From e3c200369eb92b4f5aadacb44fec0506432d6dc7 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 21 May 2025 11:11:38 +0800 Subject: [PATCH 1/4] optimize collect logic --- cve-vulner-manager/cve-ddd/app/coldpatch.go | 4 ++-- .../cve-ddd/domain/repository/cve.go | 8 ++++++-- .../infrastructure/repositoryimpl/callback.go | 8 +++++++- cve-vulner-manager/go.mod | 8 ++++---- cve-vulner-manager/go.sum | 16 ++++++++-------- 5 files changed, 27 insertions(+), 17 deletions(-) diff --git a/cve-vulner-manager/cve-ddd/app/coldpatch.go b/cve-vulner-manager/cve-ddd/app/coldpatch.go index 2f246fa..b0782af 100644 --- a/cve-vulner-manager/cve-ddd/app/coldpatch.go +++ b/cve-vulner-manager/cve-ddd/app/coldpatch.go @@ -101,7 +101,7 @@ func (c *coldPatchService) CollectCveData(cmd CmdToCollectData) { } }() - _, err := c.repo.FindCollectResult("", cmd.Date) + _, err := c.repo.FindCollectResult("", cmd.Date, time.Now().Add(-time.Minute*30)) if err != nil { if err = c.generateCollectResult(cmd.Date); err != nil { c.log.Errorf("generate collect result failed: %v", err) @@ -163,7 +163,7 @@ func (c *coldPatchService) handleAllCollectData() error { } for _, callback := range callbacks { - result, err1 := c.repo.FindCollectResult(callback.Branch, callback.Date) + result, err1 := c.repo.FindCollectResult(callback.Branch, callback.Date, time.Now().Add(-time.Minute*30)) if err1 != nil { c.log.Errorf("find calback result failed: %v", err1) continue diff --git a/cve-vulner-manager/cve-ddd/domain/repository/cve.go b/cve-vulner-manager/cve-ddd/domain/repository/cve.go index fc38100..7b0f501 100644 --- a/cve-vulner-manager/cve-ddd/domain/repository/cve.go +++ b/cve-vulner-manager/cve-ddd/domain/repository/cve.go @@ -1,6 +1,10 @@ package repository -import "cvevulner/cve-ddd/domain" +import ( + "time" + + "cvevulner/cve-ddd/domain" +) type Option struct { CveNum []string @@ -18,5 +22,5 @@ type CveRepository interface { UpdateCallback(domain.Callback) error GetProcessingCallback() ([]domain.Callback, error) SaveCollectResult(r domain.CollectResult) error - FindCollectResult(branch, callbackDate string) (string, error) + FindCollectResult(branch, callbackDate string, t time.Time) (string, error) } diff --git a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/callback.go b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/callback.go index 1aa40c3..492a1fd 100644 --- a/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/callback.go +++ b/cve-vulner-manager/cve-ddd/infrastructure/repositoryimpl/callback.go @@ -1,6 +1,8 @@ package repositoryimpl import ( + "time" + "github.com/astaxie/beego/orm" "cvevulner/cve-ddd/domain" @@ -60,7 +62,7 @@ func (impl repositoryImpl) SaveCollectResult(r domain.CollectResult) error { return err } -func (impl repositoryImpl) FindCollectResult(branch, collectDate string) (string, error) { +func (impl repositoryImpl) FindCollectResult(branch, collectDate string, t time.Time) (string, error) { callbackResult := new(models.CollectResult) query := orm.NewOrm().QueryTable(callbackResult) @@ -72,6 +74,10 @@ func (impl repositoryImpl) FindCollectResult(branch, collectDate string) (string query = query.Filter(fieldCollect, collectDate) } + if !t.IsZero() { + query = query.Filter("create_time__gt", t) + } + err := query.One(callbackResult) if err != nil { return "", err diff --git a/cve-vulner-manager/go.mod b/cve-vulner-manager/go.mod index 89d7335..76cd375 100644 --- a/cve-vulner-manager/go.mod +++ b/cve-vulner-manager/go.mod @@ -15,7 +15,7 @@ require ( github.com/robfig/cron/v3 v3.0.1 github.com/sirupsen/logrus v1.9.3 github.com/xuri/excelize/v2 v2.7.1 - golang.org/x/net v0.36.0 + golang.org/x/net v0.38.0 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df gopkg.in/yaml.v2 v2.4.0 k8s.io/apimachinery v0.26.10 @@ -44,11 +44,11 @@ require ( github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 // indirect github.com/xuri/efp v0.0.0-20231025114914-d1ff6096ae53 // indirect github.com/xuri/nfp v0.0.0-20230919160717-d98342af3f05 // indirect - golang.org/x/crypto v0.35.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/image v0.18.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect - golang.org/x/sys v0.30.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/sys v0.31.0 // indirect + golang.org/x/text v0.23.