update to v1.2.1

2023-06-01 20:53:46 +08:00 · 2023-06-01 20:53:46 +08:00 · 8d49852e58
commit 8d49852e58
parent 1c2a71232b
9 changed files with 184 additions and 561 deletions
--- a/0001-fix-args-not-effective-bug.patch
+++ b/0001-fix-args-not-effective-bug.patch
@ -1,208 +0,0 @@
-From c7b84c97fde88b30f39f01e3345e2649714c2b7e Mon Sep 17 00:00:00 2001
-From: young <954906362@qq.com>
-Date: Thu, 27 Apr 2023 17:25:40 +0800
-Subject: [PATCH] bug fix:continuously sending emails when can't read config info
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- apollo/cron/download_sa_manager.py            | 43 ++++++-------------
- apollo/cron/manager/__init__.py               | 11 +++--
- apollo/cron/timed_correct_manager.py          |  2 +-
- apollo/database/proxy/cve.py                  |  2 +-
- .../task_handler/manager/scan_manager.py      |  9 ++--
- conf/apollo_crontab.ini                       |  3 +-
- 6 files changed, 28 insertions(+), 42 deletions(-)
-
-diff --git a/apollo/cron/download_sa_manager.py b/apollo/cron/download_sa_manager.py
-index 7b3cea2..0bb6ef8 100644
--- a/apollo/cron/download_sa_manager.py
-+++ b/apollo/cron/download_sa_manager.py
-@@ -17,7 +17,6 @@ import shutil
- import sqlalchemy
- import requests
- import retrying
-from lxml import etree
- from retrying import retry
- 
- from apollo.conf import configuration
-@@ -37,16 +36,10 @@ class TimedDownloadSATask(TimedTaskBase):
-     Timed download sa tasks
-     """
-     config_info = get_timed_task_config_info(TIMED_TASK_CONFIG_PATH)
-    security_base_url = config_info.get(
-        "download_sa", dict()).get("base_url", "")
-    if not security_base_url:
-        LOGGER.error("Please add base_url in configuration file")
-    advisory_years = config_info.get("download_sa", dict()).get("sa_years", "")
-    if advisory_years:
-        advisory_years = re.findall(r"\d{4}", advisory_years)
-    else:
-        LOGGER.error("Please add sa_years in configuration file")
-        raise KeyError
-+    cvrf_url = config_info.get(
-+        "download_sa", dict()).get("cvrf_url", "")
-+    if not cvrf_url:
-+        LOGGER.error("Please add cvrf_url in configuration file")
- 
-     save_sa_record = []
- 
-@@ -152,7 +145,7 @@ class TimedDownloadSATask(TimedTaskBase):
- 
-         for sa_name in sa_name_list:
-             advisory_year, advisory_serial_number = re.findall("\d+", sa_name)
-            sa_url = f"{TimedDownloadSATask.security_base_url}/{advisory_year}/{sa_name}"
-+            sa_url = f"{TimedDownloadSATask.cvrf_url}/{advisory_year}/{sa_name}"
-             try:
-                 response = TimedDownloadSATask.get_response(sa_url)
-                 if response:
-@@ -170,22 +163,21 @@ class TimedDownloadSATask(TimedTaskBase):
-                                                            "download_status": False})
- 
-     @staticmethod
-    def get_advisory_url_list(url: str) -> list:
-+    def get_advisory_url_list() -> list:
-         """
-         Send a request and parse the data on the page to get all the security bulletins url and store them in the list
- 
-        Args:
-            url(str): the url of all security announcements
-
-         Returns:
-             list: security url list
-         """
-         try:
-            response = TimedDownloadSATask.get_response(url)
-+            response = TimedDownloadSATask.get_response(TimedDownloadSATask.cvrf_url + "/index.txt")
-             if response:
-                html = etree.HTML(response.text)
-+                html = response.text
-+                sa_list = html.replace("\r", "").split("\n")
-                 security_files = [
-                    file for file in html.xpath("//*[@id='list']/tbody/tr/td[1]/a/@title")
-+                    # 2021/cvrf-openEuler-SA-2021-1022.xml, we don't need the first five characters
-+                    sa_name[5:] for sa_name in sa_list
-                 ]
-                 return security_files
-             else:
-@@ -206,18 +198,7 @@ class TimedDownloadSATask(TimedTaskBase):
-         Returns:
-             list: The name of the sa that needs to be downloaded
-         """
-        today = datetime.datetime.today()
-        current_year = str(today.year)
-        TimedDownloadSATask.advisory_years.append(current_year)
-        all_sa_name_list = []
-
-        for year in set(TimedDownloadSATask.advisory_years):
-            try:
-                sa_name_list = TimedDownloadSATask.get_advisory_url_list(
-                    TimedDownloadSATask.security_base_url + "/" + str(year) + "/")
-                all_sa_name_list.extend(sa_name_list)
-            except retrying.RetryError:
-                LOGGER.error(f"Failed to get the {year} sa file")
-+        all_sa_name_list = TimedDownloadSATask.get_advisory_url_list()
- 
-         succeed_sa_name_list = []
-         for succeed_record in download_succeed_record:
-diff --git a/apollo/cron/manager/__init__.py b/apollo/cron/manager/__init__.py
-index 1ec9b72..1f3a855 100644
--- a/apollo/cron/manager/__init__.py
-+++ b/apollo/cron/manager/__init__.py
-@@ -91,9 +91,12 @@ class TimedTaskManager():
-                 return
-             timed_task_parameters['id'] = task_id
- 
-        if "base_url" in timed_task_parameters and "sa_years" in timed_task_parameters:
-            timed_task_parameters.pop("base_url")
-            timed_task_parameters.pop("sa_years")
-+        if "day_of_week" not in timed_task_parameters or "hour" not in timed_task_parameters:
-+            LOGGER.error("Create scheduled task is missing required  fields.")
