From 02cfbb3a4099b911e028426effe0f43b8199a043 Mon Sep 17 00:00:00 2001 From: young <954906362@qq.com> Date: Thu, 15 Dec 2022 17:32:41 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=B8=8A=E4=BC=A0=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E8=BF=94=E5=9B=9E=E2=80=9CPARTIAL=5FSUCCEED=E2=80=9D?= =?UTF-8?q?=E7=9A=84=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 37df6b86b14ba4513297fbbe2a39051878c18060) --- 0001-fix-partial-succeed-bug.patch | 252 +++++++++++++++++++++++++++++ aops-apollo.spec | 9 +- 2 files changed, 258 insertions(+), 3 deletions(-) create mode 100644 0001-fix-partial-succeed-bug.patch diff --git a/0001-fix-partial-succeed-bug.patch b/0001-fix-partial-succeed-bug.patch new file mode 100644 index 0000000..9b74158 --- /dev/null +++ b/0001-fix-partial-succeed-bug.patch @@ -0,0 +1,252 @@ +From ff5a842960179f8399434cfd36caeed23bb5c218 Mon Sep 17 00:00:00 2001 +From: young <954906362@qq.com> +Date: Wed, 14 Dec 2022 21:36:46 +0800 +Subject: [PATCH 1/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=B8=8A=E4=BC=A0?= + =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=92=8C=E6=8E=A5=E5=8F=A3=E4=B8=8D=E4=B8=80?= + =?UTF-8?q?=E8=87=B4=E4=BD=86=E6=B2=A1=E6=8A=A5=E9=94=99=E7=9A=84=E9=97=AE?= + =?UTF-8?q?=E9=A2=98?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + .../cve_handler/manager/parse_advisory.py | 9 ++++++--- + .../cve_handler/manager/parse_unaffected.py | 8 ++++++++ + apollo/handler/cve_handler/view.py | 18 ++++++++++++++---- + 3 files changed, 28 insertions(+), 7 deletions(-) + +diff --git a/apollo/handler/cve_handler/manager/parse_advisory.py b/apollo/handler/cve_handler/manager/parse_advisory.py +index 773f746..4848ea3 100644 +--- a/apollo/handler/cve_handler/manager/parse_advisory.py ++++ b/apollo/handler/cve_handler/manager/parse_advisory.py +@@ -15,12 +15,12 @@ Time: + Author: + Description: parse security advisory xml file, insert into database + """ ++from collections import defaultdict + from xml.etree import cElementTree as ET + from xml.etree.ElementTree import ParseError +-from collections import defaultdict + +-from vulcanus.log.log import LOGGER + from apollo.function.customize_exception import ParseAdvisoryError ++from vulcanus.log.log import LOGGER + + __all__ = ["parse_security_advisory"] + +@@ -99,7 +99,10 @@ def parse_cvrf_dict(cvrf_dict): + ParseXmlError + """ + # affected package of this security advisory. joined with ',' if have multiple packages +- cvrf_note = cvrf_dict["cvrfdoc"]["DocumentNotes"]["Note"] ++ cve_document_notes = cvrf_dict["cvrfdoc"].get("DocumentNotes", "") ++ if not cve_document_notes: ++ return [], [], [] ++ cvrf_note = cve_document_notes["Note"] + affected_pkgs = "" + for info in cvrf_note: + if info["Title"] == "Affected Component": +diff --git a/apollo/handler/cve_handler/manager/parse_unaffected.py b/apollo/handler/cve_handler/manager/parse_unaffected.py +index 9b4ae03..7212a5c 100644 +--- a/apollo/handler/cve_handler/manager/parse_unaffected.py ++++ b/apollo/handler/cve_handler/manager/parse_unaffected.py +@@ -76,7 +76,13 @@ def parse_cvrf_dict(cvrf_dict): + Raises: + ParseXmlError + """ ++ cvrf_note = cvrf_dict["cvrfdoc"].get("DocumentNotes", "") ++ if cvrf_note: ++ return [], [], [] ++ + cve_info_list = cvrf_dict["cvrfdoc"]["Vulnerability"] ++ if isinstance(cve_info_list, dict): ++ cve_info_list = [cve_info_list] + cve_table_rows = [] + cve_pkg_rows = [] + doc_list = [] +@@ -87,6 +93,8 @@ def parse_cvrf_dict(cvrf_dict): + remediation = cve_info["Remediations"]["Remediation"] + if isinstance(remediation, list): + remediation = remediation[0] ++ if remediation["Type"] != "Unaffected": ++ continue + cvss_score = cve_info["CVSSScoreSets"]["ScoreSet"]["BaseScore"] + severity = parse_cve_severity(cvss_score) + cve_row = { +diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py +index 4bfde0f..f90bd8e 100644 +--- a/apollo/handler/cve_handler/view.py ++++ b/apollo/handler/cve_handler/view.py +@@ -229,8 +229,10 @@ class VulUploadAdvisory(BaseResponse): + def _save_single_advisory(proxy, file_path): + file_name = os.path.basename(file_path) + try: +- cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory( +- file_path) ++ cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory(file_path) ++ if cve_rows == [] and cve_pkg_rows == [] and cve_pkg_docs == []: ++ os.remove(file_path) ++ return WRONG_FILE_FORMAT + os.remove(file_path) + except (KeyError, ParseAdvisoryError) as error: + os.remove(file_path) +@@ -264,8 +266,10 @@ class VulUploadAdvisory(BaseResponse): + for file_path in file_path_list: + file_name = os.path.basename(file_path) + try: +- cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory( +- file_path) ++ cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory(file_path) ++ if cve_rows == [] and cve_pkg_rows == [] and cve_pkg_docs == []: ++ shutil.rmtree(folder_path) ++ return WRONG_FILE_FORMAT + except (KeyError, ParseAdvisoryError) as error: + fail_list.append(file_name) + LOGGER.error( +@@ -356,6 +360,9 @@ class VulUploadUnaffected(BaseResponse): + file_name = os.path.basename(file_path) + try: + cve_rows, cve_pkg_rows, doc_list = parse_unaffected_cve(file_path) ++ if cve_rows == [] and cve_pkg_rows == [] and doc_list == []: ++ os.remove(file_path) ++ return WRONG_FILE_FORMAT + os.remove(file_path) + except (KeyError, ParseAdvisoryError) as error: + os.remove(file_path) +@@ -387,6 +394,9 @@ class VulUploadUnaffected(BaseResponse): + file_name = os.path.basename(file_path) + try: + cve_rows, cve_pkg_rows, doc_list = parse_unaffected_cve(file_path) ++ if cve_rows == [] and cve_pkg_rows == [] and doc_list == []: ++ shutil.rmtree(folder_path) ++ return WRONG_FILE_FORMAT + except (KeyError, ParseAdvisoryError) as error: + fail_list.append(file_name) + LOGGER.error("Some error occurred when parsing unaffected cve advisory '%s'." % file_name) +-- +Gitee + + +From 574bbe874c9f87f7e2fff223fb48da047be8b83c Mon Sep 17 00:00:00 2001 +From: young <954906362@qq.com> +Date: Thu, 15 Dec 2022 10:03:58 +0800 +Subject: [PATCH 2/3] =?UTF-8?q?=E6=96=87=E4=BB=B6=E4=B8=8E=E6=8E=A5?= + =?UTF-8?q?=E5=8F=A3=E4=B8=8D=E4=B8=80=E8=87=B4=E7=9A=84=E9=94=99=E8=AF=AF?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + apollo/handler/cve_handler/view.py | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py +index f90bd8e..cea00eb 100644 +--- a/apollo/handler/cve_handler/view.py ++++ b/apollo/handler/cve_handler/view.py +@@ -265,6 +265,9 @@ class VulUploadAdvisory(BaseResponse): + fail_list = [] + for file_path in file_path_list: + file_name = os.path.basename(file_path) ++ suffix = file_name.split('.')[-1] ++ if suffix != "xml": ++ return WRONG_FILE_FORMAT + try: + cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory(file_path) + if cve_rows == [] and cve_pkg_rows == [] and cve_pkg_docs == []: +@@ -392,6 +395,9 @@ class VulUploadUnaffected(BaseResponse): + fail_list = [] + for file_path in file_path_list: + file_name = os.path.basename(file_path) ++ suffix = file_name.split('.')[-1] ++ if suffix != "xml": ++ return WRONG_FILE_FORMAT + try: + cve_rows, cve_pkg_rows, doc_list = parse_unaffected_cve(file_path) + if cve_rows == [] and cve_pkg_rows == [] and doc_list == []: +-- +Gitee + + +From b5e456ab33a323c8156a024c64b5a2193883347d Mon Sep 17 00:00:00 2001 +From: young <954906362@qq.com> +Date: Thu, 15 Dec 2022 16:40:08 +0800 +Subject: [PATCH 3/3] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=BB=A3=E7=A0=81?= + =?UTF-8?q?=E6=A3=80=E8=A7=86=E9=97=AE=E9=A2=98?