From bcf2671583f89cb674d290f684b0d4680dd89280 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Thu, 20 Feb 2025 16:31:01 +0800 Subject: [PATCH 1/7] fix bug of reopen --- cve-vulner-manager/controllers/hook.go | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 1839089..9c3fecf 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -195,16 +195,16 @@ func (c *HookEventControllers) handleIssue() { nameSpace := util.TrimString(issueHook.Repository.NameSpace) organizationID := int8(1) organizationID = taskhandler.GetOrganizationId(nameSpace) - botCuAccountStr := beego.AppConfig.String("cve::bot_cu_account") - botCuAccountList := strings.Split(botCuAccountStr, ",") - if len(botCuAccountList) > 0 { - for _, botCu := range botCuAccountList { - if cuAccount == botCu { - logs.Error(cuAccount, ", Ignore this comment") - return - } - } - } + //botCuAccountStr := beego.AppConfig.String("cve::bot_cu_account") + //botCuAccountList := strings.Split(botCuAccountStr, ",") + //if len(botCuAccountList) > 0 { + // for _, botCu := range botCuAccountList { + // if cuAccount == botCu { + // logs.Error(cuAccount, ", Ignore this comment") + // return + // } + // } + //} hookPwd := beego.AppConfig.String("hook::hookpwd") issueHook.Password = util.TrimString(issueHook.Password) if issueHook.Password != hookPwd { -- Gitee From 66943688bbb49d827e3b1f87e61a916546175a2e Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Thu, 20 Feb 2025 17:15:26 +0800 Subject: [PATCH 2/7] fix suspend when comment --- cve-vulner-manager/controllers/hook.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 9c3fecf..7faab81 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -1465,15 +1465,15 @@ func handleIssueComment(payload models.CommentPayload) { models.UpdateIssueTemplate(&issueTmp, "Repo") path = repoPath } - if payload.Issue.StateName == "已挂起" { - logs.Error("The current issue has been suspended and will not be processed, payload: ", payload) - issueTmp.Status = 5 - issueTmp.StatusName = "suspended" - models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") - taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), - issueTmp.IssueNum, owner, path, accessToken) - return - } + //if payload.Issue.StateName == "已挂起" { + // logs.Error("The current issue has been suspended and will not be processed, payload: ", payload) + // issueTmp.Status = 5 + // issueTmp.StatusName = "suspended" + // models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") + // taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), + // issueTmp.IssueNum, owner, path, accessToken) + // return + //} if payload.Issue.StateName == "已拒绝" { logs.Error("The current issue has been rejected and will not be processed, payload: ", payload) issueTmp.Status = 4 -- Gitee From b99f73e8650c33bd46957321971a1bf520197920 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 21 Feb 2025 09:56:53 +0800 Subject: [PATCH 3/7] change gz to zst of repodata --- .../cve-ddd/infrastructure/hotpatchimpl/impl.go | 2 +- .../infrastructure/updateinfoimpl/repodata.go | 15 ++++----------- cve-vulner-manager/go.mod | 1 + cve-vulner-manager/go.sum | 2 ++ 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go index 64f29b7..28a16a9 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/hotpatchimpl/impl.go @@ -55,7 +55,7 @@ func (impl hotPatchImpl) GetIssueInfo() ([]domain.HotPatchIssue, error) { for _, v := range issues { pat, err1 := impl.toPatchIssue(v.Body) if err1 != nil { - impl.log.Errorf("issue number %s toPatchIssue error: %v", v.Number, err) + impl.log.Errorf("issue number %s toPatchIssue error: %v", v.Number, err1) continue } pat.HotIssueNum = v.Number diff --git a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go index c978b7b..0fadcc5 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/updateinfoimpl/repodata.go @@ -1,21 +1,19 @@ package updateinfoimpl import ( - "bytes" - "compress/gzip" "encoding/xml" "errors" "fmt" - "io" "net/http" "regexp" "strings" "github.com/astaxie/beego" + "github.com/klauspost/compress/zstd" "github.com/opensourceways/server-common-lib/utils" ) -var primaryRegexp = regexp.MustCompile(`title="(\w+-primary.xml.gz)"`) +var primaryRegexp = regexp.MustCompile(`title="(\w+-primary.xml.zst)"`) type PrimaryXml struct { XMLName xml.Name `xml:"metadata,omitempty"` @@ -117,11 +115,6 @@ func (impl updateInfoImpl) getPrimaryXmlOfRepoData(urlOfDir string) (content []b return } - gz, err := gzip.NewReader(bytes.NewBuffer(fileContent)) - if err != nil { - err = fmt.Errorf("read file %s failed: %s", urlOfPrimaryFile, err.Error()) - return - } - - return io.ReadAll(gz) + d, _ := zstd.NewReader(nil) + return d.DecodeAll(fileContent, content) } diff --git a/cve-vulner-manager/go.mod b/cve-vulner-manager/go.mod index 790f23c..6b0c846 100644 --- a/cve-vulner-manager/go.mod +++ b/cve-vulner-manager/go.mod @@ -29,6 +29,7 @@ require ( github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect + github.com/klauspost/compress v1.17.3 // indirect github.com/lib/pq v1.8.0 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect diff --git a/cve-vulner-manager/go.sum b/cve-vulner-manager/go.sum index 2f4d025..d138219 100644 --- a/cve-vulner-manager/go.sum +++ b/cve-vulner-manager/go.sum @@ -889,6 +889,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/compress v1.17.3 h1:qkRjuerhUU1EmXLYGkSH6EZL+vPSxIrYjLNAK4slzwA= +github.com/klauspost/compress v1.17.3/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -- Gitee From c98653549393d15ec46375c42a77e377739e655b Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Sat, 22 Feb 2025 11:25:06 +0800 Subject: [PATCH 4/7] do not reset label when comment --- cve-vulner-manager/controllers/hook.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 7faab81..cb28c2b 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -1872,11 +1872,11 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st logs.Error(webhookCommentLogTag, "SetIssueStateByReason, err: ", err, ",issueTmp: ", issueTmp.IssueNum) } - if issueTmp.IsIssueComplete() { - issueTmp.ResetLabel() - } - - updateTempAndCenter(issueTmp, v, accessToken, owner) + //if issueTmp.IsIssueComplete() { + // issueTmp.ResetLabel() + //} + // + //updateTempAndCenter(issueTmp, v, accessToken, owner) } } else { na := "\n**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**" -- Gitee From 20f9f2a6aa9618491c8125622ddfc2761ff5cc84 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Mon, 24 Feb 2025 19:39:52 +0800 Subject: [PATCH 5/7] optimize sync notice logic of issue --- cve-vulner-manager/conf/product_app.conf | 2 +- cve-vulner-manager/models/issue.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf index 801e5ae..5eb136c 100644 --- a/cve-vulner-manager/conf/product_app.conf +++ b/cve-vulner-manager/conf/product_app.conf @@ -112,7 +112,7 @@ cvecredit = 0 0 5 * * * urgenttaskflag = 1 urgenttask = 0 0 9-20 * * * seclinkflag = 1 -seclinktask = 0 0 9,12,18 * * * +seclinktask = 0 0 12 * * * checkissuedelflag = 1 checkissuedel = 0 30 3 * * 1,3,5 # Statistics of issues created in different communities diff --git a/cve-vulner-manager/models/issue.go b/cve-vulner-manager/models/issue.go index c3987ac..a921440 100644 --- a/cve-vulner-manager/models/issue.go +++ b/cve-vulner-manager/models/issue.go @@ -609,7 +609,7 @@ func QueryIssueTemplateByLink(beforeTime string, prcnum int, o := orm.NewOrm() var it []IssueTemplate num, err := o.Raw("select *"+ - " from cve_issue_template where status in (1,2,3) "+ + " from cve_issue_template where status in (1,2,3,5) "+ "and template_id > ? "+ "order by template_id asc limit ?", templateId, prcnum).QueryRows(&it) if err == nil && num > 0 { -- Gitee From 6ae7d618041beebd13c307d1a6168c5ed5726fcb Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Mon, 24 Feb 2025 19:54:24 +0800 Subject: [PATCH 6/7] optimize update laels logic --- cve-vulner-manager/controllers/hook.