From b3e417ee8cf4e8cc6d922cd1fcb24fc2cdf7d546 Mon Sep 17 00:00:00 2001 From: rearcher <123781007@qq.com> Date: Tue, 3 Dec 2024 10:43:29 +0800 Subject: [PATCH] fix upload sa failed --- 0006-fix-upload-file.patch | 124 +++++++++++++++++++++++++++++++++++++ aops-apollo.spec | 6 +- 2 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 0006-fix-upload-file.patch diff --git a/0006-fix-upload-file.patch b/0006-fix-upload-file.patch new file mode 100644 index 0000000..3a90593 --- /dev/null +++ b/0006-fix-upload-file.patch @@ -0,0 +1,124 @@ +From 2dbc352d9870049fa0f9226e015e5909007355fe Mon Sep 17 00:00:00 2001 +From: rearcher <123781007@qq.com> +Date: Mon, 2 Dec 2024 19:48:20 +0800 +Subject: [PATCH] fix upload filed error, optimize the generated rollback task + information + +--- + apollo/database/proxy/task/cve_rollback.py | 4 +- + apollo/handler/cve_handler/view.py | 45 +++++++++++++++++----- + 2 files changed, 38 insertions(+), 11 deletions(-) + +diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py +index 0525602..2e761c9 100644 +--- a/apollo/database/proxy/task/cve_rollback.py ++++ b/apollo/database/proxy/task/cve_rollback.py +@@ -117,8 +117,8 @@ class CveRollbackTaskProxy(TaskProxy): + host_num = cve_fix_task_info.host_num + + if lang.startswith("en"): +- task_name = "ROLLBACK_TASK: %s" % fix_task_name +- description = "ORIGIN_TASK_DESCRIPTION: %s" % fix_task_description ++ task_name = "Rollback task: %s" % fix_task_name ++ description = "Origin task description: %s" % fix_task_description + else: + task_name = "回滚: %s" % fix_task_name + description = "原CVE修复任务描述: %s" % fix_task_description +diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py +index 200cc0d..25c5d7c 100644 +--- a/apollo/handler/cve_handler/view.py ++++ b/apollo/handler/cve_handler/view.py +@@ -20,10 +20,12 @@ import glob + import os + import shutil + import time ++import uuid + from collections import defaultdict + from typing import List, Optional + +-from flask import g ++from flask import g, request ++from werkzeug.utils import secure_filename + from vulcanus.database.helper import judge_return_code + from vulcanus.log.log import LOGGER + from vulcanus.restful.resp.state import ( +@@ -430,7 +432,36 @@ class VulGetCveTaskHost(BaseResponse): + return self.response(code=status_code, data=result) + + +-class VulUploadAdvisory(BaseResponse): ++class FileUpload: ++ @classmethod ++ def _upload_file(cls, save_path, file_key="file"): ++ """ ++ upload file to save_path ++ Args: ++ save_path (str): path the file to be saved ++ file_key (str): body key for the file ++ ++ Returns: ++ int: verify status code ++ str: file_path ++ str: file_name ++ """ ++ ++ file_name = "" ++ file = request.files.get(file_key) ++ if file is None or not file.filename: ++ return PARAM_ERROR, "", file_name ++ username = g.username ++ filename = secure_filename(file.filename) ++ file_name = str(uuid.uuid4()) + "." + filename.rsplit('.', 1)[-1] ++ if not os.path.exists(os.path.join(save_path, username)): ++ os.makedirs(os.path.join(save_path, username)) ++ file_path = os.path.join(save_path, username, file_name) ++ file.save(file_path) ++ return SUCCEED, file_path, file_name ++ ++ ++class VulUploadAdvisory(BaseResponse, FileUpload): + """ + Restful interface for importing security advisory xml (compressed files or single file) + """ +@@ -442,13 +473,11 @@ class VulUploadAdvisory(BaseResponse): + int: status code + """ + save_path = FILE_UPLOAD_PATH +- status, username, file_name = self.verify_upload_request(save_path) ++ status, file_path, file_name = self._upload_file(save_path) + + if status != SUCCEED: + return status + +- file_path = os.path.join(save_path, username, file_name) +- + suffix = file_name.split('.')[-1] + if suffix == "xml": + status_code = self._save_single_advisory(proxy, file_path) +@@ -548,7 +577,7 @@ class VulUploadAdvisory(BaseResponse): + return self.response(code=self._handle(callback)) + + +-class VulUploadUnaffected(BaseResponse): ++class VulUploadUnaffected(BaseResponse, FileUpload): + """ + Restful interface for importing unaffected cve xml (compressed files or single file) + """ +@@ -560,13 +589,11 @@ class VulUploadUnaffected(BaseResponse): + int: status code + """ + save_path = FILE_UPLOAD_PATH +- status, username, file_name = self.verify_upload_request(save_path) ++ status, file_path, file_name = self._upload_file(save_path) + + if status != SUCCEED: + return status + +- file_path = os.path.join(save_path, username, file_name) +- + suffix = file_name.split('.')[-1] + if suffix == "xml": + status_code = self._save_unaffected_cve(proxy, file_path) +-- +Gitee + diff --git a/aops-apollo.spec b/aops-apollo.spec index d75df1e..bf1c3d6 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,6 +1,6 @@ Name: aops-apollo Version: v2.0.0 -Release: 6 +Release: 7 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} @@ -10,6 +10,7 @@ Patch0002: 0002-fix-bug-with-host-count-in-cve-fix-task.patch Patch0003: 0003-fix-issue-with-language-display-in-task-generation.patch Patch0004: 0004-fix-repo-query-error-and-adjust-schema.patch Patch0005: 0005-set-uwsgi-buffer-size.patch +Patch0006: 0006-fix-upload-file.patch BuildRequires: python3-setuptools Requires: aops-vulcanus >= v2.0.0 @@ -67,6 +68,9 @@ popd %{python3_sitelib}/aops_apollo_tool/* %changelog +* Tue Dec 03 2024 luxuexian - v2.0.0-7 +- fix upload sa failed + * Tue Nov 19 2024 luxuexian - v2.0.0-6 - set-uwsgi-buffer-size to 32k -- Gitee