err = errors.New("invalid bulletin id")
+
+ return
+ }
+
+ // reset id to 1000 at new year
+ if match[0][1] != strconv.Itoa(time.Now().Year()) {
+ return defaultMaxId, nil
+ }
+
+ return strconv.Atoi(match[0][2])
+}
+
+type cveProductPackageResult struct {
+ Code int `json:"code"`
+ Result []cveProductPackage `json:"result"`
+ Msg string `json:"msg"`
+}
+
+type cveProductPackage struct {
+ Id int64 `json:"id"`
+ CveId string `json:"cveId"`
+ PackageName string `json:"packageName"`
+ ProductName string `json:"productName"`
+ Status string `json:"status"`
+ Reason string `json:"reason"`
+ SecurityNoticeNo string `json:"securityNoticeNo"`
+ ReleaseTime string `json:"releaseTime"`
+ Updateime string `json:"updateTime"`
+ CreateTime time.Time `json:"createTime"`
+}
+
+func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) {
+ cli := utils.NewHttpClient(defaultClientTimeout)
+
+ url := fmt.Sprintf("%s/cve-security-notice-server/cvedatabase/getCVEProductPackageList?cveId=%s&packageName=%s",
+ endpoint, cveId, packageName)
+
+ request, err := http.NewRequest(http.MethodGet, url, nil)
+ if err != nil {
+ return false, err
+ }
+
+ r, _, err := cli.Download(request)
+ if err != nil {
+ return false, err
+ }
+
+ var res cveProductPackageResult
+ if err = json.Unmarshal(r, &res); err != nil {
+ return false, err
+ }
+
+ if res.Code != 0 {
+ err = errors.New(res.Msg)
+
+ return false, err
+ }
+
+ for _, v := range res.Result {
+ if strings.Contains(v.SecurityNoticeNo, hotPatchSA) {
+ return true, nil
+ }
+ }
+
+ return false, nil
+}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
index 995717b..b417942 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
@@ -107,14 +107,20 @@ func (impl repositoryImpl) IssueNumExist(num string) bool {
func (impl repositoryImpl) SaveIssueNum(num string) error {
now := time.Now().Format(time.RFC3339)
+ o := orm.NewOrm()
hotPatch := models.HotPatch{
IssueNum: num,
- CreateTime: now,
UpdateTime: now,
}
- o := orm.NewOrm()
+ if impl.IssueNumExist(num) {
+ _, err := o.Update(&hotPatch, "updated_at")
+ return err
+ }
+
+ hotPatch.CreateTime = now
+
_, err := o.Insert(&hotPatch)
return err
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 10c5576..23ce7f1 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -18,6 +18,8 @@ import (
"cvevulner/util"
)
+const nokeyOffset = 5
+
func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) {
var u Updates
@@ -205,18 +207,17 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(domain.PkgUrl, branch, a, filename))
}
- if err == nil {
- if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
- continue
- }
- if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 {
- epoch = bytes.TrimSpace(epoch[ix+5:])
- } else {
- epoch = bytes.TrimSpace(epoch)
- }
-
- return domain.Num.Find(epoch), nil
+ if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
+ continue
+ }
+ if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 {
+ epoch = bytes.TrimSpace(epoch[ix+nokeyOffset:])
+ } else {
+ epoch = bytes.TrimSpace(epoch)
}
+
+ return domain.Num.Find(epoch), nil
+
}
return nil, nil
--
Gitee
From 8b6f4515cf054334dcb84271816c1d35edd04df9 Mon Sep 17 00:00:00 2001
From: Coopermassaki <1277145053@qq.com>
Date: Tue, 19 Nov 2024 11:47:25 +0800
Subject: [PATCH 02/12] fix review
---
cve-vulner-manager/cve-ddd/app/bulletin.go | 32 ++--------
.../cve-ddd/app/refactor_hotpatch.go | 40 ++-----------
.../cve-ddd/domain/bulletins.go | 28 ++++++++-
.../cve-ddd/domain/repository/cve.go | 2 -
.../cve-ddd/domain/service/service.go | 39 ++++++++++++
.../cve-ddd/domain/updateinfo.go | 38 ------------
.../infrastructure/repositoryimpl/impl.go | 35 -----------
.../updateinfoimpl/generate_updateinfoxml.go | 59 ++++++++++---------
8 files changed, 107 insertions(+), 166 deletions(-)
create mode 100644 cve-vulner-manager/cve-ddd/domain/service/service.go
diff --git a/cve-vulner-manager/cve-ddd/app/bulletin.go b/cve-vulner-manager/cve-ddd/app/bulletin.go
index 569224f..7f52fc3 100644
--- a/cve-vulner-manager/cve-ddd/app/bulletin.go
+++ b/cve-vulner-manager/cve-ddd/app/bulletin.go
@@ -20,6 +20,7 @@ import (
"cvevulner/cve-ddd/domain/majun"
"cvevulner/cve-ddd/domain/obs"
"cvevulner/cve-ddd/domain/repository"
+ "cvevulner/cve-ddd/domain/service"
"cvevulner/cve-ddd/domain/testresult"
"cvevulner/cve-ddd/domain/updateinfo"
)
@@ -29,6 +30,8 @@ const (
fileIndex = "index.txt"
fileUpdateFixed = "update_fixed.txt"
+
+ updateinfoRootDir = "earlyupdateinfo/"
)
type BulletinService interface {
@@ -148,7 +151,7 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin
updateFixedFiles = append(updateFixedFiles, v.PathAppendToIndexFile())
- b.uploadUpdateInfoFile(&v)
+ service.UploadUpdateInfoFile(b.obs, b.updateinfo, b.log, &v, updateinfoRootDir)
}
b.uploadIndexAndFixed(uploadDir, indexContent, updateFixedFiles)
@@ -156,33 +159,6 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin
return uploadDir, nil
}
-func (b *bulletinService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin) {
- for _, branch := range bulletin.AffectedVersion {
- filePath := domain.UpdateinfoRootDir + branch + "/updateinfo.xml"
- downloadBys, err := b.obs.Download(filePath)
- if err != nil {
- b.log.Error(err)
- continue
- }
-
- data, err := b.updateinfo.UploadUpdateInfoXml(domain.UpdateParam{
- Sb: bulletin,
- Branch: branch,
- DownloadBys: downloadBys,
- })
-
- if err != nil {
- b.log.Error(err)
- continue
- }
-
- if err = b.obs.Upload(filePath, data); err != nil {
- b.log.Error(err)
- continue
- }
- }
-}
-
func (b *bulletinService) uploadIndexAndFixed(uploadDir, indexContent string, updateFixedFiles []string) {
updateFixedContent := strings.TrimSpace(strings.Join(updateFixedFiles, EOF))
newIndexContent := strings.TrimSpace(indexContent) + EOF + updateFixedContent
diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
index bb07724..6e51918 100644
--- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
@@ -13,11 +13,14 @@ import (
"cvevulner/cve-ddd/domain/hotpatch"
"cvevulner/cve-ddd/domain/obs"
"cvevulner/cve-ddd/domain/repository"
+ "cvevulner/cve-ddd/domain/service"
"cvevulner/cve-ddd/domain/updateinfo"
)
const (
fileHotPatch = "update_hot_patch.txt"
+
+ hotPatchUpdateInfoDir = "hotpatch-early-updateinfo/"
)
type RefactorHotPatchService interface {
@@ -112,13 +115,13 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
xmlData, err2 := h.bulletin.GenerateHotPatch(&b)
if err2 != nil {
- h.log.Errorf("component: %s, to xml error: %s", b.Component, err.Error())
+ h.log.Errorf("component: %s, to xml error: %s", b.Component, err2.Error())
continue
}
path := uploadDir + b.CvrfFileName()
if err2 = h.obs.Upload(path, xmlData); err2 != nil {
- h.log.Errorf("component: %s, upload to obs error: %s", b.Component, err.Error())
+ h.log.Errorf("component: %s, upload to obs error: %s", b.Component, err2.Error())
continue
}
@@ -127,11 +130,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...)
