!149 fix security advisory parsing error

From: @rabbitali 
Reviewed-by: @Lostwayzxc 
Signed-off-by: @Lostwayzxc

0001-fix-security-advisory-parsing-error.patch

@@ -0,0 +1,85 @@
+From 25e79499a5c578579c1112bfcbdfb7137748fa84 Mon Sep 17 00:00:00 2001
+From: rabbitali <wenxin32@foxmail.com>
+Date: Fri, 19 Jul 2024 10:28:52 +0800
+Subject: [PATCH 1/1] fix security advisory parsing error
+
+---
+ apollo/cron/download_advisory.py   |  6 ++++--
+ apollo/handler/cve_handler/view.py | 16 ++++++++--------
+ 2 files changed, 12 insertions(+), 10 deletions(-)
+
+diff --git a/apollo/cron/download_advisory.py b/apollo/cron/download_advisory.py
+index 6ba2f01..5bec2a8 100644
+--- a/apollo/cron/download_advisory.py
++++ b/apollo/cron/download_advisory.py
+@@ -115,14 +115,16 @@ class DownloadSATask:
+             file_path = os.path.join(advisory_dir, file_name)
+             advisory_year, advisory_serial_number = re.findall("\d+", file_name)
+             try:
+-                cve_rows, cve_pkg_rows, cve_pkg_docs, _, _ = parse_security_advisory(file_path)
++                security_cvrf_info = parse_security_advisory(file_path)
++                security_cvrf_info.sa_year = None
++                security_cvrf_info.sa_number = None
+             except (KeyError, ParseAdvisoryError) as error:
+                 LOGGER.error(error)
+                 LOGGER.error("Some error occurred when parse advisory '%s'." % file_name)
+                 self._record_download_result(advisory_year, advisory_serial_number, False)
+                 continue
+ 
+-            save_status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs)
++            save_status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
+             status = True if save_status_code == SUCCEED else False
+             self._record_download_result(advisory_year, advisory_serial_number, status)
+ 
+diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
+index 58d3bb1..200cc0d 100644
+--- a/apollo/handler/cve_handler/view.py
++++ b/apollo/handler/cve_handler/view.py
+@@ -466,9 +466,9 @@ class VulUploadAdvisory(BaseResponse):
+     def _save_single_advisory(proxy, file_path):
+         file_name = os.path.basename(file_path)
+         try:
+-            cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path)
++            security_cvrf_info = parse_security_advisory(file_path)
+             os.remove(file_path)
+-            if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]):
++            if not all([security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]):
+                 return WRONG_FILE_FORMAT
+         except (KeyError, ParseAdvisoryError) as error:
+             os.remove(file_path)
+@@ -476,7 +476,7 @@ class VulUploadAdvisory(BaseResponse):
+             LOGGER.error(error)
+             return WRONG_FILE_FORMAT
+ 
+-        status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number)
++        status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
+ 
+         return status_code
+ 
+@@ -504,8 +504,10 @@ class VulUploadAdvisory(BaseResponse):
+                 shutil.rmtree(folder_path)
+                 return WRONG_FILE_FORMAT
+             try:
+-                cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path)
+-                if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]):
++                security_cvrf_info = parse_security_advisory(file_path)
++                if not all(
++                    [security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]
++                ):
+                     shutil.rmtree(folder_path)
+                     return WRONG_FILE_FORMAT
+             except (KeyError, ParseAdvisoryError) as error:
+@@ -519,9 +521,7 @@ class VulUploadAdvisory(BaseResponse):
+                 LOGGER.error(error)
+                 continue
+             # elasticsearch need 1 second to update doc
+-            status_code = proxy.save_security_advisory(
+-                file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number
+-            )
++            status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
+             if status_code != SUCCEED:
+                 fail_list.append(file_name)
+             else:
+-- 
+2.33.0
+

aops-apollo.spec

@@ -1,10 +1,11 @@
 Name:		aops-apollo
 Version:	v2.0.0
-Release:	1
+Release:	2
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
+Patch0001:  0001-fix-security-advisory-parsing-error.patch
 
 BuildRequires:  python3-setuptools
 Requires:   aops-vulcanus >= v2.0.0
@@ -24,7 +25,7 @@ Requires: python3-rpm
 smalltools for aops-apollo, e.g.updateinfo.xml generater
 
 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -n %{name}-%{version} -p1
 
 
 # build for aops-apollo
@@ -62,6 +63,9 @@ popd
 %{python3_sitelib}/aops_apollo_tool/*
 
 %changelog
+* Fri Jul 19 2024 wenxin<wenxin32@foxmail.com> - v2.0.0-2
+- fix security advisory parsing error
+
 * Wed Jul 17 2024 luxuexian<luxuexian@huawei.com> - v2.0.0-1
 - Update to v2.0.0
 - Add cluster management and user auth management