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + .../handler/cve_handler/manager/parse_unaffected.py | 2 -- + apollo/handler/cve_handler/view.py | 13 +++++++------ + 2 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/apollo/handler/cve_handler/manager/parse_unaffected.py b/apollo/handler/cve_handler/manager/parse_unaffected.py +index 7212a5c..6338cd1 100644 +--- a/apollo/handler/cve_handler/manager/parse_unaffected.py ++++ b/apollo/handler/cve_handler/manager/parse_unaffected.py +@@ -93,8 +93,6 @@ def parse_cvrf_dict(cvrf_dict): + remediation = cve_info["Remediations"]["Remediation"] + if isinstance(remediation, list): + remediation = remediation[0] +- if remediation["Type"] != "Unaffected": +- continue + cvss_score = cve_info["CVSSScoreSets"]["ScoreSet"]["BaseScore"] + severity = parse_cve_severity(cvss_score) + cve_row = { +diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py +index cea00eb..8c161a3 100644 +--- a/apollo/handler/cve_handler/view.py ++++ b/apollo/handler/cve_handler/view.py +@@ -230,10 +230,9 @@ class VulUploadAdvisory(BaseResponse): + file_name = os.path.basename(file_path) + try: + cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory(file_path) +- if cve_rows == [] and cve_pkg_rows == [] and cve_pkg_docs == []: +- os.remove(file_path) +- return WRONG_FILE_FORMAT + os.remove(file_path) ++ if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): ++ return WRONG_FILE_FORMAT + except (KeyError, ParseAdvisoryError) as error: + os.remove(file_path) + LOGGER.error( +@@ -267,10 +266,11 @@ class VulUploadAdvisory(BaseResponse): + file_name = os.path.basename(file_path) + suffix = file_name.split('.')[-1] + if suffix != "xml": ++ shutil.rmtree(folder_path) + return WRONG_FILE_FORMAT + try: + cve_rows, cve_pkg_rows, cve_pkg_docs = parse_security_advisory(file_path) +- if cve_rows == [] and cve_pkg_rows == [] and cve_pkg_docs == []: ++ if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]): + shutil.rmtree(folder_path) + return WRONG_FILE_FORMAT + except (KeyError, ParseAdvisoryError) as error: +@@ -363,7 +363,7 @@ class VulUploadUnaffected(BaseResponse): + file_name = os.path.basename(file_path) + try: + cve_rows, cve_pkg_rows, doc_list = parse_unaffected_cve(file_path) +- if cve_rows == [] and cve_pkg_rows == [] and doc_list == []: ++ if not all([cve_rows, cve_pkg_rows, doc_list]): + os.remove(file_path) + return WRONG_FILE_FORMAT + os.remove(file_path) +@@ -397,10 +397,11 @@ class VulUploadUnaffected(BaseResponse): + file_name = os.path.basename(file_path) + suffix = file_name.split('.')[-1] + if suffix != "xml": ++ shutil.rmtree(folder_path) + return WRONG_FILE_FORMAT + try: + cve_rows, cve_pkg_rows, doc_list = parse_unaffected_cve(file_path) +- if cve_rows == [] and cve_pkg_rows == [] and doc_list == []: ++ if not all([cve_rows, cve_pkg_rows, doc_list]): + shutil.rmtree(folder_path) + return WRONG_FILE_FORMAT + except (KeyError, ParseAdvisoryError) as error: +-- +Gitee + diff --git a/aops-apollo.spec b/aops-apollo.spec index b430b84..3bf7be3 100644 --- a/aops-apollo.spec +++ b/aops-apollo.spec @@ -1,11 +1,11 @@ Name: aops-apollo Version: v1.1.2 -Release: 1 +Release: 2 Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz - +Patch0001: 0001-fix-partial-succeed-bug.patch BuildRequires: python3-setuptools Requires: aops-vulcanus >= %{version}-%{release} @@ -20,7 +20,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function %prep -%autosetup -n %{name}-%{version} +%autosetup -n %{name}-%{version} -p1 # build for aops-apollo %py3_build @@ -40,6 +40,9 @@ Cve management service, monitor machine vulnerabilities and provide fix function %changelog +* Thu Dec 15 2022 ptyang<1475324955@qq.com> - v1.1.2-2 +- fix "PARTIAL_SUCCEED" bug + * Wed Dec 07 2022 wenxin - v1.1.2-1 - modify status code for upload security advisories;fix cve query error -- Gitee