# cve-ease **Repository Path**: wu-donger/cve-ease ## Basic Information - **Project Name**: cve-ease - **Description**: Collect and analysis CVE information published by the community, differential broadcast it to users through various channels, and provide multiple interfaces to security manufacturer to improve the capability of system security management. - **Primary Language**: Unknown - **License**: MulanPSL-2.0 - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 16 - **Created**: 2025-06-20 - **Last Updated**: 2025-06-24 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README - [cve-ease project](#cve-ease-project) - [项目介绍](#项目介绍) - [软件架构](#软件架构) - [研发规划](#研发规划) - [安装教程](#安装教程) - [直接安装](#直接安装) - [容器安装](#容器安装) - [rpm包安装](#rpm包安装) - [使用说明](#使用说明) - [帮助信息](#帮助信息) - [配置文件](#配置文件) - [cve-ease服务](#cve-ease服务) - [basic基础命令](#basic基础命令) - [config配置相关子命令](#config配置相关子命令) - [daemon服务](#daemon服务) - [motd更新通知相关子命令](#motd更新通知相关子命令) - [service相关子命令](#service相关子命令) - [info信息类别命令](#info信息类别命令) - [cve子命令](#cve子命令) - [sa子命令](#sa子命令) - [cvrf子命令](#cvrf子命令) - [rpm子命令](#rpm子命令) - [repodata子命令](#repodata子命令) - [logger子命令](#logger子命令) - [db子命令](#db子命令) - [notifier消息通知类命令](#notifier消息通知类命令) - [wecom企业微信群聊机器人](#wecom企业微信群聊机器人) - [dingding钉钉群聊机器人](#dingding钉钉群聊机器人) - [feishu飞书群聊机器人](#feishu飞书群聊机器人) - [mail163邮箱](#mail163邮箱) - [mailqq邮箱](#mailqq邮箱) - [如何参与贡献](#如何参与贡献) - [核心研发人员及联系方式](#核心研发人员及联系方式) - [交流群](#交流群) # cve-ease project ## 项目介绍 cve-ease 是一个专注于CVE信息的平台,它搜集了社区发布的各种CVE信息,并通过邮件、微信、钉钉等多种渠道及时通知用户。用户可以通过cve-ease平台查看CVE信息的详细内容,包括漏洞描述、影响范围、修复建议等,并根据自己的系统情况选择合适的修复方案。 cve-ease 平台旨在帮助用户快速了解和应对系统中存在的漏洞,提高系统安全性和稳定性。 cve-ease 是**天翼云自主创新项目**,它已经在欧拉社区开放源码,期待社区的朋友们加入项目开发,共同打造一个安全、稳定、可靠的国产操作系统生态。 开源说明: * 本仓库**严格**遵循 [木兰宽松许可证, 第2版](http://license.coscl.org.cn/MulanPSL2) * **本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备** * **本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备** * **本仓库严格 天翼云科技有限公司 开源规范,经过严格的审核和准备,提交优质开源项目,相关的文档和资料都皆以齐备** * 本仓库由公司指派专人负责,**LTS长期跟进维护**,持续孵化产出 ## 软件架构 cve-ease是一个专注于CVE信息的平台,它的架构主要由四个模块组成,分别是CVE爬虫、CVE分析器、CVE通知器和CVE前端。下面我们分别介绍这四个模块的功能和设计。 - CVE爬虫 这个模块负责从openEuler社区提供的各个CVE数据源抓取CVE信息,并将其存储到MySQL等关系型数据库中。这些关键信息主要来源于cve-manager项目。目前,cve-manager支持从以下数据源获取CVE信息:NVD、CNNVD、CNVD、RedHat、Ubuntu、Debian等。cve-ease使用Python编写了多个爬虫脚本,每个脚本对应一个数据源,可以定时或手动运行。爬虫脚本会将抓取到的原始CVE信息格式化后持久化存储,以便后续的分析和处理。 - CVE分析器 这个模块负责对CVE信息进行解析、归类、评分等操作。cve-ease使用Python编写了一个分析器脚本,它会定期从关系型数据库中读取原始CVE信息,并进行以下操作:解析CVE信息的基本属性(如编号、标题、描述等)、归类CVE信息的影响范围(如操作系统、软件包等)、评分CVE信息的危害程度(如CVSS评分等)、匹配CVE信息的修复建议(如补丁链接等)。分析器脚本会将处理后的结构化CVE信息以SQL格式持久化到数据库中,以便后续的查询和展示。 - CVE通知器 这个模块负责根据用户的订阅配置,通过邮件、微信、钉钉等方式发送CVE通知给用户。cve-ease使用Python编写了一个通知器脚本,它会定期从MySQL数据库中读取结构化CVE信息,并进行以下操作:过滤出用户关注的影响范围(如操作系统、软件包等)、生成适合不同渠道的通知内容(如文本、图片等)、调用不同渠道的API发送通知给用户(如SMTP协议发送邮件、HTTP协议发送微信或钉钉消息等)。通知器脚本会记录发送结果和反馈情况,并更新MySQL数据库中的订阅状态。 - CVE前端 这个模块负责提供一个友好的cli终端命令,让用户可以查看、搜索、订阅CVE信息。 cve-ease的架构设计旨在实现高效、灵活、可扩展的CVE信息平台,为用户提供及时准确地安全漏洞情报服务。 ## 研发规划 1. repodata 适配多厂家 OSV( Operating System Software Provider ) 2. motd 登陆播报功能 3. dnf 插件扩展修复功能 4. 自动修复特定包功能 5. 