- h.uploadUpdateInfoFile(&b)
- }
-
- if err = h.repository.SaveIssueNum(issue.HotIssueNum); err != nil {
- h.log.Errorf("save issue num %s error %s", issue.HotIssueNum, err.Error())
+ service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, hotPatchUpdateInfoDir)
}
}
@@ -193,30 +192,3 @@ func (h *refactorHotPatchService) uploadUpdateInfo(cves domain.Cves) error {
return nil
}
-
-func (h *refactorHotPatchService) uploadUpdateInfoFile(bulletin *domain.SecurityBulletin) {
- for _, branch := range bulletin.AffectedVersion {
- filePath := domain.HotPatchUpdateInfoDir + branch + "/updateinfo.xml"
- downloadBys, err := h.obs.Download(filePath)
- if err != nil {
- h.log.Error(err)
- continue
- }
-
- data, err := h.updateInfo.UploadUpdateInfoXml(domain.UpdateParam{
- Sb: bulletin,
- Branch: branch,
- DownloadBys: downloadBys,
- })
-
- if err != nil {
- h.log.Error(err)
- continue
- }
-
- if err = h.obs.Upload(filePath, data); err != nil {
- h.log.Error(err)
- continue
- }
- }
-}
diff --git a/cve-vulner-manager/cve-ddd/domain/bulletins.go b/cve-vulner-manager/cve-ddd/domain/bulletins.go
index 291ffcb..873dc37 100644
--- a/cve-vulner-manager/cve-ddd/domain/bulletins.go
+++ b/cve-vulner-manager/cve-ddd/domain/bulletins.go
@@ -11,8 +11,14 @@ import (
const (
BulletinTypeSA = "SA"
- BulletinTypeBa = "BA"
+ BulletinTypeBA = "BA"
BulletinTypeHotPatch = "HotPatchSA"
+
+ // NoticeTypeCVE is the type for CVE notices
+ NoticeTypeCVE = "cve"
+
+ // NoticeTypeBug is the type for bug notices
+ NoticeTypeBug = "bug"
)
var (
@@ -38,6 +44,26 @@ type Product struct {
IsEpol bool
}
+func (s *SecurityBulletin) IsCveNotice() bool {
+ return s.GenNoticeType() == NoticeTypeCVE
+}
+
+func (s *SecurityBulletin) GenNoticeType() string {
+ if strings.Contains(s.Identification, BulletinTypeBA) {
+ return NoticeTypeBug
+ }
+
+ if strings.Contains(s.Identification, BulletinTypeHotPatch) {
+ return NoticeTypeCVE
+ }
+
+ if strings.Contains(s.Identification, BulletinTypeSA) {
+ return NoticeTypeCVE
+ }
+
+ return ""
+}
+
func (s *SecurityBulletin) SetIdentificationOfColdPatch(id int) {
s.Identification = fmt.Sprintf("openEuler-SA-%d-%d", util.Year(), id)
}
diff --git a/cve-vulner-manager/cve-ddd/domain/repository/cve.go b/cve-vulner-manager/cve-ddd/domain/repository/cve.go
index dea7743..fc38100 100644
--- a/cve-vulner-manager/cve-ddd/domain/repository/cve.go
+++ b/cve-vulner-manager/cve-ddd/domain/repository/cve.go
@@ -10,8 +10,6 @@ type Option struct {
type CveRepository interface {
FindCves(option Option) (domain.Cves, error)
MaxBulletinID() (string, error)
- IssueNumExist(num string) bool
- SaveIssueNum(num string) error
GetAllIssue() (data domain.CollectedDataSlice, err error)
SetIgnoreStatus(id int64) error
GetAllPackage() (list []string, err error)
diff --git a/cve-vulner-manager/cve-ddd/domain/service/service.go b/cve-vulner-manager/cve-ddd/domain/service/service.go
new file mode 100644
index 0000000..4683569
--- /dev/null
+++ b/cve-vulner-manager/cve-ddd/domain/service/service.go
@@ -0,0 +1,39 @@
+package service
+
+import (
+ "cvevulner/cve-ddd/domain"
+ "cvevulner/cve-ddd/domain/obs"
+ "cvevulner/cve-ddd/domain/updateinfo"
+
+ "github.com/sirupsen/logrus"
+)
+
+func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
+ log *logrus.Entry, bulletin *domain.SecurityBulletin, UpdateInfoDir string,
+) {
+ for _, branch := range bulletin.AffectedVersion {
+ filePath := UpdateInfoDir + branch + "/updateinfo.xml"
+ downloadBys, err := obs.Download(filePath)
+ if err != nil {
+ log.Error(err)
+ continue
+ }
+
+ data, err := updateinfo.UploadUpdateInfoXml(domain.UpdateParam{
+ Sb: bulletin,
+ Branch: branch,
+ DownloadBys: downloadBys,
+ })
+
+ if err != nil {
+ log.Error(err)
+ continue
+ }
+
+ if err = obs.Upload(filePath, data); err != nil {
+ log.Error(err)
+ continue
+ }
+ }
+
+}
diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
index 3128451..218dc9d 100644
--- a/cve-vulner-manager/cve-ddd/domain/updateinfo.go
+++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
@@ -1,43 +1,5 @@
package domain
-import (
- "regexp"
-)
-
-const (
- // UpdateinfoRootDir is the root directory for early update info files
- UpdateinfoRootDir = "earlyupdateinfo/"
-
- // HotPatchUpdateInfoDir is the directory for hotpatch early update info files
- HotPatchUpdateInfoDir = "hotpatch-early-updateinfo/"
-
- // NoticeTypeCVE is the type for CVE notices
- NoticeTypeCVE = "cve"
-
- // NoticeTypeBug is the type for bug notices
- NoticeTypeBug = "bug"
-
- // CveUrlPrefix is the prefix for CVE URLs
- CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
-
- // PkgUrl is the URL format for package updates
- PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
-
- // ScriptPath is the path to the epoch.sh script
- ScriptPath = "/opt/app/epoch.sh"
-)
-
-var (
- Severity = map[string]string{
- "critical": "Critical",
- "high": "Important",
- "medium": "Moderate",
- "low": "Low",
- }
-
- Num = regexp.MustCompile(`\d+`)
-)
-
type UpdateParam struct {
Sb *SecurityBulletin
Branch string
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
index b417942..4df85a3 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
@@ -4,7 +4,6 @@ import (
"errors"
"fmt"
"strings"
- "time"
"github.com/astaxie/beego/orm"
@@ -92,40 +91,6 @@ func (impl repositoryImpl) MaxBulletinID() (string, error) {
