packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix some bugs

Browse Source
This commit is contained in:
wenxin 2022-12-07 17:55:44 +08:00
parent 0f48a0fa22
commit 03f8f2e54e
7 changed files with 6 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
0001-avoid-500-errors-by-uwsgi.patch
View File

@ -1,98 +0,0 @@
From 53fa9132c94060f0f9a0285dd813af7805b28718 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Mon, 5 Dec 2022 21:57:29 +0800
Subject: [PATCH] Avoid the occasional 500 or query error when the api service is started through uwsgi
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
aops-apollo.service | 3 +--
apollo/manage.py | 23 +++++++++++++----------
setup.py | 5 ++++-
3 files changed, 18 insertions(+), 13 deletions(-)
diff --git a/aops-apollo.service b/aops-apollo.service
index 45ab741..1b7dd6f 100644
--- a/aops-apollo.service
+++ b/aops-apollo.service
@@ -4,8 +4,7 @@ After=network.target
[Service]
Type=exec
-ExecStart=/usr/bin/aops-apollo start
-ExecStop=/usr/bin/aops-apollo stop
+ExecStart=/usr/bin/aops-apollo
Restart=on-failure
RestartSec=1
RemainAfterExit=yes
diff --git a/apollo/manage.py b/apollo/manage.py
index a63f6a0..a367b27 100644
--- a/apollo/manage.py
+++ b/apollo/manage.py
@@ -16,12 +16,12 @@ Author:
Description: Manager that start aops-manager
"""
from flask import Flask
-from flask_apscheduler import APScheduler
+# from flask_apscheduler import APScheduler
import sqlalchemy
from apollo.conf import configuration
from apollo import BLUE_POINT
-from apollo.handler.task_handler.manager.scan_manager import TimedScanManager
+# from apollo.handler.task_handler.manager.scan_manager import TimedScanManager
from apollo.database import ENGINE
from apollo.database.table import create_vul_tables
from apollo.database.mapping import MAPPINGS
@@ -75,22 +75,25 @@ def init_app():
app = Flask('apollo')
# limit max upload document size
app.config["MAX_CONTENT_LENGTH"] = 16 * 1024 * 1024
- apscheduler = APScheduler()
- apscheduler.init_app(app)
- apscheduler.start()
+ # apscheduler = APScheduler()
+ # apscheduler.init_app(app)
+ # apscheduler.start()
for blue, api in BLUE_POINT:
api.init_app(app)
app.register_blueprint(blue)
- TimedScanManager.add_timed_task(app)
+ # TimedScanManager.add_timed_task(app)
return app
-init_database()
-app = init_app()
-
-if __name__ == "__main__":
+def main():
+ init_database()
+ app = init_app()
ip = configuration.apollo.get('IP')
port = configuration.apollo.get('PORT')
app.run(host=ip, port=port)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/setup.py b/setup.py
index 55d6406..83f2e2d 100644
--- a/setup.py
+++ b/setup.py
@@ -33,6 +33,9 @@ setup(
('/etc/aops', ['conf/apollo.ini']),
('/usr/lib/systemd/system', ['aops-apollo.service'])
],
- scripts=['aops-apollo'],
+ # scripts=['aops-apollo'],
+ entry_points={
+ "console_scripts": ['aops-apollo=apollo.manage:main']
+ },
zip_safe=False
)
--
Gitee

BIN
aops-apollo-v1.1.1.tar.gz
View File

Binary file not shown.

BIN
aops-apollo-v1.1.2.tar.gz Normal file
View File

Binary file not shown.

13
aops-apollo.spec
View File

@ -1,14 +1,10 @@
Name: aops-apollo Name: aops-apollo
Version: v1.1.1 Version: v1.1.2
Release: 3 Release: 1
Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. Summary: Cve management service, monitor machine vulnerabilities and provide fix functions.
License: MulanPSL2 License: MulanPSL2
URL: https://gitee.com/openeuler/%{name} URL: https://gitee.com/openeuler/%{name}
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
Patch0001: cveinfo_api_add_host_id_not_exists_tip.patch
Patch0002: param_length_validate.patch
Patch0003: fix_host_repo_filter_query_failed.patch
Patch0004: 0001-avoid-500-errors-by-uwsgi.patch
BuildRequires: python3-setuptools BuildRequires: python3-setuptools
@ -24,7 +20,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{version}
# build for aops-apollo # build for aops-apollo
%py3_build %py3_build
@ -44,6 +40,9 @@ Cve management service, monitor machine vulnerabilities and provide fix function
%changelog %changelog
* Wed Dec 07 2022 wenxin<shusheng.wen@outlook.com> - v1.1.2-1
- modify status code for upload security advisories;fix cve query error
* Mon Dec 05 2022 gongzhengtang<gong_zhengtang@163.com> - v1.1.1-3 * Mon Dec 05 2022 gongzhengtang<gong_zhengtang@163.com> - v1.1.1-3
- Avoid the occasional 500 or query error when the api - Avoid the occasional 500 or query error when the api
- service is started through uwsgi - service is started through uwsgi