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect diff --git a/cve-vulner-manager/go.sum b/cve-vulner-manager/go.sum index a4fbef6..db72914 100644 --- a/cve-vulner-manager/go.sum +++ b/cve-vulner-manager/go.sum @@ -1091,8 +1091,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= -golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1221,8 +1221,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA= -golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1368,8 +1368,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1398,8 +1398,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -- Gitee From 83f6052baf2272241bfc2997d887b89b604190ea Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 23 May 2025 09:37:27 +0800 Subject: [PATCH 2/4] ignore majun robot when new issue --- cve-vulner-manager/controllers/hook.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cve-vulner-manager/controllers/hook.go b/cve-vulner-manager/controllers/hook.go index 9f9e801..47734aa 100644 --- a/cve-vulner-manager/controllers/hook.go +++ b/cve-vulner-manager/controllers/hook.go @@ -98,6 +98,7 @@ const ( reasonX = "xxxxxx" openEulerBotName = "openeuler-ci-bot" + majunBotName = "openMajun_admin" ) var comLock sync.Mutex @@ -234,7 +235,7 @@ func (c *HookEventControllers) handleIssue() { } } if issueHook.Action == "open" { - if issueHook.User.Login == openEulerBotName { + if issueHook.User.Login == openEulerBotName || issueHook.User.Login == majunBotName { return } -- Gitee From fd2ad0d361418bd7f06930a6aed5dafc03267ba8 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Fri, 23 May 2025 10:44:55 +0800 Subject: [PATCH 3/4] add api to get patch of cve --- cve-vulner-manager/controllers/cvedetail.go | 18 ++++++++++++++++++ .../routers/commentsRouter_controllers.go | 9 +++++++++ 2 files changed, 27 insertions(+) diff --git a/cve-vulner-manager/controllers/cvedetail.go b/cve-vulner-manager/controllers/cvedetail.go index 554de52..dbd84e4 100644 --- a/cve-vulner-manager/controllers/cvedetail.go +++ b/cve-vulner-manager/controllers/cvedetail.go @@ -210,6 +210,24 @@ func (c *CveDetailController) Post() { c.successSbom(data) } +func (c *CveDetailController) Patch() { + cveNum := c.GetString("cve_num") + patches, err := models.QueryCveOriginPatchInfo(cveNum) + if err != nil { + c.failed(err) + } + + list := []string{} + for _, v := range patches { + list = append(list, v.FixPatch) + } + + var resp = make(map[string]interface{}) + resp["body"] = list + + c.success(resp) +} + func (c *CveDetailController) issueStatusName(i int8) string { //1:待分析;2:已正常关闭;3:已分析,待修复;4:已修复;5:已发布;6:已异常关闭" switch i { diff --git a/cve-vulner-manager/routers/commentsRouter_controllers.go b/cve-vulner-manager/routers/commentsRouter_controllers.go index 4801192..198f3ec 100644 --- a/cve-vulner-manager/routers/commentsRouter_controllers.go +++ b/cve-vulner-manager/routers/commentsRouter_controllers.go @@ -42,6 +42,15 @@ func initComment() { Filters: nil, Params: nil}) + beego.GlobalControllerRouter["cvevulner/controllers:CveDetailController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveDetailController"], + beego.ControllerComments{ + Method: "Patch", + Router: "/patch", + AllowHTTPMethods: []string{"get"}, + MethodParams: param.Make(), + Filters: nil, + Params: nil}) + beego.GlobalControllerRouter["cvevulner/controllers:CveErrorFeedBackController"] = append(beego.GlobalControllerRouter["cvevulner/controllers:CveErrorFeedBackController"], beego.ControllerComments{ Method: "Get", -- Gitee From 15adca6eb532f17dcef63627c29881a496724522 Mon Sep 17 00:00:00 2001 From: yangwei999 <348134071@qq.com> Date: Wed, 28 May 2025 09:28:49 +0800 Subject: [PATCH 4/4] fix ci --- cve-vulner-manager/controllers/cvedetail.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cve-vulner-manager/controllers/cvedetail.go b/cve-vulner-manager/controllers/cvedetail.go index dbd84e4..ffb5164 100644 --- a/cve-vulner-manager/controllers/cvedetail.go +++ b/cve-vulner-manager/controllers/cvedetail.go @@ -210,6 +210,7 @@ func (c *CveDetailController) Post() { c.successSbom(data) } +// Patch get patch info with cve func (c *CveDetailController) Patch() { cveNum := c.GetString("cve_num") patches, err := models.QueryCveOriginPatchInfo(cveNum) @@ -217,7 +218,7 @@ func (c *CveDetailController) Patch() { c.failed(err) } - list := []string{} + list := make([]string, len(patches)) for _, v := range patches { list = append(list, v.FixPatch) } -- Gitee