-+            return
-+
-+        if "cvrf_url" in timed_task_parameters:
-+            timed_task_parameters.pop("cvrf_url")
-         if "service_timeout_threshold_min" in timed_task_parameters:
-             timed_task_parameters.pop("service_timeout_threshold_min")
- 
-@@ -102,7 +105,7 @@ class TimedTaskManager():
-         if "auto_start" in timed_task_parameters:
-             auto_start = timed_task_parameters['auto_start']
-             timed_task_parameters.pop("auto_start")
-            if not auto_start:
-+            if auto_start == "false":
-                 LOGGER.info(f"{task_id}, This task is configured to not start.")
-                 return
-         TimedTaskManager._APscheduler.add_job(**timed_task_parameters)
-diff --git a/apollo/cron/timed_correct_manager.py b/apollo/cron/timed_correct_manager.py
-index 4f1459e..fc2f62a 100644
--- a/apollo/cron/timed_correct_manager.py
-+++ b/apollo/cron/timed_correct_manager.py
-@@ -33,7 +33,7 @@ class TimedCorrectTask(TimedTaskBase):
-     """
-     config_info = get_timed_task_config_info(TIMED_TASK_CONFIG_PATH)
-     SERVICE_TIMEOUT_THRESHOLD_MIN = config_info.get(
-        "correct_data").get("service_timeout_threshold_min")
-+        "correct_data").get("service_timeout_threshold_min", 15)
- 
-     @staticmethod
-     def task_enter():
-diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
-index 1a77211..75ab71c 100644
--- a/apollo/database/proxy/cve.py
-+++ b/apollo/database/proxy/cve.py
-@@ -951,7 +951,7 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
-         """
-         Save the record of download sa
-         Args:
-            sa_record_rows(list): aach element is a record of the AdvisoryDownloadRecord table,e.g.
-+            sa_record_rows(list): each element is a record of the AdvisoryDownloadRecord table,e.g.