return saFileRecord.FileName, nil
}
-func (impl repositoryImpl) IssueNumExist(num string) bool {
- hotPatch := models.HotPatch{
- IssueNum: num,
- }
-
- o := orm.NewOrm()
- if err := o.Read(&hotPatch, "issue_num"); err != nil {
- return false
- }
-
- return true
-}
-
-func (impl repositoryImpl) SaveIssueNum(num string) error {
- now := time.Now().Format(time.RFC3339)
- o := orm.NewOrm()
-
- hotPatch := models.HotPatch{
- IssueNum: num,
- UpdateTime: now,
- }
-
- if impl.IssueNumExist(num) {
- _, err := o.Update(&hotPatch, "updated_at")
- return err
- }
-
- hotPatch.CreateTime = now
-
- _, err := o.Insert(&hotPatch)
-
- return err
-}
-
type list struct {
models.IssueTemplate
AffectProduct string `orm:"column(affect_product)"`
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 23ce7f1..3537b93 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -5,6 +5,7 @@ import (
"encoding/xml"
"fmt"
"path/filepath"
+ "regexp"
"sort"
"strconv"
"strings"
@@ -18,7 +19,29 @@ import (
"cvevulner/util"
)
-const nokeyOffset = 5
+const (
+ nokeyOffset = 5
+
+ // CveUrlPrefix is the prefix for CVE URLs
+ CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
+
+ // PkgUrl is the URL format for package updates
+ PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
+
+ // ScriptPath is the path to the epoch.sh script
+ ScriptPath = "/opt/app/epoch.sh"
+)
+
+var (
+ Severity = map[string]string{
+ "critical": "Critical",
+ "high": "Important",
+ "medium": "Moderate",
+ "low": "Low",
+ }
+
+ Num = regexp.MustCompile(`\d+`)
+)
func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) {
var u Updates
@@ -90,7 +113,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
title := introduction + branch
- if impl.IsCveNotice(sb.Identification) {
+ if sb.IsCveNotice() {
if i := strings.Index(description, "Security Fix(es):"); i > 0 {
descr = util.TrimStringNR(description[i+17:])
}
@@ -104,7 +127,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
Status: "stable",
Id: sb.Identification,
Title: title,
- Severity: domain.Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
+ Severity: Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
Release: "openEuler",
Issued: &Issued{Date: sb.Date},
Description: descr,
@@ -113,7 +136,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
var ref []Reference
for _, s := range cveNums {
ref = append(ref, Reference{
- Href: domain.CveUrlPrefix + s,
+ Href: CveUrlPrefix + s,
Id: s,
Title: s,
Type: "cve",
@@ -144,7 +167,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
}
if !strings.Contains(pe.Filename, "kernel") {
- epoch, err := impl.findEpoch(domain.ScriptPath, branch, pe.Filename, pe.Arch, 1)
+ epoch, err := impl.findEpoch(ScriptPath, branch, pe.Filename, pe.Arch, 1)
if err == nil && len(epoch) > 0 {
pe.Epoch = string(epoch)
}
@@ -171,26 +194,6 @@ func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index
return
}
-func (impl updateInfoImpl) IsCveNotice(securityNoticeNo string) bool {
- return impl.GenNoticeType(securityNoticeNo) == domain.NoticeTypeCVE
-}
-
-func (impl updateInfoImpl) GenNoticeType(securityNoticeNo string) string {
- if strings.Contains(securityNoticeNo, "BA") {
- return domain.NoticeTypeBug
- }
-
- if strings.Contains(securityNoticeNo, "HotPatchSA") {
- return domain.NoticeTypeCVE
- }
-
- if strings.Contains(securityNoticeNo, "SA") {
- return domain.NoticeTypeCVE
- }
-
- return ""
-}
-
func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i int) ([]byte, error) {
var archs = []string{arch}
if arch == "noarch" {
@@ -200,11 +203,11 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
epoch, err, _ := libutils.RunCmd(
script,
filepath.Join("/opt/app/", branch, strconv.Itoa(i), time.Now().Format("150405.999")),
- fmt.Sprintf(domain.PkgUrl, branch, a, filename),
+ fmt.Sprintf(PkgUrl, branch, a, filename),
)
if err != nil {
- return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(domain.PkgUrl, branch, a, filename))
+ return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(PkgUrl, branch, a, filename))
}
if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
@@ -216,7 +219,7 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
epoch = bytes.TrimSpace(epoch)
}
- return domain.Num.Find(epoch), nil
+ return Num.Find(epoch), nil
}
--
Gitee
From 9f2727e025e36bb67195584f6952920f522eac00 Mon Sep 17 00:00:00 2001
From: Coopermassaki <1277145053@qq.com>
Date: Tue, 19 Nov 2024 14:25:48 +0800
Subject: [PATCH 03/12] fix codecheck problems
---
cve-vulner-manager/cve-ddd/domain/bulletins.go | 2 ++
cve-vulner-manager/cve-ddd/domain/service/service.go | 6 ++++--
.../cve-ddd/infrastructure/hotpatchimpl/impl.go | 3 +--
.../updateinfoimpl/generate_updateinfoxml.go | 8 ++++----
4 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/cve-vulner-manager/cve-ddd/domain/bulletins.go b/cve-vulner-manager/cve-ddd/domain/bulletins.go
index 873dc37..ddf93e6 100644
--- a/cve-vulner-manager/cve-ddd/domain/bulletins.go
+++ b/cve-vulner-manager/cve-ddd/domain/bulletins.go
@@ -44,10 +44,12 @@ type Product struct {
IsEpol bool
}
+// IsCveNotice returns whether the security bulletin is a CVE notice.
func (s *SecurityBulletin) IsCveNotice() bool {
return s.GenNoticeType() == NoticeTypeCVE
}
+// GenNoticeType returns the type of the security bulletin.
