diff --git a/0001-fix-security-advisory-parsing-error.patch b/0001-fix-security-advisory-parsing-error.patch deleted file mode 100644 index bd9121015f545f999b15e747f9927c277f4b7701..0000000000000000000000000000000000000000 --- a/0001-fix-security-advisory-parsing-error.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 25e79499a5c578579c1112bfcbdfb7137748fa84 Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Fri, 19 Jul 2024 10:28:52 +0800 -Subject: [PATCH 1/1] fix security advisory parsing error - ---- - apollo/cron/download_advisory.py | 6 ++++-- - apollo/handler/cve_handler/view.py | 16 ++++++++-------- - 2 files changed, 12 insertions(+), 10 deletions(-) - -diff --git a/apollo/cron/download_advisory.py b/apollo/cron/download_advisory.py -index 6ba2f01..5bec2a8 100644 ---- a/apollo/cron/download_advisory.py -+++ b/apollo/cron/download_advisory.py -@@ -115,14 +115,16 @@ class DownloadSATask: - file_path = os.path.join(advisory_dir, file_name) - advisory_year, advisory_serial_number = re.findall("\d+", file_name) - try: -- cve_rows, cve_pkg_rows, cve_pkg_docs, _, _ = parse_security_advisory(file_path) -+ security_cvrf_info = parse_security_advisory(file_path) -+ security_cvrf_info.sa_year = None -+ security_cvrf_info.sa_number = None - except (KeyError, ParseAdvisoryError) as error: - LOGGER.error(error) - LOGGER.error("Some error occurred when parse advisory '%s'." % file_name) - self._record_download_result(advisory_year, advisory_serial_number, False) - continue - -- save_status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs) -+ save_status_code = proxy.save_security_advisory(file_name, security_cvrf_info) - status = True if save_status_code == SUCCEED else False - self._record_download_result(advisory_year, advisory_serial_number, status) - -diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py -index 58d3bb1..200cc0d 100644 ---- a/apollo/handler/cve_handler/view.py -+++ b/apollo/handler/cve_handler/view.py -@@ -466,9 +466,9 @@ class VulUploadAdvisory(BaseResponse): - def _save_single_advisory(proxy, file_path): - file_name = os.path.basename(file_path) - try: -- cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path) -+ security_cvrf_info = parse_security_advisory(file_path) - os.remove(file_path) -- if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): -+ if not all([security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]): - return WRONG_FILE_FORMAT - except (KeyError, ParseAdvisoryError) as error: - os.remove(file_path) -@@ -476,7 +476,7 @@ class VulUploadAdvisory(BaseResponse): - LOGGER.error(error) - return WRONG_FILE_FORMAT - -- status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number) -+ status_code = proxy.save_security_advisory(file_name, security_cvrf_info) - - return status_code - -@@ -504,8 +504,10 @@ class VulUploadAdvisory(BaseResponse): - shutil.rmtree(folder_path) - return WRONG_FILE_FORMAT - try: -- cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path) -- if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): -+ security_cvrf_info = parse_security_advisory(file_path) -+ if not all( -+ [security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs] -+ ): - shutil.rmtree(folder_path) - return WRONG_FILE_FORMAT - except (KeyError, ParseAdvisoryError) as error: -@@ -519,9 +521,7 @@ class VulUploadAdvisory(BaseResponse): - LOGGER.error(error) - continue - # elasticsearch need 1 second to update doc -- status_code = proxy.save_security_advisory( -- file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number -- ) -+ status_code = proxy.save_security_advisory(file_name, security_cvrf_info) - if