131
cveinfo_api_add_host_id_not_exists_tip.patch
View File

@ -1,131 +0,0 @@
From c2e08fd35d24f855347e1cc12acbd814051f64f3 Mon Sep 17 00:00:00 2001
From: young <954906362@qq.com>
Date: Fri, 2 Dec 2022 11:47:11 +0800
Subject: [PATCH 1/2] 导出cve信息接口添加host id不存在的提示
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/conf/constant.py | 1 +
apollo/database/proxy/cve.py | 1 +
apollo/handler/cve_handler/view.py | 15 +++++++++------
apollo/handler/task_handler/callback/cve_scan.py | 4 ++--
4 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py
index 95e4181..4fc8a62 100644
--- a/apollo/conf/constant.py
+++ b/apollo/conf/constant.py
@@ -120,5 +120,6 @@ ES_TEST_FLAG = False
REPO_FILE = "/etc/yum.repos.d/aops-update.repo"
FILE_NUMBER = 1
+NO_FILE = 0
FILE_UPLOAD_PATH = "/opt/aops/cve/upload"
CSV_SAVED_PATH = "/opt/aops/cve/saved"
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index c2291a4..38021d3 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -1275,4 +1275,5 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
if host_info_query:
host_info = host_info_query[0]
return host_info.host_name, cve_list
+ LOGGER.error(f"{host_id} not found in database")
return "", cve_query
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index 4a7466e..d9409a7 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -22,7 +22,7 @@ import shutil
from flask import jsonify
from apollo.conf import configuration
-from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER
+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE
from apollo.database import SESSION
from apollo.database.proxy.cve import CveProxy, CveMysqlProxy
from apollo.function.customize_exception import ParseAdvisoryError
@@ -452,11 +452,14 @@ class VulExportExcel(BaseResponse):
for host_id in host_id_list:
host_name, cve_info_list = proxy.query_host_name_and_related_cves(host_id, username)
-
- self.filename = f"{host_name}.csv"
- csv_head = ["cve_id", "status"]
- export_csv(cve_info_list, os.path.join(
- self.filepath, self.filename), csv_head)
+ if host_name:
+ self.filename = f"{host_name}.csv"
+ csv_head = ["cve_id", "status"]
+ export_csv(cve_info_list, os.path.join(
+ self.filepath, self.filename), csv_head)
+
+ if len(os.listdir(self.filepath)) == NO_FILE:
+ return NO_DATA
if len(os.listdir(self.filepath)) > FILE_NUMBER:
zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip")
if zip_filename and zip_save_path:
diff --git a/apollo/handler/task_handler/callback/cve_scan.py b/apollo/handler/task_handler/callback/cve_scan.py
index 817e4e4..1416ed0 100644
--- a/apollo/handler/task_handler/callback/cve_scan.py
+++ b/apollo/handler/task_handler/callback/cve_scan.py
@@ -32,11 +32,11 @@ class CveScanCallback(TaskCallback):
task_id: task id,
task_info: task info, e.g.:
{
- status:0,
+ "status":0,
"host_id":"127.0.0.1",
"installed_packages":["string"],
"os_version":"string",
- "cves:["string"]
+ "cves":["string"]
}
Returns:
--
Gitee
From f831f7f4e6562df58905211a8a608162a2e5953f Mon Sep 17 00:00:00 2001
From: young <954906362@qq.com>
Date: Fri, 2 Dec 2022 15:21:56 +0800
Subject: [PATCH 2/2] 去掉不必要的常量
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/conf/constant.py | 1 -
apollo/handler/cve_handler/view.py | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py
index 4fc8a62..95e4181 100644
--- a/apollo/conf/constant.py
+++ b/apollo/conf/constant.py
@@ -120,6 +120,5 @@ ES_TEST_FLAG = False
REPO_FILE = "/etc/yum.repos.d/aops-update.repo"
FILE_NUMBER = 1
-NO_FILE = 0
FILE_UPLOAD_PATH = "/opt/aops/cve/upload"
CSV_SAVED_PATH = "/opt/aops/cve/saved"
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index d9409a7..f10be78 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -458,7 +458,7 @@ class VulExportExcel(BaseResponse):
export_csv(cve_info_list, os.path.join(
self.filepath, self.filename), csv_head)
- if len(os.listdir(self.filepath)) == NO_FILE:
+ if len(os.listdir(self.filepath)) == 0:
return NO_DATA
if len(os.listdir(self.filepath)) > FILE_NUMBER:
zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip")
--
Gitee

