packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c23d2dc96d64b40f74ce8c42d1ab2e379000e518
Branches Tags
packages:main
...
compare: packages:1cf199a375f990751cc0d71a6cbc511a8d833d14
Branches Tags
packages:main

10 Commits
c23d2dc96d ... 1cf199a375

Author SHA1 Message Date
openeuler-ci-bot
1cf199a375
!150 fix bug with host count in cve fix task 
From: @rabbitali 
Reviewed-by: @Lostwayzxc 
Signed-off-by: @Lostwayzxc
 2024-07-24 02:43:15 +00:00
rabbitali
0e6e333bd8 fix bug with host count in cve fix task 2024-07-23 19:25:09 +08:00
openeuler-ci-bot
f0b9ad563d
!149 fix security advisory parsing error 
From: @rabbitali 
Reviewed-by: @Lostwayzxc 
Signed-off-by: @Lostwayzxc
 2024-07-23 01:36:21 +00:00
rabbitali
807eccf657 修复安全公告解析错误 2024-07-19 10:36:46 +08:00
openeuler-ci-bot
6bd8ccaa7d
!148 update version to v2.0.0 
From: @rabbitali 
Reviewed-by: @Lostwayzxc 
Signed-off-by: @Lostwayzxc
 2024-07-18 09:22:02 +00:00
rabbitali
0f8bee2016 update version to v2.0.0 2024-07-17 19:40:42 +08:00
openeuler-ci-bot
43b806100b
!125 [sync] PR-122: 修正gen_updateinfo.py中生成filename错误问题 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
 2023-11-21 12:24:32 +00:00
wang-guangge
db3eb369ad fix filename bug in aops-apollo-tool 
(cherry picked from commit 33b7ff0eed9fefaffaa8c8e1eb48512b11d95c73)
 2023-11-14 17:28:14 +08:00
openeuler-ci-bot
ecaf664b39
!117 [sync] PR-116: Update the installation dependencies 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
 2023-11-13 04:00:08 +00:00
rabbitali
46785d4b87 Update the installation dependencies 
(cherry picked from commit 493fab663f6378c29ad3efe8ffc2fa91e212d53a)
 2023-11-13 11:27:52 +08:00
13 changed files with 135 additions and 504 deletions
Show Stats Expand all files Collapse all files

69
0001-fix-param-error-and-compatible-with-mysql5.patch
View File

@ -1,69 +0,0 @@
From 1245772ace3a767e2e4909b44edbe34473563b0b Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Fri, 20 Oct 2023 15:15:15 +0800
Subject: fix param error and compatible with mysql 5.7
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/cve.py | 9 ++++++---
database/apollo.sql | 4 ++--
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 257083a..8b56601 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -662,8 +662,9 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
@staticmethod
def _sort_and_page_cve_list(data) -> dict:
- start_limt = int(data["per_page"]) * (int(data["page"]) - 1)
- end_limt = int(data["per_page"]) * int(data["page"])
+ page, per_page = data.get('page', 1), data.get('per_page', 10)
+ start_limt = int(per_page) * (int(page) - 1)
+ end_limt = int(per_page) * int(page)
# sort by host num by default
order_by_filed = data.get('sort', "cve_host_user_count.host_num")
@@ -682,11 +683,13 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
Returns:
sqlalchemy.orm.query.Query: attention, two rows may have same cve id with different source package.
"""
- filters = {"username": data["username"], "search_key": None, "severity": None, "affected": True}
+ filters = {"username": data["username"], "search_key": None, "affected": True}
filters.update(data.get("filter", {}))
filters.update(self._sort_and_page_cve_list(data))
if filters["severity"]:
filters["severity"] = ",".join(["'" + serverity + "'" for serverity in filters["severity"]])
+ else:
+ filters["severity"] = None
# Call stored procedure: GET_CVE_LIST_PRO
pro_result_set = self.session.execute(
diff --git a/database/apollo.sql b/database/apollo.sql
index 4e87727..2e0d757 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -124,7 +124,7 @@ CREATE TABLE IF NOT EXISTS `task_rollback`(
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(50),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT)
+CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT)
BEGIN
DROP TABLE IF EXISTS cve_host_user_count;
@@ -183,7 +183,7 @@ BEGIN
SET @order_by_filed = 'cve_host_user_count.host_num';
END IF;
- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt);
+ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt);
prepare stmt from @cve_list_sql;
EXECUTE stmt;
--
Gitee

