diff --git a/conf/app.conf b/conf/app.conf index 7a455dab6b77a5342345b2dd98b6b80ca029ed38..b4cd750855d7c1cbb2dec3fa7dfab98233ea93e4 100644 --- a/conf/app.conf +++ b/conf/app.conf @@ -47,12 +47,12 @@ maxsize=204800 [crontab] ymalflag = 2 getymal = 0 0 1 * * 1 -cveflag = 2 -getcve = 0 13 19 * * * +cveflag = 1 +getcve = 0 17 11 * * * oricveflag = 2 oricvecheck = 0 16 19 * * * -getissueflag = 2 -getissue = 0 22 19 * * * +getissueflag = 1 +getissue = 0 14 11 * * * issueflag = 2 createissue = 0 35 10 * * * test = 0/10 * * * * * @@ -77,8 +77,8 @@ prochook = 0 34 17 * * * #email = 1499273991@qq.com #redirect_uri = http://119.8.126.102:80/v1/issue/oauth/callback # -------jianjun gitee 配置 -------- -#owner = src-openeuler -owner = cve-test +owner = src-openeuler +#owner = cve-test path = jasper email = 7844966+zhangjianjun_code@user.noreply.gitee.com redirect_uri = http://159.138.2.2:80/v1/issue/oauth/callback diff --git a/controllers/hook.go b/controllers/hook.go index 42e6a0b16d164863d1824e0d55eb57e0ea7bc92a..ea63bfd56153e507009805f6ec86968bad20715d 100644 --- a/controllers/hook.go +++ b/controllers/hook.go @@ -1121,7 +1121,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m switch k { case "cve_analysis": if v != "" && len(v) > 1 { - issueTmp.CveAnalysis = v + issueTmp.CveAnalysis = common.DeletePreAndSufSpace(v) cols = append(cols, k) } case "principle_analysis": @@ -1139,7 +1139,7 @@ func analysisComment(issueNum string, cuAccount string, cBody string, payload *m } case "openeuler_vector": if v != "" && len(v) > 1 { - issueTmp.OpenEulerVector = v + issueTmp.OpenEulerVector = common.DeletePreAndSufSpace(v) cols = append(cols, k) } case "affected_version": diff --git a/cve-py/main.py b/cve-py/main.py index f988f87b7beae364ba70a7f312d389af54cf89b5..9c2213bc27db7292fef5cb4fd8d9955c58b80194 100644 --- a/cve-py/main.py +++ b/cve-py/main.py @@ -17,6 +17,7 @@ Date: 10/22/2020 11:01 AM """ from controller import timertaskcontroller + if __name__ == '__main__': print("The program starts, waiting for the timing task to execute") timertaskcontroller.timertask() diff --git a/cve-py/newexcels/12-11CVE.xlsx b/cve-py/newexcels/12-11CVE.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..ee94f80f868cbb7e95966af7bef0c05dffe9153f Binary files /dev/null and b/cve-py/newexcels/12-11CVE.xlsx differ diff --git a/cve-py/newexcels/CVE-LTS-20.03-SP1-12-9.xlsx b/cve-py/newexcels/CVE-LTS-20.03-SP1-12-9.xlsx deleted file mode 100644 index f91c4bbabdebee3f8bea54092b33c002a2343c61..0000000000000000000000000000000000000000 Binary files a/cve-py/newexcels/CVE-LTS-20.03-SP1-12-9.xlsx and /dev/null differ diff --git a/cve-py/tabletask/spec_error_task.py b/cve-py/tabletask/spec_error_task.py index eef4b6d075c06f8c74772e498cfba02f0caa2a8d..398100b078a3a7959fdfcb54072af97a5c848009 100644 --- a/cve-py/tabletask/spec_error_task.py +++ b/cve-py/tabletask/spec_error_task.py @@ -17,6 +17,7 @@ import xlrd import time import urllib.parse from sqlalchemy import Column, String, create_engine, Integer, Boolean +from sqlalchemy.exc import IntegrityError from sqlalchemy.orm import sessionmaker from sqlalchemy.ext.declarative import declarative_base from downloadtask import downloadfiletask @@ -26,6 +27,9 @@ Base = declarative_base() class Details(Base): + """ + sqlalchemy orm + """ __tablename__ = 'cve_spec_error' id = Column(Integer, primary_key=True) cve_num = Column(String) @@ -58,6 +62,7 @@ def parse_error_excels(file_name): cve_desc_list = [] cve_owner_list = [] pack_name_list = [] + list_all = [] try: data = xlrd.open_workbook('./spec_error_excels/' + file_name) table_one = data.sheet_by_name("Sheet1") @@ -67,11 +72,12 @@ def parse_error_excels(file_name): cve_desc_list.append(table_one.cell(i, 4).value) cve_owner_list.append(table_one.cell(i, 2).value) pack_name_list.append(table_one.cell(i, 3).value) + list_all = [cve_num_list, cve_desc_list, cve_owner_list, pack_name_list] except IndexError as e: print("Subscript out of bounds", e) except xlrd.XLRDError as e: print("Form not found:Sheet1", e) - return cve_num_list, cve_desc_list, cve_owner_list, pack_name_list + return list_all def add_error_details(): @@ -96,7 +102,7 @@ def add_error_details(): session = db_session() try: session.bulk_save_objects(objects) - except Exception: + except IntegrityError: session.rollback() session.commit() session.close() diff --git a/cve-py/tabletask/toexcel.py b/cve-py/tabletask/toexcel.py index 0126466d5287eba9fce6220bf2d29ee52b27dfa3..89ebcf19db4cc75838c078bf1ae98e179444ba56 100644 --- a/cve-py/tabletask/toexcel.py +++ b/cve-py/tabletask/toexcel.py @@ -43,7 +43,7 @@ class MysqlToExcel(object): :return results: list """ mysql = Mysql() - sql = "select * from cve_origin_excel where cve_status = 3 or cve_status=4 and is_import = 1" + sql = "select * from cve_origin_excel where cve_status = 3 or cve_status=4 and is_export = 1" results = mysql.getMany(sql) print(results) mysql.dispose() diff --git a/models/giteeissue.go b/models/giteeissue.go index bc5b0eea2668357484638e39c793d659560a8c86..28800981ab4acc718bc57248f054c09db6157a45 100644 --- a/models/giteeissue.go +++ b/models/giteeissue.go @@ -264,7 +264,6 @@ func parseNewTplToLoopHole(lp *Loophole, body string) { val := sm[0][1] lp.Number = util.GetCveNumber(util.TrimString(val)) } - sm = util.RegexpCveComponents.FindAllStringSubmatch(body, -1) if len(sm) > 0 && len(sm[0]) > 1 { for _, v := range sm[0][1:] { diff --git a/models/issue.go b/models/issue.go index 4f925f8a35c18071ea352d49fb08c17a4fcefea6..666eabe94f8f44942dd9b17cb0496f886ede53d1 100644 --- a/models/issue.go +++ b/models/issue.go @@ -303,7 +303,6 @@ func CreateIssueTemplate(it *IssueTemplate) (issTempId int64, err error) { } return issTempId, nil } else { - it.TemplateId = it.TemplateId if num, err := o.Update(it); err == nil { logs.Info("update cve_issue_template success, num: ", num, "cveNum: ", it.CveNum) } else { diff --git a/task/inittask.go b/task/inittask.go index b292e22d8eb3156f5d1e7e3df6a91725286fd15c..415631502d9c309b22b879c453dd50fdf403f41e 100644 --- a/task/inittask.go +++ b/task/inittask.go @@ -50,6 +50,7 @@ func InitIssueToken(issueOath string) { func CreatTask(createIssue string) { logs.Info("执行创建issue task start") cIssueTask := toolbox.NewTask("CreateIssue", createIssue, CreateIssue) + cIssueTask.Run() toolbox.AddTask("CreateIssue", cIssueTask) logs.Info("执行创建issue task end") } diff --git a/taskhandler/cve.go b/taskhandler/cve.go index 31aa16058afc0d457d3ef023d728a254b3257027..8ea165d252d35ee63ffd1d66a17e4a09cc52384b 100644 --- a/taskhandler/cve.go +++ b/taskhandler/cve.go @@ -1019,30 +1019,54 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c