packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix issue:paging args validation rules and hp status filter exception

Browse Source 
(cherry picked from commit cd606acdb7b393b1e91a821476a1bc1847d7cdd1)
This commit is contained in:
wenxin 2023-06-08 20:29:19 +08:00 committed by openeuler-sync-bot
parent b3117eabd4
commit 5e7f864e98
3 changed files with 327 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
0007-fix-hotpatch-status-filter-exception.patch Normal file
View File

@ -0,0 +1,145 @@
From 8bfb66a3f9a6e1293b7cc4d72cc02e455be9cea9 Mon Sep 17 00:00:00 2001
From: rabbitali <shusheng.wen@outlook.com>
Date: Thu, 8 Jun 2023 10:39:45 +0800
Subject: [PATCH] fix issue: hotpatch status filter exception
---
apollo/database/proxy/cve.py | 22 +++++++++++++++-------
apollo/database/proxy/host.py | 22 +++++++++++++++++-----
2 files changed, 32 insertions(+), 12 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 13a1ae6..24245de 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -187,8 +187,7 @@ class CveMysqlProxy(MysqlProxy):
cve_id = data["cve_id"]
filters = self._get_cve_hosts_filters(data.get("filter", {}))
- cve_hosts_query = self._query_cve_hosts(
- data["username"], cve_id, filters)
+ cve_hosts_query = self._query_cve_hosts(data["username"], cve_id, filters, data.get("filter", {}))
total_count = cve_hosts_query.count()
if not total_count:
@@ -238,33 +237,42 @@ class CveMysqlProxy(MysqlProxy):
filters.add(Host.host_group_name.in_(filter_dict["host_group"]))
if filter_dict.get("repo"):
filters.add(Host.repo_name.in_(filter_dict["repo"]))
- if filter_dict.get("hp_status"):
- filters.add(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]))
+
if filter_dict.get("hotpatch") and fixed is True:
filters.add(CveHostAssociation.fixed_by_hp.in_(filter_dict["hotpatch"]))
elif filter_dict.get("hotpatch") and fixed is False:
filters.add(CveHostAssociation.support_hp.in_(filter_dict["hotpatch"]))
return filters
- def _query_cve_hosts(self, username, cve_id, filters):
+ def _query_cve_hosts(self, username: str, cve_id: str, filters: set, filter_dict: dict):
"""
query needed cve hosts info
Args:
username (str): user name of the request
cve_id (str): cve id
filters (set): filter given by user
-
+ filter_dict {
+ "fixed": bool,
+ "hotpatch": [true, false],
+ "hp_status": [accepted, active]
+ }
Returns:
sqlalchemy.orm.query.Query
"""
cve_query = self.session.query(Host.host_id, Host.host_name, Host.host_ip, Host.host_group_name,
Host.repo_name, Host.last_scan, CveHostAssociation.support_hp,
CveHostAssociation.fixed, CveHostAssociation.fixed_by_hp,
- CveHostAssociation.hp_status ) \
+ CveHostAssociation.hp_status) \
.join(CveHostAssociation, Host.host_id == CveHostAssociation.host_id) \
.filter(Host.user == username, CveHostAssociation.cve_id == cve_id) \
.filter(*filters)
+ if filter_dict.get("fixed"):
+ if filter_dict.get("hotpatch") == [True] and filter_dict.get("hp_status"):
+ return cve_query.filter(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]))
+ elif len(filter_dict.get("hotpatch")) != 1 and filter_dict.get("hp_status"):
+ return cve_query.filter(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]),
+ CveHostAssociation.fixed_by_hp == True).union(cve_query.filter(CveHostAssociation.fixed_by_hp == False))
return cve_query
@staticmethod
diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
index 3fdf97b..bc30288 100644
--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
@@ -475,7 +475,7 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
host_id = data["host_id"]
filters = self._get_host_cve_filters(data.get("filter", {}))
host_cve_query = self._query_host_cve(
- data["username"], host_id, filters)
+ data["username"], host_id, filters, data.get("filter", {}))
total_count = host_cve_query.count()
if not total_count:
@@ -514,6 +514,8 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
Returns:
set
"""
+ # when fixed does not have a value, the query data is not meaningful
+ # the default query is unfixed CVE information
fixed = filter_dict.get("fixed", False)
filters = {CveHostAssociation.fixed == fixed}
@@ -525,8 +527,6 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
"%" + filter_dict["cve_id"] + "%"))
if filter_dict.get("severity"):
filters.add(Cve.severity.in_(filter_dict["severity"]))
- if filter_dict.get("hp_status"):
- filters.add(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]))
if filter_dict.get("hotpatch") and fixed is True:
filters.add(CveHostAssociation.fixed_by_hp.in_(filter_dict["hotpatch"]))
elif filter_dict.get("hotpatch") and fixed is False:
@@ -536,17 +536,22 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
filters.add(CveHostAssociation.affected == filter_dict["affected"])
return filters
- def _query_host_cve(self, username, host_id, filters):
+ def _query_host_cve(self, username: str, host_id: int, filters: set, filter_dict: dict):
"""
query needed host CVEs info
Args:
username (str): user name of the request
host_id (int): host id
filters (set): filter given by user
-
+ filter_dict {
+ "fixed": bool,
+ "hotpatch": [true, false],
+ "hp_status": [accepted, active]
+ }
Returns:
sqlalchemy.orm.query.Query
"""
+
host_cve_query = self.session.query(CveHostAssociation.cve_id, Cve.publish_time, Cve.severity, Cve.cvss_score,
CveHostAssociation.fixed, CveHostAssociation.support_hp,
CveHostAssociation.fixed_by_hp, CveHostAssociation.hp_status) \
@@ -556,6 +561,13 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
.filter(CveHostAssociation.host_id == host_id, Host.user == username) \
.filter(*filters)
+ if filter_dict.get("fixed"):
+ if filter_dict.get("hotpatch") == [True] and filter_dict.get("hp_status"):
+ return host_cve_query.filter(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]))
+
+ elif len(filter_dict.get("hotpatch")) != 1 and filter_dict.get("hp_status"):
+ return host_cve_query.filter(CveHostAssociation.hp_status.in_(filter_dict["hp_status"]),
+ CveHostAssociation.fixed_by_hp == True).union(host_cve_query.filter(CveHostAssociation.fixed_by_hp == False))
return host_cve_query
@staticmethod
--
Gitee

