From 5c7f99c62eee8fd5310cfad2ceb406a793f9941c Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Mon, 9 Jun 2025 09:38:35 +0800
Subject: [PATCH 1/3] add chromium to blacklist

---
 cve-vulner-manager/conf/product_app.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve-vulner-manager/conf/product_app.conf b/cve-vulner-manager/conf/product_app.conf
index ed30746..4fff6db 100644
--- a/cve-vulner-manager/conf/product_app.conf
+++ b/cve-vulner-manager/conf/product_app.conf
@@ -204,7 +204,7 @@ de_duplication_date = -100
 yaml_config_table = "cve_open_euler_repo_origin:1,cve_open_guss_yaml:2,cve_mind_spore_yaml:3,cve_open_lookeng_yaml:4"
 bot_cu_account = "openeuler-ci-bot,opengauss-bot,mindspore-ci-bot,mindspore_ci,i-robot,CVE,I-am-a-robot,openMajun_admin"
 out_of_sync_branch = "openEuler1.0-base,openEuler1.0"
-package_blacklist = "gstreamer,gstreamer-plugins-good,gstreamer-plugins-base,mozjs52,mozjs60,mozjs68,openjpeg,gamin,python2"
+package_blacklist = "gstreamer,gstreamer-plugins-good,gstreamer-plugins-base,mozjs52,mozjs60,mozjs68,openjpeg,gamin,python2,chromium"
 
 user = "${UPLOAD_USERNAME||xxx}"
 pwd = "${UPLOAD_PASSWORD||xxx}"
-- 
Gitee


From 60da27427648d023ca42415995b6da470a3ce906 Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Mon, 9 Jun 2025 16:32:44 +0800
Subject: [PATCH 2/3] optimize submit_issue_branch

---
 cve-vulner-manager/task/issuetask.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cve-vulner-manager/task/issuetask.go b/cve-vulner-manager/task/issuetask.go
index 1c94deb..1b34abc 100644
--- a/cve-vulner-manager/task/issuetask.go
+++ b/cve-vulner-manager/task/issuetask.go
@@ -119,7 +119,7 @@ func ErrorCveStatistics(errDesc string, issueValue models.VulnCenter, status int
 }
 
 func CheckCveIssueBranch(packageName, version string) bool {
-	submitIssueBranch := beego.AppConfig.String("cve::submit_issue_branch")
+	submitIssueBranch := beego.AppConfig.String("cve::affected_branchs")
 	submitIssueBranchSlice := strings.Split(submitIssueBranch, ",")
 	branchFlag := false
 	if len(version) > 0 {
-- 
Gitee


From 9525836d0ed663c8d09634561c62ccbe5b4e698f Mon Sep 17 00:00:00 2001
From: yangwei999 <348134071@qq.com>
Date: Tue, 24 Jun 2025 11:31:51 +0800
Subject: [PATCH 3/3] change data source name for qicai

---
 cve-vulner-manager/models/uploadcve.go   |  8 +++++
 cve-vulner-manager/taskhandler/common.go | 43 +++++++++++++++---------
 2 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/cve-vulner-manager/models/uploadcve.go b/cve-vulner-manager/models/uploadcve.go
index d7d2167..0769e63 100644
--- a/cve-vulner-manager/models/uploadcve.go
+++ b/cve-vulner-manager/models/uploadcve.go
@@ -948,6 +948,14 @@ func QueryCveOrigin(cveNum, typ string) bool {
 	return true
 }
 