85
0001-fix-security-advisory-parsing-error.patch Normal file
View File

@ -0,0 +1,85 @@
From 25e79499a5c578579c1112bfcbdfb7137748fa84 Mon Sep 17 00:00:00 2001
From: rabbitali <wenxin32@foxmail.com>
Date: Fri, 19 Jul 2024 10:28:52 +0800
Subject: [PATCH 1/1] fix security advisory parsing error
---
apollo/cron/download_advisory.py | 6 ++++--
apollo/handler/cve_handler/view.py | 16 ++++++++--------
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/apollo/cron/download_advisory.py b/apollo/cron/download_advisory.py
index 6ba2f01..5bec2a8 100644
--- a/apollo/cron/download_advisory.py
+++ b/apollo/cron/download_advisory.py
@@ -115,14 +115,16 @@ class DownloadSATask:
file_path = os.path.join(advisory_dir, file_name)
advisory_year, advisory_serial_number = re.findall("\d+", file_name)
try:
- cve_rows, cve_pkg_rows, cve_pkg_docs, _, _ = parse_security_advisory(file_path)
+ security_cvrf_info = parse_security_advisory(file_path)
+ security_cvrf_info.sa_year = None
+ security_cvrf_info.sa_number = None
except (KeyError, ParseAdvisoryError) as error:
LOGGER.error(error)
LOGGER.error("Some error occurred when parse advisory '%s'." % file_name)
self._record_download_result(advisory_year, advisory_serial_number, False)
continue
- save_status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs)
+ save_status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
status = True if save_status_code == SUCCEED else False
self._record_download_result(advisory_year, advisory_serial_number, status)
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index 58d3bb1..200cc0d 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -466,9 +466,9 @@ class VulUploadAdvisory(BaseResponse):
def _save_single_advisory(proxy, file_path):
file_name = os.path.basename(file_path)
try:
- cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path)
+ security_cvrf_info = parse_security_advisory(file_path)
os.remove(file_path)
- if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]):
+ if not all([security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]):
return WRONG_FILE_FORMAT
except (KeyError, ParseAdvisoryError) as error:
os.remove(file_path)
@@ -476,7 +476,7 @@ class VulUploadAdvisory(BaseResponse):
LOGGER.error(error)
return WRONG_FILE_FORMAT
- status_code = proxy.save_security_advisory(file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number)
+ status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
return status_code
@@ -504,8 +504,10 @@ class VulUploadAdvisory(BaseResponse):
shutil.rmtree(folder_path)
return WRONG_FILE_FORMAT
try:
- cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number = parse_security_advisory(file_path)
- if not all([cve_rows, cve_pkg_rows, cve_pkg_docs]):
+ security_cvrf_info = parse_security_advisory(file_path)
+ if not all(
+ [security_cvrf_info.cve_rows, security_cvrf_info.cve_pkg_rows, security_cvrf_info.cve_pkg_docs]
+ ):
shutil.rmtree(folder_path)
return WRONG_FILE_FORMAT
except (KeyError, ParseAdvisoryError) as error:
@@ -519,9 +521,7 @@ class VulUploadAdvisory(BaseResponse):
LOGGER.error(error)
continue
# elasticsearch need 1 second to update doc
- status_code = proxy.save_security_advisory(
- file_name, cve_rows, cve_pkg_rows, cve_pkg_docs, sa_year, sa_number
- )
+ status_code = proxy.save_security_advisory(file_name, security_cvrf_info)
if status_code != SUCCEED:
fail_list.append(file_name)
else:
--
2.33.0

