From d5a8db3eecdded8ebcb31eca607ea3de7c893053 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 17 Jan 2025 16:31:56 +0800 Subject: [PATCH 1/7] add epol data for early updateinfo --- .../infrastructure/updateinfoimpl/impl.go | 8 +++- .../infrastructure/updateinfoimpl/repodata.go | 38 +++++++++++++++---- cve-vulner-manager/routers/new_router.go | 6 +-- 3 files changed, 40 insertions(+), 12 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go index c446a7d..a4db527 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go @@ -4,16 +4,20 @@ import ( "fmt" "strings" + "github.com/sirupsen/logrus" "github.com/xuri/excelize/v2" "cvevulner/cve-ddd/domain" ) -func NewUpdateInfoImpl() *updateInfoImpl { - return &updateInfoImpl{} +func NewUpdateInfoImpl(log *logrus.Entry) *updateInfoImpl { + return &updateInfoImpl{ + log: log, + } } type updateInfoImpl struct { + log *logrus.Entry } func (impl updateInfoImpl) Generate(cves domain.CvesByVersion) (data []byte, err error) { diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go index 60b6271..c978b7b 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go @@ -40,7 +40,36 @@ type Location struct { } func (impl updateInfoImpl) getEpochOfRpm(branch, date, arch string) (map[string]string, error) { - primaryXmlContent, err := impl.getPrimaryXmlOfRepoData(branch, date, arch) + normalDir := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s/repodata", + beego.AppConfig.String("testResult::host"), + branch, date, arch, + ) + + normalEpoch, err := impl.getEpochOfRpmByDir(normalDir) + if err != nil { + return nil, err + } + + epolDir := fmt.Sprintf("%s/repo.openeuler.org/%s/EPOL/%s/main/%s/repodata", + beego.AppConfig.String("testResult::host"), + branch, date, arch, + ) + + epolEpoch, err := impl.getEpochOfRpmByDir(epolDir) + if err != nil { + impl.log.Errorf("get epoch of epol [%s %s %s] failed: %s", branch, date, arch, err.Error()) + } + + // 合并两个目录的数据 + for k, v := range epolEpoch { + normalEpoch[k] = v + } + + return normalEpoch, nil +} + +func (impl updateInfoImpl) getEpochOfRpmByDir(dir string) (map[string]string, error) { + primaryXmlContent, err := impl.getPrimaryXmlOfRepoData(dir) if err != nil { return nil, err } @@ -59,12 +88,7 @@ func (impl updateInfoImpl) getEpochOfRpm(branch, date, arch string) (map[string] return epochOfRpm, nil } -func (impl updateInfoImpl) getPrimaryXmlOfRepoData(branch, date, arch string) (content []byte, err error) { - urlOfDir := fmt.Sprintf("%s/repo.openeuler.org/%s/%s/%s/repodata", - beego.AppConfig.String("testResult::host"), - branch, date, arch, - ) - +func (impl updateInfoImpl) getPrimaryXmlOfRepoData(urlOfDir string) (content []byte, err error) { client := utils.NewHttpClient(3) req, err := http.NewRequest(http.MethodGet, urlOfDir, nil) if err != nil { diff --git a/cve-vulner-manager/routers/new_router.go b/cve-vulner-manager/routers/new_router.go index 5bcfc06..928acbb 100644 --- a/cve-vulner-manager/routers/new_router.go +++ b/cve-vulner-manager/routers/new_router.go @@ -48,7 +48,7 @@ func initNewRouter() { latestrpmimpl.NewLatestRpm(), repositoryimpl.NewRepositoryImpl(), backendimpl.NewBackendImpl(), - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logColdPatchCveCollect), obsimpl.Instance(), majunimpl.NewMajunImpl(), logColdPatchCveCollect, @@ -62,14 +62,14 @@ func initNewRouter() { testresultimpl.NewTestResultImpl(logBulletin), backendimpl.NewBackendImpl(), logBulletin, - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logBulletin), ) hotPatchService := app.NewRefactorHotPatchService( repositoryimpl.NewRepositoryImpl(), bulletinimpl.NewBulletinImpl(), obsimpl.Instance(), - updateinfoimpl.NewUpdateInfoImpl(), + updateinfoimpl.NewUpdateInfoImpl(logBulletin), hotpatchimpl.NewHotPatchImpl(logHotPatchBulletin), logHotPatchBulletin, ) -- Gitee From ee24be485aecc5a23b3a1df538a2006550628fd5 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 22 Jan 2025 15:05:09 +0800 Subject: [PATCH 2/7] add issue status to all issue api --- cve-vulner-manager/controllers/cve.go | 2 ++ cve-vulner-manager/models/cve.go | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/cve-vulner-manager/controllers/cve.go b/cve-vulner-manager/controllers/cve.go index 4fdea4a..38e8d70 100644 --- a/cve-vulner-manager/controllers/cve.go +++ b/cve-vulner-manager/controllers/cve.go @@ -121,6 +121,7 @@ type CveAllIssueController struct { } type CveAllIssueoData struct { + Status int8 `json:"status"` IssueNum string `json:"issue_id"` CveNum string `json:"CVE_num"` OpeneulerScore float64 `json:"openeuler_score"` @@ -196,6 +197,7 @@ func (u *CveAllIssueController) Get() { } cid[i] = CveAllIssueoData{ + Status: issues.Status, CveNum: issues.CveNum, IssueNum: issues.IssueNum, Version: issues.OwnedVersion, diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 1bee1d7..3763a6b 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1228,6 +1228,7 @@ func QueryCveAllIssueCount(communityFlag int, startTime string) (count int64) { } type CveAllIssueData struct { + Status int8 `orm:"column(status)"` IssueNum string `orm:"column(issue_num)"` CveNum string `orm:"column(cve_num)"` OpeneulerScore float64 `orm:"column(openeuler_score)"` @@ -1254,7 +1255,7 @@ type CveAllIssueData struct { func QueryCveAllIssueData(currentPage, pageSize, communityFlag int, startTime string) (res []CveAllIssueData, err error) { startSize := (currentPage - 1) * pageSize o := orm.NewOrm() - var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num, t.affected_version,t.owned_version,t.is_ignore, + var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num,t.status, t.affected_version,t.owned_version,t.is_ignore, t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time,s.sa_release_time,s.rpm_release_time,v.first_per_time, v.first_get_time,v.affect_update,o.issue_create FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s on t.template_id = s.template_id left join cve_gite_origin_issue o on t.issue_num = o.number and t.issue_id = o.issue_id -- Gitee From 67eb54ac6ff6a247a7f59ce9d57633eeda85dcbe Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 22 Jan 2025 16:05:05 +0800 Subject: [PATCH 3/7] fix hotpatch early updateinfo --- cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go index f2512f9..d9db592 100644 --- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go +++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go @@ -69,6 +69,9 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) erro return fmt.Errorf("parse max id failed: %w", err) } + // 热补丁有专属目录 + hotDate := "hotpatch_" + date + for _, issue := range issues { isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component) if err1 != nil { @@ -128,7 +131,7 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) erro cvesForUpdateInfo = append(cvesForUpdateInfo, b.Cves...) - service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, date, hotPatchEarlyUpdateInfoDir) + service.UploadUpdateInfoFile(h.obs, h.updateInfo, h.log, &b, hotDate, hotPatchEarlyUpdateInfoDir) } } -- Gitee From 1ca5f96e41069819088bfa12407a5817af46c52e Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 22 Jan 2025 17:18:34 +0800 Subject: [PATCH 4/7] fix security notice desc --- cve-vulner-manager/cve-ddd/domain/cve.go | 2 +- .../cve-ddd/infrastructure/bulletinimpl/impl.go | 13 +++---------- .../infrastructure/repositoryimpl/dto.go | 17 +++++++++++++++++ .../infrastructure/repositoryimpl/impl.go | 2 +- .../updateinfoimpl/generate_updateinfoxml.go | 14 +++----------- 5 files changed, 25 insertions(+), 23 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/domain/cve.go b/cve-vulner-manager/cve-ddd/domain/cve.go index 5a5c922..e8163b8 100644 --- a/cve-vulner-manager/cve-ddd/domain/cve.go +++ b/cve-vulner-manager/cve-ddd/domain/cve.go @@ -16,7 +16,7 @@ type CvesByVersion []Cve type Cve struct { Component string - Description string + ComponentDesc string SeverityLevel string AffectedVersion []string AffectedProduct string diff --git a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go index c1cbda5..c713a13 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go @@ -162,17 +162,10 @@ func (impl bulletinImpl) documentNotes(sb *domain.SecurityBulletin) DocumentNote var maxScore float64 for _, cve := range sb.Cves { - subDescription := strings.ReplaceAll(cve.Description, "\n\n", "\r\n\r\n") - subDescription = taskhandler.XmlSpecCharHand(subDescription) - dSplit := strings.Split(subDescription, "Security Fix(es):") - if len(dSplit) > 1 { - if !strings.Contains(description, dSplit[0]) { - description = dSplit[0] + "Security