func (s *SecurityBulletin) GenNoticeType() string {
if strings.Contains(s.Identification, BulletinTypeBA) {
return NoticeTypeBug
diff --git a/cve-vulner-manager/cve-ddd/domain/service/service.go b/cve-vulner-manager/cve-ddd/domain/service/service.go
index 4683569..53a3af5 100644
--- a/cve-vulner-manager/cve-ddd/domain/service/service.go
+++ b/cve-vulner-manager/cve-ddd/domain/service/service.go
@@ -1,13 +1,15 @@
+// Package service provides the security bulletin service
package service
import (
+ "github.com/sirupsen/logrus"
+
"cvevulner/cve-ddd/domain"
"cvevulner/cve-ddd/domain/obs"
"cvevulner/cve-ddd/domain/updateinfo"
-
- "github.com/sirupsen/logrus"
)
+// UploadUpdateInfoFile upload updateinfo file
func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
log *logrus.Entry, bulletin *domain.SecurityBulletin, UpdateInfoDir string,
) {
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
index 1eb16a7..4689373 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go
@@ -22,7 +22,6 @@ const (
hotPatchIssue = "https://gitee.com/api/v5/repos/openeuler/hotpatch_meta/issues?" +
"access_token=%s&state=closed&labels=%s&sort=created&direction=desc&page=%d&per_page=20&created_at=%s"
endpoint = "https://api-cve.openeuler.org"
- hotPatchSA = "HotPatchSA"
defaultClientTimeout = 3
defaultMaxId = 1000
)
@@ -255,7 +254,7 @@ func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) {
}
for _, v := range res.Result {
- if strings.Contains(v.SecurityNoticeNo, hotPatchSA) {
+ if strings.Contains(v.SecurityNoticeNo, domain.BulletinTypeHotPatch) {
return true, nil
}
}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 3537b93..0ad4382 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -33,14 +33,14 @@ const (
)
var (
- Severity = map[string]string{
+ severity = map[string]string{
"critical": "Critical",
"high": "Important",
"medium": "Moderate",
"low": "Low",
}
- Num = regexp.MustCompile(`\d+`)
+ num = regexp.MustCompile(`\d+`)
)
func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) {
@@ -127,7 +127,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
Status: "stable",
Id: sb.Identification,
Title: title,
- Severity: Severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
+ Severity: severity[strings.ToLower(dp.SequenceSeverityLevel[highestLevelIndex])],
Release: "openEuler",
Issued: &Issued{Date: sb.Date},
Description: descr,
@@ -219,7 +219,7 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
epoch = bytes.TrimSpace(epoch)
}
- return Num.Find(epoch), nil
+ return num.Find(epoch), nil
}
--
Gitee
From 8a73ea21147a8cf1a1c380c6b5239d5bea1922e6 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Thu, 21 Nov 2024 16:25:19 +0800
Subject: [PATCH 04/12] fix sql for hot patch
---
cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go | 1 -
1 file changed, 1 deletion(-)
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
index 4df85a3..5aeebb3 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go
@@ -30,7 +30,6 @@ join cve_issue_template b on a.cve_id=b.cve_id
join cve_security_notice c on a.cve_id=c.cve_id
where a.cve_num in (%s)
and a.cve_status = 2
-and a.is_export in (0,3)
and a.organizate_id = 1
and b.status < 4
`
--
Gitee
From 443cd02e3afbdbf9b03683dd486d951ec5de1198 Mon Sep 17 00:00:00 2001
From: Coopermassaki <1277145053@qq.com>
Date: Thu, 21 Nov 2024 16:32:20 +0800
Subject: [PATCH 05/12] fix pkg url bug
---
cve-vulner-manager/cve-ddd/app/bulletin.go | 2 +-
.../cve-ddd/app/refactor_hotpatch.go | 6 +++---
cve-vulner-manager/cve-ddd/controller/cve.go | 2 +-
.../cve-ddd/domain/service/service.go | 3 ++-
cve-vulner-manager/cve-ddd/domain/updateinfo.go | 1 +
.../updateinfoimpl/generate_updateinfoxml.go | 14 +++++++-------
6 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/cve-vulner-manager/cve-ddd/app/bulletin.go b/cve-vulner-manager/cve-ddd/app/bulletin.go
index 7f52fc3..0c5b514 100644
--- a/cve-vulner-manager/cve-ddd/app/bulletin.go
+++ b/cve-vulner-manager/cve-ddd/app/bulletin.go
@@ -151,7 +151,7 @@ func (b *bulletinService) GenerateBulletins(cveNum []string, date string) (strin
updateFixedFiles = append(updateFixedFiles, v.PathAppendToIndexFile())
- service.UploadUpdateInfoFile(b.obs, b.updateinfo, b.log, &v, updateinfoRootDir)
+ service.UploadUpdateInfoFile(b.obs, b.updateinfo, b.log, &v, date, updateinfoRootDir)
}
b.uploadIndexAndFixed(uploadDir, indexContent, updateFixedFiles)
diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
index 6e51918..fe52ee1 100644
--- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
+++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go
@@ -24,7 +24,7 @@ const (
)
type RefactorHotPatchService interface {
- GenerateBulletins(string) error
+ GenerateBulletins(uploadDir, date string) error
}
func NewRefactorHotPatchService(
@@ -56,7 +56,7 @@ type refactorHotPatchService struct {
log *logrus.Entry
}
-func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
+func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) error {
issues, err := h.hotPatch.GetIssueInfo()
if err != nil {
return err
@@ -130,7 +130,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir string) error {
cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...)