26
0002-fix-bug-with-host-count-in-cve-fix-task.patch Normal file
View File

@ -0,0 +1,26 @@
From a82cceada0df66cf48d646a3cd6a55556ebf9962 Mon Sep 17 00:00:00 2001
From: rabbitali <wenxin32@foxmail.com>
Date: Tue, 23 Jul 2024 18:55:50 +0800
Subject: [PATCH 1/1] fix bug with host count in cve fix task
---
apollo/database/proxy/task/cve_fix.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/apollo/database/proxy/task/cve_fix.py b/apollo/database/proxy/task/cve_fix.py
index fa3f2a9..1aa5546 100644
--- a/apollo/database/proxy/task/cve_fix.py
+++ b/apollo/database/proxy/task/cve_fix.py
@@ -121,7 +121,8 @@ class CveFixTaskProxy(TaskProxy):
wait_fix_rpms = dict()
for task_info in fix_host_rpm_info:
- wait_fix_rpms[task_info["cve_id"]] = dict(rpms=task_info.get("rpms", []), hosts=list(host_dict.keys()))
+ host_list = [host_info["host_id"] for host_info in task_info["host_info"]]
+ wait_fix_rpms[task_info["cve_id"]] = dict(rpms=task_info.get("rpms", []), hosts=host_list)
hotpatch_fix_rpms, coldpatch_fix_rpms = self._get_cold_and_hotpatch_fix_rpm(wait_fix_rpms, data["takeover"])
fix_tasks = []
--
2.33.0

80
0002-fix-query-all-by-cve-list.patch
View File

@ -1,80 +0,0 @@
From 82efc83dabc56be1fc05a8f31277efca85494591 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Fri, 20 Oct 2023 17:38:08 +0800
Subject: cve list支持查询全部数据
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/cve.py | 18 ++++++++++--------
database/apollo.sql | 6 +++++-
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 8b56601..afa4831 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -655,24 +655,26 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
description_dict = self._get_cve_description([cve_info["cve_id"] for cve_info in cve_list])
result['result'] = self._add_description_to_cve(cve_list, description_dict)
- result['total_page'] = math.ceil(total / data["per_page"])
+ result['total_page'] = math.ceil(total / data.get("per_page", total))
result['total_count'] = total
return result
@staticmethod
def _sort_and_page_cve_list(data) -> dict:
- page, per_page = data.get('page', 1), data.get('per_page', 10)
- start_limt = int(per_page) * (int(page) - 1)
- end_limt = int(per_page) * int(page)
+ sort_page = dict(start_limt=0, end_limt=0)
+ page, per_page = data.get('page'), data.get('per_page')
+ if all((page, per_page)):
+ sort_page['start_limt'] = int(per_page) * (int(page) - 1)
+ sort_page['end_limt'] = int(per_page) * int(page)
# sort by host num by default
order_by_filed = data.get('sort', "cve_host_user_count.host_num")
if order_by_filed == "host_num":
order_by_filed = "cve_host_user_count.host_num"
- order_by = "dsc" if data.get("direction") == "desc" else "asc"
-
- return {"start_limt": start_limt, "end_limt": end_limt, "order_by_filed": order_by_filed, "order_by": order_by}
+ sort_page["order_by_filed"] = order_by_filed
+ sort_page["order_by"] = "dsc" if data.get("direction") == "desc" else "asc"
+ return sort_page
def _query_cve_list(self, data):
"""
@@ -686,7 +688,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
filters = {"username": data["username"], "search_key": None, "affected": True}
filters.update(data.get("filter", {}))
filters.update(self._sort_and_page_cve_list(data))
- if filters["severity"]:
+ if filters.get("severity"):
filters["severity"] = ",".join(["'" + serverity + "'" for serverity in filters["severity"]])
else:
filters["severity"] = None
diff --git a/database/apollo.sql b/database/apollo.sql
index 2e0d757..a3c4ddc 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -183,7 +183,11 @@ BEGIN
SET @order_by_filed = 'cve_host_user_count.host_num';
END IF;
- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by,' limit ',start_limt ,' ,', end_limt);
+ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by);
+
+ IF end_limt!=0 THEN
+ SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt);
+ END IF;
prepare stmt from @cve_list_sql;
EXECUTE stmt;
--
Gitee