-                 [{"advisory_year": 2022,
-                 "advisory_serial_number": 1230,
-                 "download_status": 1}]
-diff --git a/apollo/handler/task_handler/manager/scan_manager.py b/apollo/handler/task_handler/manager/scan_manager.py
-index efd6356..48ee71b 100644
--- a/apollo/handler/task_handler/manager/scan_manager.py
-+++ b/apollo/handler/task_handler/manager/scan_manager.py
-@@ -195,16 +195,19 @@ class ScanManager(Manager):
-         tmp = {}
-         chart_data = []
-         file_content = "序号,CVE_ID,主机IP,主机名称,CVSS评分,评分级别\n"
-        for num, row in enumerate(rows, 1):
-+        excel_row_num = 1
-+        for row in rows:
-             if row.host_ip in tmp:
-                 tmp[row.host_ip]["count"] += 1
-                file_content += f"{num},{row.cve_id},{row.host_ip}," \
-+                file_content += f"{excel_row_num},{row.cve_id},{row.host_ip}," \
-                                 f"{row.host_name},{row.cvss_score},{row.severity}\n"
-+                excel_row_num += 1
-             else:
-                 if row.cve_id is not None:
-                     tmp[row.host_ip] = {"count": 1, "host_name": row.host_name}
-                    file_content += f"{num},{row.cve_id},{row.host_ip}," \
-+                    file_content += f"{excel_row_num},{row.cve_id},{row.host_ip}," \
-                                     f"{row.host_name},{row.cvss_score},{row.severity}\n"
-+                    excel_row_num += 1
-                 else:
-                     tmp[row.host_ip] = {"count": 0, "host_name": row.host_name}
- 
-diff --git a/conf/apollo_crontab.ini b/conf/apollo_crontab.ini
-index 3ac8eeb..7ab1bfa 100644
--- a/conf/apollo_crontab.ini
-+++ b/conf/apollo_crontab.ini
-@@ -13,8 +13,7 @@ id = download sa
- day_of_week = 0-6
- hour = 3
- auto_start = true
-base_url = https://repo.openeuler.org/security/data/cvrf
-sa_years = 2021,2022,2023
-+cvrf_url = https://repo.openeuler.org/security/data/cvrf
- 
- [correct_data]
- id = correct data
-- 
-Gitee
-
-
--- a/0001-fix-some-apis-which-has-filter-fault.patch
+++ b/0001-fix-some-apis-which-has-filter-fault.patch
@ -0,0 +1,147 @@
+From ca1388c59c97d31dbbdae3c48e7033dbc2d11b47 Mon Sep 17 00:00:00 2001
+From: rabbitali <shusheng.wen@outlook.com>
+Date: Mon, 29 May 2023 17:05:17 +0800
+Subject: [PATCH] fix issue where some fields of the interface cannot support filtering
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ apollo/database/proxy/cve.py                       | 12 +++++-------
+ apollo/database/proxy/host.py                      |  7 ++++---
+ apollo/database/proxy/task.py                      | 14 ++++----------
+ apollo/function/schema/task.py                     |  3 ++-
+ 4 files changed, 15 insertions(+), 21 deletions(-)
+
+diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
+index ed4c1d2..9dc96ae 100644
+--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
+@@ -867,17 +867,15 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
+         exist_cve_query = self.session.query(CveHostAssociation.cve_id) \
+             .join(Host, Host.host_id == CveHostAssociation.host_id) \
+             .filter(Host.user == username, CveHostAssociation.affected == 1, CveHostAssociation.fixed == 0)
+-        # get first column value from tuple to list
+-        exist_cve_list = list(zip(*exist_cve_query))[0]
+ 
+         related_cve_query = self.session.query(CveAffectedPkgs.cve_id) \
+-            .filter(CveAffectedPkgs.package.in_(pkg_list)) \
+-            .filter(CveAffectedPkgs.cve_id.in_(exist_cve_list))
+-        related_cve = set(list(zip(*related_cve_query))[0])
+            .filter(CveAffectedPkgs.package.in_(pkg_list),CveAffectedPkgs.cve_id.in_(exist_cve_query.subquery())) \
+            .distinct()
+ 
+-        related_cve.remove(cve_id)
+-        return list(related_cve)
+        related_cve = [row[0] for row in related_cve_query.all() if row[0] != cve_id]
+ 
+        return related_cve
+        
+     @staticmethod
+     def _cve_info_row2dict(row, description_dict, pkg_list):
+         """
+diff --git a/apollo/database/proxy/host.py b/apollo/database/proxy/host.py
+index f3fe51e..a9431a9 100644
+--- a/apollo/database/proxy/host.py
+++ b/apollo/database/proxy/host.py
+@@ -514,7 +514,8 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
+         Returns:
+             set
+         """
+-        filters = {CveHostAssociation.fixed == filter_dict.get("fixed", False)}
+        fixed = filter_dict.get("fixed", False)