- service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, hotPatchUpdateInfoDir)
+ service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, date, hotPatchUpdateInfoDir)
}
}
diff --git a/cve-vulner-manager/cve-ddd/controller/cve.go b/cve-vulner-manager/cve-ddd/controller/cve.go
index 6a19efd..f48a68a 100644
--- a/cve-vulner-manager/cve-ddd/controller/cve.go
+++ b/cve-vulner-manager/cve-ddd/controller/cve.go
@@ -98,7 +98,7 @@ func (c *CveController) Generate() {
if err1 != nil {
c.BulletinLog.Errorf("generate security bulletins failed: %s", err1.Error())
} else {
- err1 = c.HotPatchService.GenerateBulletins(uploadDir)
+ err1 = c.HotPatchService.GenerateBulletins(uploadDir, request.Date)
if err1 != nil {
c.HotPatchBulletinLog.Errorf("generate hot patch security bulletins failed: %s", err1.Error())
}
diff --git a/cve-vulner-manager/cve-ddd/domain/service/service.go b/cve-vulner-manager/cve-ddd/domain/service/service.go
index 53a3af5..341950c 100644
--- a/cve-vulner-manager/cve-ddd/domain/service/service.go
+++ b/cve-vulner-manager/cve-ddd/domain/service/service.go
@@ -11,7 +11,7 @@ import (
// UploadUpdateInfoFile upload updateinfo file
func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
- log *logrus.Entry, bulletin *domain.SecurityBulletin, UpdateInfoDir string,
+ log *logrus.Entry, bulletin *domain.SecurityBulletin, date, UpdateInfoDir string,
) {
for _, branch := range bulletin.AffectedVersion {
filePath := UpdateInfoDir + branch + "/updateinfo.xml"
@@ -23,6 +23,7 @@ func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
data, err := updateinfo.UploadUpdateInfoXml(domain.UpdateParam{
Sb: bulletin,
+ Date: date,
Branch: branch,
DownloadBys: downloadBys,
})
diff --git a/cve-vulner-manager/cve-ddd/domain/updateinfo.go b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
index 218dc9d..3f6b880 100644
--- a/cve-vulner-manager/cve-ddd/domain/updateinfo.go
+++ b/cve-vulner-manager/cve-ddd/domain/updateinfo.go
@@ -2,6 +2,7 @@ package domain
type UpdateParam struct {
Sb *SecurityBulletin
+ Date string
Branch string
DownloadBys []byte
}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 0ad4382..513d44b 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -26,7 +26,7 @@ const (
CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
// PkgUrl is the URL format for package updates
- PkgUrl = "https://repo.openeuler.org/%s/update/%s/Packages/%s"
+ PkgUrl = "https://dailybuild.openeuler.openatom.cn/repo.openeuler.org/%s/%s/%s/Packages/%s"
// ScriptPath is the path to the epoch.sh script
ScriptPath = "/opt/app/epoch.sh"
@@ -51,7 +51,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [
return nil, err
}
- up := impl.updateXml(param.Sb, param.Branch)
+ up := impl.updateXml(param.Sb, param.Branch, param.Date)
i := impl.numberIndex(&u, param.Sb.Identification)
if i == -1 {
@@ -81,7 +81,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [
return headerBytes, nil
}
-func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string) Update {
+func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date string) Update {
var cveNums []string
var description string
var highestLevelIndex int
@@ -167,7 +167,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch string)
}
if !strings.Contains(pe.Filename, "kernel") {
- epoch, err := impl.findEpoch(ScriptPath, branch, pe.Filename, pe.Arch, 1)
+ epoch, err := impl.findEpoch(ScriptPath, branch, pe.Filename, pe.Arch, date, 1)
if err == nil && len(epoch) > 0 {
pe.Epoch = string(epoch)
}
@@ -194,7 +194,7 @@ func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index
return
}
-func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i int) ([]byte, error) {
+func (impl updateInfoImpl) findEpoch(script, branch, filename, arch, date string, i int) ([]byte, error) {
var archs = []string{arch}
if arch == "noarch" {
archs = []string{"aarch64", "x86_64"}
@@ -203,11 +203,11 @@ func (impl updateInfoImpl) findEpoch(script, branch, filename, arch string, i in
epoch, err, _ := libutils.RunCmd(
script,
filepath.Join("/opt/app/", branch, strconv.Itoa(i), time.Now().Format("150405.999")),
- fmt.Sprintf(PkgUrl, branch, a, filename),
+ fmt.Sprintf(PkgUrl, branch, date, a, filename),
)
if err != nil {
- return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(PkgUrl, branch, a, filename))
+ return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(PkgUrl, date, branch, a, filename))
}
if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
--
Gitee
From 28742b7bed31783dc6a4dc086c816a21bf9769c8 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Wed, 20 Nov 2024 09:42:20 +0800
Subject: [PATCH 06/12] reason match check
---
cve-vulner-manager/taskhandler/check.go | 30 +++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/cve-vulner-manager/taskhandler/check.go b/cve-vulner-manager/taskhandler/check.go
index 6f2e646..5900f1c 100644
--- a/cve-vulner-manager/taskhandler/check.go
+++ b/cve-vulner-manager/taskhandler/check.go
@@ -97,6 +97,36 @@ func CheckIssueAnalysisComplete(i *models.IssueTemplate, organizationID int8) (m
analysisReasonResult = util.TrimStringNR(i.AnalysisVersion)
}
+ if i.AffectedVersion != "" && i.AnalysisVersion != "" {
+ var notMatchBranch []string
+
+ for _, b := range affectBranchsxList {
+ getResult := func(item string) string {
+ for _, v := range strings.Split(item, ",") {
+ row := strings.Split(v, ":")
+ if row[0] == b {
+ return row[1]
+ }
+ }
+
+ return ""
+ }
+
+ affectR := getResult(i.AffectedVersion)
+ analysisR := getResult(i.AnalysisVersion)
+
+ _, exist := common.AnalysisUnaffected[analysisR]
+ if (affectR == "不受影响" && !exist) || (affectR == "受影响" && exist) {
+ notMatchBranch = append(notMatchBranch, b)
+ }
+ }
+
+ if len(notMatchBranch) > 0 {
+ msg = fmt.Sprintf("受影响/不受影响和原因分析不匹配,分支: %v", notMatchBranch)
+ return
+ }
+ }
+
tbStr = fmt.Sprintf(tb,
"已分析", "1.影响性分析说明", util.TrimStringNR(i.CveAnalysis),
"已分析", "2.openEulerScore", i.OpenEulerScore,
--
Gitee
From 2eb6c6d30701ccb04f82ea3acb3617511a24ecde Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Fri, 22 Nov 2024 16:23:49 +0800
Subject: [PATCH 07/12] fix bug when cve update
---
cve-vulner-manager/models/cve_web.go | 5 +++++
cve-vulner-manager/task/issuetask.go | 8 ++++----
cve-vulner-manager/taskhandler/cve.go | 4 ++--