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index cb28c2b..ea696a0 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -1163,11 +1163,23 @@ func updateTempAndCenter(issueTmp models.IssueTemplate, cveCenter models.VulnCen AbiAffectedVersionBool(issueTmp.AbiVersion) && !strings.Contains(issueTmp.IssueLabel, labeAbiChanged) { issueTmp.IssueLabel = issueTmp.IssueLabel + "," + labeAbiChanged } - update = taskhandler.UpdateIssueLabels(token, path, issueTmp.IssueNum, owner, issueTmp.IssueLabel) - if !update { - logs.Error("update gitee issue label fail ,", issueTmp.IssueNum, issueTmp.IssueLabel) - appearErr++ + + updateLabels := true + templateInDB := models.IssueTemplate{TemplateId: issueTmp.TemplateId} + if err := models.GetIssueTemplateByColName(&templateInDB, "template_id"); err == nil { + if templateInDB.IssueLabel == issueTmp.IssueLabel { + updateLabels = false + } } + + if updateLabels { + update = taskhandler.UpdateIssueLabels(token, path, issueTmp.IssueNum, owner, issueTmp.IssueLabel) + if !update { + logs.Error("update gitee issue label fail ,", issueTmp.IssueNum, issueTmp.IssueLabel) + appearErr++ + } + } + issueTmp.CveLevel = models.OpenEulerScoreProc(issueTmp.OpenEulerScore) tpErr := models.UpdateIssueTemplate(&issueTmp, "status", "issue_status", "status_name", "issue_label", "mt_audit_flag", "sa_audit_flag", "cve_level") -- Gitee From 19f670d3fabd027e1bced3ce86ffff060e372ef9 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Tue, 25 Feb 2025 14:12:35 +0800 Subject: [PATCH 7/7] fix status bug --- cve-vulner-manager/controllers/hook.go | 40 ++++++-------------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index ea696a0..a79d7af 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -195,16 +195,6 @@ func (c *HookEventControllers) handleIssue() { nameSpace := util.TrimString(issueHook.Repository.NameSpace) organizationID := int8(1) organizationID = taskhandler.GetOrganizationId(nameSpace) - //botCuAccountStr := beego.AppConfig.String("cve::bot_cu_account") - //botCuAccountList := strings.Split(botCuAccountStr, ",") - //if len(botCuAccountList) > 0 { - // for _, botCu := range botCuAccountList { - // if cuAccount == botCu { - // logs.Error(cuAccount, ", Ignore this comment") - // return - // } - // } - //} hookPwd := beego.AppConfig.String("hook::hookpwd") issueHook.Password = util.TrimString(issueHook.Password) if issueHook.Password != hookPwd { @@ -1477,15 +1467,7 @@ func handleIssueComment(payload models.CommentPayload) { models.UpdateIssueTemplate(&issueTmp, "Repo") path = repoPath } - //if payload.Issue.StateName == "已挂起" { - // logs.Error("The current issue has been suspended and will not be processed, payload: ", payload) - // issueTmp.Status = 5 - // issueTmp.StatusName = "suspended" - // models.UpdateIssueTemplate(&issueTmp, "Status", "StatusName") - // taskhandler.AddCommentToIssue(fmt.Sprintf(CommentRejectedState, cuAccount, payload.Issue.StateName), - // issueTmp.IssueNum, owner, path, accessToken) - // return - //} + if payload.Issue.StateName == "已拒绝" { logs.Error("The current issue has been rejected and will not be processed, payload: ", payload) issueTmp.Status = 4 @@ -1883,12 +1865,6 @@ func analysisComment(owner, accessToken, path string, cuAccount string, cBody st if err = SetIssueStateByReason(&issueTmp, payload.Issue.StateName); err != nil { logs.Error(webhookCommentLogTag, "SetIssueStateByReason, err: ", err, ",issueTmp: ", issueTmp.IssueNum) } - - //if issueTmp.IsIssueComplete() { - // issueTmp.ResetLabel() - //} - // - //updateTempAndCenter(issueTmp, v, accessToken, owner) } } else { na := "\n**请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.**" @@ -2443,13 +2419,6 @@ func SetIssueStateByReason(issue *models.IssueTemplate, remoteStateName string) return err } - // issue本身的状态和计算后的状态一致,则不做任何操作 - stateNameMap := common.GetStateNameMap() - stateName, ok := stateNameMap[state] - if !ok || stateName == remoteStateName { - return nil - } - issue.StatusName = state switch state { case common.StateOpen: @@ -2464,6 +2433,13 @@ func SetIssueStateByReason(issue *models.IssueTemplate, remoteStateName string) models.UpdateIssueTemplate(issue, "Status", "StatusName") + // issue本身的状态和计算后的状态一致,则不做任何操作 + stateNameMap := common.GetStateNameMap() + stateName, ok := stateNameMap[state] + if !ok || stateName == remoteStateName { + return nil + } + stateIdMap := common.GetStateIdMap() stateId, ok := stateIdMap[state] if !ok { -- Gitee