status_code != SUCCEED: - fail_list.append(file_name) - else: --- -2.33.0 - diff --git a/0002-fix-bug-with-host-count-in-cve-fix-task.patch b/0002-fix-bug-with-host-count-in-cve-fix-task.patch deleted file mode 100644 index 9a8b106537f8680c07514737ba0fbb6e8b12216f..0000000000000000000000000000000000000000 --- a/0002-fix-bug-with-host-count-in-cve-fix-task.patch +++ /dev/null @@ -1,26 +0,0 @@ -From a82cceada0df66cf48d646a3cd6a55556ebf9962 Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Tue, 23 Jul 2024 18:55:50 +0800 -Subject: [PATCH 1/1] fix bug with host count in cve fix task - ---- - apollo/database/proxy/task/cve_fix.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/apollo/database/proxy/task/cve_fix.py b/apollo/database/proxy/task/cve_fix.py -index fa3f2a9..1aa5546 100644 ---- a/apollo/database/proxy/task/cve_fix.py -+++ b/apollo/database/proxy/task/cve_fix.py -@@ -121,7 +121,8 @@ class CveFixTaskProxy(TaskProxy): - wait_fix_rpms = dict() - - for task_info in fix_host_rpm_info: -- wait_fix_rpms[task_info["cve_id"]] = dict(rpms=task_info.get("rpms", []), hosts=list(host_dict.keys())) -+ host_list = [host_info["host_id"] for host_info in task_info["host_info"]] -+ wait_fix_rpms[task_info["cve_id"]] = dict(rpms=task_info.get("rpms", []), hosts=host_list) - - hotpatch_fix_rpms, coldpatch_fix_rpms = self._get_cold_and_hotpatch_fix_rpm(wait_fix_rpms, data["takeover"]) - fix_tasks = [] --- -2.33.0 - diff --git a/0003-fix-issue-with-language-display-in-task-generation.patch b/0003-fix-issue-with-language-display-in-task-generation.patch deleted file mode 100644 index 20e107fa4f1581288b86808d3b183ca0cc776929..0000000000000000000000000000000000000000 --- a/0003-fix-issue-with-language-display-in-task-generation.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 7ef8931b94ce3a8801e00413b35a37691456e800 Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Wed, 28 Aug 2024 09:34:49 +0800 -Subject: [PATCH 1/1] fix issue with language display in task generation api - ---- - apollo/database/proxy/task/cve_fix.py | 18 ++++++++++++++++-- - apollo/database/proxy/task/cve_rollback.py | 20 +++++++++++++++++--- - apollo/function/schema/task.py | 6 +++--- - database/aops-apollo.sql | 2 +- - 4 files changed, 37 insertions(+), 9 deletions(-) - -diff --git a/apollo/database/proxy/task/cve_fix.py b/apollo/database/proxy/task/cve_fix.py -index 1aa5546..fc98633 100644 ---- a/apollo/database/proxy/task/cve_fix.py -+++ b/apollo/database/proxy/task/cve_fix.py -@@ -23,7 +23,7 @@ from typing import Dict, Tuple - - import sqlalchemy.orm - from elasticsearch import ElasticsearchException --from flask import g -+from flask import request - from sqlalchemy import func, case - from sqlalchemy.exc import SQLAlchemyError - from sqlalchemy.sql import or_ -@@ -462,6 +462,11 @@ class CveFixTaskProxy(TaskProxy): - } - - """ -+ lang_info = request.headers.get("Accept-Language") -+ if lang_info: -+ lang = lang_info.split(',')[0].split(';')[0] -+ else: -+ lang = "en" - task_id = str(uuid.uuid1()).replace('-', '') - task_info = copy.deepcopy(data) - task_info['task_id'] = task_id -@@ -470,8 +475,17 @@ class CveFixTaskProxy(TaskProxy): - task_info["check_items"] = ",".join(task_info["check_items"]) - task_info["host_num"] = len(wait_fix_rpms.keys()) - task_info["fix_type"] = fix_way -+ -+ prefix_map = { -+ "zh": {"hotpatch": "热补丁修复", "coldpatch": "冷补丁修复"}, -+ "en": {"hotpatch": "Livepatch Upgrade", "coldpatch": "Normal Upgrade"}, -+ } - if subtask: -- task_prefix = "冷补丁修复:" if fix_way == "coldpatch" else "热补丁修复:" -+ task_prefix = ( -+ f"{prefix_map['en'].get(fix_way,'coldpatch')}:" -+ if lang.startswith("en") -+ else f"{prefix_map['zh'].get(fix_way,'coldpatch')}:" -+ ) - task_info["description"] = task_prefix + task_info["description"] - task_info["task_name"] = task_prefix + task_info["task_name"] - task_info["takeover"] = False if fix_way == "coldpatch" else task_info["takeover"] -diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py -index e93be15..0525602 100644 ---- a/apollo/database/proxy/task/cve_rollback.py -+++ b/apollo/database/proxy/task/cve_rollback.py -@@ -14,7 +14,7 @@ from typing import Tuple, Optional - - import sqlalchemy.orm - from elasticsearch import ElasticsearchException --from flask import g -+from flask import request - from sqlalchemy import or_, func, case - from sqlalchemy.exc import SQLAlchemyError - -@@ -106,16 +106,30 @@ class CveRollbackTaskProxy(TaskProxy): - - @staticmethod - def _gen_task_row(data: dict, cve_fix_task_info: sqlalchemy.orm.Query) -> dict: -+ lang_info = request.headers.get("Accept-Language") -+ if lang_info: -+ lang = lang_info.split(',')[0].split(';')[0] -+ else: -+ lang = "en" -+ - fix_task_description = cve_fix_task_info.description - fix_task_name = cve_fix_task_info.task_name - host_num = cve_fix_task_info.host_num -+ -+ if lang.startswith("en"): -+ task_name = "ROLLBACK_TASK: %s" % fix_task_name -+ description = "ORIGIN_TASK_DESCRIPTION: %s" % fix_task_description -+ else: -+ task_name = "回滚: %s" % fix_task_name -+ description = "原CVE修复任务描述: %s" % fix_task_description -+ - task_data = { - "cluster_id": data["cluster_id"], - "task_id": data["task_id"], - "task_type": data["task_type"], - "create_time": data["create_time"], -- "task_name": "回滚: %s" % fix_task_name, -- "description": "原CVE修复任务描述: %s" % fix_task_description, -+ "task_name": task_name, -+ "description": description, - "host_num": host_num, - "username": data.get("username"), - } -diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py -index a494703..f306cea 100644 ---- a/apollo/function/schema/task.py -+++ b/apollo/function/schema/task.py -@@ -91,7 +91,7 @@ class GenerateCveTaskSchema(Schema): - """ - - task_name = fields.String(required=True, validate=lambda s: 0 < len(s) <= 20) -- description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 50) -+ description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 100) - accepted = fields.Boolean(required=True, validate=validate.OneOf([True, False])) - check_items = fields.List(fields.String(required=True, validate=lambda s: 0 < len(s) <= 32), required=False) - takeover = fields.Boolean(required=True, validate=validate.OneOf([True, False])) -@@ -178,7 +178,7 @@ class GenerateRepoTaskSchema(Schema): - """ - - task_name = fields.String(required=True, validate=lambda s: 0 < len(s) <= 20) -- description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 50) -+ description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 100) - repo_id = fields.String(required=True, validate=lambda s: 0 < len(s) <= 36) - host_list = fields.List(fields.String(required=True, validate=lambda s: 0 < len(s) <= 36), required=True) - -@@ -367,7 +367,7 @@ class HotpatchRemoveInfoSchema(Schema): - - class GenerateHotpatchRemoveTaskSchema(Schema): - task_name = fields.String(required=True, validate=lambda s: 0 < len(s) <= 20) -- description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 50) -+ description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 100) - info = fields.List(fields.Nested(HotpatchRemoveInfoSchema), required=True, validate=lambda s: len(s) > 0) - - -diff --git a/database/aops-apollo.sql b/database/aops-apollo.sql -index 4e99d7a..b78bb3a 100644 ---- a/database/aops-apollo.sql -+++ b/database/aops-apollo.sql -@@ -19,7 +19,7 @@ CREATE TABLE IF NOT EXISTS `cve` ( - CREATE TABLE IF NOT EXISTS `vul_task` ( - `task_id` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL, - `task_type` varchar(20) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL, -- `description` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL, -+ `description` varchar(150) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL, - `task_name` varchar(50) CHARACTER SET utf8mb4 COLLATE utf8mb4_bin NOT NULL, - `latest_execute_time` int(11) NULL DEFAULT NULL, - `create_time` int(11) NULL DEFAULT NULL, --- -2.33.0 - diff --git a/0004-fix-repo-query-error-and-adjust-schema.patch b/0004-fix-repo-query-error-and-adjust-schema.patch deleted file mode 100644 index d128d1c3bd2c41e36bad7db8594f2ca04b2d1778..0000000000000000000000000000000000000000 --- a/0004-fix-repo-query-error-and-adjust-schema.patch +++ /dev/null @@ -1,115 +0,0 @@ -From fde9a0d9ed3b3ad99fdde047d9b8928e97e9af2f Mon Sep 17 00:00:00 2001 -From: rabbitali -Date: Sat, 7 Sep 2024 16:52:45 +0800 -Subject: [PATCH 1/1] Fixed the error of the repo query interface; Adaptable to Copilot adjustments -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ---- - apollo/database/proxy/task/base.py | 1 + - apollo/function/schema/cve.py | 2 +- - apollo/function/schema/host.py | 4 +++- - apollo/function/schema/repo.py | 1 - - apollo/function/schema/task.py | 4 +++- - apollo/handler/repo_handler/view.py | 15 ++------------- - 6 files changed, 10 insertions(+), 17 deletions(-) - -diff --git a/apollo/database/proxy/task/base.py b/apollo/database/proxy/task/base.py -index 8d86614..3f9a0ba 100644 ---- a/apollo/database/proxy/task/base.py -+++ b/apollo/database/proxy/task/base.py -@@ -504,6 +504,7 @@ class TaskMysqlProxy(MysqlProxy): - "takeover": row.takeover, - "cluster_id": row.cluster_id, - "cluster_name": cluster_dict_info.get(row.cluster_id), -+ "task_type": row.task_type, - } - return task_info - -diff --git a/apollo/function/schema/cve.py b/apollo/function/schema/cve.py -index b5a0270..4a18916 100644 ---- a/apollo/function/schema/cve.py -+++ b/apollo/function/schema/cve.py -@@ -89,7 +89,7 @@ class CveTaskHostSchemaOfCveInfo(Schema): - """ - - cve_id = fields.String(required=True, validate=lambda s: 0 < len(s) <= 20) -- rpms = fields.List(fields.Nested(PackageInfoSchema), required=True) -+ rpms = fields.List(fields.Nested(PackageInfoSchema), required=False, missing=[]) - - - class GetCveTaskHostSchema(Schema): -diff --git a/apollo/function/schema/host.py b/apollo/function/schema/host.py -index bccdb65..684a55c 100644 ---- a/apollo/function/schema/host.py -+++ b/apollo/function/schema/host.py -@@ -37,7 +37,9 @@ class ScanHostSchema(Schema): - validators for parameter of /vulnerability/host/scan - """ - -- host_list = fields.List(fields.String(validate=lambda s: 0 < len(s) <= 36, required=True), required=True) -+ host_list = fields.List( -+ fields.String(validate=lambda s: 0 < len(s) <= 36, required=True), required=False, missing=[] -+ ) - filter = fields.Nested(ScanHostFilterSchema, required=False) - - -diff --git a/apollo/function/schema/repo.py b/apollo/function/schema/repo.py -index bdd4c3d..618470f 100644 ---- a/apollo/function/schema/repo.py -+++ b/apollo/function/schema/repo.py -@@ -34,7 +34,6 @@ class GetYumRepoSchema(Schema): - """ - - repo_id_list = fields.List(fields.String(validate=lambda s: 0 < len(s) <= 36), required=False) -- search_key = fields.String(required=False, validate=lambda s: 0 < len(s) <= 32) - - - class