+        filters = {CveHostAssociation.fixed == fixed}
+         
+         if not filter_dict:
+             return filters
+@@ -525,9 +526,9 @@ class HostProxy(HostMysqlProxy, CveEsProxy):
+         if filter_dict.get("severity"):
+             filters.add(Cve.severity.in_(filter_dict["severity"]))
+ 
+-        if filter_dict.get("hotpatch") and filter_dict.get("fixed") is True:
+        if filter_dict.get("hotpatch") and fixed is True:
+             filters.add(CveHostAssociation.fixed_by_hp.in_(filter_dict["hotpatch"]))
+-        elif filter_dict.get("hotpatch") and filter_dict.get("fixed") is False:
+        elif filter_dict.get("hotpatch") and fixed is False:
+             filters.add(CveHostAssociation.support_hp.in_(filter_dict["hotpatch"]))
+ 
+         if "affected" in filter_dict:
+diff --git a/apollo/database/proxy/task.py b/apollo/database/proxy/task.py
+index f457043..e660f02 100644
+--- a/apollo/database/proxy/task.py
+++ b/apollo/database/proxy/task.py
+@@ -924,9 +924,7 @@ class TaskMysqlProxy(MysqlProxy):
+         filters = set()
+ 
+         if filter_dict.get("cve_id"):
+-            filters.add(Cve.cve_id.like("%" + filter_dict["cve_id"] + "%"))
+-        if filter_dict.get("reboot"):
+-            filters.add(Cve.reboot == filter_dict["reboot"])
+            filters.add(CveHostAssociation.cve_id.like("%" + filter_dict["cve_id"] + "%"))
+         return filters
+ 
+     def _query_cve_task(self, username, task_id, filters):
+@@ -948,12 +946,11 @@ class TaskMysqlProxy(MysqlProxy):
+                 }
+         """
+         task_cve_query = self.session.query(TaskCveHostAssociation.cve_id,
+-                                            Cve.reboot,
+                                             CveAffectedPkgs.package,
+                                             TaskCveHostAssociation.host_id,
+                                             TaskCveHostAssociation.status) \
+-            .outerjoin(Cve, Cve.cve_id == TaskCveHostAssociation.cve_id) \
+-            .outerjoin(CveAffectedPkgs, CveAffectedPkgs.cve_id == Cve.cve_id) \
+            .outerjoin(CveHostAssociation, CveHostAssociation.cve_id == TaskCveHostAssociation.cve_id) \
+            .outerjoin(CveAffectedPkgs, CveAffectedPkgs.cve_id == CveHostAssociation.cve_id) \
+             .outerjoin(Task, Task.task_id == TaskCveHostAssociation.task_id) \
+             .filter(Task.task_id == task_id, Task.username == username) \
+             .filter(*filters)
+@@ -969,7 +966,6 @@ class TaskMysqlProxy(MysqlProxy):
+                     {
+                         "cve_id": "CVE-2021-0001",
+                         "package": "tensorflow",
+-                        "reboot": True,
+                         "host_id": "id1",
+                         "status": "fixed"
+                     }
+@@ -979,7 +975,6 @@ class TaskMysqlProxy(MysqlProxy):
+                 [{
+                     "cve_id": "CVE-2021-0001",
+                     "package": "tensorflow",
+-                    "reboot": True,
+                     "host_num": 3,
+                     "status": "running"
+                 }]
+@@ -991,8 +986,7 @@ class TaskMysqlProxy(MysqlProxy):
+         for row in task_cve_query:
+             cve_id = row.cve_id
+             if cve_id not in cve_dict:
+-                cve_dict[cve_id] = {"package": {row.package}, "reboot": row.reboot,
+-                                    "host_set": {row.host_id}, "status_set": {row.status}}
+                cve_dict[cve_id] = {"package": {row.package}, "host_set": {row.host_id}, "status_set": {row.status}}
+             else:
+                 cve_dict[cve_id]["package"].add(row.package)
+                 cve_dict[cve_id]["host_set"].add(row.host_id)
+diff --git a/apollo/function/schema/task.py b/apollo/function/schema/task.py
+index 1fa776c..472fd53 100644
+--- a/apollo/function/schema/task.py
+++ b/apollo/function/schema/task.py
+@@ -19,6 +19,7 @@ from marshmallow import Schema
+ from marshmallow import fields
+ from marshmallow import validate
+ 
+from apollo.conf.constant import TaskType
+ 
+ class TaskListFilterSchema(Schema):
+     """
+@@ -26,7 +27,7 @@ class TaskListFilterSchema(Schema):
+     """
+     task_name = fields.String(required=False, validate=lambda s: len(s) > 0)
+     task_type = fields.List(fields.String(
+-        validate=validate.OneOf(["cve fix", "repo set"])), required=False)
+        validate=validate.OneOf([getattr(TaskType,p) for p in dir(TaskType) if p.isupper()])), required=False)