63
0003-fix-cve-list-get-api-query-error.patch
View File

@ -1,63 +0,0 @@
From b5b9f18abefeed4906a9aa469e4d0a591a2a5809 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 20 Oct 2023 21:43:36 +0800
Subject: [PATCH 1/1] fix cve_list_get api query error
---
apollo/database/proxy/host.py | 13 ++++++++-----
database/apollo.sql | 10 ++++++----
2 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
index b3cabb6..2ce2005 100644
--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
@@ -126,15 +126,18 @@ class HostMysqlProxy(MysqlProxy):
Returns:
dict
"""
+ subquery = self.session.query(
+ CveHostAssociation.host_id, CveHostAssociation.cve_id, CveHostAssociation.fixed, CveHostAssociation.affected
+ ).filter(CveHostAssociation.host_id.in_(host_ids)).distinct().subquery()
+
host_cve_fixed_list = (
self.session.query(
- CveHostAssociation.host_id,
- func.COUNT(func.IF(CveHostAssociation.fixed == True, 1, None)).label("fixed_cve_num"),
- func.COUNT(func.IF(CveHostAssociation.fixed == False, 1, None)).label("unfixed_cve_num"),
+ subquery.c.host_id,
+ func.COUNT(func.IF(subquery.c.fixed == True, 1, None)).label("fixed_cve_num"),
+ func.COUNT(func.IF(subquery.c.fixed == False, 1, None)).label("unfixed_cve_num"),
)
- .filter(CveHostAssociation.host_id.in_(host_ids))
- .group_by(CveHostAssociation.host_id)
+ .group_by(subquery.c.host_id)
.all()
)
return host_cve_fixed_list
diff --git a/database/apollo.sql b/database/apollo.sql
index a3c4ddc..c756ad2 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -179,11 +179,13 @@ BEGIN
SET @cve_list_page_count_sql = CONCAT(@cve_list_page_count_sql, 'AND cve.severity IN (', severity, ') ');
END IF;
- IF order_by_filed IS NULL or order_by_filed ='' THEN
- SET @order_by_filed = 'cve_host_user_count.host_num';
- END IF;
+-- IF order_by_filed IS NULL or order_by_filed ='' THEN
+-- SET @order_by_filed = 'cve_host_user_count.host_num';
+-- END IF;
+-- MySql 5.7 version '@' index error
+
+ SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by);
- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', @order_by_filed ,' ', order_by);
IF end_limt!=0 THEN
SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt);
--
2.33.0