sc.OvectorVule = lop.OpVector sc.Nstatus = 0 sc.Ostatus = 0 - sc.ScoreType = "v3" - vectorN := models.VectorValue{} - ok := vectorN.VctToVectorValue(lop.CvsVector) - if ok { - sc.NattackVector = vectorN.AttackVector - sc.NattackComplexity = vectorN.AttackComplexity - sc.NprivilegeRequired = vectorN.PrivilegesRequired - sc.NuserInteraction = vectorN.UserInteraction - sc.Nscope = vectorN.Scope - sc.Nconfidentiality = vectorN.Confidentiality - sc.Nintegrity = vectorN.Integrity - sc.Navailability = vectorN.Availability - } - vectorO := models.VectorValue{} - okx := vectorO.VctToVectorValue(lop.OpVector) - if okx { - sc.OattackVector = vectorO.AttackVector - sc.OattackComplexity = vectorO.AttackComplexity - sc.OprivilegeRequired = vectorO.PrivilegesRequired - sc.OuserInteraction = vectorO.UserInteraction - sc.Oscope = vectorO.Scope - sc.Oconfidentiality = vectorO.Confidentiality - sc.Ointegrity = vectorO.Integrity - sc.Oavailability = vectorO.Availability + sc.ScoreType = lop.ScoreType + if sc.ScoreType == "v3" { + vectorN := models.VectorValue{} + ok := vectorN.VctToVectorValue(lop.CvsVector) + if ok { + sc.NattackVector = vectorN.AttackVector + sc.NattackComplexity = vectorN.AttackComplexity + sc.NprivilegeRequired = vectorN.PrivilegesRequired + sc.NuserInteraction = vectorN.UserInteraction + sc.Nscope = vectorN.Scope + sc.Nconfidentiality = vectorN.Confidentiality + sc.Nintegrity = vectorN.Integrity + sc.Navailability = vectorN.Availability + } + vectorO := models.VectorValue{} + vectOk := vectorO.VctToVectorValue(lop.OpVector) + if vectOk { + sc.OattackVector = vectorO.AttackVector + sc.OattackComplexity = vectorO.AttackComplexity + sc.OprivilegeRequired = vectorO.PrivilegesRequired + sc.OuserInteraction = vectorO.UserInteraction + sc.Oscope = vectorO.Scope + sc.Oconfidentiality = vectorO.Confidentiality + sc.Ointegrity = vectorO.Integrity + sc.Oavailability = vectorO.Availability + } + } + if sc.ScoreType == "v2" { + vectorN2 := models.VectorValueV2{} + ok := vectorN2.VctToVectorValue(lop.CvsVector) + if ok { + sc.NaccessVector = vectorN2.AccessVector + sc.NaccessComplexity = vectorN2.AccessComplexity + sc.Navailability = vectorN2.Availability + sc.Nconfidentiality = vectorN2.Confidentiality + sc.Nintegrity = vectorN2.IntegrityImpact + sc.Nauthentication = vectorN2.Authentication + } + vectorO2 := models.VectorValueV2{} + vectOk := vectorO2.VctToVectorValue(lop.OpVector) + if vectOk { + sc.OaccessVector = vectorO2.AccessVector + sc.OaccessComplexity = vectorO2.AccessComplexity + sc.Oavailability = vectorO2.Availability + sc.Oconfidentiality = vectorO2.Confidentiality + sc.Ointegrity = vectorO2.IntegrityImpact + sc.Oauthentication = vectorO2.Authentication + } } var opensa models.OpenEulerSA var OpenNumData int @@ -1143,51 +1167,81 @@ func InsertIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, cveRef string, openeulernum int, cveStatus int8, goe models.GitPackageInfo, vul models.VulnCenter, owner string) (bool, error) { //var vul models.VulnCenter - vul.CveNum = cveData.CveNumber + if vul.CveNum == "" || len(vul.CveNum) < 1 { + vul.CveNum = cveData.CveNumber + } specCharList := []string{"