+ 
+ 
+ class GetTaskListSchema(Schema):
+-- 
+
--- a/0002-download-SA-collaborative-process.patch
+++ b/0002-download-SA-collaborative-process.patch
@ -1,131 +0,0 @@
-From d6cd91cf4221f0b4d1b6af3d23a2989e6eb1a4c4 Mon Sep 17 00:00:00 2001
-From: young <954906362@qq.com>
-Date: Fri, 28 Apr 2023 10:36:33 +0800
-Subject: [PATCH] download SA using a collaborative process
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- aops-apollo.spec                   |  2 +-
- apollo/cron/download_sa_manager.py | 49 ++++++++++++++++--------------
- setup.py                           |  1 +
- 3 files changed, 29 insertions(+), 23 deletions(-)
-
-diff --git a/aops-apollo.spec b/aops-apollo.spec
-index 0fb2db3..2d3a771 100644
--- a/aops-apollo.spec
-+++ b/aops-apollo.spec
-@@ -10,7 +10,7 @@ BuildRequires:  python3-setuptools
- Requires:   aops-vulcanus >= v1.2.0
- Requires:   python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0
- Requires:   python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0
-Requires:   python3-PyYAML python3-flask
-+Requires:   python3-PyYAML python3-flask python3-gevent
- Requires:   python3-retrying python3-lxml
- Provides:   aops-apollo
- 
-diff --git a/apollo/cron/download_sa_manager.py b/apollo/cron/download_sa_manager.py
-index 0bb6ef8..6ce97bb 100644
--- a/apollo/cron/download_sa_manager.py
-+++ b/apollo/cron/download_sa_manager.py
-@@ -18,6 +18,8 @@ import sqlalchemy
- import requests
- import retrying
- from retrying import retry
-+from gevent import monkey; monkey.patch_all(ssl=False)
-+import gevent
- 
- from apollo.conf import configuration
- from apollo.conf.constant import ADVISORY_SAVED_PATH, TIMED_TASK_CONFIG_PATH
-@@ -52,6 +54,11 @@ class TimedDownloadSATask(TimedTaskBase):
-         """
-         LOGGER.info("Begin to download advisory in %s.",
-                     str(datetime.datetime.now()))
-+
-+        if os.path.exists(ADVISORY_SAVED_PATH):
-+            shutil.rmtree(ADVISORY_SAVED_PATH)
-+        os.makedirs(ADVISORY_SAVED_PATH)
-+
-         try:
-             with CveProxy(configuration) as proxy:
-                 ElasticsearchProxy.connect(proxy)
-@@ -61,7 +68,10 @@ class TimedDownloadSATask(TimedTaskBase):
-                 sa_name_list = TimedDownloadSATask.get_incremental_sa_name_list(
-                     download_record)
- 
-                TimedDownloadSATask.download_security_advisory(sa_name_list)
-+                jobs = [gevent.spawn(TimedDownloadSATask.download_security_advisory, sa_name)
-+                        for sa_name in sa_name_list]
-+                gevent.joinall(jobs)
-+
-                 TimedDownloadSATask.save_security_advisory_to_database(proxy)
- 
-                 proxy.save_advisory_download_record(
-@@ -132,35 +142,30 @@ class TimedDownloadSATask(TimedTaskBase):
-             return ""
- 
-     @staticmethod
-    def download_security_advisory(sa_name_list: list):
-+    def download_security_advisory(sa_name: str):
-         """
-         Get each url from the list, download and save it locally, and save it to the database if the download fails
- 
-         Args:
-            sa_name_list: Advisory url list, each element is the url of the security announcement
-+            sa_name: sa`s name, e.g. cvrf-openEuler-SA-2021-1022.xml
-         """
-        if os.path.exists(ADVISORY_SAVED_PATH):
-            shutil.rmtree(ADVISORY_SAVED_PATH)
-        os.makedirs(ADVISORY_SAVED_PATH)
-
-        for sa_name in sa_name_list:
-            advisory_year, advisory_serial_number = re.findall("\d+", sa_name)
-            sa_url = f"{TimedDownloadSATask.cvrf_url}/{advisory_year}/{sa_name}"
-            try:
-                response = TimedDownloadSATask.get_response(sa_url)
-                if response:
-                    with open(os.path.join(ADVISORY_SAVED_PATH, sa_name), "wb")as w:
-                        w.write(response.content)
-                else:
-                    LOGGER.error(f"Download failed request timeout: {sa_name}")
-                    TimedDownloadSATask.save_sa_record.append({"advisory_year": advisory_year,
-                                                               "advisory_serial_number": advisory_serial_number,
-                                                               "download_status": False})
-            except retrying.RetryError:
-                LOGGER.error(f"Download failed max retries: {sa_name}")
-+        advisory_year, advisory_serial_number = re.findall("\d+", sa_name)