175
0008-update-validation-rules-for-paging-parameters.patch Normal file
View File

@ -0,0 +1,175 @@
From 4ada4a45e7c73e34e73ce4e8a48d434e459063f6 Mon Sep 17 00:00:00 2001
From: rabbitali <shusheng.wen@outlook.com>
Date: Tue, 6 Jun 2023 16:22:54 +0800
Subject: [PATCH] update validation rules for paging parameters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/function/schema/cve.py | 10 +++-------
apollo/function/schema/host.py | 10 +++-------
apollo/function/schema/task.py | 13 ++++---------
3 files changed, 10 insertions(+), 23 deletions(-)
diff --git a/apollo/function/schema/cve.py b/apollo/function/schema/cve.py
index 6584941..d18e454 100644
--- a/apollo/function/schema/cve.py
+++ b/apollo/function/schema/cve.py
@@ -18,7 +18,7 @@ Description: For cve related restful interfaces schema
from marshmallow import Schema
from marshmallow import fields
from marshmallow import validate
-
+from vulcanus.restful.serialize.validate import PaginationSchema
class CveListFilterSchema(Schema):
"""
@@ -31,7 +31,7 @@ class CveListFilterSchema(Schema):
fixed = fields.Boolean(required=True, default=True, validate=validate.OneOf([True, False]))
-class GetCveListSchema(Schema):
+class GetCveListSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/cve/list/get
"""
@@ -39,8 +39,6 @@ class GetCveListSchema(Schema):
["cve_id", "publish_time", "cvss_score", "host_num"]))
direction = fields.String(required=False, validate=validate.OneOf(
["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(CveListFilterSchema, required=False)
@@ -65,7 +63,7 @@ class CveHostFilterSchema(Schema):
hp_status = fields.List(fields.String(validate=validate.OneOf(["ACCEPTED", "ACTIVED"])), required=False)
-class GetCveHostsSchema(Schema):
+class GetCveHostsSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/cve/host/get
"""
@@ -74,8 +72,6 @@ class GetCveHostsSchema(Schema):
["last_scan"]))
direction = fields.String(required=False, validate=validate.OneOf(
["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(CveHostFilterSchema, required=False)
diff --git a/apollo/function/schema/host.py b/apollo/function/schema/host.py
index a0cc4b5..c609fd4 100644
--- a/apollo/function/schema/host.py
+++ b/apollo/function/schema/host.py
@@ -18,7 +18,7 @@ Description: For host related restful interfaces schema
from marshmallow import Schema
from marshmallow import fields
from marshmallow import validate
-
+from vulcanus.restful.serialize.validate import PaginationSchema
class ScanHostFilterSchema(Schema):
"""
@@ -61,7 +61,7 @@ class GetHostListFilterSchema(Schema):
required=False)
-class GetHostListSchema(Schema):
+class GetHostListSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/host/list/get
"""
@@ -69,8 +69,6 @@ class GetHostListSchema(Schema):
["last_scan", "cve_num"]))
direction = fields.String(required=False, validate=validate.OneOf(
["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(GetHostListFilterSchema, required=False)
@@ -96,7 +94,7 @@ class HostCvesFilterSchema(Schema):
hp_status = fields.List(fields.String(validate=validate.OneOf(["ACCEPTED", "ACTIVED"])), required=False)
-class GetHostCvesSchema(Schema):
+class GetHostCvesSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/host/cve/get
"""
@@ -105,6 +103,4 @@ class GetHostCvesSchema(Schema):
["publish_time", "cvss_score"]))
