diff --git a/0001-adapt-sqlschema-changes-and-fix-cve-summary.patch b/0001-adapt-sqlschema-changes-and-fix-cve-summary.patch new file mode 100644 index 0000000000000000000000000000000000000000..4de83f3379a91e09080292752fc227b27470ff25 --- /dev/null +++ b/0001-adapt-sqlschema-changes-and-fix-cve-summary.patch @@ -0,0 +1,206 @@ +From a3adf7913c9ba19ae8239f9613efd091b47b30c4 Mon Sep 17 00:00:00 2001 +From: rearcher <123781007@qq.com> +Date: Fri, 28 Feb 2025 17:10:15 +0800 +Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=9B=A0SQLschema=E5=8D=87?= + =?UTF-8?q?=E7=BA=A7=E5=AF=BC=E8=87=B4=E8=B0=83=E7=94=A8=E5=AD=98=E5=82=A8?= + =?UTF-8?q?=E8=BF=87=E7=A8=8B=E5=92=8Ccase=E5=BC=82=E5=B8=B8=EF=BC=8C?= + =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B0=83=E7=94=A8cve=E6=B1=87=E6=80=BB?= + =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E6=8A=A5=E9=94=99=E5=BC=82=E5=B8=B8?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + apollo/database/proxy/cve.py | 26 +++++++++---------- + apollo/database/proxy/host.py | 16 ++++++------ + apollo/database/proxy/task/cve_fix.py | 8 +++--- + apollo/database/proxy/task/cve_rollback.py | 8 +++--- + apollo/database/proxy/task/hotpatch_remove.py | 6 ++--- + 5 files changed, 30 insertions(+), 34 deletions(-) + +diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py +index affb73a..90a0267 100644 +--- a/apollo/database/proxy/cve.py ++++ b/apollo/database/proxy/cve.py +@@ -22,7 +22,7 @@ from urllib.parse import urlencode + from flask import g + + from elasticsearch import ElasticsearchException +-from sqlalchemy import and_, case, func, tuple_ ++from sqlalchemy import and_, case, func, tuple_, text + from sqlalchemy.exc import SQLAlchemyError + from vulcanus.conf.constant import HOSTS_FILTER + from vulcanus.database.helper import sort_and_page +@@ -82,8 +82,8 @@ class CveMysqlProxy(MysqlProxy): + dict + """ + result = {"Critical": 0, "High": 0, "Medium": 0, "Low": 0, "Unknown": 0} +- cve_overview = self.session.execute( +- "CALL GET_CVE_OVERVIEW_PRO(:host_list)", ++ cve_overview = self.session.execute(text( ++ "CALL GET_CVE_OVERVIEW_PRO(:host_list)"), + {"host_list": ','.join([f"'{item}'" for item in host_list]) if host_list else None}, + ).fetchall() + +@@ -539,8 +539,8 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + filters["severity"] = None + + # Call stored procedure: GET_CVE_LIST_PRO +- pro_result_set = self.session.execute( +- "CALL GET_CVE_LIST_PRO(:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:limt_size,:host_list)", ++ pro_result_set = self.session.execute(text( ++ "CALL GET_CVE_LIST_PRO(:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:limt_size,:host_list)"), + filters, + ) + cursor = pro_result_set.cursor +@@ -653,10 +653,10 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + """ + cve_info = ( + self.session.query( +- case([(Cve.cve_id == None, "")], else_=Cve.cve_id).label("cve_id"), +- case([(Cve.publish_time == None, "")], else_=Cve.publish_time).label("publish_time"), +- case([(Cve.severity == None, "")], else_=Cve.severity).label("severity"), +- case([(Cve.cvss_score == None, "")], else_=Cve.cvss_score).label("cvss_score"), ++ case((Cve.cve_id == None, ""), else_=Cve.cve_id).label("cve_id"), ++ case((Cve.publish_time == None, ""), else_=Cve.publish_time).label("publish_time"), ++ case((Cve.severity == None, ""), else_=Cve.severity).label("severity"), ++ case((Cve.cvss_score == None, ""), else_=Cve.cvss_score).label("cvss_score"), + ) + .filter(Cve.cve_id == cve_id) + .first() +@@ -1432,7 +1432,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + self.session.query( + CveHostAssociation.cve_id, + case( +- [(func.count(case([(CveHostAssociation.support_way == 'hotpatch', 1)])) > 0, True)], else_=False ++ (func.count(case((CveHostAssociation.support_way == 'hotpatch', 1))) > 0, True), else_=False + ).label('contain_hot_patch'), + ) + .filter(*filters) +@@ -1443,7 +1443,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + cve_package_subquery = ( + self.session.query( + CveAffectedPkgs.cve_id, +- func.group_concat(func.distinct(CveAffectedPkgs.package), SEPARATOR=",").label("package"), ++ func.group_concat(func.distinct(CveAffectedPkgs.package), ",").label("package"), + ) + .group_by(CveAffectedPkgs.cve_id) + .distinct() +@@ -1539,7 +1539,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + CveHostAssociation.cve_id, + CveHostAssociation.cluster_id, + case( +- [(func.count(case([(CveHostAssociation.support_way == 'hotpatch', 1)])) > 0, True)], else_=False ++ (func.count(case((CveHostAssociation.support_way == 'hotpatch', 1))) > 0, True), else_=False + ).label('hotpatch'), + ) + .join(Cve, Cve.cve_id == CveHostAssociation.cve_id) +@@ -1652,7 +1652,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy): + "offline_host_num": offline_host_num, + "cluster_cve_status": cluster_cve_status + } +- cve_id_list = list(set([cve["cve_id"] for cve in cve_host_association_query])) ++ cve_id_list = list(set([cve.cve_id for cve in cve_host_association_query])) + cve_summary = self._query_cve_severity(cve_id_list) + result = { + "cluster_summary": cluster_summary, +diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py +index 9d33467..8868541 100644 +--- a/apollo/database/proxy/host.py ++++ b/apollo/database/proxy/host.py +@@ -184,7 +184,7 @@ class HostProxy(MysqlProxy, CveEsProxy): + cve_affected_pkg_subquery = ( + self.session.query( + CveAffectedPkgs.cve_id, +- func.group_concat(func.distinct(CveAffectedPkgs.package), SEPARATOR=",").label("package"), ++ func.group_concat(func.distinct(CveAffectedPkgs.package), ",").label("package"), + ) + .group_by(CveAffectedPkgs.cve_id) + .distinct() +@@ -196,11 +196,11 @@ class HostProxy(MysqlProxy, CveEsProxy): + host_cve_query = ( + self.session.query( + CveHostAssociation.cve_id, +- case([(Cve.publish_time == None, "")], else_=Cve.publish_time).label("publish_time"), +- case([(Cve.severity == None, "")], else_=Cve.severity).label("severity"), +- case([(Cve.cvss_score == None, "")], else_=Cve.cvss_score).label("cvss_score"), ++ case((Cve.publish_time == None, ""), else_=Cve.publish_time).label("publish_time"), ++ case((Cve.severity == None, ""), else_=Cve.severity).label("severity"), ++ case((Cve.cvss_score == None, ""), else_=Cve.cvss_score).label("cvss_score"), + case( +- [(cve_affected_pkg_subquery.c.package == None, "")], else_=cve_affected_pkg_subquery.c.package ++ (cve_affected_pkg_subquery.c.package == None, ""), else_=cve_affected_pkg_subquery.c.package + ).label("package"), + ) + .select_from(CveHostAssociation) +@@ -280,9 +280,9 @@ class HostProxy(MysqlProxy, CveEsProxy): + CveHostAssociation.installed_rpm, + CveHostAssociation.available_rpm, + CveHostAssociation.support_way, +- case([(Cve.cvss_score == None, "-")], else_=Cve.cvss_score).label("cvss_score"), +- case([(Cve.severity == None, "-")], else_=Cve.severity).label("severity"), +- case([(CveAffectedPkgs.package == None, "-")], else_=CveAffectedPkgs.package).label("package"), ++ case((Cve.cvss_score == None, "-"), else_=Cve.cvss_score).label("cvss_score"), ++ case((Cve.severity == None, "-"), else_=Cve.severity).label("severity"), ++ case((CveAffectedPkgs.package == None, "-"), else_=CveAffectedPkgs.package).label("package"), + ) + .outerjoin(Cve, Cve.cve_id == CveHostAssociation.cve_id) + .outerjoin(CveAffectedPkgs, CveAffectedPkgs.cve_id == CveHostAssociation.cve_id) +diff --git a/apollo/database/proxy/task/cve_fix.py b/apollo/database/proxy/task/cve_fix.py +index fc98633..999aefd 100644 +--- a/apollo/database/proxy/task/cve_fix.py ++++ b/apollo/database/proxy/task/cve_fix.py +@@ -898,11 +898,9 @@ class CveFixTaskProxy(TaskProxy): + task_cve_fix_subquery.c.host_ip, + task_cve_fix_subquery.c.host_name, + case( +- [ +- (task_cve_fix_subquery.c.status.contains(TaskStatus.RUNNING), TaskStatus.RUNNING), +- (task_cve_fix_subquery.c.status.contains(TaskStatus.FAIL), TaskStatus.FAIL), +- (task_cve_fix_subquery.c.status.contains(TaskStatus.UNKNOWN), TaskStatus.UNKNOWN), +- ], ++ (task_cve_fix_subquery.c.status.contains(TaskStatus.RUNNING), TaskStatus.RUNNING), ++ (task_cve_fix_subquery.c.status.contains(TaskStatus.FAIL), TaskStatus.FAIL), ++ (task_cve_fix_subquery.c.status.contains(TaskStatus.UNKNOWN), TaskStatus.UNKNOWN), + else_=TaskStatus.SUCCEED, + ).label("status"), + task_cve_fix_subquery.c.cves, +diff --git a/apollo/database/proxy/task/cve_rollback.py b/apollo/database/proxy/task/cve_rollback.py +index 2e761c9..5e71c0e 100644 +--- a/apollo/database/proxy/task/cve_rollback.py ++++ b/apollo/database/proxy/task/cve_rollback.py +@@ -297,11 +297,9 @@ class CveRollbackTaskProxy(TaskProxy): + cve_rollback_task_subquery.c.host_name, + cve_rollback_task_subquery.c.host_ip, + case( +- [ +- (cve_rollback_task_subquery.c.status.contains(TaskStatus.RUNNING), TaskStatus.RUNNING), +- (cve_rollback_task_subquery.c.status.contains(TaskStatus.FAIL), TaskStatus.FAIL), +- (cve_rollback_task_subquery.c.status.contains(TaskStatus.UNKNOWN), TaskStatus.UNKNOWN), +- ], ++ (cve_rollback_task_subquery.c.status.contains(TaskStatus.RUNNING), TaskStatus.RUNNING), ++ (cve_rollback_task_subquery.c.status.contains(TaskStatus.FAIL), TaskStatus.FAIL), ++ (cve_rollback_task_subquery.c.status.contains(TaskStatus.UNKNOWN), TaskStatus.UNKNOWN), + else_=TaskStatus.SUCCEED, + ).label("status"), + cve_rollback_task_subquery.c.cves, +diff --git a/apollo/database/proxy/task/hotpatch_remove.py b/apollo/database/proxy/task/hotpatch_remove.py +index 267f738..fdb4a1d 100644 +--- a/apollo/database/proxy/task/hotpatch_remove.py ++++ b/apollo/database/proxy/task/hotpatch_remove.py +@@ -686,9 +686,9 @@ class HotpatchRemoveProxy(TaskProxy): + task_query = ( + self.session.query( + HotpatchRemoveTask.cve_id, +- func.sum(case([(HotpatchRemoveTask.status == TaskStatus.RUNNING, 1)], else_=0)).label("running"), +- func.sum(case([(HotpatchRemoveTask.status == TaskStatus.UNKNOWN, 1)], else_=0)).label("unknown"), +- func.sum(case([(HotpatchRemoveTask.status == TaskStatus.FAIL, 1)], else_=0)).label("fail"), ++ func.sum(case((HotpatchRemoveTask.status == TaskStatus.RUNNING, 1), else_=0)).label("running"), ++ func.sum(case((HotpatchRemoveTask.status == TaskStatus.UNKNOWN, 1), else_=0)).label("unknown"), ++ func.sum(case((HotpatchRemoveTask.status == TaskStatus.FAIL, 1), else_=0)).label("fail"), + func.count().label("total"), + ) + .join(Task, Task.task_id == HotpatchRemoveTask.task_id) +-- +Gitee + diff --git a/aops-apollo.spec b/aops-apollo.spec index 365116c058816f28b5174e17a5a5af1437080792..b084503af6186c6dd3b13a9f81b624e384991cd8 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,10 +1,11 @@ Name: aops-apollo Version: v2.1.0 -Release: 1 +Release: 2 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz +Patch0001: 0001-adapt-sqlschema-changes-and-fix-cve-summary.patch BuildRequires: python3-setuptools Requires: aops-vulcanus >= v2.1.0 @@ -24,7 +25,7 @@ Requires: python3-rpm smalltools for aops-apollo, e.g.updateinfo.xml generater %prep -%autosetup -n %{name}-%{version} +%autosetup -n %{name}-%{version} -p1 # build for aops-apollo @@ -62,6 +63,10 @@ popd %{python3_sitelib}/aops_apollo_tool/* %changelog +* Fri Feb 28 2025 luxuexian - v2.1.0-2 +- Fixed exceptions in calling stored procedures and cases caused by SQLschema upgrade +- Fixed errors reported in calling cve summary interface + * Mon Feb 24 2025 gongzhengtang - v2.1.0-1 - AI hybrid interactive CVE fix task