增加特定包感知功能 6. ... **我们非常欢迎您对 cve-ease 研发方向的宝贵意见,如果您有任何想法或建议,请不要犹豫,尽情地与我们分享,我们将十分感激~** ## 安装教程 目前cve-ease处于快速迭代研发阶段,支持的安装方式有,直接安装,容器安装,rpm包安装 ### 直接安装 ```shell git clone https://gitee.com/openeuler/cve-ease cve-ease.git cd cve-ease.git/cve-ease make install ``` ### 容器安装 ```shell git clone https://gitee.com/openeuler/cve-ease cve-ease.git cd cve-ease.git/cve-ease make run-in-docker ``` ### rpm包安装 ```shell git clone https://gitee.com/openeuler/cve-ease cve-ease.git cd cve-ease.git/cve-ease make gensrpm cd .. rpm -ivh *.src.rpm cd ~/rpmbuild rpmbuild -ba SPECS/cve-ease.spec cd RPMS/noarch rpm -ivh *.rpm ``` ## 使用说明 ### 帮助信息 * cve-ease命令不带任何参数,则显示帮助信息 * cve-ease子命令有多个,按类别分为basic、info、notifier * help子命令用于显示不同类别命令帮助信息 ```shell # cve-ease Available commands: basic commands: config Print cve-ease config daemon Run as daemon without interactive motd Motd info manager service Service manager info commands: cve OpenEuler CVE info cvrf OpenEuler CVRF info db Database manager help List available commands logger Logger config repodata Repodata info rpm Rpm info sa OpenEuler security notice info notifier commands: dingding Notifier of dingding feishu Notifier of feishu mail163 Notifier of mail163 mailqq Notifier of mailqq wecom Notifier of wecom Try "cve-ease --help" for help about global gconfig Try "cve-ease help" to get all available commands Try "cve-ease --help" for help about the gconfig of a particular command Try "cve-ease help " to get commands under a particular category Available commands are: basic, info, notifier # cve-ease help info Available commands: info commands: cve OpenEuler CVE info cvrf OpenEuler CVRF info db Database manager help List available commands logger Logger config repodata Repodata info rpm Rpm info sa OpenEuler security notice info Try "cve-ease --help" for help about global gconfig Try "cve-ease help" to get all available commands Try "cve-ease --help" for help about the gconfig of a particular command Try "cve-ease help " to get commands under a particular category Available commands are: basic, info, notifier ``` ### 配置文件 配置文件位于 ```/etc/cve-ease/cve-ease.cfg``` ``` [main] pid_file_path = /var/log/cve-ease/cve-ease.pid lock_file_path = /var/log/cve-ease/cve-ease.lock # log configuration # debug/ error(default) / warn log_level = debug log_file_path = /var/log/cve-ease/cve-ease.log log_maxbytes = 10240 log_backup_num = 30 # sql configuration db_type = sqlite db_file_path = /usr/share/cve-ease/cve-ease.db db_user = db_password = db_host = db_port = product = openEuler-20.03-LTS-SP1 expiration_days = 14 # notifier notifier_record_num = 9 # filter focus_on = kernel,systemd,openssh,openssl [wecom] enabled = 1 # https://developer.work.weixin.qq.com/document/path/91770?version=4.0.19.6020&platform=win # https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=fe9eae1f-xxxx-4ae3-xxxx-ecf9f77abba6 update_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 status_key = 2142ef2a-d99d-417d-8c31-b550b0fcb4e3 [dingding] enabled = 1 # just for test update_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb status_key = 81907155a6cc88004e1ed6bcdd86c68d5b21565ed59d549ca031abc93d90d9cb [feishu] enabled = 1 # just for test update_key = 5575739b-f59d-48db-b737-63672b2c32ab status_key = 5575739b-f59d-48db-b737-63672b2c32ab [mail163] enabled = 0 mail_sender = xxxxxxx@163.com mail_recver = xxxxxxx@163.com mail_smtp_token = xxxxxx [mailqq] enabled = 0 mail_sender = xxxxxxx@qq.com mail_recver = xxxxxxx@qq.com mail_smtp_token = xxxxxxxx ``` ### cve-ease服务 cve-ease服务包含 cve-ease.service 和 cve-ease.timer 两个文件,基于systemd timer机制实现周期周期执行 ``` # /usr/lib/systemd/system/cve-ease.timer # CTyunOS cve-ease: MulanPSL2 # # This file is part of cve-ease. # [Unit] Description=CTyunOS cve-ease Project