diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go index 4fdea4ad5ad84ce8aa6972ceddb12b4776d00557..38e8d70dd344d67638193b2f1d5b76860ea46085 100644 --- a/cve-vulner-manager/controllers/cve.go +++ b/cve-vulner-manager/controllers/cve.go @@ -121,6 +121,7 @@ type CveAllIssueController struct { } type CveAllIssueoData struct { + Status int8 `json:"status"` IssueNum string `json:"issue_id"` CveNum string `json:"CVE_num"` OpeneulerScore float64 `json:"openeuler_score"` @@ -196,6 +197,7 @@ func (u *CveAllIssueController) Get() { } cid[i] = CveAllIssueoData{ + Status: issues.Status, CveNum: issues.CveNum, IssueNum: issues.IssueNum, Version: issues.OwnedVersion, diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go index f2512f935dd78da8dc557818c10dd81c11b923cc..6bffe5533cc428f5343f955fb8c62d8d81e62428 100644 --- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go +++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go @@ -69,14 +69,18 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) erro return fmt.Errorf("parse max id failed: %w", err) } + // 热补丁有专属目录 + hotDate := "hotpatch_" + date + for _, issue := range issues { - isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component) + isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component, issue.Branch) if err1 != nil { - h.log.Errorf("check hotpatch is published, occurred error: %s", err1.Error()) + h.log.Errorf("check whether hotpatch %s is published, occurred error: %s", issue.HotIssueNum, err1.Error()) return err } if isPublished { + h.log.Errorf("hotpatch %s is published", issue.HotIssueNum) continue } @@ -128,7 +132,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) erro cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...) - service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, date, hotPatchEarlyUpdateInfoDir) + service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, hotDate, hotPatchEarlyUpdateInfoDir) } } diff --git a/cve-vulner-manager/cve-ddd/domain/cve.go b/cve-vulner-manager/cve-ddd/domain/cve.go index 5a5c92245aedb9cfe6594ea9f47b5ba1356ac899..e8163b8434f10807214468f2edf0fa9efb00f93f 100644 --- a/cve-vulner-manager/cve-ddd/domain/cve.go +++ b/cve-vulner-manager/cve-ddd/domain/cve.go @@ -16,7 +16,7 @@ type CvesByVersion []Cve type Cve struct { Component string - Description string + ComponentDesc string SeverityLevel string AffectedVersion []string AffectedProduct string diff --git a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go index 962f399083409a7c99bf25bc904df9300692913a..df8107e7f5a6baee7e108baa9db7cf5af98f3b16 100644 --- a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go +++ b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go @@ -5,5 +5,5 @@ import "cvevulner/cve-ddd/domain" type HotPatch interface { GetIssueInfo() ([]domain.HotPatchIssue, error) MaxHotPatchID() (int, error) - IsPublished(cveId, packageName string) (bool, error) + IsPublished(cveId, packageName, branch string) (bool, error) } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go index c1cbda5a3078e968dcfd511c955a43b81fc44dbc..e1efaa0713f127c30e328c8f67d7b30245eb1ce1 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go @@ -162,17 +162,10 @@ func (impl bulletinImpl) documentNotes(sb *domain.SecurityBulletin) DocumentNote var maxScore float64 for _, cve := range sb.Cves { - subDescription := strings.ReplaceAll(cve.Description, "\n\n", "\r\n\r\n") - subDescription = taskhandler.XmlSpecCharHand(subDescription) - dSplit := strings.Split(subDescription, "Security Fix(es):") - if len(dSplit) > 1 { - if !strings.Contains(description, dSplit[0]) { - description = dSplit[0] + "Security Fix(es):" + description - } - if !strings.Contains(description, dSplit[1]) { - description += dSplit[1] - } + if description == "" { + description = cve.ComponentDesc + "Security Fix(es):" } + description += fmt.Sprintf("\n\n%s(%s)", cve.CveBrief, cve.CveNum) if cve.OpeneulerScore >= maxScore { maxScore = cve.OpeneulerScore @@ -212,7 +205,7 @@ func (impl bulletinImpl) documentNotes(sb *domain.SecurityBulletin) DocumentNote Type: "General", Ordinal: "3", XmlLang: lang, - Note: strings.Trim(description, "\r\n\r\n"), + Note: taskhandler.XmlSpecCharHand(strings.Trim(description, "\r\n\r\n")), }, { Title: "Topic", diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go index 