UpdateYumRepoSchema(Schema): -diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py -index f306cea..be116ad 100644 ---- a/apollo/function/schema/task.py -+++ b/apollo/function/schema/task.py -@@ -93,7 +93,9 @@ class GenerateCveTaskSchema(Schema): - task_name = fields.String(required=True, validate=lambda s: 0 < len(s) <= 20) - description = fields.String(required=True, validate=lambda s: 0 < len(s) <= 100) - accepted = fields.Boolean(required=True, validate=validate.OneOf([True, False])) -- check_items = fields.List(fields.String(required=True, validate=lambda s: 0 < len(s) <= 32), required=False) -+ check_items = fields.List( -+ fields.String(required=True, validate=lambda s: 0 < len(s) <= 32), required=False, missing=[] -+ ) - takeover = fields.Boolean(required=True, validate=validate.OneOf([True, False])) - info = fields.List(fields.Nested(CveInfoDictSchema), required=True, validate=lambda s: len(s) > 0) - -diff --git a/apollo/handler/repo_handler/view.py b/apollo/handler/repo_handler/view.py -index 6a06c1d..6909e24 100644 ---- a/apollo/handler/repo_handler/view.py -+++ b/apollo/handler/repo_handler/view.py -@@ -93,21 +93,10 @@ class VulGetYumRepo(BaseResponse): - Query repo info handle - """ - cluster_info_dic = cache.get_user_clusters() -- if cluster_info_dic is None: -- return DATABASE_QUERY_ERROR, [] -- -- cluster_list = [] -- if params.get("search_key"): -- for cluster_id, info in cluster_info_dic.items(): -- if params.get("search_key") in info.get("cluster_name"): -- cluster_list.append(cluster_id) -- else: -- cluster_list = list(cluster_info_dic.keys()) -- -- if not cluster_list: -+ if not cluster_info_dic: - return SUCCEED, [] - -- status_code, result = proxy.get_repo(params.get("repo_id_list", []), cluster_list) -+ status_code, result = proxy.get_repo(params.get("repo_id_list", []), list(cluster_info_dic.keys())) - if status_code != SUCCEED: - return status_code, [] - --- -2.33.0 - diff --git a/aops-apollo-v2.0.0.tar.gz b/aops-apollo-v2.1.0.tar.gz similarity index 32% rename from aops-apollo-v2.0.0.tar.gz rename to aops-apollo-v2.1.0.tar.gz index d5fae3e9be8396fffd4602f79c5614d1228d848c..6a8de8ea975898d50dfa23cda18438d823537676 100644 Binary files a/aops-apollo-v2.0.0.tar.gz and b/aops-apollo-v2.1.0.tar.gz differ diff --git a/aops-apollo.spec b/aops-apollo.spec index 5085fb4dc30fc79fd3cc9c9b4f13e24023c7e86c..365116c058816f28b5174e17a5a5af1437080792 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,18 +1,14 @@ Name: aops-apollo -Version: v2.0.0 -Release: 5 +Version: v2.1.0 +Release: 1 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz -Patch0001: 0001-fix-security-advisory-parsing-error.patch -Patch0002: 0002-fix-bug-with-host-count-in-cve-fix-task.patch -Patch0003: 0003-fix-issue-with-language-display-in-task-generation.patch -Patch0004: 0004-fix-repo-query-error-and-adjust-schema.patch BuildRequires: python3-setuptools -Requires: aops-vulcanus >= v2.0.0 -Requires: python3-gevent python3-uWSGI python3-celery aops-zeus >= v2.0.0 +Requires: aops-vulcanus >= v2.1.0 +Requires: python3-gevent python3-uWSGI python3-celery aops-zeus >= v2.1.0 Provides: aops-apollo @@ -28,7 +24,7 @@ Requires: python3-rpm smalltools for aops-apollo, e.g.updateinfo.xml generater %prep -%autosetup -n %{name}-%{version} -p1 +%autosetup -n %{name}-%{version} # build for aops-apollo @@ -66,6 +62,9 @@ popd %{python3_sitelib}/aops_apollo_tool/* %changelog +* Mon Feb 24 2025 gongzhengtang - v2.1.0-1 +- AI hybrid interactive CVE fix task + * Mon Sep 09 2024 wenxin - v2.0.0-5 - Fix issue with querying repo info api - Adjust some schema validation logic