diff --git a/conf/app.conf b/conf/app.conf index 47531d5399ef0792fa6175266b8b378a91929c69..292eb6d6fdbfc2ccd41fa8203184af143f891264 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -107,6 +107,8 @@ cve_number = 2018 issue_whitelist = 2 # List of affected branches affected_branchs = openEuler-20.03-LTS +# Close the highest privilege of issue +close_issue_privilege = 1 [reflink] comment_cmd = https://gitee.com/openeuler/cve-manager/blob/master/doc/md/manual.md diff --git a/conf/product_app.conf b/conf/product_app.conf index 20e56f15af3062cc5fe8bcfe5c97a8056639db3a..10d4340383bd858ac3b35f28f61ceb215026df1c 100644 --- a/conf/product_app.conf +++ b/conf/product_app.conf @@ -103,6 +103,9 @@ cve_number = 2018 issue_whitelist = 1 # List of affected branches affected_branchs = openEuler-20.03-LTS +# Close the highest privilege of issue +close_issue_privilege = 1 + [reflink] comment_cmd = https://gitee.com/openeuler/cve-manager/blob/master/doc/md/manual.md diff --git a/controllers/hook.go b/controllers/hook.go index 40819eecab7940edd08525c7e518038e4761acdb..1aa085de9319d29578cf6853168dbf512181670b 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -163,7 +163,48 @@ func (c *HookEventControllers) handleIssue() { logs.Error(err) } } +} +func closeIssuePrivilage(issueHook *models.IssuePayload, issueTmp *models.IssueTemplate, + token, owner, fixed, unFix string, cveCenter *models.VulnCenter) bool { + closePrBool := true + if issueHook.User.Login != "" && len(issueHook.User.Login) > 1 { + if isReviewer(util.TrimString(issueHook.User.Login)) { + if msg, tb, ok := checkIssueClosedAnalysisComplete(issueTmp); !ok { + //send comment to issue + issueTmp.IssueStatus = 1 + issueTmp.MtAuditFlag = 0 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + issueTmp.StatusName = "open" + _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, + *cveCenter, *issueTmp) + if issueErr == nil { + na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" + cc := fmt.Sprintf(ContentReview, "@"+issueHook.User.Login) + tb + na + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := fmt.Sprintf("%v 仓库的CVE和安全问题的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(token, content+msg, issueHook.Issue.Assignee.Login) + } + } else { + closePrBool = false + issueTmp.StatusName = issueHook.Issue.StateName + issueTmp.SaAuditFlag = 1 + issueTmp.MtAuditFlag = 1 + issueTmp.OpAuditFlag = 1 + issueTmp.Status = 3 + if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueStatus = 2 + cveCenter.IsExport = 3 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(unFix, fixed) + } else { + issueTmp.IssueStatus = 6 + cveCenter.IsExport = 2 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + } + } + } + } + return closePrBool } func handleIssueStateChange(issueHook *models.IssuePayload) error { @@ -210,100 +251,124 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { } issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) case IssueCloseState: - issueTmp.Status = 1 - cveCenter.IsExport = 0 - maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) - assList := []string{} - if mainOk && len(maintainerList) > 0 { - for _, v := range maintainerList { - assList = append(assList, "@"+v.MemberName+" ") - } - } - assignee := "" - if len(assList) > 0 { - assignee = strings.Join(assList, ",") - } else { - assignee = "@" + issueTmp.Assignee + closePrBool := true + closeIssuePrFlag, closeOk := beego.AppConfig.Int64("cve::close_issue_privilege") + if closeOk == nil && closeIssuePrFlag == 1 { + closePrBool = closeIssuePrivilage(issueHook, &issueTmp, + token, owner, fixed, unFix, &cveCenter) } - openScoreFlag := true - if issueTmp.OpenEulerScore != issueTmp.NVDScore && - issueTmp.OpAuditFlag != 1 && issueTmp.OpenEulerScore > 0 { - //send comment to issue - openScoreFlag = false - issueTmp.IssueStatus = 1 + if closePrBool { issueTmp.Status = 1 - issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) - issueTmp.StatusName = "open" - _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, - cveCenter, issueTmp) - if issueErr == nil { - if issueTmp.OpAuditFlag == 2 { - cc := fmt.Sprintf(IssueErroFormat, assignee) - taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) - content := fmt.Sprintf(CommentPrivateOpenEuler, issueTmp.Repo, issueTmp.CveNum) - taskhandler.SendPrivateLetters(token, content, issueHook.Issue.Assignee.Login) - } else if issueTmp.OpAuditFlag == 0 { - list, revErr := models.GetSecurityReviewerList() - if revErr == nil && len(list) > 0 { - content := fmt.Sprintf(CommentPrivateReview, issueTmp.Repo, issueTmp.CveNum) - ns := make([]string, len(list)) - for k, v := range list { - ns[k] = "@" + v.NameSpace + " " - taskhandler.SendPrivateLetters(token, content, v.NameSpace) - } - if len(ns) > 0 { - cc := fmt.Sprintf(CommentReviewRemind, strings.Join(ns, ",")) - taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) - } - } else { - logs.Error(revErr) - } + cveCenter.IsExport = 0 + maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) + assList := []string{} + if mainOk && len(maintainerList) > 0 { + for _, v := range maintainerList { + assList = append(assList, "@"+v.MemberName+" ") } } - } - if openScoreFlag { - if msg, tb, ok := checkIssueClosedAnalysisComplete(&issueTmp); !ok { + assignee := "" + if len(assList) > 0 { + assignee = strings.Join(assList, ",") + } else { + assignee = "@" + issueTmp.Assignee + } + openScoreFlag := true + if issueTmp.OpenEulerScore != issueTmp.NVDScore && + issueTmp.OpAuditFlag != 1 && issueTmp.OpenEulerScore > 0 { //send comment to issue + openScoreFlag = false issueTmp.IssueStatus = 1 - issueTmp.MtAuditFlag = 0 + issueTmp.Status = 1 issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) issueTmp.StatusName = "open" _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, issueTmp) if issueErr == nil { - na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" - cc := fmt.Sprintf(ContentReview, assignee) + tb + na - taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) - content := fmt.Sprintf("%v 仓库的CVE和安全问题的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) - taskhandler.SendPrivateLetters(token, content+msg, issueHook.Issue.Assignee.Login) + if issueTmp.OpAuditFlag == 2 { + cc := fmt.Sprintf(IssueErroFormat, assignee) + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := fmt.Sprintf(CommentPrivateOpenEuler, issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(token, content, issueHook.Issue.Assignee.Login) + } else if issueTmp.OpAuditFlag == 0 { + list, revErr := models.GetSecurityReviewerList() + if revErr == nil && len(list) > 0 { + content := fmt.Sprintf(CommentPrivateReview, issueTmp.Repo, issueTmp.CveNum) + ns := make([]string, len(list)) + for k, v := range list { + ns[k] = "@" + v.NameSpace + " " + taskhandler.SendPrivateLetters(token, content, v.NameSpace) + } + if len(ns) > 0 { + cc := fmt.Sprintf(CommentReviewRemind, strings.Join(ns, ",")) + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + } + } else { + logs.Error(revErr) + } + } } - } else { - //1. change issue status - issueTmp.IssueStatus = 2 - //issueTmp.Status = 3 - cveCenter.IsExport = 3 - if issueTmp.MtAuditFlag == 0 { + } + if openScoreFlag { + if msg, tb, ok := checkIssueClosedAnalysisComplete(&issueTmp); !ok { + //send comment to issue issueTmp.IssueStatus = 1 - issueTmp.Status = 1 - cveCenter.IsExport = 0 + issueTmp.MtAuditFlag = 0 issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) issueTmp.StatusName = "open" _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, cveCenter, issueTmp) if issueErr == nil { - na := "\n**issue关闭前,请确认模板分析内容的准确性与完整性,确认无误后,请在评论区输入: /approve, 否则无法关闭当前issue.