!13 更改参数有效性校验长度判断错误、增加导出cve信息接口添加host id不存在的提示

From: @gongzt Reviewed-by: @Lostwayzxc Signed-off-by: @Lostwayzxc
2022-12-02 09:50:13 +00:00 · 2022-12-02 09:50:13 +00:00 · 19ee9ec35c
commit 19ee9ec35c
parent 6cb7429fe5 36175f6bb2
4 changed files with 254 additions and 3 deletions
--- a/aops-apollo.spec
+++ b/aops-apollo.spec
@ -1,11 +1,13 @@
 Name:		aops-apollo
 Version:	v1.1.1
-Release:	1
+Release:	2
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
-
+Patch0001:  cveinfo_api_add_host_id_not_exists_tip.patch
+Patch0002:  param_length_validate.patch
+Patch0003:  fix_host_repo_filter_query_failed.patch

 BuildRequires:  python3-setuptools
 Requires:   aops-vulcanus >= %{version}-%{release}
@ -20,7 +22,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function


 %prep
-%autosetup -n %{name}-%{version}
+%autosetup -n %{name}-%{version} -p1

 # build for aops-apollo
 %py3_build
@ -40,6 +42,9 @@ Cve management service, monitor machine vulnerabilities and provide fix function


 %changelog
+* Fri Dec 02 2022 gongzhengtang<gong_zhengtang@163.com> - v1.1.1-2
+- fix param length validate and other bugs
+
 * Fri Dec 02 2022 wenxin<shusheng.wen@outlook.com> - v1.1.1-1
 - fix some bugs