", "\n", "\r", "\t"} - vul.Description = RemoveSubstring(lop.BriefIntroduction, specCharList) + if vul.Description == "" || len(vul.Description) < 1 { + vul.Description = RemoveSubstring(lop.BriefIntroduction, specCharList) + } vul.Status = cveStatus - vul.CveVersion = RemoveSubstring(lop.Version, specCharList) + if vul.CveVersion == "" || len(vul.CveVersion) < 1 { + vul.CveVersion = RemoveSubstring(lop.Version, specCharList) + } vul.RepairTime = "" - vul.PackName = cveData.RepoPath - vul.CveUrl = cveRef + cveData.CveNumber + if vul.PackName == "" || len(vul.PackName) < 1 { + vul.PackName = cveData.RepoPath + } + if vul.CveUrl == "" || len(vul.CveUrl) < 1 { + vul.CveUrl = cveRef + cveData.CveNumber + } //vul.IsExport = 0 //vul.DataSource = 4 var sec models.SecurityNotice sec.CveId = vul.CveId - sec.CveNum = cveData.CveNumber - sec.InfluenceComponent = lop.Components + sec.CveNum = vul.CveNum + sec.InfluenceComponent = vul.PackName sec.Status = 0 sec.AffectStatus = "Fixed" - sec.Summary = lop.Components + " security update" - sec.Description = RemoveSubstring(goe.Decription, specCharList) + "\n\n" + "Security Fix(es):" + "\n\n" + - RemoveSubstring(lop.BriefIntroduction, specCharList) + sec.Summary = vul.PackName + " security update" + sec.Description = RemoveSubstring(goe.Decription, specCharList) + "\n\n" + "Security Fix(es):" + "\n\n" + vul.Description if sec.Description != "" && len(sec.Description) > 1 { sec.Description = deleteTailBlank(sec.Description) + "(" + vul.CveNum + ")" } else { sec.Description += "(" + vul.CveNum + ")" } - sec.ReferenceLink = cveRef + cveData.CveNumber + sec.ReferenceLink = vul.CveUrl + var issueTemps models.IssueTemplate + issueTemps.CveId = vul.CveId + models.GetIssueTemplateByColName(&issueTemps, "cve_id") opScoreLeve := "" - opScore, opError := strconv.ParseFloat(lop.OpScore, 64) - if opError != nil { - opScoreLeve = "Critical" - } else { + opScore := float64(0) + if issueTemps.OpenEulerScore > 0 { + opScore = issueTemps.OpenEulerScore opScoreLeve = openEulerScoreProc(opScore) + } else { + opScore, opError := strconv.ParseFloat(lop.OpScore, 64) + if opError != nil { + opScoreLeve = "Critical" + } else { + opScoreLeve = openEulerScoreProc(opScore) + } + } + if issueTemps.NVDVector != "" && len(issueTemps.NVDVector) > 1 { + lop.CvsVector = issueTemps.NVDVector + } + if issueTemps.OpenEulerVector != "" && len(issueTemps.OpenEulerVector) > 1 { + lop.OpVector = issueTemps.OpenEulerVector } + vul.CveLevel = opScoreLeve affectBrands := "" - if lop.InfVersion != "" && len(lop.InfVersion) > 1 { - affectBrands = AddAffectBrands(lop.InfVersion) + if issueTemps.AffectedVersion != "" && len(issueTemps.AffectedVersion) > 1 { + affectBrands = AddAffectBrands(issueTemps.AffectedVersion) } else { - affectBrands = lop.InfProduct + if lop.InfVersion != "" && len(lop.InfVersion) > 1 { + affectBrands = AddAffectBrands(lop.InfVersion) + } } - sec.Introduction = "An update for " + lop.Components + " is now available for " + affectBrands + "." + sec.Introduction = "An update for " + vul.PackName + " is now available for " + affectBrands + "." sec.Theme = sec.Introduction[:len(sec.Introduction)-1] + ".