46893738137300eb9d2b3ed3d4a9c0c8885d42db..64f29b7bff8456c442af7f127b6461d38ebe3383 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go @@ -226,7 +226,11 @@ type cveProductPackage struct { CreateTime time.Time `json:"createTime"` } -func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) { +func (p cveProductPackage) IsHotPatch() bool { + return strings.Contains(p.SecurityNoticeNo, domain.BulletinTypeHotPatch) +} + +func (impl hotPatchImpl) IsPublished(cveId, packageName, branch string) (bool, error) { cli := utils.NewHttpClient(defaultClientTimeout) url := fmt.Sprintf("%s/cve-security-notice-server/cvedatabase/getCVEProductPackageList?cveId=%s&packageName=%s", @@ -254,7 +258,7 @@ func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) { } for _, v := range res.Result { - if strings.Contains(v.SecurityNoticeNo, domain.BulletinTypeHotPatch) { + if v.IsHotPatch() && v.ProductName == branch { return true, nil } } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go index a79d50606f6dd04682a007976dbc4b6946e13326..cb63bf2962640f12f6fa24244284b09e1a2cfcbb 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go @@ -1,5 +1,11 @@ package repositoryimpl +import ( + "strings" + + "cvevulner/taskhandler" +) + type CveInfo struct { CveNum string `json:"cve_num"` IssueNum string `json:"issue_num"` @@ -33,3 +39,16 @@ func (c CveInfo) GetAffectProduct() string { return c.AffectProduct } } + +// GetComponentDesc 获取cve正确的描述内容 +func (c CveInfo) GetComponentDesc() string { + const splitLen = 2 + subDescription := strings.ReplaceAll(c.Description, "\n\n", "\r\n\r\n") + subDescription = taskhandler.XmlSpecCharHand(subDescription) + dSplit := strings.Split(subDescription, "Security Fix(es):") + if len(dSplit) >= splitLen { + return dSplit[0] + } + + return "" +} diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go index 5aeebb3b76b6f2d4599104032b97089b208b5f15..0bbd723bce3a093675fa0e2872c2a9819aeb3f2e 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go @@ -48,7 +48,7 @@ and b.status < 4 cve := domain.Cve{ Component: v.OwnedComponent, - Description: v.Description, + ComponentDesc: v.GetComponentDesc(), SeverityLevel: v.CveLevel, AffectedVersion: strings.Split(affect, "/"), AffectedProduct: affect, diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go index 8b843bca9a3cbd99a05d5a096572129827706382..990838858c5a541588e9190d19b9ca705e208592 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go @@ -8,7 +8,6 @@ import ( "cvevulner/cve-ddd/domain" "cvevulner/cve-ddd/domain/dp" - "cvevulner/taskhandler" "cvevulner/util" ) @@ -78,17 +77,10 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s for _, cve := range sb.Cves { cveNums = append(cveNums, cve.CveNum) - subDescription := strings.ReplaceAll(cve.Description, "\n\n", "\r\n\r\n") - subDescription = taskhandler.XmlSpecCharHand(subDescription) - dSplit := strings.Split(subDescription, "Security Fix(es):") - if len(dSplit) > 1 { - if !strings.Contains(description, dSplit[0]) { - description = dSplit[0] + "Security Fix(es):" + description - } - if !strings.Contains(description, dSplit[1]) { - description += dSplit[1] - } + if description == "" { + description = cve.ComponentDesc + "Security Fix(es):" } + description += fmt.Sprintf("\n\n%s(%s)", cve.CveBrief, cve.CveNum) // Choose the highest security level in cves, as security level in bulletin for k, v := range dp.SequenceSeverityLevel { diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go index c446a7d4271bc11385d0e2e6a6235962cf25cd30..ac06eba9a3737f1a583c33499d33fc0daa8e88f4 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go @@ -4,16 +4,21 @@ import ( "fmt" "strings" + "github.com/sirupsen/logrus" "github.com/xuri/excelize/v2" "cvevulner/cve-ddd/domain" ) -func NewUpdateInfoImpl() *updateInfoImpl { - return &updateInfoImpl{} +// NewUpdateInfoImpl creates a new instance of updateInfoImpl with the provided logger. +func NewUpdateInfoImpl(log *logrus.Entry) *updateInfoImpl { + return &updateInfoImpl{ + log: log, + } } type updateInfoImpl struct { + log *logrus.Entry } func (impl updateInfoImpl) Generate(cves domain.CvesByVersion) (data []byte, err error) { diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go index 60b6271765a73c58b31bef077728cf0d3b49aca8..c978b7bc1d1b0e73e7b8f631e24cd3f7fe1c1148 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go @@ -40,7 +40,36 @@ type