cve-vulner-manager/taskhandler/excel.go | 4 ++--
cve-vulner-manager/taskhandler/issuestatistics.go | 4 ++--
5 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/cve-vulner-manager/models/cve_web.go b/cve-vulner-manager/models/cve_web.go
index f873f29..170ce1d 100644
--- a/cve-vulner-manager/models/cve_web.go
+++ b/cve-vulner-manager/models/cve_web.go
@@ -9,11 +9,16 @@ type RespCommon struct {
type CveDetail struct {
Id int64 `json:"id"`
CveId string `json:"cveId"`
+ Status string `json:"status"`
AffectedProduct string `json:"affectedProduct"`
UpdateTime string `json:"updateTime"`
CreateTime string `json:"announcementTime"`
}
+func (d CveDetail) IsFixed() bool {
+ return d.Status == "Fixed"
+}
+
type RespCveDetail struct {
RespCommon
Result *CveDetail
diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go
index 64244ec..2fc1021 100644
--- a/cve-vulner-manager/task/issuetask.go
+++ b/cve-vulner-manager/task/issuetask.go
@@ -207,8 +207,8 @@ func addUnlimitedIssue(beforeTime string, prcnum, years, toolYears, manYears, fl
continue
}
// Determine whether cve has been processed
- issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true)
- if issueExist {
+ exist, detail := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true)
+ if exist && detail.Result.IsFixed() {
models.UpdateIssueStatus(issueValue, 2)
logs.Info("addUnlimitedIssue, The cve data has been displayed on the official website, "+
"no need to submit an issue on git, cveData: ", issueValue)
@@ -356,8 +356,8 @@ func addLimitedIssue(beforeTime string, prcnum int, years, toolYears, manYears i
continue
}
// Determine whether cve has been processed
- issueExist, _ := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true)
- if issueExist {
+ exist, detail := taskhandler.GetCveSecurityNotice(issueValue.CveNum, issueValue.PackName, true)
+ if exist && detail.Result.IsFixed() {
models.UpdateIssueStatus(issueValue, 2)
logs.Info("addLimitedIssue, The cve data has been displayed on the official website, "+
"no need to submit an issue on git, cveData: ", issueValue)
diff --git a/cve-vulner-manager/taskhandler/cve.go b/cve-vulner-manager/taskhandler/cve.go
index 05b3d71..ecedbda 100644
--- a/cve-vulner-manager/taskhandler/cve.go
+++ b/cve-vulner-manager/taskhandler/cve.go
@@ -2642,8 +2642,8 @@ func FilterCveExported() {
ewg.Add(1)
go func(center models.VulnCenter) {
defer ewg.Done()
- issueExist, result := GetCveSecurityNotice(center.CveNum, center.PackName, true)
- if issueExist {
+ exist, result := GetCveSecurityNotice(center.CveNum, center.PackName, true)
+ if exist && result.Result.IsFixed() {
// 1640966400 -- 2022-01-01
if t := util.TimeStrToInt(result.Result.UpdateTime, ""); t != 0 && t <= 1640966400 {
dbLock.Lock()
diff --git a/cve-vulner-manager/taskhandler/excel.go b/cve-vulner-manager/taskhandler/excel.go
index e768c22..830c936 100644
--- a/cve-vulner-manager/taskhandler/excel.go
+++ b/cve-vulner-manager/taskhandler/excel.go
@@ -1306,8 +1306,8 @@ func affectIssueProc(v IssueAndPkg, affectBranch string, cvexml *[]CveXml,
continue
}
// Check whether the cve data has been released sa
- issueExist, _ := GetCveSecurityNotice(tpl.CveNum, tpl.Repo, true)
- if issueExist {
+ exist, detail := GetCveSecurityNotice(tpl.CveNum, tpl.Repo, true)
+ if exist && detail.Result.IsFixed() {
if IsProductFixed(tpl.CveNum, v.Repo, affectBranch) {
continue
}
diff --git a/cve-vulner-manager/taskhandler/issuestatistics.go b/cve-vulner-manager/taskhandler/issuestatistics.go
index 5a8c583..a6f29de 100644
--- a/cve-vulner-manager/taskhandler/issuestatistics.go
+++ b/cve-vulner-manager/taskhandler/issuestatistics.go
@@ -325,8 +325,8 @@ func ProcSecLinkTemplate(beforeDate, prcnum int, owner, accessToken string) erro
continue
}
// Determine whether cve has been processed
- issueExist, saData := GetCveSecurityNotice(temp.CveNum, temp.Repo, true)
- if issueExist && len(saData.Result.AffectedProduct) > 2 {
+ exist, saData := GetCveSecurityNotice(temp.CveNum, temp.Repo, true)
+ if exist && saData.Result.IsFixed() && len(saData.Result.AffectedProduct) > 2 {
// Update sa release time
UpdateSAReleaseTime(saData.Result.AffectedProduct, saData.Result.CreateTime, temp.TemplateId)
secLink := secLinkConfig + "/zh/security/safety-bulletin/detail/?id=" + saData.Result.AffectedProduct
--
Gitee
From 18a9c85bfec2d3cd4c1a1150271047d232aae969 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Tue, 26 Nov 2024 14:50:24 +0800
Subject: [PATCH 08/12] optimize updateinfo logic
---
cve-vulner-manager/Dockerfile | 4 +-
cve-vulner-manager/conf/product_app.conf | 3 +
.../cve-ddd/domain/service/service.go | 7 +-
.../infrastructure/testresultimpl/impl.go | 13 +--
.../updateinfoimpl/generate_updateinfoxml.go | 72 +++-----------
.../infrastructure/updateinfoimpl/repodata.go | 97 +++++++++++++++++++
cve-vulner-manager/sh/epoch.sh | 24 -----
7 files changed, 126 insertions(+), 94 deletions(-)
create mode 100644 cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
delete mode 100644 cve-vulner-manager/sh/epoch.sh
diff --git a/cve-vulner-manager/Dockerfile b/cve-vulner-manager/Dockerfile
index e4dd787..ba1d7bc 100644
--- a/cve-vulner-manager/Dockerfile
+++ b/cve-vulner-manager/Dockerfile
@@ -15,12 +15,10 @@ RUN dnf -y update && \
useradd -u 1000 -g manager -s /bin/bash -m manager
COPY --chown=manager ./conf/product_app.conf /opt/app/conf/app.conf
-COPY --chown=manager ./sh/epoch.sh /opt/app/epoch.sh
COPY --chown=manager --from=BUILDER /go/src/gitee.com/openeuler/cve-manager/cve-manager /opt/app/cve-manager
USER manager
WORKDIR /opt/app
-RUN mkdir logs && \
- chmod 550 /opt/app/epoch.sh
+RUN mkdir logs
ENTRYPOINT ["/opt/app/cve-manager"]
\ No newline at end of file
diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf
index c446f9a..f5e401e 100644
--- a/cve-vulner-manager/conf/product_app.conf
+++ b/cve-vulner-manager/conf/product_app.conf
@@ -285,6 +285,9 @@ api_token = "${MAJUN_API_TOKEN||xxx}"
app_id = "${MAJUN_APP_ID||xxx}"
secret_key = "${MAJUN_SECRET_KEY||xxx}"
+[testResult]
+host = https://dailybuild.openeuler.openatom.cn
+
[metrics]
AVN = 0.85
AVA = 0.62
diff --git a/cve-vulner-manager/cve-ddd/domain/service/service.go b/cve-vulner-manager/cve-ddd/domain/service/service.go
index 341950c..c56af68 100644