Documentation=https://gitee.com/openeuler/cve-ease [Timer] OnBootSec=1m OnUnitActiveSec=10m RandomizedDelaySec=10 [Install] WantedBy=timers.target ``` ``` # systemctl enable --now cve-ease.timer Created symlink /etc/systemd/system/timers.target.wants/cve-ease.timer → /usr/lib/systemd/system/cve-ease.timer. # systemctl status cve-ease.timer ● cve-ease.timer - CTyunOS cve-ease Project Loaded: loaded (/usr/lib/systemd/system/cve-ease.timer; enabled; vendor preset: disabled) Active: active (waiting) since Sat 2023-03-18 17:55:53 CST; 5s ago Trigger: Sat 2023-03-18 18:05:55 CST; 9min left Docs: https://gitee.com/openeuler/cve-ease Mar 18 17:55:53 56d941221b41 systemd[1]: Started CTyunOS cve-ease Project. # systemctl status cve-ease.service ● cve-ease.service - CTyunOS cve-ease project Loaded: loaded (/usr/lib/systemd/system/cve-ease.service; disabled; vendor preset: disabled) Active: inactive (dead) since Sat 2023-03-18 17:55:56 CST; 5s ago Docs: https://gitee.com/openeuler/cve-ease Process: 196 ExecStart=/usr/bin/cve-ease daemon (code=exited, status=0/SUCCESS) Main PID: 196 (code=exited, status=0/SUCCESS) Mar 18 17:55:53 56d941221b41 systemd[1]: Starting CTyunOS cve-ease project... Mar 18 17:55:56 56d941221b41 systemd[1]: cve-ease.service: Succeeded. Mar 18 17:55:56 56d941221b41 systemd[1]: Started CTyunOS cve-ease project. ``` ### basic基础命令 #### config配置相关子命令 ``` Usage: cve-ease config (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -r, --rawdata print raw config file content ``` ```shell cve-ease config # 显示配置文件路径及有效配置 cve-ease config -r # 显示配置文件路径及裸数据 ``` #### daemon服务 * daemon命令用户systemd service服务入口,一般不直接执行 * 该服务由对应cve-ease 的systemd timer服务定时执行 ``` # /usr/lib/systemd/system/cve-ease.service # CTyunOS cve-ease: MulanPSL2 # # This file is part of cve-ease. # [Unit] Description=CTyunOS cve-ease project Documentation=https://gitee.com/openeuler/cve-ease [Service] Type=oneshot ExecStart=/usr/bin/cve-ease daemon [Install] WantedBy=multi-user.target ``` #### motd更新通知相关子命令 * TODO 待实现 #### service相关子命令 cve-ease服务的相关控制命令 ``` Usage: cve-ease service (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -k, --kill kill cve-ease service -r, --restart restart cve-ease service -s, --status get cve-ease service status -v, --verbose show verbose output ``` ``` cve-ease service -k # 暂停cve-ease服务 cve-ease service -r # 重启cve-ease服务 cve-ease service -s # 查看cve-ease服务状态 ``` ### info信息类别命令 #### cve子命令 爬取openEuler社区CVE公告信息,地址: [openEuler 官方CVE公告](https://www.openeuler.org/zh/security/cve/) ```shell Usage: cve-ease cve (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -r, --rawdata get cve cache and print raw data without write db -m, --makecache get cve cache -l, --list list all cve info -t, --total get cve info statistics -v, --verbose show verbose output ``` ```shell cve-ease cve -m # 爬取 CVE 信息并写入数据库 cve-ease cve -l # 从数据库获取并格式化显示 CVE 信息 cve-ease cve -t # 从数据库获取并显示 CVE 统计信息 cve-ease cve -r # 爬取 CVE 信息并显示裸数据(未写入数据库) ``` #### sa子命令 爬取openEuler社区安全公告信息,地址: [openEuler 官方CVE公告](https://www.openeuler.org/zh/security/safety-bulletin/) ```shell Usage: cve-ease sa (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -r, --rawdata get sa cache and print raw data without write db -m, --makecache get sa cache -l, --list list all sa info -t, --total get sa info statistics -v, --verbose show verbose output ``` ```shell cve-ease sa -m # 爬取 SA 信息并写入数据库 cve-ease sa -l # 从数据库获取并格式化显示 SA 信息 