**" + na := "\n**请确认分析内容的准确性,待分析内容请填写完整,否则将无法关闭当前issue.**" cc := fmt.Sprintf(ContentReview, assignee) + tb + na taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + content := fmt.Sprintf("%v 仓库的CVE和安全问题的ISSUE,CVE编号: %v,", issueTmp.Repo, issueTmp.CveNum) + taskhandler.SendPrivateLetters(token, content+msg, issueHook.Issue.Assignee.Login) } - } - if issueTmp.MtAuditFlag == 1 && issueTmp.SaAuditFlag == 0 { - issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) - issueTmp.StatusName = "open" - issueTmp.Status = 1 - issuePrFlag := VerifyIssueAsPr(&issueTmp, cveCenter, true) - if issuePrFlag { + } else { + //1. change issue status + issueTmp.IssueStatus = 2 + //issueTmp.Status = 3 + cveCenter.IsExport = 3 + if issueTmp.MtAuditFlag == 0 { + issueTmp.IssueStatus = 1 + issueTmp.Status = 1 + cveCenter.IsExport = 0 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + issueTmp.StatusName = "open" + _, issueErr := taskhandler.UpdateIssueToGit(token, owner, issueTmp.Repo, + cveCenter, issueTmp) + if issueErr == nil { + na := "\n**issue关闭前,请确认模板分析内容的准确性与完整性,确认无误后,请在评论区输入: /approve, 否则无法关闭当前issue.**" + cc := fmt.Sprintf(ContentReview, assignee) + tb + na + taskhandler.AddCommentToIssue(cc, issueTmp.IssueNum, owner, issueTmp.Repo, token) + } + } + if issueTmp.MtAuditFlag == 1 && issueTmp.SaAuditFlag == 0 { + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + issueTmp.StatusName = "open" + issueTmp.Status = 1 + issuePrFlag := VerifyIssueAsPr(&issueTmp, cveCenter, true) + if issuePrFlag { + issueTmp.StatusName = issueHook.Issue.StateName + issueTmp.SaAuditFlag = 1 + issueTmp.Status = 3 + if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { + issueTmp.IssueStatus = 2 + cveCenter.IsExport = 3 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(unFix, fixed) + } else { + issueTmp.IssueStatus = 6 + cveCenter.IsExport = 2 + issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) + } + } else { + issueTmp.IssueStatus = 1 + issueTmp.Status = 1 + cveCenter.IsExport = 0 + } + } else { issueTmp.StatusName = issueHook.Issue.StateName - issueTmp.SaAuditFlag = 1 issueTmp.Status = 3 if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { issueTmp.IssueStatus = 2 @@ -314,22 +379,6 @@ func handleIssueStateChange(issueHook *models.IssuePayload) error { cveCenter.IsExport = 2 issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) } - } else { - issueTmp.IssueStatus = 1 - issueTmp.Status = 1 - cveCenter.IsExport = 0 - } - } else { - issueTmp.StatusName = issueHook.Issue.StateName - issueTmp.Status = 3 - if isNormalCloseIssue(issueTmp.CveId, issueTmp.IssueStatus) { - issueTmp.IssueStatus = 2 - cveCenter.IsExport = 3 - issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(unFix, fixed) - } else { - issueTmp.IssueStatus = 6 - cveCenter.IsExport = 2 - issueTmp.IssueLabel = issueHook.Issue.ReplaceLabelToStr(fixed, unFix) } } } @@ -802,7 +851,7 @@ func handleIssueComment(payload models.CommentPayload) { maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) if mainOk && len(maintainerList) > 0 { for _, v := range maintainerList { - if v.MemberName == cuAccount { + if util.TrimString(v.MemberName) == cuAccount { mtAuditFlag = true break } @@ -1031,7 +1080,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m maintainerList, mainOk := models.QueryRepoAllMaintainer(issueTmp.Repo) if mainOk && len(maintainerList) > 0 { for _, v := range maintainerList { - if cuAccount == v.MemberName { + if cuAccount == util.TrimString(v.MemberName) { issueTmp.MtAuditFlag = 1 break } diff --git a/cve-py/controller/taskcontroller.py b/cve-py/controller/taskcontroller.py index 9d7dc2c6f5db43b485a4815567a516537c189aa2..0431de82af145aa86ada62a0ffa5d22f16f2aee9 100644 --- a/cve-py/controller/taskcontroller.py +++ b/cve-py/controller/taskcontroller.py @@ -16,7 +16,6 @@ Date: 10/22/2020 11:01 AM from tabletask import runtask, mappingtask, toexcel, export_excel_task, import_excel_task from gitwebtask import genegroup, yamltask from emailtask import sendingtask, issue_record_email -from downloadtask import downloadfiletask from deletetask import deletefiletask import os @@ -75,19 +74,6 @@ def gwcontroller(): print("Grab warehouse yaml data task completed") -def rundownloadtask(): - """ - download files - return None - """ - - print("Download file timing task starts") - downloadfiletask.handle_one() - downloadfiletask.handle_two() - downloadfiletask.handle_three() - print("Download file task completed") - - def rundelfiletask(): """ Delete files older than one month diff --git a/cve-py/controller/timertaskcontroller.py b/cve-py/controller/timertaskcontroller.py index e6c042f38f03e4adbfcf00d1f4bc2d8b4a075231..e18c33f0b4877f16f18a252c5f9d378a2a1b45f4 100644 --- a/cve-py/controller/timertaskcontroller.py +++ b/cve-py/controller/timertaskcontroller.py @@ -33,8 +33,6 @@ def timertask(): scheduler.add_job(taskcontroller.toexcelcontroller, 'cron', day_of_week='0-6', hour=7, minute=30) # Package name correspondence relationship timing task scheduler.add_job(taskcontroller.runmappeingtask, 'cron', day_of_week='0-6', hour=7, minute=30) - # Download files timing task - scheduler.add_job(taskcontroller.rundownloadtask, 'interval', hours=1) # Delete ,iles timed tasks that are more than one month old scheduler.add_job(taskcontroller.rundelfiletask, 'cron', day_of_week='0-6', hour=9, minute=30) # issue record email feedback diff --git a/cve-py/tabletask/import_excel_task.py b/cve-py/tabletask/import_excel_task.py index e9c1234a4de11ca3aa79a2d7f373b77eb9afe3cc..d08f6783895b33dcb38f692a6afb4f9a113befd7 100644 --- a/cve-py/tabletask/import_excel_task.py +++ b/cve-py/tabletask/import_excel_task.py @@ -18,6 +18,7 @@ import time import os import hashlib from dbConnecttion.MysqlConn import Mysql +from downloadtask import downloadfiletask def parse_excel(file_name): @@ -69,6 +70,7 @@ def import_data(): :param :return none """ + downloadfiletask.handle_three() mysql = Mysql() files = os.listdir('./import_excels') for filename in files: diff --git a/cve-py/tabletask/mappingtask.py b/cve-py/tabletask/mappingtask.py index 298133fe5b692b16a6b8f239dac1ef28c6485e90..d1b4c01be6b0e9bb2915d1cf4d59054f63429c21 100644 --- a/cve-py/tabletask/mappingtask.py +++ b/cve-py/tabletask/mappingtask.py @@ -9,7 +9,7 @@ """ Interaction between file and mysql data -Authors: xiaojianghui +Authors:xiaojianghui Date: 10/22/2020 11:01 AM """ import hashlib @@ -18,6 +18,7 @@ import os import time import shutil from dbConnecttion import MysqlConn +from downloadtask import downloadfiletask def parse_excel(filename): @@ -46,6 +47,7 @@ def to_mysql(): """ Data stored in the database """ + downloadfiletask.handle_two() files = os.listdir("./mappingexcels") if not files: print("No package name mapping table") diff --git a/cve-py/tabletask/runtask.py b/cve-py/tabletask/runtask.py index 5bacdd1107b2ed97069c6eedaffca7d320e4cb70..184dd45eb973526ce51c55e012155bc6fff83548 100644 --- a/cve-py/tabletask/runtask.py +++ b/cve-py/tabletask/runtask.py @@ -15,6 +15,7 @@ Date: 10/22/2020 11:01 AM from tabletask import exceltask, crawltask from dbConnecttion.MysqlConn import Mysql +from downloadtask import downloadfiletask import time import os import hashlib @@ -24,8 +25,9 @@ def handle_data(): """ CVSS official website data crawling data storage database """ + downloadfiletask.handle_one() path = "./newexcels" - if not os.path.isdir("./newexcels/"): + if not os.path.isdir(path): print("There is currently no excel data executable") return files = os.listdir(path)