-+        sa_url = f"{TimedDownloadSATask.cvrf_url}/{advisory_year}/{sa_name}"
-+        try:
-+            response = TimedDownloadSATask.get_response(sa_url)
-+            if response:
-+                with open(os.path.join(ADVISORY_SAVED_PATH, sa_name), "wb")as w:
-+                    w.write(response.content)
-+            else:
-+                LOGGER.error(f"Download failed request timeout: {sa_name}")
-                 TimedDownloadSATask.save_sa_record.append({"advisory_year": advisory_year,
-                                                            "advisory_serial_number": advisory_serial_number,
-                                                            "download_status": False})
-+        except retrying.RetryError:
-+            LOGGER.error(f"Download failed max retries: {sa_name}")
-+            TimedDownloadSATask.save_sa_record.append({"advisory_year": advisory_year,
-+                                                       "advisory_serial_number": advisory_serial_number,
-+                                                       "download_status": False})
- 
-     @staticmethod
-     def get_advisory_url_list() -> list:
-diff --git a/setup.py b/setup.py
-index 891c23e..30ab44d 100644
--- a/setup.py
-+++ b/setup.py
-@@ -23,6 +23,7 @@ REQUIRES = [
-     'PyYAML',
-     'retrying',
-     'lxml'
-+    'gevent'
- ]
- 
- setup(
-- 
-Gitee
-
--- a/0003-fix-send-two-emails-bug.patch
+++ b/0003-fix-send-two-emails-bug.patch
@ -1,111 +0,0 @@
-From 4848a4f5e9244fe7e7dfc7958982857cf3dfeb44 Mon Sep 17 00:00:00 2001
-From: young <954906362@qq.com>
-Date: Tue, 9 May 2023 09:31:04 +0800
-Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=B8=89=E4=B8=AAissue?=
- =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- aops-apollo.spec                   |  2 +-
- apollo/cron/download_sa_manager.py | 22 ++++++++++------------
- conf/apollo.ini                    |  4 ++--
- 3 files changed, 13 insertions(+), 15 deletions(-)
-
-diff --git a/aops-apollo.spec b/aops-apollo.spec
-index 2d3a771..1e15294 100644
--- a/aops-apollo.spec
-+++ b/aops-apollo.spec
-@@ -20,7 +20,7 @@ Cve management service, monitor machine vulnerabilities and provide fix function
- 
- %package -n dnf-hotpatch-plugin
- Summary: dnf hotpatch plugin
-Requires: python3-hawkey python3-dnf syscare
-+Requires: python3-hawkey python3-dnf syscare >= 1.0.1
- 
- %description -n dnf-hotpatch-plugin
- dnf hotpatch plugin, it's about hotpatch query and fix
-diff --git a/apollo/cron/download_sa_manager.py b/apollo/cron/download_sa_manager.py
-index 6ce97bb..a46ad5a 100644
--- a/apollo/cron/download_sa_manager.py
-+++ b/apollo/cron/download_sa_manager.py
-@@ -10,16 +10,17 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- # ******************************************************************************/
-+from gevent import monkey; monkey.patch_all(thread=False)
-+import gevent
- import datetime
- import os
- import re
- import shutil
- import sqlalchemy
-import requests
-+import urllib.request
-+import urllib.error
- import retrying
- from retrying import retry
-from gevent import monkey; monkey.patch_all(ssl=False)
-import gevent
- 
- from apollo.conf import configuration
- from apollo.conf.constant import ADVISORY_SAVED_PATH, TIMED_TASK_CONFIG_PATH
-@@ -64,7 +65,6 @@ class TimedDownloadSATask(TimedTaskBase):
-                 ElasticsearchProxy.connect(proxy)
- 
-                 download_record, download_failed_advisory = proxy.get_advisory_download_record()
-
-                 sa_name_list = TimedDownloadSATask.get_incremental_sa_name_list(
-                     download_record)
- 
-@@ -134,11 +134,10 @@ class TimedDownloadSATask(TimedTaskBase):
-             response body or "", "" means request failed
-         """
-         try:
-            response = requests.get(url, timeout=10)
-            if response.status_code != requests.codes["ok"]:
-                return None
-            return response
-        except requests.exceptions.RequestException:
-+            response = urllib.request.urlopen(url, timeout=10)
-+            return response.read()
-+        except urllib.error.HTTPError:
-+            LOGGER.info("Exception %s")
-             return ""
- 
-     @staticmethod
-@@ -155,7 +154,7 @@ class TimedDownloadSATask(TimedTaskBase):
-             response = TimedDownloadSATask.get_response(sa_url)
-             if response:
-                 with open(os.path.join(ADVISORY_SAVED_PATH, sa_name), "wb")as w:
-                    w.write(response.content)