cve-ease sa -t # 从数据库获取并显示 SA 统计信息 cve-ease sa -r # 爬取 SA 信息并显示裸数据(未写入数据库) ``` #### cvrf子命令 安全公告相关 ```shell cve-ease cvrf -m # 爬取 CVRF 信息并写入数据库 cve-ease cvrf -l # 从数据库获取并格式化显示 CVRF 信息 cve-ease cvrf -t # 从数据库获取并显示 CVRF 统计信息 ``` #### rpm子命令 ``` Usage: cve-ease rpm (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -l, --list list all rpm info -v, --verbose show verbose output ``` ``` cve-ease rpm -l # 调用rpm接口列出当前系统中已安装的rpm包信息 ``` #### repodata子命令 ``` Usage: cve-ease repodata (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -m, --makecache cache repodata to database -p PRODUCT, --product=PRODUCT specific product (work with --check) --osv=OSV specific osv rpm release -t, --total get total rpm statistics -l, --list list all rpm -c, --check check repo cve -v, --verbose show verbose output ``` ``` cve-ease repodata -p ctyunos2 -m # 选定ctyunos2作为OSV版本,缓存ctyunos2的源数据,写入数据库 cve-ease repodata --osv ctyunos2 -p openEuler-22.03-LTS -c # ctyunos2的源于openEuler源做比对 cve-ease repodata -l # 列出数据库中包含的包信息 cve-ease repodata -t # 获取数据库中源包的统计信息 ``` #### logger子命令 ``` Usage: cve-ease logger (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -l, --list list all logger info -t, --total get logger statistics -v, --verbose show verbose output ``` #### db子命令 ``` Usage: cve-ease db (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -p, --purge purge db and recreate it (Danger Operation) -s, --stats get database statistics -v, --verbose show verbose output ``` ### notifier消息通知类命令 #### wecom企业微信群聊机器人 ```shell Usage: cve-ease wecom (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -t, --test run test -v, --verbose show verbose output -c CONTENT, --content=CONTENT show verbose output ``` ``` cve-ease wecom -t # 发送测试消息到企业微信群 cve-ease wecom -t -c 'helloworld' # 发送自定义测试消息到企业微信群 ``` #### dingding钉钉群聊机器人 ```shell Usage: cve-ease dingding (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -t, --test run test -v, --verbose show verbose output -c CONTENT, --content=CONTENT show verbose output ``` ``` cve-ease dingding -t # 发送测试消息到钉钉群 cve-ease dingding -t -c 'helloworld' # 发送自定义测试消息到钉钉群 ``` #### feishu飞书群聊机器人 ```shell Usage: cve-ease feishu (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -t, --test run test -v, --verbose show verbose output -c CONTENT, --content=CONTENT show verbose output ``` ``` cve-ease feishu -t # 发送测试消息到飞书群 cve-ease feishu -t -c 'helloworld' # 发送自定义测试消息到飞书群 ``` #### mail163邮箱 ```shell Usage: cve-ease mail163 (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -t, --test run test -v, --verbose show verbose output -c CONTENT, --content=CONTENT show verbose output ``` ``` cve-ease mail163 -t # 发送测试消息到163邮箱 cve-ease mail163 -t -c 'helloworld' # 发送自定义测试消息到163邮箱 ``` #### mailqq邮箱 ```shell Usage: cve-ease mailqq (Specify the --help global option for a list of other help options) Options: -h, --help show this help message and exit -t, --test run test -v, --verbose show verbose output -c CONTENT, --content=CONTENT show verbose output ``` ``` cve-ease mailqq -t # 发送测试消息到QQ邮箱 cve-ease mailqq -t -c 'helloworld' # 发送自定义测试消息到QQ邮箱 ``` ## 如何参与贡献 1. Fork 本仓库 2. 当前快速迭代期间,仅 master 分支,因此您只需在 master 做变更后提交 3. 创建 pr ,描述清楚 pr 的具体功能、作用,并提供相关测试用例 4. 通知仓库 maintainer 审核 pr ## 核心研发人员及联系方式 * 游益锋 - [Gitee私信](https://gitee.com/youyifeng) * 吴开顺 - [Gitee私信](https://gitee.com/wuzimo) ## 交流群 ![微信交流群](https://cdnjson.com/images/2023/07/18/Snipaste_2023-07-18_14-58-52.png)