56
fix_host_repo_filter_query_failed.patch
View File

@ -1,56 +0,0 @@
From cf87cb8c7eb076049fc335db8e4edce0a5f09e74 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Fri, 2 Dec 2022 17:29:49 +0800
Subject: [PATCH] 修复主机列表查询时选择未设置repo查询无数据
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/host.py | 9 +++++++--
apollo/handler/cve_handler/view.py | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
index 5510125..7fd793a 100644
--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
@@ -16,7 +16,7 @@ Author:
Description: Host table operation
"""
from sqlalchemy.exc import SQLAlchemyError
-from sqlalchemy import func, case
+from sqlalchemy import func, case, or_
from vulcanus.log.log import LOGGER
from vulcanus.restful.status import NO_DATA, DATABASE_QUERY_ERROR, SUCCEED
@@ -202,7 +202,12 @@ class HostMysqlProxy(MysqlProxy):
if filter_dict.get("host_group"):
filters.add(Host.host_group_name.in_(filter_dict["host_group"]))
if filter_dict.get("repo"):
- filters.add(Host.repo_name.in_(filter_dict["repo"]))
+ repos = [repo if repo else None for repo in filter_dict["repo"]]
+ if None in repos:
+ filters.add(or_(Host.repo_name.is_(None),
+ Host.repo_name.in_(repos)))
+ else:
+ filters.add(Host.repo_name.in_(repos))
return filters
diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
index f10be78..7524b10 100644
--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
@@ -22,7 +22,7 @@ import shutil
from flask import jsonify
from apollo.conf import configuration
-from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE
+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER
from apollo.database import SESSION
from apollo.database.proxy.cve import CveProxy, CveMysqlProxy
from apollo.function.customize_exception import ParseAdvisoryError
--
Gitee

59
param_length_validate.patch
View File

@ -1,59 +0,0 @@
From 3a85482819891c6cdfa1d47be372640c0c67620c Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Thu, 1 Dec 2022 23:06:53 +0800
Subject: [PATCH] 更改参数有效性校验长度判断错误
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/function/schema/task.py | 9 ++++++---
apollo/handler/task_handler/view.py | 5 -----
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py
index e19c3ed..59f72db 100644
--- a/apollo/function/schema/task.py
+++ b/apollo/function/schema/task.py
@@ -151,9 +151,12 @@ class GenerateRepoTaskSchema(Schema):
"""
validators for parameter of /vulnerability/task/repo/generate
"""
- task_name = fields.String(required=True, validate=lambda s: 0 < s <= 20)
- description = fields.String(required=True, validate=lambda s: 0 < s <= 50)
- repo_name = fields.String(required=True, validate=lambda s: 0 < s <= 20)
+ task_name = fields.String(
+ required=True, validate=lambda s: 0 < len(s) <= 20)
+ description = fields.String(
+ required=True, validate=lambda s: 0 < len(s) <= 50)
+ repo_name = fields.String(
+ required=True, validate=lambda s: 0 < len(s) <= 20)
info = fields.List(fields.Nested(CveHostInfoDictSchema), required=True,
validate=lambda s: len(s) > 0)
diff --git a/apollo/handler/task_handler/view.py b/apollo/handler/task_handler/view.py
index cfd0d9b..318f693 100644
--- a/apollo/handler/task_handler/view.py
+++ b/apollo/handler/task_handler/view.py
@@ -102,10 +102,6 @@ class VulScanHost(BaseResponse):
"""
access_token = request.headers.get('access_token')
# connect to database
- task_proxy = TaskProxy(configuration)
- if not task_proxy.connect(SESSION):
- return DATABASE_CONNECT_ERROR
-
proxy = TaskMysqlProxy()
if not proxy.connect(SESSION):
LOGGER.error("Connect to database fail, return.")
@@ -116,7 +112,6 @@ class VulScanHost(BaseResponse):
host_list = args['host_list']
host_info = proxy.get_scan_host_info(username, host_list)
if not self._verify_param(host_list, host_info):
- proxy.close()
LOGGER.error(
"There are some host in %s that can not be scanned.", host_list)
return PARAM_ERROR
--
Gitee