120
0004-fix-query-cve-list-error-and-sql-error.patch
View File

@ -1,120 +0,0 @@
From 95a541a7cd17486d60f0ef13a03756f6bbc799f0 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Mon, 23 Oct 2023 09:44:30 +0800
Subject: Fixed many issues with cvelist queries (package fuzzy matching, page confusion, sorting is not supported) and rpm packet loss when generating repair tasks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/cve.py | 19 ++++++++-----------
apollo/database/proxy/task.py | 6 ++++--
database/apollo.sql | 13 ++++---------
3 files changed, 16 insertions(+), 22 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index afa4831..2b82cf6 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -655,25 +655,22 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
description_dict = self._get_cve_description([cve_info["cve_id"] for cve_info in cve_list])
result['result'] = self._add_description_to_cve(cve_list, description_dict)
- result['total_page'] = math.ceil(total / data.get("per_page", total))
- result['total_count'] = total
-
+ if total:
+ result['total_page'] = math.ceil(total / data.get("per_page", total))
+ result['total_count'] = total
return result
@staticmethod
def _sort_and_page_cve_list(data) -> dict:
- sort_page = dict(start_limt=0, end_limt=0)
+ sort_page = dict(start_limt=0, limt_size=0)
page, per_page = data.get('page'), data.get('per_page')
if all((page, per_page)):
sort_page['start_limt'] = int(per_page) * (int(page) - 1)
- sort_page['end_limt'] = int(per_page) * int(page)
+ sort_page['limt_size'] = int(per_page)
# sort by host num by default
- order_by_filed = data.get('sort', "cve_host_user_count.host_num")
- if order_by_filed == "host_num":
- order_by_filed = "cve_host_user_count.host_num"
- sort_page["order_by_filed"] = order_by_filed
- sort_page["order_by"] = "dsc" if data.get("direction") == "desc" else "asc"
+ sort_page["order_by_filed"] = data.get('sort', "host_num")
+ sort_page["order_by"] = "dsc" if data.get("direction") == "dsc" else "asc"
return sort_page
def _query_cve_list(self, data):
@@ -695,7 +692,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
# Call stored procedure: GET_CVE_LIST_PRO
pro_result_set = self.session.execute(
- "CALL GET_CVE_LIST_PRO(:username,:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:end_limt)",
+ "CALL GET_CVE_LIST_PRO(:username,:search_key,:severity,:fixed,:affected,:order_by_filed,:order_by,:start_limt,:limt_size)",
filters,
)
cursor = pro_result_set.cursor
diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
index de151b2..b1d53c4 100644
--- a/apollo/database/proxy/task.py
+++ b/apollo/database/proxy/task.py
@@ -2832,9 +2832,11 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy):
)
cve_host_package_dict = dict()
for host_id in host_rpms["host_ids"]:
- filter_host_package = filter(lambda host_package: host_package.host_id == int(host_id), cve_host_packages)
+ filter_host_package = list(
+ filter(lambda host_package: host_package.host_id == int(host_id), cve_host_packages)
+ )
if not host_rpm_dict:
- installed_rpm = self._filter_installed_rpm(list(filter_host_package))
+ installed_rpm = self._filter_installed_rpm(filter_host_package)
cve_host_package_dict[host_id] = installed_rpm
continue
diff --git a/database/apollo.sql b/database/apollo.sql
index c756ad2..a87f85c 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -124,7 +124,7 @@ CREATE TABLE IF NOT EXISTS `task_rollback`(
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_unicode_ci ROW_FORMAT = Dynamic;
-CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(20), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN end_limt INT)
+CREATE PROCEDURE GET_CVE_LIST_PRO(IN username VARCHAR(20), IN search_key VARCHAR(100), IN severity VARCHAR(200), IN fixed TINYINT, IN affected TINYINT,IN order_by_filed VARCHAR(100),IN order_by VARCHAR(20),IN start_limt INT,IN limt_size INT)
BEGIN
DROP TABLE IF EXISTS cve_host_user_count;
@@ -135,9 +135,6 @@ BEGIN
cve_host_match FORCE INDEX (ix_cve_host_match_host_id)
WHERE 1=1 ';
- IF search_key is not null and search_key !='' THEN
- SET @tmp_cve_host_count_sql = CONCAT(@tmp_cve_host_count_sql, ' AND LOCATE("', search_key, '", cve_id) > 0 ');
- END IF;
IF fixed is not null THEN
SET @tmp_cve_host_count_sql = CONCAT(@tmp_cve_host_count_sql, ' AND fixed = ', fixed, ' ');
END IF;
@@ -183,12 +180,10 @@ BEGIN
-- SET @order_by_filed = 'cve_host_user_count.host_num';
-- END IF;
-- MySql 5.7 version '@' index error
+ SET @cve_list_sql = CONCAT('select s.* from ( ', @cve_list_sql,' ) as s ',' ORDER BY ', order_by_filed ,' ', order_by);
- SET @cve_list_sql = CONCAT(@cve_list_sql, ' ORDER BY ', order_by_filed ,' ', order_by);
-
-
- IF end_limt!=0 THEN
- SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', end_limt);
+ IF limt_size!=0 THEN
+ SET @cve_list_sql = CONCAT(@cve_list_sql, ' limit ',start_limt ,' ,', limt_size);
END IF;
prepare stmt from @cve_list_sql;
--
Gitee