Fix(es):" + description - } - if !strings.Contains(description, dSplit[1]) { - description += dSplit[1] - } + if description == "" { + description = cve.ComponentDesc + "Security Fix(es):" } + description += fmt.Sprintf("\n\n%s(%s)", cve.CveBrief, cve.CveNum) if cve.OpeneulerScore >= maxScore { maxScore = cve.OpeneulerScore diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go index a79d506..6723258 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go @@ -1,5 +1,11 @@ package repositoryimpl +import ( + "strings" + + "cvevulner/taskhandler" +) + type CveInfo struct { CveNum string `json:"cve_num"` IssueNum string `json:"issue_num"` @@ -33,3 +39,14 @@ func (c CveInfo) GetAffectProduct() string { return c.AffectProduct } } + +func (c CveInfo) GetComponentDesc() string { + subDescription := strings.ReplaceAll(c.Description, "\n\n", "\r\n\r\n") + subDescription = taskhandler.XmlSpecCharHand(subDescription) + dSplit := strings.Split(subDescription, "Security Fix(es):") + if len(dSplit) >= 2 { + return dSplit[0] + } + + return "" +} diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go index 5aeebb3..0bbd723 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/impl.go @@ -48,7 +48,7 @@ and b.status < 4 cve := domain.Cve{ Component: v.OwnedComponent, - Description: v.Description, + ComponentDesc: v.GetComponentDesc(), SeverityLevel: v.CveLevel, AffectedVersion: strings.Split(affect, "/"), AffectedProduct: affect, diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go index 8b843bc..9908388 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/generate_updateinfoxml.go @@ -8,7 +8,6 @@ import ( "cvevulner/cve-ddd/domain" "cvevulner/cve-ddd/domain/dp" - "cvevulner/taskhandler" "cvevulner/util" ) @@ -78,17 +77,10 @@ func (impl updateInfoImpl) updateXml(sb *domain.SecurityBulletin, branch, date s for _, cve := range sb.Cves { cveNums = append(cveNums, cve.CveNum) - subDescription := strings.ReplaceAll(cve.Description, "\n\n", "\r\n\r\n") - subDescription = taskhandler.XmlSpecCharHand(subDescription) - dSplit := strings.Split(subDescription, "Security Fix(es):") - if len(dSplit) > 1 { - if !strings.Contains(description, dSplit[0]) { - description = dSplit[0] + "Security Fix(es):" + description - } - if !strings.Contains(description, dSplit[1]) { - description += dSplit[1] - } + if description == "" { + description = cve.ComponentDesc + "Security Fix(es):" } + description += fmt.Sprintf("\n\n%s(%s)", cve.CveBrief, cve.CveNum) // Choose the highest security level in cves, as security level in bulletin for k, v := range dp.SequenceSeverityLevel { -- Gitee From fdaab7bc3d6227a7bfef5653a24011ca4f0280b0 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 24 Jan 2025 09:47:41 +0800 Subject: [PATCH 5/7] fix whether hotpatch is published --- cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go | 5 +++-- cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go | 2 +- .../cve-ddd/infrastructure/hotpatchimpl/impl.go | 8 ++++++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go index d9db592..6bffe55 100644 --- a/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go +++ b/cve-vulner-manager/cve-ddd/app/refactor_hotpatch.go @@ -73,13 +73,14 @@ func (h *refactorHotPatchService) GenerateBulletins(uploadDir, date string) erro hotDate := "hotpatch_" + date for _, issue := range issues { - isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component) + isPublished, err1 := h.hotPatch.IsPublished(issue.CveNum[0], issue.Component, issue.Branch) if err1 != nil { - h.log.Errorf("check hotpatch is published, occurred error: %s", err1.Error()) + h.log.Errorf("check whether hotpatch %s is published, occurred error: %s", issue.HotIssueNum, err1.Error()) return err } if isPublished { + h.log.Errorf("hotpatch %s is published", issue.HotIssueNum) continue } diff --git a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go index 962f399..df8107e 100644 --- a/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go +++ b/cve-vulner-manager/cve-ddd/domain/hotpatch/hotpatch.go @@ -5,5 +5,5 @@ import "cvevulner/cve-ddd/domain" type HotPatch interface { GetIssueInfo() ([]domain.HotPatchIssue, error) MaxHotPatchID() (int, error) - IsPublished(cveId, packageName string) (bool, error) + IsPublished(cveId, packageName, branch