packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复后端生成设置repo、cve修复、cve回滚任务时未校验字段有效性

Browse Source 
(cherry picked from commit 851c7533476a3020c786a73c6cd2c2b16d7c388f)
This commit is contained in:
gongzt 2023-06-02 18:26:19 +08:00 committed by openeuler-sync-bot
parent e6f14c184f
commit 38b6791ed6
3 changed files with 108 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
0004-add-dnf-full-repair.patch
View File

@ -98,6 +98,5 @@ index 4f6a6fb..6adafda 100644
+ if item[-1] != EMPTY_TAG: + if item[-1] != EMPTY_TAG:
+ hp_list.append(item[-1]) + hp_list.append(item[-1])
+ return list(set(hp_list)) + return list(set(hp_list))
-- --
2.33.0

105
0005-fix-generate-task-is-not-verified-host-and-cve.patch Normal file
View File

@ -0,0 +1,105 @@
From a032e1e0b11365a0dc5d725fd234771cd53c0858 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Fri, 2 Jun 2023 14:29:57 +0800
Subject: [PATCH] Repair Host cve verification is not performed in a generation task
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/task.py | 37 +++++++++++++++++++++++++++++
apollo/handler/task_handler/view.py | 20 ++++++++++++++++
2 files changed, 57 insertions(+)
diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
index e660f02..edba161 100644
--- a/apollo/database/proxy/task.py
+++ b/apollo/database/proxy/task.py
@@ -3208,3 +3208,40 @@ class TaskProxy(TaskMysqlProxy, TaskEsProxy):
# insert task id and username into es
self._init_task_in_es(task_id, data["username"])
+
+ def validate_cves(self, cve_id: list) -> bool:
+ """
+ Verifying cve validity
+
+ Args:
+ cve_id: id of the cve to be validate
+
+ Returns:
+ bool: A return of true indicates that the validation passed
+ """
+
+ try:
+ exists_cve_count = self.session.query(CveHostAssociation).filter(
+ CveHostAssociation.cve_id.in_(cve_id)).count()
+
+ return True if exists_cve_count == len(cve_id) else False
+ except SQLAlchemyError as error:
+ LOGGER.error(error)
+ return False
+
+ def validate_hosts(self, host_id: list) -> bool:
+ """
+ Verifying host validity
+
+ Args:
+ host_id: id of the host to be validate
+
+ Returns:
+ bool: A return of true indicates that the validation passed
+ """
+ try:
+ exists_host_count = self.session.query(Host).filter(Host.host_id.in_(host_id)).count()
+ return True if exists_host_count == len(host_id) else False
+ except SQLAlchemyError as error:
+ LOGGER.error(error)
+ return False
diff --git a/apollo/handler/task_handler/view.py b/apollo/handler/task_handler/view.py
index 214053c..314f7bb 100644
--- a/apollo/handler/task_handler/view.py
+++ b/apollo/handler/task_handler/view.py
@@ -287,6 +287,14 @@ class VulGenerateCveTask(BaseResponse):
"task_id": "id1"
}
"""
+ host_ids = [host["host_id"] for hosts in params["info"] for host in hosts["host_info"]]
+ if not callback.validate_hosts(host_id=list(set(host_ids))):
+ return self.response(code=PARAM_ERROR)
+
+ cve_ids = [cve["cve_id"] for cve in params["info"]]
+ if not callback.validate_cves(cve_id=list(set(cve_ids))):
+ return self.response(code=PARAM_ERROR)
+
status_code, data = self._handle(callback, params)
return self.response(code=status_code, data=data)
@@ -488,6 +496,10 @@ class VulGenerateRepoTask(BaseResponse):
"task_id": "1"
}
"""
+ host_ids = [host["host_id"] for host in params["info"]]
+ if not callback.validate_hosts(host_id=list(set(host_ids))):
+ return self.response(code=PARAM_ERROR)
+
status_code, data = self._handle(callback, params)
return self.response(code=status_code, data=data)
@@ -836,6 +848,14 @@ class VulGenerateCveRollback(BaseResponse):
"task_id": "1"
}
"""
+ host_ids = [host["host_id"] for host in params["info"]]
+ if not callback.validate_hosts(host_id=list(set(host_ids))):
+ return self.response(code=PARAM_ERROR)
+
+ cve_ids = [cve["cve_id"] for host in params["info"] for cve in host["cves"]]
+ if not callback.validate_cves(cve_id=list(set(cve_ids))):
+ return self.response(code=PARAM_ERROR)
+
status_code, data = self._handle(callback, params)
return self.response(code=status_code, data=data)
--
Gitee

2
aops-apollo.spec
View File

@ -9,6 +9,7 @@ Patch0001: 0001-fix-some-apis-which-has-filter-fault.patch
Patch0002: 0002-fix-bug-and-update-the-code-of-parsing.patch Patch0002: 0002-fix-bug-and-update-the-code-of-parsing.patch
Patch0003: 0003-fix-hotpatch-updateinfo-for-search-hotpatch-info.patch Patch0003: 0003-fix-hotpatch-updateinfo-for-search-hotpatch-info.patch
Patch0004: 0004-add-dnf-full-repair.patch Patch0004: 0004-add-dnf-full-repair.patch
Patch0005: 0005-fix-generate-task-is-not-verified-host-and-cve.patch
BuildRequires: python3-setuptools BuildRequires: python3-setuptools
Requires: aops-vulcanus >= v1.2.0 Requires: aops-vulcanus >= v1.2.0
@ -83,6 +84,7 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
- fix bug and update the code of parsing src.rpm - fix bug and update the code of parsing src.rpm
- fix hotpatch updateinfo for search hotpatch information - fix hotpatch updateinfo for search hotpatch information
- add dnf full repair - add dnf full repair
- the host and cve were not verified when the generate task was fixed
* Wed May 31 2023 wenxin<shusheng.wen@outlook.com> - v1.2.1-2 * Wed May 31 2023 wenxin<shusheng.wen@outlook.com> - v1.2.1-2
- fix issue that can not be filtered by CVE ID when query cve rollbak task info - fix issue that can not be filtered by CVE ID when query cve rollbak task info