56
0005-fix-the-severity-field-filtering-error.patch
View File

@ -1,56 +0,0 @@
From 93b6f17d081227f619cc22fb5ba6918937c8dd2e Mon Sep 17 00:00:00 2001
From: rabbitali <wenxin32@foxmail.com>
Date: Mon, 23 Oct 2023 11:16:47 +0800
Subject: [PATCH 1/1] fix the severity field filtering error
---
apollo/conf/constant.py | 4 ++--
apollo/database/proxy/cve.py | 2 +-
apollo/handler/cve_handler/manager/parse_unaffected.py | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py
index e2d91a6..878e86f 100644
--- a/apollo/conf/constant.py
+++ b/apollo/conf/constant.py
@@ -74,11 +74,11 @@ class CveSeverity:
HIGH = "High"
MEDIUM = "Medium"
LOW = "Low"
- NONE = "None"
+ UNKNOWN = "Unknown"
@staticmethod
def attribute():
- return [CveSeverity.CRITICAL, CveSeverity.HIGH, CveSeverity.MEDIUM, CveSeverity.LOW, CveSeverity.NONE]
+ return [CveSeverity.CRITICAL, CveSeverity.HIGH, CveSeverity.MEDIUM, CveSeverity.LOW, CveSeverity.UNKNOWN]
class TaskType:
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 2b82cf6..f83784a 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -670,7 +670,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
# sort by host num by default
sort_page["order_by_filed"] = data.get('sort', "host_num")
- sort_page["order_by"] = "dsc" if data.get("direction") == "dsc" else "asc"
+ sort_page["order_by"] = data.get("direction", "asc")
return sort_page
def _query_cve_list(self, data):
diff --git a/apollo/handler/cve_handler/manager/parse_unaffected.py b/apollo/handler/cve_handler/manager/parse_unaffected.py
index b680123..e9eed57 100644
--- a/apollo/handler/cve_handler/manager/parse_unaffected.py
+++ b/apollo/handler/cve_handler/manager/parse_unaffected.py
@@ -137,5 +137,5 @@ def parse_cve_severity(cve_score: str) -> str:
elif cvss_score > CvssScore.NONE:
severity = CveSeverity.LOW
else:
- severity = CveSeverity.NONE
+ severity = CveSeverity.UNKNOWN
return severity
--
2.33.0

28
0006-fix-cve-list-by-host-count.patch
View File

@ -1,28 +0,0 @@
From c4e6df14e518206ee9f4de55b3ba45f9f6632d1b Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Mon, 23 Oct 2023 15:39:44 +0800
Subject: Fixed the problem that the number of hosts in the cve list repeated statistics
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
database/apollo.sql | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/database/apollo.sql b/database/apollo.sql
index a87f85c..b79707b 100644
--- a/database/apollo.sql
+++ b/database/apollo.sql
@@ -130,7 +130,7 @@ BEGIN
DROP TABLE IF EXISTS cve_host_user_count;
SET @tmp_cve_host_count_sql = 'CREATE TEMPORARY TABLE cve_host_user_count SELECT
cve_id,
- COUNT(host_id) AS host_num
+ COUNT(DISTINCT host_id) AS host_num
FROM
cve_host_match FORCE INDEX (ix_cve_host_match_host_id)
WHERE 1=1 ';
--
Gitee

41
0007-fix-data-correction-task-execution-error.patch
View File

@ -1,41 +0,0 @@
From fc2c7e76531306699e5c5dd0273dfe5fe521d2f8 Mon Sep 17 00:00:00 2001
From: rabbitali <wenxin32@foxmail.com>
Date: Tue, 24 Oct 2023 20:39:44 +0800
Subject: [PATCH 2/2] fix data correction task execution error
---
apollo/database/proxy/task.py | 2 +-
conf/apollo_crontab.yml | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
index b1d53c4..17cb274 100644
--- a/apollo/database/proxy/task.py
+++ b/apollo/database/proxy/task.py
@@ -3214,7 +3214,7 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy):
task_id_list = task_cve_id_list + task_repo_id_list
task_query = self.session.query(Task).filter(Task.task_id.in_(task_id_list)).all()
- running_task_list = [(task.task_id, task.task_type, task.create_time) for task in task_query]
+ running_task_list = [(task.task_id, task.create_time) for task in task_query]
return running_task_list, host_info_list
def update_host_status(self, host_id_list: list):
diff --git a/conf/apollo_crontab.yml b/conf/apollo_crontab.yml
index 29c17b4..4a1f1e9 100644
--- a/conf/apollo_crontab.yml
+++ b/conf/apollo_crontab.yml
@@ -44,6 +44,5 @@
type: data_correct
enable: true
timed:
- day_of_week: 0-6
- hour: 3
- trigger: cron
\ No newline at end of file
+ minutes: 20
+ trigger: interval
\ No newline at end of file
--
2.33.0