+func QueryCveOriginByNum(cveNum string) (OriginUpstream, error) {
+	o := orm.NewOrm()
+	ou := OriginUpstream{CveNum: cveNum}
+	err := o.Read(&ou, "CveNum")
+
+	return ou, err
+}
+
 func FilterOldData(cve string) bool {
 	sql := "select * from cve_origin_upstream where cve_num = ?"
 	o := orm.NewOrm()
diff --git a/cve-vulner-manager/taskhandler/common.go b/cve-vulner-manager/taskhandler/common.go
index e8e532b..9ff89c3 100644
--- a/cve-vulner-manager/taskhandler/common.go
+++ b/cve-vulner-manager/taskhandler/common.go
@@ -1035,16 +1035,16 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 			body := ""
 			if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 {
 				body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, analysisVersion, its.SecLink)
 			} else {
 				if cve.OrganizationID == 1 {
 					body = fmt.Sprintf(bodyUpTplx, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 						genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, analysisVersion)
 				} else {
 					body = fmt.Sprintf(bodyUpTplx, cveNumber, cveRepo, cve.CveVersion, nvdType, nveScore, nveVector,
-						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 						genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion)
 				}
 			}
@@ -1056,11 +1056,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 			body := ""
 			if cve.OrganizationID == 1 {
 				body = fmt.Sprintf(bodyTplx, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion, abiVersion, analysisVersion)
 			} else {
 				body = fmt.Sprintf(bodyTplx, cveNumber, cveRepo, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion)
 			}
 			issueOption = IssueOptions{Token: accessToken, Repo: path, Title: cve.CveNum, State: StatusName, Body: body, Assignee: assignee, Labels: labels}
@@ -1072,11 +1072,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 		body := ""
 		if cve.OrganizationID == 1 {
 			body = fmt.Sprintf(bodyTplx, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-				cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+				cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 				genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion, abiVersion, analysisVersion)
 		} else {
 			body = fmt.Sprintf(bodyTplx, cveNumber, cveRepo, cve.CveVersion, nvdType, nveScore, nveVector,
-				cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+				cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 				genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion)
 		}
 
@@ -1104,16 +1104,16 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 			body := ""
 			if its.Status == 3 && len(its.SecLink) > 3 && cve.OrganizationID == 1 {
 				body = fmt.Sprintf(bodySecLinkTpl, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, analysisVersion, its.SecLink)
 			} else {
 				if cve.OrganizationID == 1 {
 					body = fmt.Sprintf(bodyUpTplx, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 						genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion, abiVersion, analysisVersion)
 				} else {
 					body = fmt.Sprintf(bodyUpTplx, cveNumber, cveRepo, cve.CveVersion, nvdType, nveScore, nveVector,
-						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+						cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 						genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, oVector, affectedVersion)
 				}
 			}
@@ -1125,11 +1125,11 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 			body := ""
 			if cve.OrganizationID == 1 {
 				body = fmt.Sprintf(bodyTplx, cveNumber, cvePkg, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion, abiVersion, analysisVersion)
 			} else {
 				body = fmt.Sprintf(bodyTplx, cveNumber, cveRepo, cve.CveVersion, nvdType, nveScore, nveVector,
-					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.DataSource),
+					cve.Description, cve.RepairTime, updateTime, cve.CveDetailUrl+"\n"+getCveDetail(cve.CveNum)+"\n", commentCmd, holeSource(cve.CveNum),
 					genPatchInfo(cve.CveNum), cveAnalysis, openEulerScore, affectedVersion)
 			}
 			issueOption = IssueOptions{Token: accessToken, Repo: path, Title: cve.CveNum, State: StatusName, Body: body, Assignee: assignee, Labels: labels}
@@ -1140,12 +1140,23 @@ func CreateIssueBody(accessToken, owner, path, assignee string,
 	return string(requestBody)
 }
 
-func holeSource(sourceCode int8) string {
-	if sourceCode == 1 {
-		return "openBrain开源漏洞感知系统"
+func holeSource(cveNum string) string {
+	const other = "其他"
+
+	ou, err := models.QueryCveOriginByNum(cveNum)
+	if err != nil {
+		logs.Error("get cve_origin_upstream error when hole source: ", err)
+		return other
 	}
 
-	return "其它"
+	switch ou.Source {
+	case models.CveOriginUpstreamSourceVtopia:
+		return "openBrain开源漏洞感知系统"
+	case models.CveOriginUpstreamSource7cai:
+		return "七彩瞬析开源风险感知平台"
+	default:
+		return other
+	}
 }
 
 func genPatchInfo(cveNum string) string {
-- 
Gitee