--- a/cveinfo_api_add_host_id_not_exists_tip.patch
+++ b/cveinfo_api_add_host_id_not_exists_tip.patch
@ -0,0 +1,131 @@
+From c2e08fd35d24f855347e1cc12acbd814051f64f3 Mon Sep 17 00:00:00 2001
+From: young <954906362@qq.com>
+Date: Fri, 2 Dec 2022 11:47:11 +0800
+Subject: [PATCH 1/2] 导出cve信息接口添加host id不存在的提示
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/conf/constant.py                          |  1 +
+ apollo/database/proxy/cve.py                     |  1 +
+ apollo/handler/cve_handler/view.py               | 15 +++++++++------
+ apollo/handler/task_handler/callback/cve_scan.py |  4 ++--
+ 4 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py
+index 95e4181..4fc8a62 100644
+--- a/apollo/conf/constant.py
+++ b/apollo/conf/constant.py
+@@ -120,5 +120,6 @@ ES_TEST_FLAG = False
+ 
+ REPO_FILE = "/etc/yum.repos.d/aops-update.repo"
+ FILE_NUMBER = 1
+NO_FILE = 0
+ FILE_UPLOAD_PATH = "/opt/aops/cve/upload"
+ CSV_SAVED_PATH = "/opt/aops/cve/saved"
+diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
+index c2291a4..38021d3 100644
+--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
+@@ -1275,4 +1275,5 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+         if host_info_query:
+             host_info = host_info_query[0]
+             return host_info.host_name, cve_list
+        LOGGER.error(f"{host_id} not found in database")
+         return "", cve_query
+diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
+index 4a7466e..d9409a7 100644
+--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
+@@ -22,7 +22,7 @@ import shutil
+ from flask import jsonify
+ 
+ from apollo.conf import configuration
+-from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER
+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE
+ from apollo.database import SESSION
+ from apollo.database.proxy.cve import CveProxy, CveMysqlProxy
+ from apollo.function.customize_exception import ParseAdvisoryError
+@@ -452,11 +452,14 @@ class VulExportExcel(BaseResponse):
+ 
+         for host_id in host_id_list:
+             host_name, cve_info_list = proxy.query_host_name_and_related_cves(host_id, username)
+-
+-            self.filename = f"{host_name}.csv"
+-            csv_head = ["cve_id", "status"]
+-            export_csv(cve_info_list, os.path.join(
+-                self.filepath, self.filename), csv_head)
+            if host_name:
+                self.filename = f"{host_name}.csv"
+                csv_head = ["cve_id", "status"]
+                export_csv(cve_info_list, os.path.join(
+                    self.filepath, self.filename), csv_head)
+
+        if len(os.listdir(self.filepath)) == NO_FILE:
+            return NO_DATA
+         if len(os.listdir(self.filepath)) > FILE_NUMBER:
+             zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip")
+             if zip_filename and zip_save_path:
+diff --git a/apollo/handler/task_handler/callback/cve_scan.py b/apollo/handler/task_handler/callback/cve_scan.py
+index 817e4e4..1416ed0 100644
+--- a/apollo/handler/task_handler/callback/cve_scan.py
+++ b/apollo/handler/task_handler/callback/cve_scan.py
+@@ -32,11 +32,11 @@ class CveScanCallback(TaskCallback):
+             task_id: task id,
+             task_info: task info, e.g.:
+                 {
+-                    status:0,
+                    "status":0,
+                     "host_id":"127.0.0.1",
+                     "installed_packages":["string"],
+                     "os_version":"string",
+-                    "cves:["string"]
+                    "cves":["string"]
+                 }
+ 
+         Returns:
+-- 
+Gitee
+
+
+From f831f7f4e6562df58905211a8a608162a2e5953f Mon Sep 17 00:00:00 2001
+From: young <954906362@qq.com>
+Date: Fri, 2 Dec 2022 15:21:56 +0800
+Subject: [PATCH 2/2] 去掉不必要的常量
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/conf/constant.py            | 1 -
+ apollo/handler/cve_handler/view.py | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/apollo/conf/constant.py b/apollo/conf/constant.py
+index 4fc8a62..95e4181 100644
+--- a/apollo/conf/constant.py
+++ b/apollo/conf/constant.py
+@@ -120,6 +120,5 @@ ES_TEST_FLAG = False
+ 
+ REPO_FILE = "/etc/yum.repos.d/aops-update.repo"
+ FILE_NUMBER = 1
+-NO_FILE = 0
+ FILE_UPLOAD_PATH = "/opt/aops/cve/upload"
+ CSV_SAVED_PATH = "/opt/aops/cve/saved"
+diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
+index d9409a7..f10be78 100644
+--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
+@@ -458,7 +458,7 @@ class VulExportExcel(BaseResponse):
+                 export_csv(cve_info_list, os.path.join(
+                     self.filepath, self.filename), csv_head)
+ 
+-        if len(os.listdir(self.filepath)) == NO_FILE:
+        if len(os.listdir(self.filepath)) == 0:
+             return NO_DATA
+         if len(os.listdir(self.filepath)) > FILE_NUMBER:
+             zip_filename, zip_save_path = compress_cve(self.filepath, "host.zip")
+-- 
+Gitee
+
--- a/fix_host_repo_filter_query_failed.patch
+++ b/fix_host_repo_filter_query_failed.patch
@ -0,0 +1,56 @@
+From cf87cb8c7eb076049fc335db8e4edce0a5f09e74 Mon Sep 17 00:00:00 2001
+From: gongzt <gong_zhengtang@163.com>
+Date: Fri, 2 Dec 2022 17:29:49 +0800
+Subject: [PATCH] 修复主机列表查询时选择未设置repo查询无数据
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/database/proxy/host.py      | 9 +++++++--
+ apollo/handler/cve_handler/view.py | 2 +-
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
+index 5510125..7fd793a 100644
+--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
+@@ -16,7 +16,7 @@ Author:
+ Description: Host table operation
+ """
+ from sqlalchemy.exc import SQLAlchemyError
+-from sqlalchemy import func, case
+from sqlalchemy import func, case, or_
+ 
+ from vulcanus.log.log import LOGGER
+ from vulcanus.restful.status import NO_DATA, DATABASE_QUERY_ERROR, SUCCEED
+@@ -202,7 +202,12 @@ class HostMysqlProxy(MysqlProxy):
+         if filter_dict.get("host_group"):
+             filters.add(Host.host_group_name.in_(filter_dict["host_group"]))
+         if filter_dict.get("repo"):
+-            filters.add(Host.repo_name.in_(filter_dict["repo"]))
+            repos = [repo if repo else None for repo in filter_dict["repo"]]
+            if None in repos:
+                filters.add(or_(Host.repo_name.is_(None),
+                                Host.repo_name.in_(repos)))
+            else:
+                filters.add(Host.repo_name.in_(repos))
+ 
+         return filters
+ 
+diff --git a/apollo/handler/cve_handler/view.py b/apollo/handler/cve_handler/view.py
+index f10be78..7524b10 100644
+--- a/apollo/handler/cve_handler/view.py
+++ b/apollo/handler/cve_handler/view.py
+@@ -22,7 +22,7 @@ import shutil
+ from flask import jsonify
+ 
+ from apollo.conf import configuration
+-from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER, NO_FILE
+from apollo.conf.constant import FILE_UPLOAD_PATH, CSV_SAVED_PATH, FILE_NUMBER
+ from apollo.database import SESSION
+ from apollo.database.proxy.cve import CveProxy, CveMysqlProxy
+ from apollo.function.customize_exception import ParseAdvisoryError
+-- 
+Gitee
+
--- a/param_length_validate.patch
+++ b/param_length_validate.patch
@ -0,0 +1,59 @@
+From 3a85482819891c6cdfa1d47be372640c0c67620c Mon Sep 17 00:00:00 2001
+From: gongzt <gong_zhengtang@163.com>
+Date: Thu, 1 Dec 2022 23:06:53 +0800
+Subject: [PATCH] 更改参数有效性校验长度判断错误
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/function/schema/task.py      | 9 ++++++---
+ apollo/handler/task_handler/view.py | 5 -----
+ 2 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py
+index e19c3ed..59f72db 100644
+--- a/apollo/function/schema/task.py
+++ b/apollo/function/schema/task.py
+@@ -151,9 +151,12 @@ class GenerateRepoTaskSchema(Schema):
+     """
+     validators for parameter of /vulnerability/task/repo/generate
+     """
+-    task_name = fields.String(required=True, validate=lambda s: 0 < s <= 20)
+-    description = fields.String(required=True, validate=lambda s: 0 < s <= 50)
+-    repo_name = fields.String(required=True, validate=lambda s: 0 < s <= 20)
+    task_name = fields.String(
+        required=True, validate=lambda s: 0 < len(s) <= 20)
+    description = fields.String(
+        required=True, validate=lambda s: 0 < len(s) <= 50)
+    repo_name = fields.String(
+        required=True, validate=lambda s: 0 < len(s) <= 20)
+     info = fields.List(fields.Nested(CveHostInfoDictSchema), required=True,
+                        validate=lambda s: len(s) > 0)
+ 
+diff --git a/apollo/handler/task_handler/view.py b/apollo/handler/task_handler/view.py
+index cfd0d9b..318f693 100644
+--- a/apollo/handler/task_handler/view.py
+++ b/apollo/handler/task_handler/view.py
+@@ -102,10 +102,6 @@ class VulScanHost(BaseResponse):
+         """
+         access_token = request.headers.get('access_token')
+         # connect to database
+-        task_proxy = TaskProxy(configuration)
+-        if not task_proxy.connect(SESSION):
+-            return DATABASE_CONNECT_ERROR
+-
+         proxy = TaskMysqlProxy()
+         if not proxy.connect(SESSION):
+             LOGGER.error("Connect to database fail, return.")
+@@ -116,7 +112,6 @@ class VulScanHost(BaseResponse):
+         host_list = args['host_list']
+         host_info = proxy.get_scan_host_info(username, host_list)
+         if not self._verify_param(host_list, host_info):
+-            proxy.close()
+             LOGGER.error(
+                 "There are some host in %s that can not be scanned.", host_list)
+             return PARAM_ERROR
+-- 
+Gitee
+