27
0008-update-apollo-database-proxy-host.py.patch
View File

@ -1,27 +0,0 @@
From a07a830d931dbcd60deb3c753414defe3e036a20 Mon Sep 17 00:00:00 2001
From: xuyongliang_01 <xuyongliang_yewu@cmss.chinamobile.com>
Date: Mon, 23 Oct 2023 06:35:14 +0000
Subject: [PATCH 1/2] update apollo/database/proxy/host.py.
Signed-off-by: xuyongliang_01 <xuyongliang_yewu@cmss.chinamobile.com>
---
apollo/database/proxy/host.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
index 2ce2005..282193b 100644
--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
@@ -15,9 +15,6 @@ Time:
Author:
Description: Host table operation
"""
-import math
-from collections import defaultdict
-from typing import List, Tuple
from sqlalchemy import and_, case, func, or_
from sqlalchemy.exc import SQLAlchemyError
--
2.33.0

BIN
aops-apollo-v1.3.4.tar.gz
View File

Binary file not shown.

BIN
aops-apollo-v2.0.0.tar.gz Normal file
View File

Binary file not shown.

44
aops-apollo.spec
View File

@ -1,26 +1,16 @@
Name: aops-apollo
Version: v1.3.4
Release: 8
Version: v2.0.0
Release: 3
Summary: Cve management service, monitor machine vulnerabilities and provide fix functions.
License: MulanPSL2
URL: https://gitee.com/openeuler/%{name}
Source0: %{name}-%{version}.tar.gz
Patch0001: 0001-fix-param-error-and-compatible-with-mysql5.patch
Patch0002: 0002-fix-query-all-by-cve-list.patch
Patch0003: 0003-fix-cve-list-get-api-query-error.patch
Patch0004: 0004-fix-query-cve-list-error-and-sql-error.patch
Patch0005: 0005-fix-the-severity-field-filtering-error.patch
Patch0006: 0006-fix-cve-list-by-host-count.patch
Patch0007: 0007-fix-data-correction-task-execution-error.patch
Patch0008: 0008-update-apollo-database-proxy-host.py.patch
Patch0001: 0001-fix-security-advisory-parsing-error.patch
Patch0002: 0002-fix-bug-with-host-count-in-cve-fix-task.patch
BuildRequires: python3-setuptools
Requires: aops-vulcanus >= v1.3.0
Requires: python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0
Requires: python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0
Requires: python3-PyYAML python3-flask python3-gevent
Requires: python3-retrying python3-lxml
Requires: aops-vulcanus >= v2.0.0
Requires: python3-gevent python3-uWSGI python3-celery aops-zeus >= v2.0.0
Provides: aops-apollo
@ -60,10 +50,8 @@ popd
%files
%doc README.*
%attr(0644,root,root) %{_sysconfdir}/aops/apollo.ini
%attr(0644,root,root) %{_sysconfdir}/aops/apollo_crontab.yml
%attr(0755,root,root) %{_bindir}/aops-apollo
%attr(0755,root,root) /usr/lib/systemd/system/aops-apollo.service
%attr(0644,root,root) %{_sysconfdir}/aops/conf.d/aops-apollo.yml
%attr(0755,root,root) %{_unitdir}/aops-apollo.service
%{python3_sitelib}/aops_apollo*.egg-info/*
%{python3_sitelib}/apollo/*
%attr(0755, root, root) /opt/aops/database/*
@ -76,6 +64,22 @@ popd
%{python3_sitelib}/aops_apollo_tool/*
%changelog
* Tue Jul 23 2024 wenxin<wenxin32@foxmail.com> - v2.0.0-3
- fix bug with host count in cve fix task
* Fri Jul 19 2024 wenxin<wenxin32@foxmail.com> - v2.0.0-2
- fix security advisory parsing error
* Wed Jul 17 2024 luxuexian<luxuexian@huawei.com> - v2.0.0-1
- Update to v2.0.0
- Add cluster management and user auth management
* Tue Nov 14 2023 wangguangge<wangguangge@huawei.com> - v1.3.4-10
- fix filename bug in aops-apollo-tool
* Mon Nov 13 2023 wenxin<wenxin32@foxmail.com> - v1.3.4-9
- Update the installation dependencies
* Tue Oct 24 2023 wenxin<wenxin32@foxmail.com> - v1.3.4-8
- fix data correction task execution error