direction = fields.String(required=False, validate=validate.OneOf(
["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(HostCvesFilterSchema, required=False)
diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py
index 415c2ca..5e8744b 100644
--- a/apollo/function/schema/task.py
+++ b/apollo/function/schema/task.py
@@ -20,6 +20,7 @@ from marshmallow import fields
from marshmallow import validate
from apollo.conf.constant import TaskType
+from vulcanus.restful.serialize.validate import PaginationSchema
class TaskListFilterSchema(Schema):
"""
@@ -30,7 +31,7 @@ class TaskListFilterSchema(Schema):
validate=validate.OneOf([getattr(TaskType,p) for p in dir(TaskType) if p.isupper()])), required=False)
-class GetTaskListSchema(Schema):
+class GetTaskListSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/task/list/get
"""
@@ -38,8 +39,6 @@ class GetTaskListSchema(Schema):
["host_num", "create_time"]))
direction = fields.String(required=False, validate=validate.OneOf(
["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(TaskListFilterSchema, required=False)
@@ -105,15 +104,13 @@ class CveTaskInfoFilterSchema(Schema):
["succeed", "fail", "running", "unknown"])), required=False)
-class GetCveTaskInfoSchema(Schema):
+class GetCveTaskInfoSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/task/cve/info/get
"""
task_id = fields.String(required=True, validate=lambda s: len(s) != 0)
sort = fields.String(required=False, validate=validate.OneOf(["host_num"]))
direction = fields.String(required=False, validate=validate.OneOf(["asc", "desc"]))
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(CveTaskInfoFilterSchema, required=False)
@@ -169,13 +166,11 @@ class RepoTaskInfoFilterSchema(Schema):
required=False)
-class GetRepoTaskInfoSchema(Schema):
+class GetRepoTaskInfoSchema(PaginationSchema):
"""
validators for parameter of /vulnerability/task/repo/info/get
"""
task_id = fields.String(required=True, validate=lambda s: len(s) != 0)
- page = fields.Integer(required=False, validate=lambda s: s > 0)
- per_page = fields.Integer(required=False, validate=lambda s: 0 < s < 50)
filter = fields.Nested(RepoTaskInfoFilterSchema, required=False)
--
Gitee

8
aops-apollo.spec
View File

@ -1,6 +1,6 @@
Name: aops-apollo
Version: v1.2.1
Release: 3
Release: 4
Summary: Cve management service, monitor machine vulnerabilities and provide fix functions.
License: MulanPSL2
URL: https://gitee.com/openeuler/%{name}
@ -11,6 +11,8 @@ Patch0003: 0003-fix-hotpatch-updateinfo-for-search-hotpatch-info.patch
Patch0004: 0004-add-dnf-full-repair.patch
Patch0005: 0005-fix-generate-task-is-not-verified-host-and-cve.patch
Patch0006: 0006-update-hotpatch-status-related-operation-support.patch
Patch0007: 0007-fix-hotpatch-status-filter-exception.patch
Patch0008: 0008-update-validation-rules-for-paging-parameters.patch
BuildRequires: python3-setuptools
Requires: aops-vulcanus >= v1.2.0
@ -81,6 +83,10 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%{python3_sitelib}/aops_apollo_tool/*
%changelog
* Thu Jun 08 2023 wenxin<shusheng.wen@outlook.com> - v1.2.1-4
- fix issue: hotpatch status filter exception
- update validation rules for paging parameters
* Fri Jun 2 2023 gongzhengtang<gong_zhengtang@163.com> - v1.2.1-3
- fix bug and update the code of parsing src.rpm
- fix hotpatch updateinfo for search hotpatch information