string) (bool, error) } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go index 4689373..64f29b7 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go @@ -226,7 +226,11 @@ type cveProductPackage struct { CreateTime time.Time `json:"createTime"` } -func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) { +func (p cveProductPackage) IsHotPatch() bool { + return strings.Contains(p.SecurityNoticeNo, domain.BulletinTypeHotPatch) +} + +func (impl hotPatchImpl) IsPublished(cveId, packageName, branch string) (bool, error) { cli := utils.NewHttpClient(defaultClientTimeout) url := fmt.Sprintf("%s/cve-security-notice-server/cvedatabase/getCVEProductPackageList?cveId=%s&packageName=%s", @@ -254,7 +258,7 @@ func (impl hotPatchImpl) IsPublished(cveId, packageName string) (bool, error) { } for _, v := range res.Result { - if strings.Contains(v.SecurityNoticeNo, domain.BulletinTypeHotPatch) { + if v.IsHotPatch() && v.ProductName == branch { return true, nil } } -- Gitee From 6e897000e2aa988237dda58caa913d5369f859c3 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 24 Jan 2025 21:15:36 +0800 Subject: [PATCH 6/7] fix xml escape --- cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go index c713a13..e1efaa0 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/bulletinimpl/impl.go @@ -205,7 +205,7 @@ func (impl bulletinImpl) documentNotes(sb *domain.SecurityBulletin) DocumentNote Type: "General", Ordinal: "3", XmlLang: lang, - Note: strings.Trim(description, "\r\n\r\n"), + Note: taskhandler.XmlSpecCharHand(strings.Trim(description, "\r\n\r\n")), }, { Title: "Topic", -- Gitee From c549d0bb48d8bfd7c7005ab43cfc423265922a41 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 5 Feb 2025 15:51:21 +0800 Subject: [PATCH 7/7] fix ci --- .../cve-ddd/infrastructure/repositoryimpl/dto.go | 4 +++- .../cve-ddd/infrastructure/updateinfoimpl/impl.go | 1 + cve-vulner-manager/models/cve.go | 7 ++++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go index 6723258..cb63bf2 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/dto.go @@ -40,11 +40,13 @@ func (c CveInfo) GetAffectProduct() string { } } +// GetComponentDesc 获取cve正确的描述内容 func (c CveInfo) GetComponentDesc() string { + const splitLen = 2 subDescription := strings.ReplaceAll(c.Description, "\n\n", "\r\n\r\n") subDescription = taskhandler.XmlSpecCharHand(subDescription) dSplit := strings.Split(subDescription, "Security Fix(es):") - if len(dSplit) >= 2 { + if len(dSplit) >= splitLen { return dSplit[0] } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go index a4db527..ac06eba 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/impl.go @@ -10,6 +10,7 @@ import ( "cvevulner/cve-ddd/domain" ) +// NewUpdateInfoImpl creates a new instance of updateInfoImpl with the provided logger. func NewUpdateInfoImpl(log *logrus.Entry) *updateInfoImpl { return &updateInfoImpl{ log: log, diff --git a/cve-vulner-manager/models/cve.go b/cve-vulner-manager/models/cve.go index 3763a6b..838bc6d 100644 --- a/cve-vulner-manager/models/cve.go +++ b/cve-vulner-manager/models/cve.go @@ -1255,9 +1255,10 @@ type CveAllIssueData struct { func QueryCveAllIssueData(currentPage, pageSize, communityFlag int, startTime string) (res []CveAllIssueData, err error) { startSize := (currentPage - 1) * pageSize o := orm.NewOrm() - var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num,t.status, t.affected_version,t.owned_version,t.is_ignore, -t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time,s.sa_release_time,s.rpm_release_time,v.first_per_time, -v.first_get_time,v.affect_update,o.issue_create FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s + var sql = `SELECT t.cve_num, t.nvd_score, t.openeuler_score, t.issue_num,t.status, t.affected_version, + t.owned_version,t.is_ignore,t.owned_component,t.owner,t.repo,t.cve_level,t.create_time,v.repair_time, + s.sa_release_time,s.rpm_release_time,v.first_per_time,v.first_get_time,v.affect_update,o.issue_create +FROM cve_vuln_center v,cve_issue_template t left join cve_issue_template_association s on t.template_id = s.template_id left join cve_gite_origin_issue o on t.issue_num = o.number and t.issue_id = o.issue_id where t.status != 6 and t.cve_id = v.cve_id %s order by t.update_time desc limit ? offset ?` if len(startTime) > 2 { -- Gitee