-+                    w.write(response)
-             else:
-                 LOGGER.error(f"Download failed request timeout: {sa_name}")
-                 TimedDownloadSATask.save_sa_record.append({"advisory_year": advisory_year,
-@@ -178,8 +177,7 @@ class TimedDownloadSATask(TimedTaskBase):
-         try:
-             response = TimedDownloadSATask.get_response(TimedDownloadSATask.cvrf_url + "/index.txt")
-             if response:
-                html = response.text
-                sa_list = html.replace("\r", "").split("\n")
-+                sa_list = response.decode("utf-8").replace("\r", "").split("\n")
-                 security_files = [
-                     # 2021/cvrf-openEuler-SA-2021-1022.xml, we don't need the first five characters
-                     sa_name[5:] for sa_name in sa_list
-diff --git a/conf/apollo.ini b/conf/apollo.ini
-index 412fff1..f215e63 100644
--- a/conf/apollo.ini
-+++ b/conf/apollo.ini
-@@ -40,5 +40,5 @@ wsgi-file=manage.py
- daemonize=/var/log/aops/uwsgi/apollo.log
- http-timeout=600
- harakiri=600
-processes=2
-threads=4
-+processes=1
-+gevent=100
-- 
-Gitee
-
--- a/0004-Add-network-request-exception-capture.patch
+++ b/0004-Add-network-request-exception-capture.patch
@ -1,104 +0,0 @@
-From 0152aabe5a422d18f7f63e53913191ebc4211a70 Mon Sep 17 00:00:00 2001
-From: young <954906362@qq.com>
-Date: Wed, 10 May 2023 16:39:45 +0800
-Subject: [PATCH 1/2] Add network request exception capture
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- apollo/cron/download_sa_manager.py | 20 ++++++++++++--------
- 1 file changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/apollo/cron/download_sa_manager.py b/apollo/cron/download_sa_manager.py
-index a46ad5a..e9f89b3 100644
--- a/apollo/cron/download_sa_manager.py
-+++ b/apollo/cron/download_sa_manager.py
-@@ -10,7 +10,7 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- # ******************************************************************************/
-from gevent import monkey; monkey.patch_all(thread=False)
-+from gevent import monkey; monkey.patch_all()
- import gevent
- import datetime
- import os
-@@ -67,10 +67,11 @@ class TimedDownloadSATask(TimedTaskBase):
-                 download_record, download_failed_advisory = proxy.get_advisory_download_record()
-                 sa_name_list = TimedDownloadSATask.get_incremental_sa_name_list(
-                     download_record)
-
-                jobs = [gevent.spawn(TimedDownloadSATask.download_security_advisory, sa_name)
-                        for sa_name in sa_name_list]
-                gevent.joinall(jobs)
-+                # Limit the number of requests to 20 per time
-+                for i in range(0, len(sa_name_list), 20):
-+                    jobs = [gevent.spawn(TimedDownloadSATask.download_security_advisory, sa_name)
-+                            for sa_name in sa_name_list[i: i + 20]]
-+                    gevent.joinall(jobs)
- 
-                 TimedDownloadSATask.save_security_advisory_to_database(proxy)
- 
-@@ -134,10 +135,13 @@ class TimedDownloadSATask(TimedTaskBase):
-             response body or "", "" means request failed
-         """
-         try:
-            response = urllib.request.urlopen(url, timeout=10)
-+            response = urllib.request.urlopen(url, timeout=30)
-             return response.read()
-        except urllib.error.HTTPError:
-            LOGGER.info("Exception %s")
-+        except urllib.error.HTTPError as e:
-+            LOGGER.info("Exception HTTPError %s" % e)
-+            return None
-+        except urllib.error.URLError as e:
-+            LOGGER.info("Exception URLError %s" % e)
-             return ""
- 
-     @staticmethod
-- 
-Gitee
-
-
-From 8979cee0900fa64e05a06c68b6f0032c859cb904 Mon Sep 17 00:00:00 2001
-From: young <954906362@qq.com>
-Date: Thu, 11 May 2023 11:37:10 +0800
-Subject: [PATCH 2/2] =?UTF-8?q?=E6=9B=B4=E6=94=B9=E5=BC=95=E5=85=A5monkey.?=
- =?UTF-8?q?patch=5Fall=E7=9A=84=E4=BD=8D=E7=BD=AE=EF=BC=8C=E6=B6=88?=
- =?UTF-8?q?=E9=99=A4=E8=AD=A6=E5=91=8A=E4=BF=A1=E6=81=AF?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
---
- apollo/cron/download_sa_manager.py | 1 -
- apollo/manage.py                   | 1 +
- 2 files changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/apollo/cron/download_sa_manager.py b/apollo/cron/download_sa_manager.py
-index e9f89b3..9fcadef 100644
--- a/apollo/cron/download_sa_manager.py
-+++ b/apollo/cron/download_sa_manager.py
-@@ -10,7 +10,6 @@
- # PURPOSE.