Location struct { } func (impl updateInfoImpl) getEpochOfRpm(branch, date, arch string) (map[string]string, error) { - primaryXmlContent, err := impl.getPrimaryXmlOfRepoData(branch, date, arch) + normalDir := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s/repodata", + beego.AppConfig.String("testResult::host"), + branch, date, arch, + ) + + normalEpoch, err := impl.getEpochOfRpmByDir(normalDir) + if err != nil { + return nil, err + } + + epolDir := fmt.Sprintf("%s/repo.openeuler.org/%s/EPOL/%s/main/%s/repodata", + beego.AppConfig.String("testResult::host"), + branch, date, arch, + ) + + epolEpoch, err := impl.getEpochOfRpmByDir(epolDir) + if err != nil { + impl.log.Errorf("get epoch of epol [%s %s %s] failed: %s", branch, date, arch, err.Error()) + } + + // 合并两个目录的数据 + for k, v := range epolEpoch { + normalEpoch[k] = v + } + + return normalEpoch, nil +} + +func (impl updateInfoImpl) getEpochOfRpmByDir(dir string) (map[string]string, error) { + primaryXmlContent, err := impl.getPrimaryXmlOfRepoData(dir) if err != nil { return nil, err } @@ -59,12 +88,7 @@ func (impl updateInfoImpl) getEpochOfRpm(branch, date, arch string) (map[string] return epochOfRpm, nil } -func (impl updateInfoImpl) getPrimaryXmlOfRepoData(branch, date, arch string) (content []byte, err error) { - urlOfDir := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s/repodata", - beego.AppConfig.String("testResult::host"), - branch, date, arch, - ) - +func (impl updateInfoImpl) getPrimaryXmlOfRepoData(urlOfDir string) (content []byte, err error) { client := utils.NewHttpClient(3) req, err := http.NewRequest(http.MethodGet, urlOfDir, nil) if err != nil { diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 1bee1d73ef48d961f621c6fdafd522e42c83653e..838bc6d6091ef404073f7c782c196ee2aea76fc4 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1228,6 +1228,7 @@ func QueryCveAllIssueCount(communityFlag int, startTime string) (count int64) { } type CveAllIssueData struct { + Status int8 `orm:"column(status)"` IssueNum string `orm:"column(issue_num)"` CveNum string `orm:"column(cve_num)"` OpeneulerScore float64 `orm:"column(openeuler_score)"` @@ -1254,9 +1255,10 @@ type CveAllIssueData struct { func QueryCveAllIssueData(currentPage, pageSize, communityFlag int, startTime string) (res []CveAllIssueData, err error) { startSize := (currentPage - 1) * pageSize o := orm.NewOrm() - var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num, t.affected_version,t.owned_version,t.is_ignore, -t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time,s.sa_release_time,s.rpm_release_time,v.first_per_time, -v.first_get_time,v.affect_update,o.issue_create FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s + var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num,t.status, t.affected_version, + t.owned_version,t.is_ignore,t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time, + s.sa_release_time,s.rpm_release_time,v.first_per_time,v.first_get_time,v.affect_update,o.issue_create +FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s on t.template_id = s.template_id left join cve_gite_origin_issue o on t.issue_num = o.number and t.issue_id = o.issue_id where t.status != 6 and t.cve_id = v.cve_id %s order by t.update_time desc limit ? offset ?` if len(startTime) > 2 { diff --git a/cve-vulner-manager/routers/new_router.go b/cve-vulner-manager/routers/new_router.go index 5bcfc0675209618445395e9e8d2f3a15fe8514b0..928acbbadaf50719aa09fe5139241ca7601bb7b7 100644 --- a/cve-vulner-manager/routers/new_router.go +++ b/cve-vulner-manager/routers/new_router.go @@ -48,7 +48,7 @@ func initNewRouter() { latestrpmimpl.NewLatestRpm(), repositoryimpl.NewRepositoryImpl(), backendimpl.NewBackendImpl(), - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logColdPatchCveCollect), obsimpl.Instance(), majunimpl.NewMajunImpl(), logColdPatchCveCollect, @@ -62,14 +62,14 @@ func initNewRouter() { testresultimpl.NewTestResultImpl(logBulletin), backendimpl.NewBackendImpl(), logBulletin, - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logBulletin), ) hotPatchService := app.NewRefactorHotPatchService( repositoryimpl.NewRepositoryImpl(), bulletinimpl.NewBulletinImpl(), obsimpl.Instance(), - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logBulletin), hotpatchimpl.NewHotPatchImpl(logHotPatchBulletin), logHotPatchBulletin, )