\n\n" + "openEuler Security has rated this" + " update as having a security impact of " + strings.ToLower(opScoreLeve) + ". A Common Vunlnerability" + " Scoring System(CVSS)base score,which gives a detailed severity rating," + " is available for each vulnerability from the CVElink(s) in the References section." sec.AffectProduct = affectBrands nVDScore := 0.0 + if issueTemps.NVDScore > 0 { + nVDScore = issueTemps.NVDScore + } //var err error var score models.Score score.CveId = vul.CveId @@ -1196,87 +1250,140 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c if !scOk || score.Id == 0 { vul.Status = 2 //var sc models.Score - v2, cvsError := strconv.ParseFloat(lop.CvsScore, 64) - if cvsError != nil { - vul.CveLevel = "Critical" - } else { - vul.CveLevel = openEulerScoreProc(v2) - } - score.CveNum = cveData.CveNumber + score.CveNum = vul.CveNum var nvdError error - nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil && nVDScore > 0 { - score.NVDScore = nVDScore + if issueTemps.NVDScore > 0 { + score.NVDScore = issueTemps.NVDScore + } else { + nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) + if nvdError == nil && nVDScore > 0 { + score.NVDScore = nVDScore + } } - openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil && openEulerScore > 0 { - score.OpenEulerScore = openEulerScore + if issueTemps.OpenEulerScore > 0 { + score.OpenEulerScore = issueTemps.OpenEulerScore + } else { + openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) + if openError == nil && openEulerScore > 0 { + score.OpenEulerScore = openEulerScore + } } score.NvectorVule = lop.CvsVector score.OvectorVule = lop.OpVector score.Nstatus = 0 score.Ostatus = 0 - score.ScoreType = "v3" - vectorN := models.VectorValue{} - ok := vectorN.VctToVectorValue(lop.CvsVector) - if ok { - score.NattackVector = vectorN.AttackVector - score.NattackComplexity = vectorN.AttackComplexity - score.NprivilegeRequired = vectorN.PrivilegesRequired - score.NuserInteraction = vectorN.UserInteraction - score.Nscope = vectorN.Scope - score.Nconfidentiality = vectorN.Confidentiality - score.Nintegrity = vectorN.Integrity - score.Navailability = vectorN.Availability + score.ScoreType = lop.ScoreType + if score.ScoreType == "v3" { + vectorN := models.VectorValue{} + ok := vectorN.VctToVectorValue(lop.CvsVector) + if ok { + score.NattackVector = vectorN.AttackVector + score.NattackComplexity = vectorN.AttackComplexity + score.NprivilegeRequired = vectorN.PrivilegesRequired + score.NuserInteraction = vectorN.UserInteraction + score.Nscope = vectorN.Scope + score.Nconfidentiality = vectorN.Confidentiality + score.Nintegrity = vectorN.Integrity + score.Navailability = vectorN.Availability + } + vectorO := models.VectorValue{} + vectOk := vectorO.VctToVectorValue(lop.OpVector) + if vectOk { + score.OattackVector = vectorO.AttackVector + score.OattackComplexity = vectorO.AttackComplexity + score.OprivilegeRequired = vectorO.PrivilegesRequired + score.OuserInteraction = vectorO.UserInteraction + score.Oscope = vectorO.Scope + score.Oconfidentiality = vectorO.Confidentiality + score.Ointegrity = vectorO.Integrity + score.Oavailability = vectorO.Availability + } } - vectorO := models.VectorValue{} - vectOk := vectorO.VctToVectorValue(lop.OpVector) - if vectOk { - score.OattackVector = vectorO.AttackVector - score.OattackComplexity = vectorO.AttackComplexity - score.OprivilegeRequired = vectorO.PrivilegesRequired - score.OuserInteraction = vectorO.UserInteraction - score.Oscope = vectorO.Scope - score.Oconfidentiality = vectorO.Confidentiality - score.Ointegrity = vectorO.Integrity - score.Oavailability = vectorO.Availability + if score.ScoreType == "v2" { + vectorN2 := models.VectorValueV2{} + ok := vectorN2.VctToVectorValue(lop.CvsVector) + if ok { + score.NaccessVector = vectorN2.AccessVector + score.NaccessComplexity = vectorN2.AccessComplexity + score.Navailability = vectorN2.Availability + score.Nconfidentiality = vectorN2.Confidentiality + score.Nintegrity = vectorN2.IntegrityImpact + score.Nauthentication = vectorN2.Authentication + } + vectorO2 := models.VectorValueV2{} + vectOk := vectorO2.VctToVectorValue(lop.OpVector) + if vectOk { + score.OaccessVector = vectorO2.AccessVector + score.OaccessComplexity = vectorO2.AccessComplexity + score.Oavailability = vectorO2.Availability + score.Oconfidentiality = vectorO2.Confidentiality + score.Ointegrity = vectorO2.IntegrityImpact + score.Oauthentication = vectorO2.Authentication + } } + } else { v2 := score.NVDScore vul.CveLevel = openEulerScoreProc(v2) - score.CveNum = cveData.CveNumber + score.CveNum = vul.CveNum score.Nstatus = 2 var nvdError error - nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil && nVDScore > 0 { - if score.NVDScore != nVDScore { - score.Nstatus = 3 - //vul.Status = 1 - score.NVDScore = nVDScore + if issueTemps.NVDScore > 0 { + score.NVDScore = issueTemps.NVDScore + score.Nstatus = 3 + } else { + nVDScore, nvdError = strconv.ParseFloat(lop.CvsScore, 64) + if nvdError == nil && nVDScore > 0 { + if score.NVDScore != nVDScore { + score.Nstatus = 3 + score.NVDScore = nVDScore + } } } - openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil && openEulerScore > 0 { - score.OpenEulerScore = openEulerScore + if issueTemps.OpenEulerScore > 0 { + score.OpenEulerScore = issueTemps.OpenEulerScore + score.Ostatus = 3 + } else { + openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) + if openError == nil && openEulerScore > 0 { + score.OpenEulerScore = openEulerScore + score.Ostatus = 3 + } } + score.OvectorVule = lop.OpVector - score.ScoreType = "v3" - vectorO := models.VectorValue{} - okx := vectorO.VctToVectorValue(lop.OpVector) - if okx { - score.OattackVector = vectorO.AttackVector - score.OattackComplexity = vectorO.AttackComplexity - score.OprivilegeRequired = vectorO.PrivilegesRequired - score.OuserInteraction = vectorO.UserInteraction - score.Oscope = vectorO.Scope - score.Oconfidentiality = vectorO.Confidentiality - score.Ointegrity = vectorO.Integrity - score.Oavailability = vectorO.Availability + score.NvectorVule = lop.CvsVector + score.ScoreType = lop.ScoreType + if score.ScoreType == "v3" { + vectorO := models.VectorValue{} + okx := vectorO.VctToVectorValue(lop.OpVector) + if okx { + score.OattackVector = vectorO.AttackVector + score.OattackComplexity = vectorO.AttackComplexity + score.OprivilegeRequired = vectorO.PrivilegesRequired + score.OuserInteraction = vectorO.UserInteraction + score.Oscope = vectorO.Scope + score.Oconfidentiality = vectorO.Confidentiality + score.Ointegrity = vectorO.Integrity + score.Oavailability = vectorO.Availability + } + } + if score.ScoreType == "v2" { + vectorO2 := models.VectorValueV2{} + vectOk := vectorO2.VctToVectorValue(lop.OpVector) + if vectOk { + score.OaccessVector = vectorO2.AccessVector + score.OaccessComplexity = vectorO2.AccessComplexity + score.Oavailability = vectorO2.Availability + score.Oconfidentiality = vectorO2.Confidentiality + score.Ointegrity = vectorO2.IntegrityImpact + score.Oauthentication = vectorO2.Authentication + } } } if vul.Status == 0 || vul.Status == 1 { accessToken := os.Getenv("GITEE_TOKEN") - hookError := CreateDepositHooks(accessToken, owner, cveData.RepoPath, vul, cveData.Number, cveData.IssueId) + hookError := CreateDepositHooks(accessToken, owner, vul.PackName, vul, cveData.Number, cveData.IssueId) logs.Info(hookError) } osa, osaError := models.QueryOpenSaById(vul.CveId) @@ -1332,27 +1439,31 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.CveId = vul.CveId templateErr := models.GetIssueTemplateByColName(&issueTemp, "cve_id") if templateErr == nil && issueTemp.TemplateId > 0 { - issueTemp.CveNum = cveData.CveNumber - issueTemp.OwnedComponent = lop.Components - issueTemp.OwnedVersion = RemoveSubstring(lop.Version, specCharList) + //issueTemp.CveNum = cveData.CveNumber + //issueTemp.OwnedComponent = lop.Components + //issueTemp.OwnedVersion = RemoveSubstring(lop.Version, specCharList) openEulerScore, openError := strconv.ParseFloat(lop.OpScore, 64) - if openError == nil && openEulerScore > 0 { + if openError == nil && openEulerScore > 0 && issueTemp.OpenEulerScore == 0 { issueTemp.OpenEulerScore = openEulerScore } - issueTemp.NVDVector = lop.CvsVector + if issueTemp.NVDVector == "" || len(issueTemp.NVDVector) < 1 { + issueTemp.NVDVector = lop.CvsVector + } nvdScore, nvdError := strconv.ParseFloat(lop.CvsScore, 64) - if nvdError == nil && nvdScore > 0 { + if nvdError == nil && nvdScore > 0 && issueTemp.NVDScore == 0 { issueTemp.NVDScore = nvdScore } - if lop.OpVector != "" && len(lop.OpVector) > 1 { + if lop.OpVector != "" && len(lop.OpVector) > 1 || len(issueTemp.OpenEulerVector) < 2{ issueTemp.OpenEulerVector = lop.OpVector } - issueTemp.CveBrief = RemoveSubstring(lop.BriefIntroduction, specCharList) - if lop.Influences != "" && len(lop.Influences) > 1 { + if issueTemp.CveBrief == "" || len(issueTemp.CveBrief) < 1 { + issueTemp.CveBrief = RemoveSubstring(lop.BriefIntroduction, specCharList) + } + if lop.Influences != "" && len(lop.Influences) > 1 && len(issueTemp.CveAnalysis) < 2 { issueTemp.CveAnalysis = lop.Influences } issueTemp.PrincipleAnalysis = lop.Principle - if paraAffectBrandBool(lop.InfVersion) { + if paraAffectBrandBool(lop.InfVersion) && len(issueTemp.AffectedVersion ) < 2 { issueTemp.AffectedVersion = lop.InfVersion } issueTemp.Solution = lop.AvoidScheme @@ -1405,7 +1516,7 @@ func UpdateIssueCveGroups(cveData models.GiteOriginIssue, lop models.Loophole, c issueTemp.NVDVector = lop.CvsVector issueTemp.OpenEulerVector = lop.OpVector issueTemp.CveBrief = RemoveSubstring(lop.BriefIntroduction, specCharList) - issueTemp.CveAnalysis = lop.Influences + issueTemp.CveAnalysis = RemoveSubstring(lop.Influences, specCharList) issueTemp.PrincipleAnalysis = lop.Principle issueTemp.AffectedVersion = lop.InfVersion issueTemp.Solution = lop.AvoidScheme @@ -1492,7 +1603,9 @@ func paraAffectBrandBool(affectedVersion string) bool { func GenCveVulerByIssue(cveData models.GiteOriginIssue, cveRef string, openeulernum int, owner string) (bool, error) { defer common.Catchs() + lock.Lock() hole, err := cveData.ParseToLoophole() + lock.Unlock() if err != nil { logs.Error("数据解析错误,") //models.UpdateCveStatusExportByNum(common.GetCurTime(), cveData.CveNumber, 2, 2, cveData.RepoPath)