- # See the Mulan PSL v2 for more details.
- # ******************************************************************************/
-from gevent import monkey; monkey.patch_all()
- import gevent
- import datetime
- import os
-diff --git a/apollo/manage.py b/apollo/manage.py
-index 5c13c70..7796fed 100644
--- a/apollo/manage.py
-+++ b/apollo/manage.py
-@@ -15,6 +15,7 @@ Time:
- Author:
- Description: Manager that start aops-manager
- """
-+from gevent import monkey; monkey.patch_all(thread=False)
- import redis
- import sqlalchemy
- from flask import Flask
-- 
-Gitee
-
--- a/aops-apollo-v1.1.1.tar.gz
+++ b/aops-apollo-v1.1.1.tar.gz
--- a/aops-apollo-v1.2.0.tar.gz
+++ b/aops-apollo-v1.2.0.tar.gz
--- a/aops-apollo-v1.2.1.tar.gz
+++ b/aops-apollo-v1.2.1.tar.gz
--- a/aops-apollo.spec
+++ b/aops-apollo.spec
@ -1,20 +1,17 @@
 Name:		aops-apollo
-Version:	v1.2.0
-Release:	4
+Version:	v1.2.1
+Release:	2
 Summary:	Cve management service, monitor machine vulnerabilities and provide fix functions.
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
-Patch0001:	0001-fix-args-not-effective-bug.patch
-Patch0002:  0002-download-SA-collaborative-process.patch
-Patch0003:  0003-fix-send-two-emails-bug.patch
-Patch0004:  0004-Add-network-request-exception-capture.patch
+Patch0001:	0001-fix-some-apis-which-has-filter-fault.patch

 BuildRequires:  python3-setuptools
 Requires:   aops-vulcanus >= v1.2.0
 Requires:   python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0
 Requires:   python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0
-Requires:   python3-PyYAML python3-flask
+Requires:   python3-PyYAML python3-flask python3-gevent
 Requires:   python3-retrying python3-lxml
 Provides:   aops-apollo

@ -29,6 +26,13 @@ Requires: python3-hawkey python3-dnf syscare >= 1.0.1
 %description -n dnf-hotpatch-plugin
 dnf hotpatch plugin, it's about hotpatch query and fix

+%package -n aops-apollo-tool
+Summary: Small tools for aops-apollo, e.g. updateinfo.xml generater
+Requires: python3-rpm
+
+%description -n aops-apollo-tool
+smalltools for aops-apollo, e.g.updateinfo.xml generater
+
 %prep
 %autosetup -n %{name}-%{version} -p1

@ -36,13 +40,23 @@ dnf hotpatch plugin, it's about hotpatch query and fix
 # build for aops-apollo
 %py3_build

+# build for aops-apollo-tool
+pushd aops-apollo-tool
+%py3_build
+popd

 # install for aops-apollo
 %py3_install

+# install for aops-apollo-tool
+pushd aops-apollo-tool
+%py3_install
+popd
+
 #install for aops-dnf-plugin
 cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/

+
 %files
 %doc README.*
 %attr(0644,root,root) %{_sysconfdir}/aops/apollo.ini
@ -55,7 +69,23 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
 %files -n dnf-hotpatch-plugin
 %{python3_sitelib}/dnf-plugins/*

+%files -n aops-apollo-tool
+%attr(0644,root,root) %{_sysconfdir}/aops_apollo_tool/updateinfo_config.ini
+%attr(0755,root,root) %{_bindir}/gen-updateinfo
+%{python3_sitelib}/aops_apollo_tool*.egg-info/*
+%{python3_sitelib}/aops_apollo_tool/*
+
 %changelog
+* Wed May 31 2023 wenxin<shusheng.wen@outlook.com> - v1.2.1-2
+- fix issue that can not be filtered by CVE ID when query cve rollbak task info
+- fix issue that can not be filtered by cve rollback when query task list
+- fix issue that can not be filtered by hotpatch when query host cve info
+- fix issue that fail to read cve information when all realted hosts have been fixed
+
+* Tue May 23 2023 zhu-yuncheng<zhuyuncheng@huawei.com> - v1.2.1-1
+- Better dnf hotpatch plugin for more syscare command
+- Add updateinfo.xml generation tool
+
 * Thu May 11 2023 ptyang<1475324955@qq.com> - v1.2.0-4
 - Add network request exception capture