--- a/cve-vulner-manager/cve-ddd/domain/service/service.go
+++ b/cve-vulner-manager/cve-ddd/domain/service/service.go
@@ -17,7 +17,7 @@ func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
filePath := UpdateInfoDir + branch + "/updateinfo.xml"
downloadBys, err := obs.Download(filePath)
if err != nil {
- log.Error(err)
+ log.Errorf("download %s failed: %s", filePath, err.Error())
continue
}
@@ -29,14 +29,13 @@ func UploadUpdateInfoFile(obs obs.OBS, updateinfo updateinfo.UpdateInfo,
})
if err != nil {
- log.Error(err)
+ log.Errorf("update updateinfo of %s failed: %s", bulletin.Identification, err.Error())
continue
}
if err = obs.Upload(filePath, data); err != nil {
- log.Error(err)
+ log.Errorf("upload %s failed: %s", filePath, err.Error())
continue
}
}
-
}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go
index 624495d..45af6a1 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/testresultimpl/impl.go
@@ -8,16 +8,13 @@ import (
"net/http"
"strings"
+ "github.com/astaxie/beego"
"github.com/opensourceways/server-common-lib/utils"
"github.com/sirupsen/logrus"
"cvevulner/cve-ddd/domain"
)
-const (
- testRepoBaseUrl = "https://dailybuild.openeuler.openatom.cn"
-)
-
func NewTestResultImpl(log *logrus.Entry) *testResultImpl {
return &testResultImpl{
log: log,
@@ -39,7 +36,9 @@ type rpm struct {
}
func (impl *testResultImpl) getCsvOfRpmByBranch(branch, date string) []byte {
- url := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s.csv", testRepoBaseUrl, branch, date, branch)
+ url := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s.csv",
+ beego.AppConfig.String("testResult::host"), branch, date, branch,
+ )
req, _ := http.NewRequest(http.MethodGet, url, nil)
@@ -53,7 +52,9 @@ func (impl *testResultImpl) getCsvOfRpmByBranch(branch, date string) []byte {
}
func (impl *testResultImpl) getCsvOfRpmInEpolByBranch(branch, date string) []byte {
- epolUrl := fmt.Sprintf("%s/repo.openeuler.org/%s/EPOL/%s/main/%s.csv", testRepoBaseUrl, branch, date, branch)
+ epolUrl := fmt.Sprintf("%s/repo.openeuler.org/%s/EPOL/%s/main/%s.csv",
+ beego.AppConfig.String("testResult::host"), branch, date, branch,
+ )
req, _ := http.NewRequest(http.MethodGet, epolUrl, nil)
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 513d44b..5753580 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -1,17 +1,10 @@
package updateinfoimpl
import (
- "bytes"
"encoding/xml"
"fmt"
- "path/filepath"
- "regexp"
"sort"
- "strconv"
"strings"
- "time"
-
- libutils "github.com/opensourceways/server-common-lib/utils"
"cvevulner/cve-ddd/domain"
"cvevulner/cve-ddd/domain/dp"
@@ -20,16 +13,8 @@ import (
)
const (
- nokeyOffset = 5
-
// CveUrlPrefix is the prefix for CVE URLs
CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
-
- // PkgUrl is the URL format for package updates
- PkgUrl = "https://dailybuild.openeuler.openatom.cn/repo.openeuler.org/%s/%s/%s/Packages/%s"
-
- // ScriptPath is the path to the epoch.sh script
- ScriptPath = "/opt/app/epoch.sh"
)
var (
@@ -39,20 +24,20 @@ var (
"medium": "Moderate",
"low": "Low",
}
-
- num = regexp.MustCompile(`\d+`)
)
func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data []byte, err error) {
- var u Updates
+ up, err := impl.updateXml(param.Sb, param.Branch, param.Date)
+ if err != nil {
+ return nil, err
+ }
+ var u Updates
err = xml.Unmarshal(param.DownloadBys, &u)
if err != nil {
return nil, err
}
- up := impl.updateXml(param.Sb, param.Branch, param.Date)
-
i := impl.numberIndex(&u, param.Sb.Identification)
if i == -1 {
u.Updatex = append(u.Updatex, up)
@@ -81,7 +66,7 @@ func (impl updateInfoImpl) UploadUpdateInfoXml(param domain.UpdateParam) (data [
return headerBytes, nil
}
-func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date string) Update {
+func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date string) (Update, error) {
var cveNums []string
var description string
var highestLevelIndex int
@@ -151,6 +136,11 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s
continue
}
+ epochOfRpm, err := impl.getEpochOfRpm(branch, date, arch)
+ if err != nil {
+ return Update{}, err
+ }
+
for _, productPackage := range pl {
var pe Package
pe.Filename = productPackage.FullName
@@ -167,9 +157,9 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s
}
if !strings.Contains(pe.Filename, "kernel") {
- epoch, err := impl.findEpoch(ScriptPath, branch, pe.Filename, pe.Arch, date, 1)
- if err == nil && len(epoch) > 0 {
- pe.Epoch = string(epoch)
+ epoch, ok := epochOfRpm[pe.Filename]
+ if ok {
+ pe.Epoch = epoch
}
}
@@ -179,7 +169,7 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s
up.Pkglist = &Pkglist{Collection: &Collection{Name: "openEuler", Package: pack}}
- return up
+ return up, nil
}
func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index int) {
@@ -193,35 +183,3 @@ func (impl updateInfoImpl) numberIndex(u *Updates, securityNumber string) (index
return
}
-
-func (impl updateInfoImpl) findEpoch(script, branch, filename, arch, date string, i int) ([]byte, error) {
- var archs = []string{arch}
- if arch == "noarch" {
- archs = []string{"aarch64", "x86_64"}
- }
- for _, a := range archs {
- epoch, err, _ := libutils.RunCmd(
- script,
- filepath.Join("/opt/app/", branch, strconv.Itoa(i), time.Now().Format("150405.999")),
- fmt.Sprintf(PkgUrl, branch, date, a, filename),
- )
-
- if err != nil {
- return nil, fmt.Errorf("failed to get epoch, pkgUrl is %s", fmt.Sprintf(PkgUrl, date, branch, a, filename))
- }
-
- if strings.Contains(string(epoch), "404") || strings.Contains(string(epoch), "502") {
- continue
- }
- if ix := bytes.Index(epoch, []byte("NOKEY")); ix > 0 {
- epoch = bytes.TrimSpace(epoch[ix+nokeyOffset:])
- } else {
- epoch = bytes.TrimSpace(epoch)
- }
-
- return num.Find(epoch), nil
-
- }
-
- return nil, nil
-}
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
new file mode 100644
index 0000000..4ff8252
--- /dev/null
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
@@ -0,0 +1,97 @@
+package updateinfoimpl
+
+import (
+ "bytes"
+ "compress/gzip"
+ "encoding/xml"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "regexp"
+ "strings"
+
+ "github.com/astaxie/beego"
+ "github.com/opensourceways/server-common-lib/utils"
+)
+
+var primaryRegexp = regexp.MustCompile(`title="(\w+-primary.xml.gz)"`)
+
+type PrimaryXml struct {
+ XMLName xml.Name `xml:"metadata,omitempty"`
+ Package []PrimaryPackage `xml:"package,omitempty"`
+}
+
+type PrimaryPackage struct {
+ XMLName xml.Name `xml:"package,omitempty"`
+ Type string `xml:"type,attr"`
+ Version Version `xml:"version,omitempty"`
+ Location Location `xml:"location,omitempty"`
+}
+
+type Version struct {
+ XMLName xml.Name `xml:"version,omitempty"`
+ Epoch string `xml:"epoch,attr"`
+}
+
+type Location struct {
+ XMLName xml.Name `xml:"location,omitempty"`
+ Href string `xml:"href,attr"`
+}
+
+func (impl updateInfoImpl) getEpochOfRpm(branch, date, arch string) (map[string]string, error) {
+ primaryXmlContent, err := impl.getPrimaryXmlOfRepoData(branch, date, arch)
+ if err != nil {
+ return nil, err
+ }
+
+ var primaryXml PrimaryXml
+ if err = xml.Unmarshal(primaryXmlContent, &primaryXml); err != nil {
+ return nil, err
+ }
+
+ epochOfRpm := make(map[string]string)
+ for _, v := range primaryXml.Package {
+ rpmName := strings.Trim(v.Location.Href, "Packages/")
+ epochOfRpm[rpmName] = v.Version.Epoch
+ }
+
+ return epochOfRpm, nil
+}
+
+func (impl updateInfoImpl) getPrimaryXmlOfRepoData(branch, date, arch string) (content []byte, err error) {
+ urlOfDir := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s/repodata",
+ beego.AppConfig.String("testResult::host"),
+ branch, date, arch,
+ )
+
+ client := utils.NewHttpClient(3)
+ req, err := http.NewRequest(http.MethodGet, urlOfDir, nil)
+ if err != nil {
+ return
+ }
+
+ t, _, err := client.Download(req)
+ if err != nil {
+ return
+ }
+
+ match := primaryRegexp.FindAllStringSubmatch(string(t), -1)
+ if len(match) == 0 {
+ err = errors.New("not match primary xml")
+ return
+ }
+
+ primaryFile := match[0][1]
+ urlOfPrimaryFile := urlOfDir + "/" + primaryFile
+
+ req, err = http.NewRequest(http.MethodGet, urlOfPrimaryFile, nil)
+ fileContent, _, err := client.Download(req)
+
+ gz, err := gzip.NewReader(bytes.NewBuffer(fileContent))
+ if err != nil {
+ return
+ }
+
+ return io.ReadAll(gz)
+}
diff --git a/cve-vulner-manager/sh/epoch.sh b/cve-vulner-manager/sh/epoch.sh
deleted file mode 100644
index 2c796ca..0000000
--- a/cve-vulner-manager/sh/epoch.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-repo=$1
-url=$2
-
-if [ ! -d "$repo" ]; then
- mkdir -p "$repo"
-fi
-
-cd "$repo"
-
-curl -LO -s "$url"
-
-v=$(rpm -qpi *.rpm | grep Epoch | awk {'print $3'})
-
-i=$?
-
-cd .. && rm -rf "$repo"
-
-if [ "$i" != 0 ]; then
-exit 1
-fi
-
-echo "$v"
\ No newline at end of file
--
Gitee
From b527d857e85d060b2d8da102a1c4e72e94d35c2a Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Wed, 27 Nov 2024 10:31:09 +0800
Subject: [PATCH 09/12] remind commenter when nvd score != openeuler score
---
cve-vulner-manager/controllers/hook.go | 2 ++
1 file changed, 2 insertions(+)
diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go
index 8ed4793..3113497 100644
--- a/cve-vulner-manager/controllers/hook.go
+++ b/cve-vulner-manager/controllers/hook.go
@@ -1959,6 +1959,8 @@ func notifyAuditorReview(payload *models.CommentPayload, issueTmp models.IssueTe
}
msg := fmt.Sprintf(CommentReviewTpl, strings.Join(ns, ","))
taskhandler.AddCommentToIssue(msg, issueTmp.IssueNum, owner, path, accessToken)
+ msg = fmt.Sprintf("@%s ,请给出NVD评分和openEuler评分不一致的理由", payload.Comment.User.Login)
+ taskhandler.AddCommentToIssue(msg, issueTmp.IssueNum, owner, path, accessToken)
}
func changeOpenEulerScoreStatus(cveID int64, status int8) error {
--
Gitee
From 4506b34085c2ca12b038a5d74a090688034443f1 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Thu, 28 Nov 2024 14:49:36 +0800
Subject: [PATCH 10/12] optimize log
---
.../cve-ddd/infrastructure/updateinfoimpl/repodata.go | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
index 4ff8252..cac9c28 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go
@@ -73,6 +73,7 @@ func (impl updateInfoImpl) getPrimaryXmlOfRepoData(branch, date, arch string) (c
t, _, err := client.Download(req)
if err != nil {
+ err = fmt.Errorf("list dir %s failed: %s", urlOfDir, err.Error())
return
}
@@ -87,9 +88,14 @@ func (impl updateInfoImpl) getPrimaryXmlOfRepoData(branch, date, arch string) (c
req, err = http.NewRequest(http.MethodGet, urlOfPrimaryFile, nil)
fileContent, _, err := client.Download(req)
+ if err != nil {
+ err = fmt.Errorf("download file %s failed: %s", urlOfPrimaryFile, err.Error())
+ return
+ }
gz, err := gzip.NewReader(bytes.NewBuffer(fileContent))
if err != nil {
+ err = fmt.Errorf("read file %s failed: %s", urlOfPrimaryFile, err.Error())
return
}
--
Gitee
From 04fc01a0c7d9fea22e556bf8be6a546c7b4d03af Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Thu, 28 Nov 2024 15:24:31 +0800
Subject: [PATCH 11/12] get rpm of noarch from aarch64
---
.../updateinfoimpl/generate_updateinfoxml.go | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
index 5753580..ba4e1ae 100644
--- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
+++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go
@@ -13,6 +13,11 @@ import (
)
const (
+ src = "src"
+ x8664 = "x86_64"
+ aarch64 = "aarch64"
+ noarch = "noarch"
+
// CveUrlPrefix is the prefix for CVE URLs
CveUrlPrefix = "https://nvd.nist.gov/vuln/detail/"
)
@@ -132,10 +137,15 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s
var pack []Package
for arch, pl := range sb.ProductTree {
- if arch == "src" {
+ if arch == src {
continue
}
+ // noarch的包在aarch64目录和x8664目录都存在,采用和官网一致的逻辑,从aarch64目录取
+ if arch == noarch {
+ arch = aarch64
+ }
+
epochOfRpm, err := impl.getEpochOfRpm(branch, date, arch)
if err != nil {
return Update{}, err
--
Gitee
From 03ecac5d0fba71e45c3f19aac1056fbd841ecbc1 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Mon, 9 Dec 2024 09:39:31 +0800
Subject: [PATCH 12/12] rename under investigation
---
cve-vulner-manager/common/analysis.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cve-vulner-manager/common/analysis.go b/cve-vulner-manager/common/analysis.go
index 07ba5cc..d2bb73e 100644
--- a/cve-vulner-manager/common/analysis.go
+++ b/cve-vulner-manager/common/analysis.go
@@ -17,7 +17,7 @@ const (
TypeAffected = "Affected"
TypeUnaffected = "Unaffected"
- TypeUnderInvestigation = "UnderInvestigation"
+ TypeUnderInvestigation = "Under Investigation"
)
var AnalysisUnaffected = map[string]struct{}{
--
Gitee